Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 9,991 articles for you...
202

openSUSE Assimp Important Fixes for Multiple Vulnerabilities 2026-21242-1

An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed.. openSUSE security update: security update for assimp ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21242-1 Rating: important References: * bsc#1251019 * bsc#1266996 * bsc#1266998 * bsc#1266999 * bsc#1267037 Cross-References: * CVE-2025-11277 * CVE-2026-10197 * CVE-2026-10199 * CVE-2026-10200 * CVE-2026-10232 CVSS scores: * CVE-2025-11277 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2025-11277 ( SUSE ): 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-10197 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-10197 ( SUSE ): 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-10199 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-10199 ( SUSE ): 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-10200 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-10200 ( SUSE ): 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-10232 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-10232 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed. Description: This update for assimp fixes thefollowing issues - CVE-2025-11277: large mWidth and mHeight dimensions can lead to integer overflow and a heap-based buffer overflow (bsc#1251019). - CVE-2026-10197: NULL pointer dereference in ImportEmbeddedTextures when mimeType lacks '/' (bsc#1266996). - CVE-2026-10199: NULL pointer dereference in glTF2::LazyDict::operator[] due to unchecked node access in ImportAnimations (bsc#1266998). - CVE-2026-10200: [glTF] Heap-buffer-overflow in CopyValue() when parsing invalid 4x4 matrix with insufficient data (bsc#1266999). - CVE-2026-10232: heap use-after-free in aiNode::~aiNode due to invalid node tree when processing malformed ASE files (bsc#1267037). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1163=1 Package List: - openSUSE Leap 16.0: assimp-devel-5.4.3-160000.4.1 libassimp5-5.4.3-160000.4.1 References: * https://www.suse.com/security/cve/CVE-2025-11277.html * https://www.suse.com/security/cve/CVE-2026-10197.html * https://www.suse.com/security/cve/CVE-2026-10199.html * https://www.suse.com/security/cve/CVE-2026-10200.html * https://www.suse.com/security/cve/CVE-2026-10232.html . Important security fixes for assimp in openSUSE address multiple vulnerabilities and ensure system integrity. Update now!. openSUSE assimp security patch important. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 OpenSUSE
202

openSUSE gstreamer-plugins-good Critical Buffer Overflow CVE-2026-53705

An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for gstreamer-plugins-good ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21240-1 Rating: important References: * bsc#1268449 Cross-References: * CVE-2026-53705 CVSS scores: * CVE-2026-53705 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for gstreamer-plugins-good fixes the following issues: - CVE-2026-53705: wavpackdec: Avoid integer overflow when calculating output buffer size and related fixes (bsc#1268449). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1161=1 Package List: - openSUSE Leap 16.0: gstreamer-plugins-good-1.26.7-160000.2.1 gstreamer-plugins-good-extra-1.26.7-160000.2.1 gstreamer-plugins-good-gtk-1.26.7-160000.2.1 gstreamer-plugins-good-jack-1.26.7-160000.2.1 gstreamer-plugins-good-lang-1.26.7-160000.2.1 gstreamer-plugins-good-qtqml6-1.26.7-160000.2.1 References: * https://www.suse.com/security/cve/CVE-2026-53705.html . Critical openSUSE security update addresses a significant risk in gstreamer-plugins-good, ensuring system protection. Stay updated!. gstreamer security patch, openSUSE updates, system vulnerabilities, important software updates. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 OpenSUSE
202

openSUSE Leap 16.0 Python-msgpack Important Out-of-Bounds CVE-2026-57585

An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for python-msgpack ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21239-1 Rating: important References: * bsc#1269947 Cross-References: * CVE-2026-57585 CVSS scores: * CVE-2026-57585 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for python-msgpack fixes the following issue - CVE-2026-57585: reusing an Unpacker instance after an error has been caught can lead to an out-of-bounds read (bsc#1269947). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1160=1 Package List: - openSUSE Leap 16.0: python313-msgpack-1.1.0-160000.3.1 References: * https://www.suse.com/security/cve/CVE-2026-57585.html . Security update for python-msgpack fixes out-of-bounds read issue on openSUSE Leap 16.0. Update recommended.. openSUSE security, python-msgpack patch, important update, out-of-bounds security, CVE-2026-57585. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 OpenSUSE
202

