Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 463
Alerts This Week
Warning Icon 1 463

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 9,991 articles for you...
100

SUSE Perl-Cpanel-JSON-XS Key Type Confusion Denial of Service 2026-2782-1

An update that solves two vulnerabilities can now be installed.. # Security update for perl-Cpanel-JSON-XS Announcement ID: SUSE-SU-2026:2782-1 Release Date: 2026-07-06T18:01:58Z Rating: important References: * bsc#1267546 * bsc#1267547 Cross-References: * CVE-2026-9334 * CVE-2026-9516 CVSS scores: * CVE-2026-9334 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-9334 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-9334 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-9516 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-9516 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-9516 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for perl-Cpanel-JSON-XS fixes the following issues * CVE-2026-9334: type confusion via duplicate object keys when `dupkeys_as_arrayref` is enabled (bsc#1267546). * CVE-2026-9516: denial of service via UTF-8 BOM prefixed input when a decode filter callback throws (bsc#1267547). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2782=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * perl-Cpanel-JSON-XS-debuginfo-4.380.0-150700.3.6.1 * perl-Cpanel-JSON-XS-4.380.0-150700.3.6.1 * perl-Cpanel-JSON-XS-debugsource-4.380.0-150700.3.6.1 ##References: * https://www.suse.com/security/cve/CVE-2026-9334.html * https://www.suse.com/security/cve/CVE-2026-9516.html * https://bugzilla.suse.com/show_bug.cgi?id=1267546 * https://bugzilla.suse.com/show_bug.cgi?id=1267547 . Critical security update for perl-Cpanel-JSON-XS addressing two vulnerabilities and impacting SUSE systems effectively.. SUSE Linux Enterprise, perl-Cpanel-JSON-XS, security update, JSON parsing, software vulnerabilities. . LinuxSecurity.com Team

