Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 437
Alerts This Week
Warning Icon 1 437

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":1,"type":"x","order":1,"pct":33.33,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":2,"type":"x","order":3,"pct":66.67,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 9,991 articles for you...
89

Fedora 44 cjson Moderate Out-of-Bounds Access Issues FEDORA-2026-0c3f6c7c67

Update to version 1.7.19. https://github.com/DaveGamble/cJSON/blob/v1.7.19/CHANGELOG.md. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-0c3f6c7c67 2026-07-11 01:06:30.201347+00:00 -------------------------------------------------------------------------------- Name : cjson Product : Fedora 44 Version : 1.7.19 Release : 1.fc44 URL : https://github.com/DaveGamble/cJSON Summary : Ultralightweight JSON parser in ANSI C Description : cJSON aims to be the dumbest possible parser that you can get your job done with. It's a single file of C, and a single header file. -------------------------------------------------------------------------------- Update Information: Update to version 1.7.19. https://github.com/DaveGamble/cJSON/blob/v1.7.19/CHANGELOG.md -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 1 2026 Carl George - 1.7.19-1 - Update to version 1.7.19 rhbz#2394084 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2495843 - CVE-2025-57052 cjson: out-of-bounds access in decode_array_index_from_pointer() in cJSON_Utils.c via crafted JSON pointer strings [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2495843 [ 2 ] Bug #2495846 - CVE-2023-26819 cjson: cJSON rejects a valid text [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2495846 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-0c3f6c7c67' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . The Fedora 44 security advisory discusses cjson update 1.7.19 addressing moderate severity vulnerabilities and their impact.. Fedora cJSON update security advisory out-of-bounds access JSON parser. . LinuxSecurity.com Team

Calendar%202 Jul 10, 2026 Fedora
89

Fedora 44 JFrog-CLI Important Denial Of Service Issues 2026-a5e27945f7

Update to 2.112.0.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a5e27945f7 2026-07-11 01:06:30.201345+00:00 -------------------------------------------------------------------------------- Name : jfrog-cli Product : Fedora 44 Version : 2.112.0 Release : 1.fc44 URL : https://github.com/jfrog/jfrog-cli Summary : CLI to automate access to JFrog products Description : JFrog CLI is a client that provides a simple interface that automates access to the JFrog products. -------------------------------------------------------------------------------- Update Information: Update to 2.112.0. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 2 2026 Simone Caronni - 2.112.0-1 - Update to 2.112.0 * Tue Jun 30 2026 Simone Caronni - 2.111.0-1 - Update to 2.111.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2486209 - CVE-2026-45287 jfrog-cli: OpenTelemetry-Go: Denial of Service due to file descriptor leak [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486209 [ 2 ] Bug #2486291 - CVE-2026-45287 jfrog-cli: OpenTelemetry-Go: Denial of Service due to file descriptor leak [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486291 [ 3 ] Bug #2489886 - CVE-2026-39828 jfrog-cli: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489886 [ 4 ] Bug #2489892 - CVE-2026-39828 jfrog-cli: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489892 [ 5 ] Bug #2490031 - CVE-2026-39829 jfrog-cli: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490031 [ 6 ] Bug #2490064 - CVE-2026-39829 jfrog-cli: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490064 [ 7 ] Bug #2490392 - CVE-2026-39830 jfrog-cli: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490392 [ 8 ] Bug #2490478 - CVE-2026-39830 jfrog-cli: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490478 [ 9 ] Bug #2493082 - CVE-2026-39832 jfrog-cli: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2493082 [ 10 ] Bug #2493369 - jfrog-cli-2.112.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2493369 [ 11 ] Bug #2493527 - CVE-2026-39835 jfrog-cli: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2493527 [ 12 ] Bug #2493565 - CVE-2026-41567 jfrog-cli: Moby/Docker Engine: Arbitrary Code Execution via malicious container image and compressed archive upload [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2493565 [ 13 ] Bug #2494437 - CVE-2026-39833 jfrog-cli: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494437 [ 14 ] Bug #2496444 - CVE-2026-47262 jfrog-cli: containerd: Denial of Service via maliciously crafted image leading to unbounded group parsing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2496444 [ 15 ] Bug #2496513 - CVE-2026-44740 jfrog-cli: Billy: Denial of Service via crafted input due to insufficient validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2496513 [ 16 ] Bug #2496560 - CVE-2026-53492 jfrog-cli: containerd: Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2496560 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a5e27945f7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical updates for jfrog-cli 2.112.0 in Fedora 44 address Denial of Service issues and security bypass risks.. Fedora 44,jfrog-cli,security update,Denial of Service. . LinuxSecurity.com Team

