Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 603
Alerts This Week
Warning Icon 1 603

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 9,991 articles for you...
202

openSUSE Leap 16.0 openQA Important Issue Fix Advisory 2026-21266-1

An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.. openSUSE security update: security update for openqa, os-autoinst ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21266-1 Rating: important References: * bsc#1258632 * bsc#1259005 * bsc#1264376 Cross-References: * CVE-2026-26996 * CVE-2026-27904 * CVE-2026-6321 CVSS scores: * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27904 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27904 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-6321 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-6321 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed. Description: This update for openQA, os-autoinst fixes the following issues: Changes in openQA: - Update to version 5.1783076943.6691832d: * test: Stabilize `t/05-scheduler-full.t` - Clarify resolution of three CVEs * The following CVEs have been fixed (see previous changelog entries that mentioned only the according Bugzilla tickets): - bsc#1259005 - CVE-2026-27904 - bsc#1264376 - CVE-2026-6321 - bsc#1258632 - CVE-2026-26996 - Update to version 5.1782995932.ffeb09be: * feat: throw 404 for nonexistent groups in overview * feat: Avoid logwarn notifications for non-critical auth error * chore(deps): Dependency cron 2026-07-02 * git subrepo pull (merge) external/os-autoinst-common * fix: Check also hidden files in checklist plugin * test:Enable faster re-connects in full scheduler test consistently * test: Avoid silent daemons in verbose mode * test: Allow running `t/43-…-scalability.t` in parallel * test: Allow running `t/05-scheduler-full.t` in parallel * test: Avoid race condition when generating ports in `25-cache.t` * test: Avoid wasting seconds in `40-script_load_dump_templates.t` * refactor: Remove disabled code in `openqa-load-templates` * test: Avoid race condition when generating ports in many tests * chore(deps): Dependency cron 2026-07-01 * fix(ci): format inline comments in workflows to pass yamllint * test: Avoid running into "Address already in use" in fullstack test * feat(ci): pin GitHub Actions by commit hash Changes in os-autoinst: - Update to version 5.1783082953.c3cb41d: * test: Disable unstable `t/28-signalblocker.t` on ppc64le OBS builds * fix: Check also hidden files in checklist plugin * feat(ci): disable Mergify interactive queue controls in PR comments * test: assert pipe size adjustment dynamically * test: assert terminal session boundary safety * refactor: support pretty markers in script_sudo and become_root * fix: mmapi test failures and infinite loop hangs * test: simplify Level 3 pretty marker detection * fix: exclude virt-firmware on all older Leap archs - Update to version 5.1782917048.dcc97e9: * fix: Check also hidden files in checklist plugin * feat(ci): disable Mergify interactive queue controls in PR comments * fix(ci): format inline comments in workflows to pass yamllint * feat(ci): pin GitHub Actions by commit hash * test: assert pipe size adjustment dynamically * test: assert terminal session boundary safety * refactor: support pretty markers in script_sudo and become_root * fix: mmapi test failures and infinite loop hangs * test: simplify Level 3 pretty marker detection * fix: exclude virt-firmware on all older Leap archs Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-395=1 Package List: - openSUSE Leap 16.0: openQA-5.1783076943.6691832d-bp160.1.1 openQA-auto-update-5.1783076943.6691832d-bp160.1.1 openQA-bootstrap-5.1783076943.6691832d-bp160.1.1 openQA-client-5.1783076943.6691832d-bp160.1.1 openQA-client-bash-completion-5.1783076943.6691832d-bp160.1.1 openQA-client-zsh-completion-5.1783076943.6691832d-bp160.1.1 openQA-common-5.1783076943.6691832d-bp160.1.1 openQA-continuous-update-5.1783076943.6691832d-bp160.1.1 openQA-devel-5.1783076943.6691832d-bp160.1.1 openQA-doc-5.1783076943.6691832d-bp160.1.1 openQA-llm-server-5.1783076943.6691832d-bp160.1.1 openQA-local-db-5.1783076943.6691832d-bp160.1.1 openQA-mcp-5.1783076943.6691832d-bp160.1.1 openQA-munin-5.1783076943.6691832d-bp160.1.1 openQA-python-scripts-5.1783076943.6691832d-bp160.1.1 openQA-single-instance-5.1783076943.6691832d-bp160.1.1 openQA-single-instance-nginx-5.1783076943.6691832d-bp160.1.1 openQA-worker-5.1783076943.6691832d-bp160.1.1 os-autoinst-5.1783082953.c3cb41d-bp160.1.1 os-autoinst-devel-5.1783082953.c3cb41d-bp160.1.1 os-autoinst-ipmi-deps-5.1783082953.c3cb41d-bp160.1.1 os-autoinst-openvswitch-5.1783082953.c3cb41d-bp160.1.1 os-autoinst-qemu-kvm-5.1783082953.c3cb41d-bp160.1.1 os-autoinst-qemu-x86-5.1783082953.c3cb41d-bp160.1.1 os-autoinst-s390-deps-5.1783082953.c3cb41d-bp160.1.1 os-autoinst-swtpm-5.1783082953.c3cb41d-bp160.1.1 References: * https://www.suse.com/security/cve/CVE-2026-26996.html * https://www.suse.com/security/cve/CVE-2026-27904.html * https://www.suse.com/security/cve/CVE-2026-6321.html . Find critical updates for openSUSE addressing security risks in openQA and os-autoinst with bug fixes and patches.. openSUSE updates, security issues, openQA fixes, os-autoinst patches. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 OpenSUSE
202