openSUSE Leap 16.0 krb5 Important Heap Out-of-Bounds Attack 2026-21238-1

An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for krb5 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21238-1 Rating: important References: * bsc#1268131 Cross-References: * CVE-2026-11850 CVSS scores: * CVE-2026-11850 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for krb5 fixes the following issue - CVE-2026-11850: integer underflow in berval2tl_data() leads to heap out-of-bounds read (bsc#1268131). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1159=1 Package List: - openSUSE Leap 16.0: krb5-1.21.3-160000.4.1 krb5-client-1.21.3-160000.4.1 krb5-devel-1.21.3-160000.4.1 krb5-plugin-kdb-ldap-1.21.3-160000.4.1 krb5-plugin-preauth-otp-1.21.3-160000.4.1 krb5-plugin-preauth-pkinit-1.21.3-160000.4.1 krb5-plugin-preauth-spake-1.21.3-160000.4.1 krb5-server-1.21.3-160000.4.1 References: * https://www.suse.com/security/cve/CVE-2026-11850.html . Install the important openSUSE update addressing a heap attack issue in krb5. Secure your system now!. openSUSE updates, krb5 vulnerabilities, important security patches. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 OpenSUSE
202

openSUSE Apache2 Important Buffer Overflow & DoS Issue 2026-21235-1

An update that solves 13 vulnerabilities and has 13 bug fixes can now be installed.. openSUSE security update: security update for apache2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21235-1 Rating: important References: * bsc#1267503 * bsc#1267955 * bsc#1267956 * bsc#1267962 * bsc#1267963 * bsc#1267965 * bsc#1267969 * bsc#1267970 * bsc#1267971 * bsc#1267972 * bsc#1267976 * bsc#1267977 * bsc#1267978 Cross-References: * CVE-2026-29167 * CVE-2026-29170 * CVE-2026-34355 * CVE-2026-34356 * CVE-2026-42535 * CVE-2026-42536 * CVE-2026-43951 * CVE-2026-44119 * CVE-2026-44185 * CVE-2026-44186 * CVE-2026-44631 * CVE-2026-48913 * CVE-2026-49975 CVSS scores: * CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-34355 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42535 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2026-42535 ( SUSE ): 7 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-42536 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-42536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-43951 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-44185 ( SUSE ): 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-44186 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44631 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-44631 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-48913 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48913 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-49975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 13 vulnerabilities and has 13 bug fixes can now be installed. Description: This update for apache2 fixes the following issues - CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976). - CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977). - CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978). - CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955). - CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956). - CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962). - CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963). - CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965). - CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969). - CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of service (bsc#1267970). - CVE-2026-44631: crafted regular expression can lead to a buffer underwrite (bsc#1267971). - CVE-2026-48913: file handleexhaustion during request processing in mod_http2 can lead to a use-after-free (bsc#1267972). - CVE-2026-49975: Fix cookie header accounting against LimitRequestFields (bsc#1267503). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1149=1 Package List: - openSUSE Leap 16.0: apache2-2.4.66-160000.3.1 apache2-devel-2.4.66-160000.3.1 apache2-event-2.4.66-160000.3.1 apache2-manual-2.4.66-160000.3.1 apache2-prefork-2.4.66-160000.3.1 apache2-utils-2.4.66-160000.3.1 apache2-worker-2.4.66-160000.3.1 References: * https://www.suse.com/security/cve/CVE-2026-29167.html * https://www.suse.com/security/cve/CVE-2026-29170.html * https://www.suse.com/security/cve/CVE-2026-34355.html * https://www.suse.com/security/cve/CVE-2026-34356.html * https://www.suse.com/security/cve/CVE-2026-42535.html * https://www.suse.com/security/cve/CVE-2026-42536.html * https://www.suse.com/security/cve/CVE-2026-43951.html * https://www.suse.com/security/cve/CVE-2026-44119.html * https://www.suse.com/security/cve/CVE-2026-44185.html * https://www.suse.com/security/cve/CVE-2026-44186.html * https://www.suse.com/security/cve/CVE-2026-44631.html * https://www.suse.com/security/cve/CVE-2026-48913.html * https://www.suse.com/security/cve/CVE-2026-49975.html . This openSUSE security update addresses 13 important vulnerabilities in apache2, enhancing system protection.. openSUSE security update, apache2 vulnerabilities, important security fix, buffer overflow issue, apache2 patch. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 OpenSUSE
202

openSUSE Security Advisory 2026-0232-1 Go-Sendxmpp Important Issues Fixed

An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for go-sendxmpp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0232-1 Rating: important References: #1265538 #1266617 Cross-References: CVE-2026-1229 CVE-2026-39821 CVSS scores: CVE-2026-1229 (SUSE): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N CVE-2026-39821 (SUSE): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for go-sendxmpp fixes the following issues: Update to 0.16.0: - CVE-2026-1229: circl: The CombinedMult function produces an incorrect value (boo#1265538). - CVE-2026-39821: net: Failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation (boo#1266617). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-232=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64): go-sendxmpp-0.16.0-bp157.2.9.1 References: https://www.suse.com/security/cve/CVE-2026-1229.html https://www.suse.com/security/cve/CVE-2026-39821.html https://bugzilla.suse.com/1265538 https://bugzilla.suse.com/1266617 . An important security update for openSUSE addresses issues in go-sendxmpp, fixing validation and privilege bypass flaws.. go-sendxmpp vulnerabilities, Punycode validation, openSUSE security update. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 OpenSUSE
202