Calendar%202 Jul 07, 2026 SuSE
217

Oracle Linux 8 Ruby Important DoS Fixes Advisory ELSA-2026-33515

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-33515 http://linux.oracle.com/errata/ELSA-2026-33515.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: ruby-3.3.10-7.module+el8.10.0+90936+88c9ba90.i686.rpm ruby-3.3.10-7.module+el8.10.0+90936+88c9ba90.x86_64.rpm ruby-bundled-gems-3.3.10-7.module+el8.10.0+90936+88c9ba90.i686.rpm ruby-bundled-gems-3.3.10-7.module+el8.10.0+90936+88c9ba90.x86_64.rpm ruby-default-gems-3.3.10-7.module+el8.10.0+90936+88c9ba90.noarch.rpm ruby-devel-3.3.10-7.module+el8.10.0+90936+88c9ba90.i686.rpm ruby-devel-3.3.10-7.module+el8.10.0+90936+88c9ba90.x86_64.rpm ruby-doc-3.3.10-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-abrt-0.4.0-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-abrt-doc-0.4.0-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-bigdecimal-3.1.5-7.module+el8.10.0+90936+88c9ba90.i686.rpm rubygem-bigdecimal-3.1.5-7.module+el8.10.0+90936+88c9ba90.x86_64.rpm rubygem-bundler-2.5.22-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-io-console-0.7.1-7.module+el8.10.0+90936+88c9ba90.i686.rpm rubygem-io-console-0.7.1-7.module+el8.10.0+90936+88c9ba90.x86_64.rpm rubygem-irb-1.13.1-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-json-2.7.2-7.module+el8.10.0+90936+88c9ba90.i686.rpm rubygem-json-2.7.2-7.module+el8.10.0+90936+88c9ba90.x86_64.rpm rubygem-minitest-5.20.0-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-mysql2-0.5.5-1.module+el8.10.0+90287+d51aa4ed.x86_64.rpm rubygem-mysql2-doc-0.5.5-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-pg-1.5.4-1.module+el8.10.0+90287+d51aa4ed.x86_64.rpm rubygem-pg-doc-1.5.4-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-power_assert-2.0.3-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-psych-5.1.2-7.module+el8.10.0+90936+88c9ba90.i686.rpm rubygem-psych-5.1.2-7.module+el8.10.0+90936+88c9ba90.x86_64.rpm rubygem-racc-1.7.3-7.module+el8.10.0+90936+88c9ba90.i686.rpm rubygem-racc-1.7.3-7.module+el8.10.0+90936+88c9ba90.x86_64.rpm rubygem-rake-13.1.0-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-rbs-3.4.0-7.module+el8.10.0+90936+88c9ba90.i686.rpm rubygem-rbs-3.4.0-7.module+el8.10.0+90936+88c9ba90.x86_64.rpm rubygem-rdoc-6.6.3.1-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-rexml-3.4.4-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-rss-0.3.1-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygems-3.5.22-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygems-devel-3.5.22-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-test-unit-3.6.1-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-typeprof-0.21.9-7.module+el8.10.0+90936+88c9ba90.noarch.rpm ruby-libs-3.3.10-7.module+el8.10.0+90936+88c9ba90.i686.rpm ruby-libs-3.3.10-7.module+el8.10.0+90936+88c9ba90.x86_64.rpm aarch64: ruby-3.3.10-7.module+el8.10.0+90936+88c9ba90.aarch64.rpm ruby-bundled-gems-3.3.10-7.module+el8.10.0+90936+88c9ba90.aarch64.rpm ruby-default-gems-3.3.10-7.module+el8.10.0+90936+88c9ba90.noarch.rpm ruby-devel-3.3.10-7.module+el8.10.0+90936+88c9ba90.aarch64.rpm ruby-doc-3.3.10-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-abrt-0.4.0-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-abrt-doc-0.4.0-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-bigdecimal-3.1.5-7.module+el8.10.0+90936+88c9ba90.aarch64.rpm rubygem-bundler-2.5.22-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-io-console-0.7.1-7.module+el8.10.0+90936+88c9ba90.aarch64.rpm rubygem-irb-1.13.1-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-json-2.7.2-7.module+el8.10.0+90936+88c9ba90.aarch64.rpm rubygem-minitest-5.20.0-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-mysql2-0.5.5-1.module+el8.10.0+90287+d51aa4ed.aarch64.rpm rubygem-mysql2-doc-0.5.5-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-pg-1.5.4-1.module+el8.10.0+90287+d51aa4ed.aarch64.rpm rubygem-pg-doc-1.5.4-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-power_assert-2.0.3-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-psych-5.1.2-7.module+el8.10.0+90936+88c9ba90.aarch64.rpm rubygem-racc-1.7.3-7.module+el8.10.0+90936+88c9ba90.aarch64.rpm rubygem-rake-13.1.0-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-rbs-3.4.0-7.module+el8.10.0+90936+88c9ba90.aarch64.rpm rubygem-rdoc-6.6.3.1-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-rexml-3.4.4-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-rss-0.3.1-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygems-3.5.22-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygems-devel-3.5.22-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-test-unit-3.6.1-7.module+el8.10.0+90936+88c9ba90.noarch.rpm rubygem-typeprof-0.21.9-7.module+el8.10.0+90936+88c9ba90.noarch.rpm ruby-libs-3.3.10-7.module+el8.10.0+90936+88c9ba90.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/ruby-3.3.10-7.module+el8.10.0+90936+88c9ba90.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/rubygem-abrt-0.4.0-1.module+el8.10.0+90287+d51aa4ed.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/rubygem-mysql2-0.5.5-1.module+el8.10.0+90287+d51aa4ed.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/rubygem-pg-1.5.4-1.module+el8.10.0+90287+d51aa4ed.src.rpm Related CVEs: CVE-2026-42245 CVE-2026-42246 CVE-2026-42258 Description of changes: ruby [3.3.10-7] - Fix DoS via crafted IMAP responses in net-imap. (CVE-2026-42245) Resolves: RHEL-181682 - Fix information disclosure via MITM attack bypassing TLS in net-imap. (CVE-2026-42246) Resolves: RHEL-181759 - Fix command injection via Symbol arguments in net-imap. (CVE-2026-42258) Resolves: RHEL-181791 rubygem-abrt [0.4.0-1] - Update to abrt 0.4.0. Resolves: rhbz#1842476 rubygem-mysql2 [0.5.5-1] - Upgrade to mysql2 0.5.5. Related: RHEL-17090 rubygem-pg [1.5.4-1] - Upgrade to pg 1.5.4. Related: RHEL-17090 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Stay updated on Oracle Linux Security Advisory ELSA-2026-33515 for Ruby 3.3 critical fixes and upgrades.. Oracle Linux Ruby Security Update DoS Threat. . LinuxSecurity.com Team