openSUSE Hauler Important Update Fixes 6 Issues 2026-21262-1

An update that solves 6 vulnerabilities and has 2 bug fixes can now be installed.. openSUSE security update: security update for hauler ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21262-1 Rating: important References: * bsc#1267150 * bsc#1269433 Cross-References: * CVE-2026-25680 * CVE-2026-25681 * CVE-2026-27136 * CVE-2026-42502 * CVE-2026-42506 * CVE-2026-48702 CVSS scores: * CVE-2026-25680 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25680 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25681 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-25681 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-27136 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-27136 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-42502 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-42502 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-42506 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-42506 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-48702 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48702 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 6 vulnerabilities and has 2 bug fixes can now be installed. Description: This update for hauler fixes the following issues: Changes in hauler: - update to 2.0.1 (bsc#1269433, CVE-2026-48702): * bump go to 1.26.4 to squash CVE noise * Full v2 Release notes: https://github.com/hauler- dev/hauler/releases/tag/v2.0.0 - update to 2.0.0: * `v2.0.0` is a **major** release. It replacesHauler's entire OCI plumbing... the ORAS v1 dependency and the in-house cosign fork with a native containerd based implementation, drops the deprecated `v1alpha1` API, and layers on a meaningful set of new capabilities and reliability fixes on top of that new foundation. * **Removed the ORAS v1 dependency** - push/pull is now driven directly by containerd's docker resolver and `google/go- containerregistry`, new `pkg/content/registry.go` (`RegistryTarget`) and `pkg/content/types.go` (`Target` interface, `IoContentWriter`) replaces what ORAS used to own. * **Removed the hauler-maintained cosign fork** - `pkg/cosign` is now a thin verify only wrapper around upstream `sigstore/cosign/v3`. Images are added through a native `s.AddImage()` path in `pkg/store` * **Added OCI 1.1 Referrers support** - signatures, attestations, and SBOMs are discovered both via the classic cosign tag convention (`sha256-.sig` / `.att` / `.sbom`) and the modern Referrers API, then correctly through the OCI layout - update x/net to v0.55.0 (bsc#1266602, CVE-2026-39821, bsc#1267150, CVE-2026-25680, CVE-2026-42502, CVE-2026-27136, CVE-2026-25681, CVE-2026-42506) Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-391=1 Package List: - openSUSE Leap 16.0: hauler-2.0.1-bp160.1.1 References: * https://www.suse.com/security/cve/CVE-2026-25680.html * https://www.suse.com/security/cve/CVE-2026-25681.html * https://www.suse.com/security/cve/CVE-2026-27136.html * https://www.suse.com/security/cve/CVE-2026-42502.html * https://www.suse.com/security/cve/CVE-2026-42506.html * https://www.suse.com/security/cve/CVE-2026-48702.html . This update for openSUSE solves 6 issues in hauler with 2 important bug fixesto enhance system security and performance.. openSUSE security update, hauler update, important patches, CVE security issues. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 OpenSUSE
202