openSUSE radare2 Important Security Fixes CVE-2025-1378 CVE-2026-8695

An update that fixes 6 vulnerabilities is now available.. openSUSE Security Update: Security update for radare2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0231-1 Rating: important References: #1244121 #1262142 #1265403 Cross-References: CVE-2025-1378 CVE-2025-1744 CVE-2025-1864 CVE-2025-5641 CVE-2026-40499 CVE-2026-8695 CVSS scores: CVE-2025-1378 (SUSE): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-1744 (SUSE): 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2025-5641 (SUSE): 2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for radare2 fixes the following issues: - switch to python311 for sle15 build - CVE-2026-8695: Fix use-after-free in gdbr_threads_list() (boo#1265403) - Update to version 6.1.4 (boo#1262142, CVE-2026-40499): * Analysis: improve autoname scoring, jmptbl detection, and performance * Add callargs modifier, rnum expressions, and typed function context * Refactor autoname into plugin; extend RAnalPlugin hooks * Fix leaks, overflows, and command injection in analysis scripts * Improve string detection, wide strings, and switch/case analysis * Arch: fix v850/nds32 ESIL, optimize to O(1), improve pseudo support * Cache capstone options and improve multi-arch disassembly * ASM: add camel syntax support, unify via RArch API * Bin: major parser fixes (ELF, Mach-O, PE, DEX, PDB, WAD, XCOFF) * Fix leaks, OOB reads/writes, overflows, and improve bounds checks * Improve Swift demangling, ARM hints, relocations, and imports * Add nds32 reloc supportand optimize kernelcache parsing * Build: install to lib64, fix illumos and packaging issues * CI: add GitHub Actions and FilC builds * Console: fix multiple overflows, OOB issues, and improve performance * Core: API renames, plugin load order, sandbox/config fixes * Crash: extensive fixes (UAF, OOB, overflows, injections, fuzz bugs) * Harden ELF, PDB, kernelcache, regex, disassemblers, and webserver * Debug: improve ptrace, winkd support, breakpoints, checkpoints * Disasm: cache flag lookups for performance * FS/IO: fix leaks, bounds, sparse IO, and device handling * HTTP/socket: webserver fixes and SSL fallback handling * Print/projects: improve formatting, endian handling, project metadata * Pseudo: add while/switch support and cleaner control flow * Search/shell: improve commands, parsing, and usability * Security: fix widespread command injection and sandbox escapes * Tests/tools: improve r2r, CLI tools, fuzzing, and plugin support * Types/util: parsing improvements, JSON/base64 updates, optimizations * Visual: fix UAF/leaks, improve panels and UX * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.1.4 - Update to version 6.1.2: * Analysis: preserve timeouts, improve bb/jmptbl validation and limits * Optimize string detection and hot-path functions * Add APIs for function signatures, vars limits, and instruction hints * Fix overlapped functions, invalid code checks, and large bb handling * API: remove deprecated librmagic/filetype APIs and name filter * Arch: fix Thumb/endianness issues, add Python pseudo plugin * ASM: unify settings via RArch, fix directives, add bf pseudo plugin * Bin: improve ELF/Mach-O stripped detection and parsing safety * Harden Mach-O bounds, optimize kernelcache and XNU parsing * Fix many leaks (DEX, demangler, parsers) and infinite loops * Improve DWARF handling and symbol/type extraction * Build: improve meson, toolchains, and add ISO/docker support * Console: preserve timeout, fix themes and UTF-8 handling * Core: fix config bugs, improve startup and addressing support * Crash: fix UAF, OOB, race conditions, regex bugs, and overflows * Add safety checks across dotnet, Mach-O, DWARF, and webserver * Debug/ESIL: safer execution and divide-by-zero handling * FS/IO: fix HFS+, dyldcache speedups, safer zip handling * Graph: add bb size limit option * Print: merge commands, improve UTF-8 and formatting * Projects/tools: new configs, plugin support, CLI improvements * Search: faster analysis search and block buffering * Shell: improve grep/macros and file operations * Types: lazy-load, cache, and improve parsing (varargs, structs) * Tests: expand fuzzing and test suites * General cleanup, performance tuning, and safety improvements * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.1.4 - Update to version 6.1.0: * Reimplement RBufRef using RRef; fix RLibDelHandler API * Remove stale JAY code; improve analysis performance and CI speed * Optimize type propagation, jump tables, and plugin integration * Fix infinite loops, antidisasm