Calendar%202 Jul 07, 2026 Oracle
217

Oracle Linux 8 Kernel Important Threats Advisory ELSA-2026-50374

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-50374 http://linux.oracle.com/errata/ELSA-2026-50374.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: aarch64: kernel-uek-5.4.17-2136.357.3.1.el8uek.aarch64.rpm kernel-uek-debug-5.4.17-2136.357.3.1.el8uek.aarch64.rpm kernel-uek-debug-devel-5.4.17-2136.357.3.1.el8uek.aarch64.rpm kernel-uek-devel-5.4.17-2136.357.3.1.el8uek.aarch64.rpm kernel-uek-doc-5.4.17-2136.357.3.1.el8uek.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.357.3.1.el8uek.src.rpm Related CVEs: CVE-2022-50073 CVE-2025-10263 CVE-2026-31504 CVE-2026-31657 CVE-2026-43037 CVE-2026-46331 CVE-2026-52943 CVE-2026-53359 Description of changes: [5.4.17-2136.357.3.1] - KVM: x86: Fix shadow paging use-after-free due to unexpected role (Paolo Bonzini) [Orabug: 39673892] - KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (Sean Christopherson) [Orabug: 39673892] - KVM: x86/MMU: Recursively zap nested TDP SPs when zapping last/only parent (Ben Gardon) [Orabug: 39673892] - KVM: x86/mmu: Move flush logic from mmu_page_zap_pte() to FNAME(invlpg) (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: pull call to drop_large_spte() into __link_shadow_page() (Paolo Bonzini) [Orabug: 39673892] - KVM: x86/mmu: Passing up the error state of mmu_alloc_shadow_roots() (Like Xu) [Orabug: 39673892] - KVM: MMU: load PDPTRs outside mmu_lock (Paolo Bonzini) [Orabug: 39673892] - KVM: x86/mmu: Check PDPTRs before allocating PAE roots (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Always pass 0 for @quadrant when gptes are 8 bytes (David Matlack) [Orabug: 39673892] - KVM: x86/mmu: Derive shadow MMU page role from parent (David Matlack) [Orabug: 39673892] - KVM: X86: Remove useless code to set role.gpte_is_8_bytes when role.direct (Lai Jiangshan) [Orabug: 39673892] - KVM: X86: Synchronize the shadowpagetable before link it (Lai Jiangshan) [Orabug: 39673892] - KVM: X86: Fix missed remote tlb flush in rmap_write_protect() (Lai Jiangshan) [Orabug: 39673892] - KVM: x86/mmu: Refactor shadow walk in __direct_map() to reduce indentation (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Stop passing "direct" to mmu_alloc_root() (David Matlack) [Orabug: 39673892] - KVM: x86/mmu: Use a bool for direct (David Matlack) [Orabug: 39673892] - kvm: mmu: Replace unsigned with unsigned int for PTE access (Ben Gardon) [Orabug: 39673892] - KVM: x86/mmu: Ensure MMU pages are available when allocating roots (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Allocate pae_root and lm_root pages in dedicated helper (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Allocate the lm_root before allocating PAE roots (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Capture 'mmu' in a local variable when allocating roots (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Alloc page for PDPTEs when shadowing 32-bit NPT with 64-bit (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Stash 'kvm' in a local variable in kvm_mmu_free_roots() (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Add a helper to consolidate root sp allocation (Sean Christopherson) [Orabug: 39673892] - net/sched: act_pedit: fix action bind logic (Pedro Tammela) [Orabug: 39680880] - net/sched: act_pedit: free pedit keys on bail from offset check (Pedro Tammela) [Orabug: 39680880] - net/sched: fix pedit partial COW leading to page cache corruption (Rajat Gupta) [Orabug: 39680880] {CVE-2026-46331} - net/sched: act_pedit: Parse L3 Header for L4 offset (Max Tottenham) [Orabug: 39680880] - net/sched: act_pedit: rate limit datapath messages (Pedro Tammela) [Orabug: 39680880] - net/sched: act_pedit: check static offsets a priori (Pedro Tammela) [Orabug: 39680880] - net/sched: act_pedit: remove extra check for key type (Pedro Tammela) [Orabug: 39680880] - net/sched: simplify tcf_pedit_act (Pedro Tammela) [Orabug: 39680880] - net/sched: transition act_pedit to rcu and percpu stats (Pedro Tammela) [Orabug: 39680880] - net/sched: act_pedit: use NLA_POLICY for parsing 'ex' keys (Pedro Tammela) [Orabug: 39680880] [5.4.17-2136.357.3] - net: skbuff: fix missing zerocopy reference in pskb_carve helpers (Minh Nguyen) [Orabug: 39619389] {CVE-2026-52943} [5.4.17-2136.357.2] - net: fix fanout UAF in packet_release() via NETDEV_UP race (Yochai Eisenrich) [Orabug: 39250953] {CVE-2026-31504} - x86/kaslr: Recognize all ZONE_DEVICE users as