openSUSE Leap Important go1.26-openssl Vulnerabilities Fixed 2026-21254-1

An update that solves 24 vulnerabilities and has 28 bug fixes can now be installed.. openSUSE security update: security update for go1.26-openssl ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21254-1 Rating: important References: * bsc#1170826 * bsc#1245878 * bsc#1255111 * bsc#1261653 * bsc#1261654 * bsc#1261655 * bsc#1261656 * bsc#1261657 * bsc#1261658 * bsc#1261659 * bsc#1261660 * bsc#1261661 * bsc#1261662 * bsc#1264395 * bsc#1264499 * bsc#1264500 * bsc#1264501 * bsc#1264502 * bsc#1264503 * bsc#1264504 * bsc#1264505 * bsc#1264506 * bsc#1264507 * bsc#1264508 * bsc#1264509 * bsc#1267442 * bsc#1267444 * bsc#1267450 Cross-References: * CVE-2026-27140 * CVE-2026-27143 * CVE-2026-27144 * CVE-2026-27145 * CVE-2026-32280 * CVE-2026-32281 * CVE-2026-32282 * CVE-2026-32283 * CVE-2026-32288 * CVE-2026-32289 * CVE-2026-33810 * CVE-2026-33811 * CVE-2026-33814 * CVE-2026-39817 * CVE-2026-39819 * CVE-2026-39820 * CVE-2026-39823 * CVE-2026-39825 * CVE-2026-39826 * CVE-2026-39836 * CVE-2026-42499 * CVE-2026-42501 * CVE-2026-42504 * CVE-2026-42507 CVSS scores: * CVE-2026-27140 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27143 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-27144 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-27145 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-27145 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-32280 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32281 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32282 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-32283 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32288 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-32289 (SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-33810 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-33811 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39817 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N * CVE-2026-39819 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N * CVE-2026-39820 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39823 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-39825 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-39826 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-39836 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42499 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42501 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-42504 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-42504 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42507 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-42507 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 24 vulnerabilities and has 28 bug fixes can now be installed. Description: This update for go1.26-openssl fixes the following issues: Update to go1.26.4 (bsc#1255111). Security issues fixed: - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653). - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654). - CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655). - CVE-2026-27145: crypto/x509: split candidate hostname only once (bsc#1267450). -CVE-2026-32280: crypto/x509: unexpected work during chain building (bsc#1261656). - CVE-2026-32281: crypto/x509: inefficient policy validation (bsc#1261657). - CVE-2026-32282: os: `Root.Chmod` can follow symlinks out of the root on Linux (bsc#1261658). - CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock (bsc#1261659). - CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map (bsc#1261660). - CVE-2026-32289: html/template: JS template literal context incorrectly tracked (bsc#1261661). - CVE-2026-33810: crypto/x509: excluded DNS constraints not properly applied to wildcard domains (bsc#1261662). - CVE-2026-33811: net: crash when handling long `CNAME` response (bsc#1264508). - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad `SETTINGS_MAX_FRAME_SIZE` (bsc#1264506). - CVE-2026-39817: cmd/go: `go tool pack` does not sanitize output paths (bsc#1264505). - CVE-2026-39819: cmd/go: `go bug` follows symlinks in predictable temporary filenames (bsc#1264504). - CVE-2026-39820: net/mail: quadratic string concatentation in `consumeComment` (bsc#1264503). - CVE-2026-39823: html/template: bypass of meta content URL escaping causes XSS (bsc#1264509). - CVE-2026-39825: net/http/httputil: `ReverseProxy` forwards queries with more than `urlmaxqueryparams` parameters (bsc#1264500). - CVE-2026-39826: html/template: escaper bypass leads to XSS (bsc#1264507). - CVE-2026-39836: net: panic in `Dial` and `LookupPort` when handling `NUL` byte on Windows (bsc#1264501). - CVE-2026-42499: net/mail: quadratic string concatenation in `consumePhrase` (bsc#1264502). - CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum database (bsc#1264499). - CVE-2026-42504: mime: quadratic complexity in `WordDecoder.DecodeHeader` (bsc#1267442). - CVE-2026-42507: net/textproto: arbitrary input is included in errors without any escaping (bsc#1267444). Other updates and security fixes: - Go packages miss `binutils-gold` dependency(bsc#1170826). - Drop subpackage `go1.x-libstd` `std` library `.so` refs (jsc#PED-1962). - Use `libalternatives` only on `suse_version > = 1610` and keep `update-alternatives` support for older distributions. - Drop the `update-alternatives` migration path for `libalternatives` builds. - Enable `libalternatives` for SLE16.1 and Tumbleweed (bsc#1245878). - Drop go1.26 dependency on `update-alternatives` (bsc#1264395) - Update to version 1.26.3 cut from the `go1.25-fips-release` branch at the revision tagged `go1.26.3-1-openssl-fips` (jsc#SLE-18320). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1175=1 Package List: - openSUSE Leap 16.0: go1.26-openssl-1.26.4-160000.1.1 go1.26-openssl-doc-1.26.4-160000.1.1 go1.26-openssl-race-1.26.4-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2026-27140.html * https://www.suse.com/security/cve/CVE-2026-27143.html * https://www.suse.com/security/cve/CVE-2026-27144.html * https://www.suse.com/security/cve/CVE-2026-27145.html * https://www.suse.com/security/cve/CVE-2026-32280.html * https://www.suse.com/security/cve/CVE-2026-32281.html * https://www.suse.com/security/cve/CVE-2026-32282.html * https://www.suse.com/security/cve/CVE-2026-32283.html * https://www.suse.com/security/cve/CVE-2026-32288.html * https://www.suse.com/security/cve/CVE-2026-32289.html * https://www.suse.com/security/cve/CVE-2026-33810.html * https://www.suse.com/security/cve/CVE-2026-33811.html * https://www.suse.com/security/cve/CVE-2026-33814.html * https://www.suse.com/security/cve/CVE-2026-39817.html * https://www.suse.com/security/cve/CVE-2026-39819.html * https://www.suse.com/security/cve/CVE-2026-39820.html * https://www.suse.com/security/cve/CVE-2026-39823.html *https://www.suse.com/security/cve/CVE-2026-39825.html * https://www.suse.com/security/cve/CVE-2026-39826.html * https://www.suse.com/security/cve/CVE-2026-39836.html * https://www.suse.com/security/cve/CVE-2026-42499.html * https://www.suse.com/security/cve/CVE-2026-42501.html * https://www.suse.com/security/cve/CVE-2026-42504.html * https://www.suse.com/security/cve/CVE-2026-42507.html . Update fixes 24 issues in go1.26-openssl on openSUSE Leap, enhancing security and stability.. openSUSE security patch openSUSE Leap software update. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 OpenSUSE
202