Calendar%202 Jul 10, 2026 Fedora
89

Fedora 44 perl-HTML-Gumbo Critical Information Disclosure 2026-75010c7f44

This package provides the Perl module HTML::Gumbo. Versions before 0.19 disclose heap memory via type confusion. Support for the element was added to libgumbo 0.10.0 in 2015, but the walk_tree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen() over-reads the heap block that the. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-75010c7f44 2026-07-11 01:06:30.201339+00:00 -------------------------------------------------------------------------------- Name : perl-HTML-Gumbo Product : Fedora 44 Version : 0.19 Release : 1.fc44 URL : https://metacpan.org/dist/HTML-Gumbo Summary : HTML5 parser based on gumbo C library Description : Gumbo is an implementation of the HTML5 parsing algorithm implemented as a pure C99 library with no outside dependencies. -------------------------------------------------------------------------------- Update Information: This package provides the Perl module HTML::Gumbo. Versions before 0.19 disclose heap memory via type confusion. Support for the element was added to libgumbo 0.10.0 in 2015, but the walk_tree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen() over-reads the heap block that the pointer addresses. -------------------------------------------------------------------------------- ChangeLog: * Sat May 30 2026 Emmanuel Seyman - 0.19-1 - Update to 0.19 - Update dependencies - Use /usr/bin/perl instead of %{__perl} -------------------------------------------------------------------------------- References: [ 1 ] Bug #2496536 - CVE-2025-15646 perl-HTML-Gumbo: HTML::Gumbo: Information disclosure through HTML template processing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2496536 -------------------------------------------------------------------------------- This update can beinstalled with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-75010c7f44' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Heap memory exposure issue in perl-HTML-Gumbo leads to potential information disclosure in Fedora 44. Update recommended.. Fedora Security, perl-HTML-Gumbo, information disclosure, heap memory, software update. . LinuxSecurity.com Team

Calendar%202 Jul 10, 2026 Fedora
89

Fedora 44 Prometheus Update Critical Security Issues 2026-01a1840582

Update to 3.13.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-01a1840582 2026-07-11 01:06:30.201315+00:00 -------------------------------------------------------------------------------- Name : prometheus Product : Fedora 44 Version : 3.13.0 Release : 1.fc44 URL : https://github.com/prometheus/prometheus Summary : Prometheus monitoring system and time series database Description : The Prometheus monitoring system and time series database. -------------------------------------------------------------------------------- Update Information: Update to 3.13.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 2 2026 Mikel Olasagasti Uranga - 3.13.0-1 - Update to 3.13.0 - Closes rhbz#2495979 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2489191 - CVE-2026-40186 prometheus: ApostropheCMS: sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489191 [ 2 ] Bug #2492689 - CVE-2026-44990 prometheus: `sanitize-html`: Stored Cross-Site Scripting via HTML sanitizer bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2492689 [ 3 ] Bug #2493575 - CVE-2026-41567 prometheus: Moby/Docker Engine: Arbitrary Code Execution via malicious container image and compressed archive upload [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2493575 [ 4 ] Bug #2495063 - CVE-2026-53606 prometheus: sanitize-html: Cross-Site Scripting (XSS) via insufficient URI scheme validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2495063 [ 5 ] Bug #2495322 - CVE-2026-25681 prometheus: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2495322 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-01a1840582' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Explore the recent Fedora update for Prometheus with XSS and code execution risks; patch and secure your systems now.. Prometheus security update, Fedora 44, XSS risks, malicious code execution, sanitization issues. . LinuxSecurity.com Team