physaddr consumers (Dan Williams) [Orabug: 39429802] - x86/kaslr: Reduce KASLR entropy on most x86 systems (Balbir Singh) [Orabug: 39429802] - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb-> dev is null (Cezar Bulinaru) [Orabug: 39526882] {CVE-2022-50073} - arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Rutland) [Orabug: 39548666] {CVE-2025-10263} - arm64: tlb: Add ARM64_WORKAROUND_REPEAT_TLBI_SYNC (Mark Rutland) [Orabug: 39548666] - ARM: uek: Disable CONFIG_QCOM_FALKOR_ERRATUM_1003 (Boris Ostrovsky) [Orabug: 39548666] - arm64: tlb: allow XZR argument to TLBI ops (Mark Rutland) [Orabug: 39548666] - arm64: cputype: Add C1-Premium definitions (Mark Rutland) [Orabug: 39548666] - arm64: cputype: Add C1-Ultra definitions (Mark Rutland) [Orabug: 39548666] - ip6_tunnel: clear skb2-> cb[] in ip4ip6_err() (Eric Dumazet) [Orabug: 39300926] {CVE-2026-43037} [5.4.17-2136.357.1] - batman-adv: hold claim backbone gateways by reference (Haoze Xie) [Orabug: 39262375] {CVE-2026-31657} - scsi: fcoe: Reject FIP descriptors with zero fip_dlen in CVL walker (Michael Bommarito) [Orabug: 39446045] - scsi: target: iscsi: Fix CRC overread and double-free in iscsit_handle_text_cmd() (Michael Bommarito) [Orabug: 39446045] - scsi: target: iscsi: Bound iscsi_encode_text_output() appends to rsp_buf (Michael Bommarito) [Orabug: 39446045] - rds: Drop rds conn in connect worker if not in down state. (Rohit Nair) [Orabug: 39152239] [5.4.17-2136.356.4.1] -smb: client: reject userspace cifs.spnego descriptions (Asim Viladi Oglu Manizada) [Orabug: 39463669] {CVE-2026-46243} [5.4.17-2136.356.4] - tun: free page on build_skb failure in tun_xdp_one() (Weiming Shi) [Orabug: 39429147] - tap: free page on error paths in tap_get_user_xdp() (Weiming Shi) [Orabug: 39429147] - tun: free page on short-frame rejection in tun_xdp_one() (Weiming Shi) [Orabug: 39429147] [5.4.17-2136.356.3] - ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39384275,39391459] {CVE-2026-46333} - net: skbuff: propagate shared-frag marker through frag-transfer helpers (Hyunwoo Kim) [Orabug: 39368828,39441326] {CVE-2026-43503,CVE-2026-46300} - net: skbuff: preserve shared-frag marker during coalescing (William Bowling) [Orabug: 39368828] {CVE-2026-46300} [5.4.17-2136.356.2] - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Jeff Layton) [Orabug: 39167617,39368718] {CVE-2026-31402} - scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (Maurizio Lombardi) [Orabug: 38985173,39368732] {CVE-2026-23216} - scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (Maurizio Lombardi) [Orabug: 38970455,39368774] {CVE-2026-23193} - xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39334580,39367147] {CVE-2026-43284} - x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39218897] {CVE-2025-54518} [5.4.17-2136.356.1] - arm64/kvm: Include linux/random.h in trng.c (Siddh Raman Pant) [Orabug: 39327096] - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (Tam Nguyen) [Orabug: 39174662] - i2c: designware: Handle invalid SMBus block data response length value (Tam Nguyen) [Orabug: 39174662] - i2c: designware: fix __i2c_dw_disable() in case master is holding SCL low (Yann Sionneau) [Orabug: 39174662] [5.4.17-2136.355.3] - crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [Orabug: 39250687,39331106] {CVE-2026-43077} - crypto: af_alg - Fix page reassignmentoverflow in af_alg_pull_tsgl (Herbert Xu) [Orabug: 39250687,39331111] {CVE-2026-43078} - crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [Orabug: 39250687] - crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [Orabug: 39250687,39300911] {CVE-2026-43033} - crypto: authenc - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250687] - crypto: algif_aead - snapshot IV for async AEAD requests (Douya Le) [Orabug: 39250687,39452217] {CVE-2026-46028} - crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [Orabug: 39250687,39283868,39292250] {CVE-2026-31431} - crypto: algif_aead - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250687] {CVE-2026-31431} - crypto: scatterwalk - Backport memcpy_sglist() (Eric Biggers) [Orabug: 39250687] - crypto: doc - fix kernel-doc notation in chacha.c and af_alg.c (Randy Dunlap) [Orabug: 39250687] _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux Advisory ELSA-2026-50374 addresses important updates for kernel vulnerabilities, enhancing system security.. Oracle Linux security advisory, kernel updates, ELSA-2026-50374. . LinuxSecurity.com Team