openSUSE ClamAV Important Buffer Overflow and DoS Issues 2026-21252-1

An update that solves 8 vulnerabilities and has 8 bug fixes can now be installed.. openSUSE security update: security update for clamav ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21252-1 Rating: important References: * bsc#1270085 * bsc#1270088 * bsc#1270089 * bsc#1270091 * bsc#1270092 * bsc#1270106 * bsc#1270107 * bsc#1270138 Cross-References: * CVE-2026-20213 * CVE-2026-20214 * CVE-2026-20215 * CVE-2026-20216 * CVE-2026-20217 * CVE-2026-20243 * CVE-2026-20244 * CVE-2026-41676 CVSS scores: * CVE-2026-20213 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-20214 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-20215 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-20216 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-20217 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-20243 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-20244 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-41676 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 8 vulnerabilities and has 8 bug fixes can now be installed. Description: This update for clamav fixes the following issues: Update to version 1.5.3. Security issues fixed: - CVE-2026-20213: out-of-bounds write due to improper boundary checks for content in PE files during scanning (bsc#1270107). - CVE-2026-20214: out-of-bounds write due to improper boundary checks for content in FSG files during scanning (bsc#1270085). - CVE-2026-20215: out-of-bounds write due to improper boundary checks for content in 7z files during scanning (bsc#1270088). - CVE-2026-20216: denial of service dueto improper handling of temporary resources during InstallShield file scanning (bsc#1270089). - CVE-2026-20217: out-of-bounds write due to improper boundary checks for content in PESpin files during scanning (bsc#1270091). - CVE-2026-20243: out-of-bounds write due to improper boundary checks for content in ALZ files during scanning (bsc#1270092). - CVE-2026-20244: integer overflow and DoS due to improper boundary checks for content in DMG files during scanning (bsc#1270106). - CVE-2026-41676: buffer overflow due to missing checks via `Deriver:derive`, `PkeyCtxRef:derive` and OpenSSL 1.1.1 (bsc#1270138). Other updates and bugfixes: - Version 1.5.3: * Fixed a bug in the PESpin unpacker cleanup path that could free pointers into the scanned file buffer and crash the scanner. * Fixed an integer overflow in PE rebuild size calculations that could be reached through a malformed Aspack-packed PE file and lead to a heap buffer overflow write. * Fixed an InstallShield archive extraction limit bypass that could write far more temporary data than intended and exhaust temporary storage. * Fixed an FSG unpacker loop underflow that could write past the section array while scanning a malformed PE file. * Fixed ALZ parser size handling bugs that could cause malformed ALZ archives to panic, abort the scanner, or skip expected scan-limit handling. * Fixed a 7z parser substream count overflow that could under-allocate parser metadata arrays and write past them while reading a malformed archive. * Fixed 32-bit DMG parser size checks that could let a short mish stripe table pass validation and crash 32-bit scanner builds. * Hardened clamscan, clamdscan, and clamonacc quarantine actions against time-of-check/time-of-use races that could redirect copied, moved, or removed files under unsafe quarantine directory configurations. * Upgraded the Rust tar dependency to resolve the RUSTSEC-2026-0067 and RUSTSEC-2026-0068 advisories, and upgraded the Rust openssl dependency to resolveCVE-2026-41676. * Raised the minimum required CMake version to 3.17 to fix Linux builds with libcurl v8.21.0 when linking static library dependencies. * Metadata preclass scans now run before the final scan verdict. * ClamOnAcc: Fixed errors when recursively excluded paths are children of an included path. * ClamOnAcc: Fixed hash bucket list corruption when two watched paths collide in the same bucket. Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1173=1 Package List: - openSUSE Leap 16.0: clamav-1.5.3-160000.1.1 clamav-devel-1.5.3-160000.1.1 clamav-docs-html-1.5.3-160000.1.1 clamav-milter-1.5.3-160000.1.1 libclamav12-1.5.3-160000.1.1 libclammspack0-1.5.3-160000.1.1 libfreshclam4-1.5.3-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2026-20213.html * https://www.suse.com/security/cve/CVE-2026-20214.html * https://www.suse.com/security/cve/CVE-2026-20215.html * https://www.suse.com/security/cve/CVE-2026-20216.html * https://www.suse.com/security/cve/CVE-2026-20217.html * https://www.suse.com/security/cve/CVE-2026-20243.html * https://www.suse.com/security/cve/CVE-2026-20244.html * https://www.suse.com/security/cve/CVE-2026-41676.html . Severity update for clamav in openSUSE fixes 8 security issues including buffer overflow and DoS vulnerabilities. Install recommended patches.. clamav security update, openSUSE vulnerabilities, important patch release, clamav DoS fix, openSUSE advisory security. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 OpenSUSE
202

