Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 29 articles for you...
100
security advisorySuSEimportantSUSE 12 SP5 python3 Important Update 2026-1385-1 Fixes Five Issues
An update that solves five vulnerabilities can now be installed.. # Security update for python3 Announcement ID: SUSE-SU-2026:1385-1 Release Date: 2026-04-16T09:16:55Z Rating: important References: * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 Cross-References: * CVE-2025-13462 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for python3 fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined (bsc#1259611). * CVE-2026-3479: improper resource argument validation can allow path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies (bsc#1259734). * CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD content models (bsc#1259735). * CVE-2026-4519: leading dashes in URLs are accepted by the `webbrowser.open()` API and allow for web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1385=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1385=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) *python3-tk-debuginfo-3.4.10-25.180.1 * libpython3_4m1_0-debuginfo-3.4.10-25.180.1 * python3-debugsource-3.4.10-25.180.1 * python3-base-debuginfo-3.4.10-25.180.1 * python3-tk-3.4.10-25.180.1 * python3-devel-3.4.10-25.180.1 * python3-debuginfo-3.4.10-25.180.1 * python3-base-debugsource-3.4.10-25.180.1 * python3-3.4.10-25.180.1 * libpython3_4m1_0-3.4.10-25.180.1 * python3-curses-debuginfo-3.4.10-25.180.1 * python3-curses-3.4.10-25.180.1 * python3-base-3.4.10-25.180.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (ppc64le s390x x86_64) * python3-devel-debuginfo-3.4.10-25.180.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * python3-base-debuginfo-32bit-3.4.10-25.180.1 * libpython3_4m1_0-debuginfo-32bit-3.4.10-25.180.1 * libpython3_4m1_0-32bit-3.4.10-25.180.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * python3-tk-debuginfo-3.4.10-25.180.1 * libpython3_4m1_0-debuginfo-3.4.10-25.180.1 * python3-debugsource-3.4.10-25.180.1 * python3-base-debuginfo-3.4.10-25.180.1 * libpython3_4m1_0-debuginfo-32bit-3.4.10-25.180.1 * python3-base-debuginfo-32bit-3.4.10-25.180.1 * python3-devel-3.4.10-25.180.1 * python3-tk-3.4.10-25.180.1 * python3-debuginfo-3.4.10-25.180.1 * python3-base-debugsource-3.4.10-25.180.1 * python3-3.4.10-25.180.1 * libpython3_4m1_0-3.4.10-25.180.1 * python3-curses-debuginfo-3.4.10-25.180.1 * python3-curses-3.4.10-25.180.1 * libpython3_4m1_0-32bit-3.4.10-25.180.1 * python3-devel-debuginfo-3.4.10-25.180.1 * python3-base-3.4.10-25.180.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 . Critical SUSE python3 update fixes five vulnerabilities and includes patch instructions for various server distros.. SUSE Python3 Update, Security Vulnerabilities, SUSE Advisory, Python3 Patch. . Severity: Important. LinuxSecurity.com Team
Apr 16, 2026
•Important
SuSE
172
security advisorydenial of serviceUbuntuUbuntu 25.10 Policykit Important Denial of Service Issues USN-8173-1
Several security issues were fixed in polkit.. ========================================================================== Ubuntu Security Notice USN-8173-1 April 14, 2026 policykit-1 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in polkit. Software Description: - policykit-1: framework for managing administrative policies and privileges Details: It was discovered that polkit incorrectly handled nested elements in XML policy files. If an administrator were tricked into installing a malicious policy file, a remote attacker could possibly use this issue to cause polkit to crash, resulting in a denial of service. (CVE-2025-7519) Pavel Kohout discovered that the polkit polkit-agent-helper-1 utility incorrectly handled long input. A local attacker could possibly use this issue to cause polkit to crash, resulting in a denial of service. (CVE-2026-4897) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 polkitd 126-2ubuntu0.1 Ubuntu 24.04 LTS policykit-1 124-2ubuntu1.24.04.3 Ubuntu 22.04 LTS policykit-1 0.105-33ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8173-1 CVE-2025-7519, CVE-2026-4897 Package Information: https://launchpad.net/ubuntu/+source/policykit-1/126-2ubuntu0.1 https://launchpad.net/ubuntu/+source/policykit-1/124-2ubuntu1.24.04.3 https://launchpad.net/ubuntu/+source/policykit-1/0.105-33ubuntu0.1 . Multiple security fixes for policykit-1 in Ubuntu to address denial of service concerns. Update necessary for system integrity.. Ubuntu security, policykit-1 fixes, denial of service vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Apr 14, 2026
•Important
Ubuntu
87
security advisorybuffer overflowdebianDebian Libxml-Parser-Perl Heap Overflow Issue DSA-6182-1 CVE-2006-10003
Joris van Rantwijk discovered that libxml-parser-perl, a Perl module for parsing XML files, is prone to a heap-based buffer overflow flaw when parsing an XML file with very deep element nesting. For the oldstable distribution (bookworm), this problem has been fixed in version 2.46-4+deb12u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6182-1
Mar 28, 2026
•Important
Debian
203