Calendar%202 Jul 07, 2026 Oracle
89

Fedora 43 kernel-headers 7.1.3 Significant CVE-2026-53359 Resolution

The 7.1.3 stable kernel rebase contains new features, improved hardware support, and a number of important fixes across the tree. This also has a fix for CVE-2026-53359. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c3e2e91b4d 2026-07-07 01:08:27.509786+00:00 -------------------------------------------------------------------------------- Name : kernel-headers Product : Fedora 43 Version : 7.1.3 Release : 100.fc43 URL : http://www.kernel.org/ Summary : Header files for the Linux kernel for use by glibc Description : Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package. -------------------------------------------------------------------------------- Update Information: The 7.1.3 stable kernel rebase contains new features, improved hardware support, and a number of important fixes across the tree. This also has a fix for CVE-2026-53359 -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 5 2026 Justin M. Forbes - 7.1.3-1 - Linux v7.1.3 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c3e2e91b4d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fedora 43 kernel-headers 7.1.3 update fixes CVE-2026-53359, enhancing system security and stability.. Fedora kernel security updates CVE-2026-53359 kernel-headers. . LinuxSecurity.com Team

Calendar%202 Jul 06, 2026 Fedora
89

Fedora 43 Kernel 7.1.3 Important CVE-2026-53359 Security Update

The 7.1.3 stable kernel rebase contains new features, improved hardware support, and a number of important fixes across the tree. This also has a fix for CVE-2026-53359. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c3e2e91b4d 2026-07-07 01:08:27.509786+00:00 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 43 Version : 7.1.3 Release : 100.fc43 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package -------------------------------------------------------------------------------- Update Information: The 7.1.3 stable kernel rebase contains new features, improved hardware support, and a number of important fixes across the tree. This also has a fix for CVE-2026-53359 -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 4 2026 Justin M. Forbes [7.1.3-1] - Linux v7.1.3 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c3e2e91b4d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Kernel 7.1.3 for Fedora 43 includes new features and crucial fixes for CVE-2026-53359. Ensure timely updates to maintain system integrity.. Fedora 43 Kernel 7.1.3 Update, System Security Fixes, CVE-2026-53359 Resolution. . LinuxSecurity.com Team