openSUSE Alloy Important Denial of Service XSS Issues 2026-21251-1

An update that solves 26 vulnerabilities and has 10 bug fixes can now be installed.. openSUSE security update: security update for alloy ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21251-1 Rating: important References: * bsc#1260981 * bsc#1265440 * bsc#1266196 * bsc#1266654 * bsc#1267185 * bsc#1267333 * bsc#1267481 * bsc#1267485 * bsc#1267488 * bsc#1267489 Cross-References: * CVE-2026-25680 * CVE-2026-25681 * CVE-2026-27136 * CVE-2026-33532 * CVE-2026-39821 * CVE-2026-39827 * CVE-2026-39828 * CVE-2026-39829 * CVE-2026-39830 * CVE-2026-39831 * CVE-2026-39832 * CVE-2026-39833 * CVE-2026-39834 * CVE-2026-39835 * CVE-2026-41889 * CVE-2026-42502 * CVE-2026-42506 * CVE-2026-42508 * CVE-2026-44740 * CVE-2026-45678 * CVE-2026-45682 * CVE-2026-45685 * CVE-2026-45686 * CVE-2026-46595 * CVE-2026-46597 * CVE-2026-46598 CVSS scores: * CVE-2026-25680 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25680 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25681 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-25681 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-27136 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-27136 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-33532 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33532 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39828 ( SUSE ):8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39828 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39830 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N * CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39833 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-41889 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-41889 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-42502 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-42502 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-42506 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-42506 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-42508 ( SUSE ): 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-44740 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44740 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-45678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45678 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-45682 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45682 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-45685 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45685 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-45686 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45686 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46595 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 26 vulnerabilities and has 10 bug fixes can now be installed. Description: This update for alloy fixes the following issues: Update to version 1.17.0. Security issues fixed: - CVE-2026-25680: golang.org/x/net/html: parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service (bsc#1267185). - CVE-2026-25681: golang.org/x/net/html: parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree and allows for XSS (bsc#1267185). - CVE-2026-27136: golang.org/x/net/html: parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree and allows for XSS (bsc#1267185). - CVE-2026-33532: yaml: parsing input with deeply nestes collections may throw a `RangeError` due to a stack overflow and cause to a denial of service (bsc#1260981). - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation (bsc#1266654). - CVE-2026-39827: golang.org/x/crypto/ssh: authenticated SSH clients that repeatedly open channels which were rejected by the server can cause unbounded memory growth and a crash (bsc#1266196). - CVE-2026-39828: golang.org/x/crypto/ssh: permissions discarded when an SSH server authentication callback returns `PartialSuccessError` with non-`nil` permissions (bsc#1266196). - CVE-2026-39829: golang.org/x/crypto/ssh: unenforced size limits on key parameters by the the RSA and DSA public key parsers can lead to excessive CPU consumption when processing a crafted public key (bsc#1266196). - CVE-2026-39830: golang.org/x/crypto/ssh: malicious SSH peers sending unsolicited global request responses can block a connection's read loop and cause a resource leak (bsc#1266196). - CVE-2026-39831: golang.org/x/crypto/ssh: missing `User Presence` flag checks in the `Verify()` method for FIDO/U2F security key types cause signatures generated without physical touch to be accepted (bsc#1266196). - CVE-2026-39832: golang.org/x/crypto/ssh: destination restrictions are silently stripped when forwarding keys and allow for unrestricted use of a key on a remote host (bsc#1266196). - CVE-2026-39833: golang.org/x/crypto/ssh: in-memory keyring returned by `NewKeyring()` silently accepts keys with the `ConfirmBeforeUse` constraint but never enforces it (bsc#1266196). - CVE-2026-39834: golang.org/x/crypto/ssh: writing data larger than 4GB in a single `Write` call on an SSHchannel leads to an integer overflow and