security advisorycriticalmemory allocationMageia 9: Expat Critical Memory Allocation Risk MGASA-2025-0240
MGASA-2025-0240 - Updated expat packages fix security vulnerabilities. MGASA-2025-0240 - Updated expat packages fix security vulnerabilities Publication date: 18 Oct 2025 URL: https://advisories.mageia.org/MGASA-2025-0240.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-8176, CVE-2025-59375 Description: Improper restriction of xml entity expansion depth in libexpat. (CVE-2024-8176) This is an extension of the fix published in MGASA-2025-0109 that was determined by upstream to be incomplete. Libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. (CVE-2025-59375) References: - https://bugs.mageia.org/show_bug.cgi?id=34640 - https://bugs.mageia.org/show_bug.cgi?id=34111 - https://www.openwall.com/lists/oss-security/2025/09/24/11 - https://advisories.mageia.org/MGASA-2025-0109.html - https://www.cve.org/CVERecord?id=CVE-2025-8176 - https://www.cve.org/CVERecord?id=CVE-2025-59375 SRPMS: - 9/core/expat-2.7.3-1.mga9 . Expat package updates in Mageia fix critical security issues related to XML parsing depth and memory allocation risks.. Mageia Security, Expat Update, XML Parsing Depth, Memory Allocation, Security Risks. . Severity: Critical. LinuxSecurity.com Team
Oct 18, 2025
•Critical
Mageia
197
security advisorydebianpackage updateDebian 11 bullseye DLA-4018-2: ruby2.7 regression fix for XML
A regression was identified in rexml gem. A corner case of XML namespace default namespace was not handled correctly, and thus rexml failed to parse valid XML file. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4018-2
Feb 11, 2025
•Important
Debian LTS
197
security advisorydenial of servicedebianDebian 11: DLA-4018-1 moderate: ruby2.7 multiple DoS vulnerabilities
Multiple vulnerabilities were found in ruby a popular programming language. CVE-2024-35176 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4018-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès January 17, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : ruby2.7 Version : 2.7.4-1+deb11u3 CVE ID : CVE-2024-35176 CVE-2024-39908 CVE-2024-41123 CVE-2024-41946 CVE-2024-43398 CVE-2024-49761 Multiple vulnerabilities were found in ruby a popular programming language. CVE-2024-35176 The REXML gem has a Denial of Service (DoS) vulnerability when it parses an XML that has many ` ] and ]> . If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. CVE-2024-41946 The REXML gem had a Denial of Service (DoS) vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. CVE-2024-43398 REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a Denial of Service (DoS) vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, you are not impacted. CVE-2024-49761 REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). For Debian 11 bullseye, these problems have been fixed in version 2.7.4-1+deb11u3. We recommend that you upgrade your ruby2.7 packages. For the detailed security status of ruby2.7 please refer to its securitytracker page at: https://security-tracker.debian.org/tracker/source-package/ruby2.7 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Numerous vulnerabilities in ruby2.7 resolved in Debian LTS Advisory DLA-4018-1 released on January 17, 2025.. ruby2.7 advisory, DoS vulnerability, XML parsing issues, Debian security. . LinuxSecurity.com Team
Jan 18, 2025
Debian LTS
197
security advisorydenial of servicecriticalDebian 10 Buster: DLA-3701-1 Critical: tinyxml DoS Threat
A reachable assertion issue has been discovered in tinyxml, a C++ XML parsing library, which could lead to denial of service via a crafted XML document with a '\0' located after whitespace. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3701-1
Dec 30, 2023
•Critical
Debian LTS
217
security advisoryaccess controlsecurity fixOracle Linux 7 ELSA-2022-8799 Critical: pki-core XML Parsing Issue
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-8799 https://linux.oracle.com/errata/ELSA-2022-8799.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: pki-base-10.5.18-24.el7_9.noarch.rpm pki-base-java-10.5.18-24.el7_9.noarch.rpm pki-ca-10.5.18-24.el7_9.noarch.rpm pki-javadoc-10.5.18-24.el7_9.noarch.rpm pki-kra-10.5.18-24.el7_9.noarch.rpm pki-server-10.5.18-24.el7_9.noarch.rpm pki-symkey-10.5.18-24.el7_9.x86_64.rpm pki-tools-10.5.18-24.el7_9.x86_64.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates/pki-core-10.5.18-24.el7_9.src.rpm Related CVEs: CVE-2022-2414 Description of changes: [10.5.18-24] - ########################################################################## - # RHEL 7.9 (Batch Update 19): - ########################################################################## - Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen) - ########################################################################## - # RHCS 9.7 (Batch Update 19): - ########################################################################## - Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [certificate_system_9.7.z] (ckelley, mharmsen) _______________________________________________ El-errata mailing list
Dec 06, 2022
•Critical
Oracle
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!