Calendar%202 Jul 10, 2026 Fedora
89

Fedora 44 librabbitmq Critical Buffer Overflow Fix 2026-fc2f661416

Version 0.17.0 - 2026-07-01 Security Fix size_t overflow in amqp_decode_bytes bounds check leading to out-of-bounds read (GHSA-jgjf-7fwf-f3c7, #888) Fix heap buffer overflow in amqp_frame_to_bytes for oversized body frames (GHSA-. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-fc2f661416 2026-07-11 01:06:30.201235+00:00 -------------------------------------------------------------------------------- Name : librabbitmq Product : Fedora 44 Version : 0.17.0 Release : 1.fc44 URL : https://github.com/alanxz/rabbitmq-c Summary : Client library for AMQP Description : This is a C-language AMQP client library for use with AMQP servers speaking protocol versions 0-9-1. -------------------------------------------------------------------------------- Update Information: Version 0.17.0 - 2026-07-01 Security Fix size_t overflow in amqp_decode_bytes bounds check leading to out-of-bounds read (GHSA-jgjf-7fwf-f3c7, #888) Fix heap buffer overflow in amqp_frame_to_bytes for oversized body frames (GHSA- hfjv-vcp3-39wh, #892) Added librabbitmq-tools fall back to the AMQP_URL environment variable when no connection options are given on the command line (#887) Fixed Fix undefined behavior in amqp_decode_properties when decoding content-header property flags (#883, #885) Fix ioctlsocket type mismatch on Windows (#890) Document buffer lifetime requirement of amqp_decode_table's encoded buffer to prevent use-after-free misuse (#895) Changed librabbitmq-tools now enable default SSL certificate verification paths unless --no-default-cert-paths is passed (fixes #868, #893) Building the tools now requires POPT v1.14 or newer (#889) -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 2 2026 Remi Collet - 0.17.0-1 - update to 0.17.0 -------------------------------------------------------------------------------- This update can beinstalled with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-fc2f661416' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Security fix for librabbitmq in Fedora 44 addresses critical buffer issues preventing out-of-bounds reads and overflows.. librabbitmq fix, Fedora 44 update, AMQP client security, buffer overflow fix. . LinuxSecurity.com Team

Calendar%202 Jul 10, 2026 Fedora
89

Fedora 44 Composer High Package Validation Path Traversal 2026-22ba02bee3

Version 2.10.2 - 2026-07-01 Security: Validate package names (GHSA-499r-g7pc-vmp9) Security: Validate package bin paths against path traversal (GHSA-gjfg-22fp- rrxx) Security: Sanitize URL-embedded usernames/token in verbose output. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-22ba02bee3 2026-07-11 01:06:30.201230+00:00 -------------------------------------------------------------------------------- Name : composer Product : Fedora 44 Version : 2.10.2 Release : 1.fc44 URL : https://getcomposer.org/ Summary : Dependency Manager for PHP Description : Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/ -------------------------------------------------------------------------------- Update Information: Version 2.10.2 - 2026-07-01 Security: Validate package names (GHSA-499r-g7pc-vmp9) Security: Validate package bin paths against path traversal (GHSA-gjfg-22fp- rrxx) Security: Sanitize URL-embedded usernames/token in verbose output (GHSA-g6xq-892h-64w3) Security: Only follow HTTP redirects from HTTP responses (#12948) Security: Prevent phar metadata unserialization on unsafe PHP versions (#12946) Security: Sanitize JSON parse errors in http responses to avoid leaking response body data (#12959) Added warning output in self-update command when using a soon-to-be EOL version (#12920) Added download retry when a GitHub codeload URL returns a 400 (#12962) Fixed audit command to output the audit result to stdout (#12904) Fixed backspace characters being output to non-decorated output (#12925) Fixed security advisory blocking causing issues with xdebug enabled (#12935) Fixed provider packages hiding suggestions for the package they provide themselves (#12933) Fixed security advisory blocking causing issues with xdebug enabled(#12935) -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 1 2026 Remi Collet - 2.10.2-1 - update to 2.10.2 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-22ba02bee3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Composer 2.10.2 security update addresses critical package validation and path traversal issues on Fedora.. Dependency Management, Package Validation, PHP Security, Fedora Updates. . LinuxSecurity.com Team