an infinite loop that sends empty packets (bsc#1266196). - CVE-2026-39835: golang.org/x/crypto/ssh: processing of certificates by SSH servers using `CertChecker` as a public key callback without setting `IsUserAuthority` or `IsHostAuthority` can lead to a panic (bsc#1266196). - CVE-2026-41889: github.com/jackc/pgx/v5/internal/sanitize: use placeholders in dollar-quoted string literals in an SQL query can lead to a SQL injection (bsc#1265440). - CVE-2026-42502: golang.org/x/net/html: parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree and allows for XSS (bsc#1267185). - CVE-2026-42506: golang.org/x/net/html: parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree and allows for XSS (bsc#1267185). - CVE-2026-42508: golang.org/x/crypto/ssh: revoked `SignatureKey`s belonging to a CA are not correctly checked for revocation (bsc#1266196). - CVE-2026-44740: github.com/go-git/go-billy/v5: improper input handling in many components can lead to DoS via infinite loops, panics or resource consumption (bsc#1267333). - CVE-2026-45678: go.opentelemetry.io/obi: Postgres BIND parsing can lead to a panic when malformed payloads are processed (bsc#1267481). - CVE-2026-45682: go.opentelemetry.io/obi: keys not deleted by `CappedConcurrentHashMap` after removals allows repeated connection churn to grow the queue without bound and exhaust heap memory (bsc#1267485). - CVE-2026-45685: go.opentelemetry.io/obi: MongoDB TCP parser panics on malformed wire messages and causes a DoS (bsc#1267488). - CVE-2026-45686: go.opentelemetry.io/obi: integer overflow in memcached text protocol parser can crash the OBI process and cause denial of service (bsc#1267489). - CVE-2026-46595: golang.org/x/crypto/ssh: source-address validation is skipped if any other type of callback is passed other than public key (bsc#1266196). - CVE-2026-46597: golang.org/x/crypto/ssh: incorrectly placed cast from bytes toint in the AES-GCM packet decoder when processing specially crafted input can lead to for server-side panic (bsc#1266196). - CVE-2026-46598: golang.org/x/crypto/ssh: `ed25519.PrivateKey` created by casting malformed wire bytes due to processing of certain crafted inputs can lead to panic when used (bsc#1266196). Other updates and bugfixes: - Version 1.17.0: * Features * Add GraphQL server and `gql` subcommand. * `otelcol`: Add Nginx receiver. * `otelcol.exporter.prometheus`: Convert classic histograms to NHCB. * `database_observability`: Various enhancements for MySQL and Postgres. * `faro.receiver`: Support gzip-compressed request bodies. * Update to Beyla 3.9.8. * Bug Fixes * security: Update `x/crypto`, `x/net`, `jackc/pgx/v5`, and `obi`. * cluster: Fix nodes failing to join the cluster with TLS enabled. * `loki.process`: Fix potential deadlocks and limit stage shutdown. * Update Go to v1.26.4. - Version 1.16.3: * cluster: Fix nodes failing to join the cluster when TLS is enabled. - Version 1.16.2: * `loki.process`: No longer mutate rules in `stage.truncate` causing every config update to reload pipeline when this stage is used. * `loki.process`: Potential deadlock on update with stage and receiver changes. * `otelcol.exporter.awss3`: Add missing `unique_key_func_name` attribute. - Remove dependency on vulnerable `yaml` library. Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1172=1 Package List: - openSUSE Leap 16.0: alloy-1.17.0-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2026-25680.html * https://www.suse.com/security/cve/CVE-2026-25681.html * https://www.suse.com/security/cve/CVE-2026-27136.html * https://www.suse.com/security/cve/CVE-2026-33532.html *https://www.suse.com/security/cve/CVE-2026-39821.html * https://www.suse.com/security/cve/CVE-2026-39827.html * https://www.suse.com/security/cve/CVE-2026-39828.html * https://www.suse.com/security/cve/CVE-2026-39829.html * https://www.suse.com/security/cve/CVE-2026-39830.html * https://www.suse.com/security/cve/CVE-2026-39831.html * https://www.suse.com/security/cve/CVE-2026-39832.html * https://www.suse.com/security/cve/CVE-2026-39833.html * https://www.suse.com/security/cve/CVE-2026-39834.html * https://www.suse.com/security/cve/CVE-2026-39835.html * https://www.suse.com/security/cve/CVE-2026-41889.html * https://www.suse.com/security/cve/CVE-2026-42502.html * https://www.suse.com/security/cve/CVE-2026-42506.html * https://www.suse.com/security/cve/CVE-2026-42508.html * https://www.suse.com/security/cve/CVE-2026-44740.html * https://www.suse.com/security/cve/CVE-2026-45678.html * https://www.suse.com/security/cve/CVE-2026-45682.html * https://www.suse.com/security/cve/CVE-2026-45685.html * https://www.suse.com/security/cve/CVE-2026-45686.html * https://www.suse.com/security/cve/CVE-2026-46595.html * https://www.suse.com/security/cve/CVE-2026-46597.html * https://www.suse.com/security/cve/CVE-2026-46598.html . Critical openSUSE security update for alloy resolves 26 issues, enhancing stability and preventing service disruptions.. openSUSE security advisory software update vulnerabilities patch. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 OpenSUSE
202