Calendar%202 Jul 06, 2026 Fedora
89

Fedora 43 HPLIP Important Incomplete Fix CVE-2026-14544 Advisory

fix CVE-2026-14544 - incomplete fix after CVE-2026-8631 (fedora#2496773, fedora#2496772). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-7d23917d90 2026-07-07 01:08:27.509772+00:00 -------------------------------------------------------------------------------- Name : hplip Product : Fedora 43 Version : 3.26.4 Release : 7.fc43 URL : https://developers.hp.com/hp-linux-imaging-and-printing Summary : HP Linux Imaging and Printing Project Description : The Hewlett-Packard Linux Imaging and Printing Project provides drivers for HP printers and multi-function peripherals. -------------------------------------------------------------------------------- Update Information: fix CVE-2026-14544 - incomplete fix after CVE-2026-8631 (fedora#2496773, fedora#2496772) -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 3 2026 Zdenek Dohnal - 3.26.4-7 - fix CVE-2026-14544 - incomplete fix after CVE-2026-8631 (fedora#2496773, fedora#2496772) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2496772 - CVE-2026-14544 HPLIP: Incomplete Fix for CVE-2026-8631 https://bugzilla.redhat.com/show_bug.cgi?id=2496772 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-7d23917d90' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Explore the security advisory for Fedora 43 addressing incomplete fixes in HP Linux Imaging and Printing due to CVE-2026-14544.. Fedora 43 HPLIP update security advisory CVE-2026-14544 incomplete fix. . LinuxSecurity.com Team

Calendar%202 Jul 06, 2026 Fedora
89

Fedora 43 perl-Imager Significant CVE-2026-13708 CVE-2026-13705 Update

1.032 bump- Fix CVE-2026-13708 and CVE-2026-13705. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ab8bc1220a 2026-07-07 01:08:27.509774+00:00 -------------------------------------------------------------------------------- Name : perl-Imager Product : Fedora 43 Version : 1.032 Release : 1.fc43 URL : https://metacpan.org/release/Imager Summary : Perl extension for Generating 24 bit Images Description : Imager is a module for creating and altering images. It can read and write various image formats, draw primitive shapes like lines,and polygons, blend multiple images together in various ways, scale, crop, render text and more. -------------------------------------------------------------------------------- Update Information: 1.032 bump- Fix CVE-2026-13708 and CVE-2026-13705 -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 3 2026 Jitka Plesnikova - 1.032-1 - 1.032 bump (rhbz#2495894) - Fix CVE-2026-13708 and CVE-2026-13705 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2495894 - perl-Imager-1.032 is available https://bugzilla.redhat.com/show_bug.cgi?id=2495894 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ab8bc1220a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fedora 43 Perl-Imager patch fixes CVE-2026-13708 and CVE-2026-13705. Update recommended for security.. perl image processing, Fedora security update, CVE fix, software patch, image manipulation. . LinuxSecurity.com Team

Calendar%202 Jul 06, 2026 Fedora
89

Fedora 43 ClamAV Critical Multiple Issues Fix 2026-144f87ee92

Fixes for multiple CVEs https://github.com/Cisco- Talos/clamav/releases/tag/clamav-1.4.5. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-144f87ee92 2026-07-07 01:08:27.509767+00:00 -------------------------------------------------------------------------------- Name : clamav Product : Fedora 43 Version : 1.4.5 Release : 1.fc43 URL : https://www.clamav.net/ Summary : End-user tools for the Clam Antivirus scanner Description : Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. -------------------------------------------------------------------------------- Update Information: Fixes for multiple CVEs https://github.com/Cisco- Talos/clamav/releases/tag/clamav-1.4.5 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 2 2026 Gwyn Ciesla - 1.4.5-1 - Update to 1.4.5 * Fri Jun 12 2026 Yaakov Selkowitz - 1.4.4-2 - Rebuilt for openssl 4.0 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-144f87ee92' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPGkeys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Multiple critical fixes for clamav in Fedora 43. Ensure your system is secure with the latest updates.. clamav security fix, Fedora update, antivirus vulnerability, system patching. . LinuxSecurity.com Team

Calendar%202 Jul 06, 2026 Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200