Calendar%202 Jul 10, 2026 Fedora
89

Fedora 44 OpenImageIO Security Advisory Allocation Size Bug 2026-25954ebccf

https://github.com/AcademySoftwareFoundation/OpenImageIO/releases/tag/v3.1.15.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-25954ebccf 2026-07-11 01:06:30.201222+00:00 -------------------------------------------------------------------------------- Name : OpenImageIO Product : Fedora 44 Version : 3.1.15.0 Release : 1.fc44 URL : https://openimageio.org/ Summary : Library for reading and writing images Description : OpenImageIO is a library for reading and writing images, and a bunch of related classes, utilities, and applications. Main features include: - Extremely simple but powerful ImageInput and ImageOutput APIs for reading and writing 2D images that is format agnostic. - Format plugins for TIFF, JPEG/JFIF, OpenEXR, PNG, HDR/RGBE, Targa, JPEG-2000, DPX, Cineon, FITS, BMP, ICO, RMan Zfile, Softimage PIC, DDS, SGI, PNM/PPM/PGM/PBM. - An ImageCache class that transparently manages a cache so that it can access truly vast amounts of image data. -------------------------------------------------------------------------------- Update Information: https://github.com/AcademySoftwareFoundation/OpenImageIO/releases/tag/v3.1.15.0 -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 1 2026 Richard Shaw - 1:3.1.15.0-1 - Update to 3.1.15.0. * Thu Jun 25 2026 František Zatloukal - 1:3.1.14.0-6 - Rebuilt for fmt/spdlog * Wed Jun 17 2026 Yaakov Selkowitz - 1:3.1.14.0-5 - Rebuilt for openssl 4.0 * Wed Jun 17 2026 Simone Caronni - 1:3.1.14.0-4 - Rebuild for OpenJPH update. * Fri Jun 12 2026 Yaakov Selkowitz - 1:3.1.14.0-3 - Rebuilt for openssl 4.0 * Fri Jun 5 2026 Python Maint - 1:3.1.14.0-2 - Rebuilt for Python 3.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2341889 - CVE-2024-55195 OpenImageIO: An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2341889 [ 2 ] Bug #2341890 - CVE-2024-55195 OpenImageIO: An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2341890 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-25954ebccf' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update OpenImageIO on Fedora 44 to resolve an allocation size issue. Ensure your system is secure and patched effectively.. OpenImageIO update, Fedora security, image library issue, software patching, allocation size bug. . LinuxSecurity.com Team

Calendar%202 Jul 10, 2026 Fedora
89

Fedora 43 OpenSSH Important Fixes for Client-Side DoS CVE-2026-55653

CVE-2026-55653: Fix double free in openssh DH-GEX client path during FIPS known- group validation that leads to client-side denial of service CVE-2026-55654: Fix heap out-of-bounds read during GSSAPI indicator cleanup due to missing NULL terminator CVE-2026-55655: Fix MITM of X11 forwarding via abstract UNIX socket pre-binding. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-95b955a09b 2026-07-11 00:52:57.708578+00:00 -------------------------------------------------------------------------------- Name : openssh Product : Fedora 43 Version : 10.0p1 Release : 10.fc43 URL : http://www.openssh.com/portable.html Summary : An open source implementation of SSH protocol version 2 Description : SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. -------------------------------------------------------------------------------- Update Information: CVE-2026-55653: Fix double free in openssh DH-GEX client path during FIPS known- group validation that leads to client-side denial of service CVE-2026-55654: Fix heap out-of-bounds read during GSSAPI indicator cleanup due to missing NULL terminator CVE-2026-55655: Fix MITM of X11 forwarding via abstract UNIX socket pre-binding -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 7 2026 Zoltan Fridrich - 10.0p1-10 -CVE-2026-55653: Fix double free in openssh DH-GEX client path during FIPS known-group validation that leads to client-side denial of service - CVE-2026-55654: Fix heap out-of-bounds read during GSSAPI indicator cleanup due to missing NULL terminator - CVE-2026-55655: Fix MITM of X11 forwarding via abstract UNIX socket pre-binding -------------------------------------------------------------------------------- References: [ 1 ] Bug #2442505 - 0043-openssh-8.7p1-ssh-manpage.patch introduces duplicates in documentation https://bugzilla.redhat.com/show_bug.cgi?id=2442505 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-95b955a09b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Enhance your system's security with this important Fedora Advisory on OpenSSH addressing multiple potential issues.. OpenSSH Fixes, Fedora Security, Client-Side Denial of Service, X11 Forwarding Issues. . LinuxSecurity.com Team

Calendar%202 Jul 10, 2026 Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":1,"type":"x","order":1,"pct":33.33,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":2,"type":"x","order":3,"pct":66.67,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200