openSUSE Trivy Important DoS Arbitrary File Write Vulnern 2026-21249-1

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.. openSUSE security update: security update for trivy ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21249-1 Rating: important References: * bsc#1269269 * bsc#1269271 Cross-References: * CVE-2026-54448 * CVE-2026-55092 CVSS scores: * CVE-2026-54448 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-54448 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-55092 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-55092 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed. Description: This update for trivy fixes the following issues Update to version 0.72.0. - CVE-2026-54448: tar unpacker reads scanned Helm chart archives (.tgz) with `io.ReadAll(tr)` and defines no size limit, which can lead to a DoS (bsc#1269271). - CVE-2026-55092: `org.opencontainers.image.title` annotation from OCI artifact manifest is used as a destination filename without validation and can lead to arbitrary file writes (bsc#1269269). Other updates and bugfixes: - Version 0.72.0: * feat(bottlerocket): add vulnerability matching for Bottlerocket OS (#10893) * fix(misconf): support github_repository_vulnerability_alerts resource (#10680) * feat(java): detect JAR licenses from packaged LICENSE files (#10856) * fix(nodejs): parse project dependencies from multi-document pnpm-lock.yaml (#10861) * fix(server): propagate package repository class in client/server mode (#10874) * chore(deps): bump github.com/containerd/containerd/v2 from 2.3.1 to 2.3.2 (#10888) * fix(vuln): fall back to UNKNOWN severity when vulnerability details are missing (#10795) * feat(java): detect JARlicenses from the embedded pom.xml (#10851) * chore(deps): Upgrade github.com/cenkalti/backoff to v6 (#10863) * ci(helm): bump Trivy version to 0.71.2 for Trivy Helm Chart 0.23.2 (#10873) * chore(deps): bump alpine to 3.24.1 (#10868) * docs: fix article typo in plugin developer guide (#10860) * feat(misconf): Adds CloudFront standard logging v2 support to AVD-AWS-0010 (#10848) * docs: fix typos (#10857) * fix(terraform): avoid data race on global getter.Getters in remote module resolver (#10843) * feat(secret): support new stateless format for GitHub App installation tokens (#10826) * fix: correct format verbs in diagnostic messages (#10805) * ci(helm): bump Trivy version to 0.71.1 for Trivy Helm Chart 0.23.1 (#10845) * refactor: use ParseErrorsAllowlist instead of ParseErrorsWhitelist (#10830) * docs: fix repository scan heading typo (#10828) * fix: forward ospkg detector options through ospkg.NewScanner (#10811) * chore(deps): bump github.com/bufbuild/buf to v1.70.0 (#10801) * fix(vex): load VEX documents from within the repository directory (#10820) * ci!: migrate docker config to dockers_v2 (#10783) * feat(dotnet): detect bundled runtime in self-contained deployments (#10786) * feat(secret): add OpenAI secret detection rules (#10798) * ci: expect GitHub App bot as backport PR author (#10813) * fix: surface the original analysis error instead of context cancellation (#10793) * chore(deps): bump the github-actions group across 1 directory with 11 updates (#10803) * chore(deps): bump the common group with 4 updates (#10797) * chore(deps): bump the aws group with 4 updates (#10796) * fix: use random suffix for process temp directory instead of PID (#10431) * docs: update signature verification for deb and rpm packages (#10784) * fix(image): lookup origin layer for custom resources in merged layers (#10788) * ci: bump GoReleaser to v2.16.0 (#10774) * docs: fix broken nixpkgs reference link in installation guide (#10776) * fix(image): deterministic OSpackage deduplication for images with embedded SBOMs (#10777) * fix(spdx): guard against nil root component in SPDX marshaler (#10771) * ci(helm): bump Trivy version to 0.71.0 for Trivy Helm Chart 0.23.0 (#10768) Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1170=1 Package List: - openSUSE Leap 16.0: trivy-0.72.0-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2026-54448.html * https://www.suse.com/security/cve/CVE-2026-55092.html . Updates for openSUSE's trivy resolve significant issues including denial of service and file write vulnerabilities. Stay secure!. openSUSE security. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 OpenSUSE
202

openSUSE docker-compose Important Denial of Service Escalation 2026-21247-1

An update that solves 4 vulnerabilities and has 4 bug fixes can now be installed.. openSUSE security update: security update for docker-compose ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21247-1 Rating: important References: * bsc#1239340 * bsc#1239766 * bsc#1265782 * bsc#1266625 Cross-References: * CVE-2025-0495 * CVE-2025-22869 * CVE-2026-33814 * CVE-2026-39821 CVSS scores: * CVE-2025-0495 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N * CVE-2025-0495 ( SUSE ): 4.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-22869 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 4 vulnerabilities and has 4 bug fixes can now be installed. Description: This update for docker-compose fixes the following issues - CVE-2025-0495: buildx: credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration (bsc#1239766). - CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239340). - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1265782). - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation (bsc#1266625). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1168=1 Package List: - openSUSE Leap 16.0: docker-compose-2.33.1-160000.5.1 References: * https://www.suse.com/security/cve/CVE-2025-0495.html * https://www.suse.com/security/cve/CVE-2025-22869.html * https://www.suse.com/security/cve/CVE-2026-33814.html * https://www.suse.com/security/cve/CVE-2026-39821.html . An important update for openSUSE addresses four significant issues in docker-compose, enhancing its security and reliability.. openSUSE update security docker-compose important. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 OpenSUSE
202

openSUSE Podman Important DoS Issues Fixed 2026-21244-1

An update that solves 20 vulnerabilities and has 2 bug fixes can now be installed.. openSUSE security update: security update for podman ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21244-1 Rating: important References: * bsc#1262856 * bsc#1266125 Cross-References: * CVE-2025-22869 * CVE-2025-47913 * CVE-2025-47914 * CVE-2025-52881 * CVE-2025-6032 * CVE-2025-9566 * CVE-2026-34986 * CVE-2026-39827 * CVE-2026-39828 * CVE-2026-39829 * CVE-2026-39830 * CVE-2026-39831 * CVE-2026-39832 * CVE-2026-39833 * CVE-2026-39834 * CVE-2026-39835 * CVE-2026-42508 * CVE-2026-46595 * CVE-2026-46597 * CVE-2026-46598 CVSS scores: * CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-22869 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47914 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-52881 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-52881 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-6032 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-6032 ( SUSE ): 9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-9566 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-9566 ( SUSE ): 7.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34986 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39827 ( SUSE): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39828 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39830 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N * CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39833 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-42508 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46595 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46598 ( SUSE ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 20 vulnerabilities and has 2 bug fixes can now be installed. Description: This update for podman fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE input with a missing encrypted key can lead to a denial of service (bsc#1262856). - CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266125). - CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266125). - CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266125). - CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh (bsc#1266125). - CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh (bsc#1266125). - CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent (bsc#1266125). - CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266125). - CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266125). - CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266125). - CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts (bsc#1266125). - CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh (bsc#1266125). - CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266125). - CVE-2026-46598: Invoking pathological inputs can lead toclient panic in golang.org/x/crypto/ssh/agent (bsc#1266125). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1165=1 Package List: - openSUSE Leap 16.0: podman-5.4.2-160000.5.1 podman-docker-5.4.2-160000.5.1 podman-remote-5.4.2-160000.5.1 podmansh-5.4.2-160000.5.1 References: * https://www.suse.com/security/cve/CVE-2025-22869.html * https://www.suse.com/security/cve/CVE-2025-47913.html * https://www.suse.com/security/cve/CVE-2025-47914.html * https://www.suse.com/security/cve/CVE-2025-52881.html * https://www.suse.com/security/cve/CVE-2025-6032.html * https://www.suse.com/security/cve/CVE-2025-9566.html * https://www.suse.com/security/cve/CVE-2026-34986.html * https://www.suse.com/security/cve/CVE-2026-39827.html * https://www.suse.com/security/cve/CVE-2026-39828.html * https://www.suse.com/security/cve/CVE-2026-39829.html * https://www.suse.com/security/cve/CVE-2026-39830.html * https://www.suse.com/security/cve/CVE-2026-39831.html * https://www.suse.com/security/cve/CVE-2026-39832.html * https://www.suse.com/security/cve/CVE-2026-39833.html * https://www.suse.com/security/cve/CVE-2026-39834.html * https://www.suse.com/security/cve/CVE-2026-39835.html * https://www.suse.com/security/cve/CVE-2026-42508.html * https://www.suse.com/security/cve/CVE-2026-46595.html * https://www.suse.com/security/cve/CVE-2026-46597.html * https://www.suse.com/security/cve/CVE-2026-46598.html . This security update resolves 20 issues in podman on openSUSE, ensuring system integrity and performance. Recommended action: update.. opensuse update, podman security, important advisory. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 OpenSUSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200