tricks, and function autonaming * Add new analysis options and trace import plugin (DRCOV) * Improve RCore seek operations and naming APIs * API: add RNum.getErr, enforce safe alloc macros, new helpers * Arch: update ARC disasm, refactor sessions, remove unsafe string ops * ASM: improve x86 validation, add CIL and ARC pseudo plugins * Bin: major fixes for PE, ELF, Java, MDMP, LE, DEX; reduce memory use * Add/import DWARF types, improve relocations and symbol handling * Extensive memory leak fixes and parser hardening across formats * Improve string handling, caching, and zero-copy optimizations * Build: improve meson, remove zip deps, add 3rd-party plugin support * Console: fix UTF-8graphs and color propagation * Core: improve plugin handling and background task stability * Crash: fix multiple UAF, OOB, overflows, and injection issues * Sanitize inputs (function names, demangler, callconv) * Debug: add source breakpoints, ARM64/XNU support, FPU regs * Disasm: improve string handling, comments, and color logic * ESIL: extend x86 FPU emulation * FS/IO: fixes and plugin reorganizations * HTTP: fix sandbox webserver issues * Hash/tools: minor fixes and output improvements * General cleanup, safety checks, and performance optimizations * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.1.0 - Update to version 6.0.8: * Migrate r_vector to RVec across core components * Refactor and optimize type propagation (now plugin-based) * Remove redundant anal.a2f and related duplication * Improve caching, memoization, and performance in analysis * Fix file corruption, null asserts, and command issues * Enhance x86 (AT&T syntax, enter instruction) and z80 support * Add initial .NET (CIL) disasm/asm support * Improve Java, ELF, Mach-O, APK, and PDB handling * Fix demangling, symbols, and relocation issues * Resolve multiple memory leaks and parser bugs * Fix UAF, OOB, overflows, and command injection vulnerabilities * Improve GDB debugging and breakpoint handling * Enhance disassembly visuals and color options * Update ESIL operators and behavior * Add support for APFS, GPT, BSD, APM partitions * Improve IO handling and add new plugins * Optimize performance (strbuf, memory usage) * Improve console UI, themes, and terminal handling * Refine SDK builds and CI pipelines * Improve CLI tools (rabin2, rasm2, rafs2) * Add JSON support and better help/version info * Expand type parsing (typedef, enum, union) * Improve socket/HTTP handling and downloads * Add and refine tests and reporting *General cleanup, safety checks, and code modernization * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.0.8 - Expand %{bindir}/* - Rename sdb.1 man page to r2sdb.1 to avoid conflict with snobol4 - Fix patch pkgconfig.patch to be -p1-able - Update to version 6.0.7: * shell: Fix parsing r2 -H$(VARNAME) without a space - Update to version 6.0.6: * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.0.6 - Update to version 6.0.4: * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.0.4 - Update to version 6.0.2: * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.0.2 - Add missing sub directories for r_util.h and r_muta.h otherwise it might fails in calling r2pm -ci - Correct library package nameing scheme to make it build also on x86_64 on 15.6 and 15.7 - Update to version 6.0.0: * ABI changes: ~ RCorePlugins now have a session ~ Finish the RKons refactoring, all r_cons calls take instance instead of global ~ Rename RCrypto to RMuta ~ Use RCons instance from RLine ~ Rename RIOPlugin.widget to RIOPlugin.data ~ Refactor the RRegAlias api ~ Camelcase all the RCoreBind methods * Breaking API changes: ~ Boolify r_cons_rgb_parse ~ Add RLogLevel.fromString() and use it from -e log.level=? ~ Deprecate r_bin_addr2line ~ Rename RBinDbgItem into RBinAddrline ~ RNumCalc is now known as RNumMath ~ Move RFlagItem.alias into the Meta ~ Rename core-> offset into core-> addr (asm.offset and more!) ~ Rename RFlagItem.offset -> addr * API changes: ~ Boolify r_cons_rgb_parse ~ Add RLogLevel.fromString() and use it from -e log.level=? ~ Deprecate r_bin_addr2line ~ Rename RBinDbgItem into RBinAddrline ~ RNumCalc is now known as RNumMath ~ Move RFlagItem.alias into the Meta ~ Rename core-> offset into core-> addr (asm.offset and more!) ~ Rename RFlagItem.offset -> addr ~ Deprecate RLang.list() ~ Unified function to jsonify the plugin meta + more fields ~ Redesign the REvent API * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.0.0 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-231=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64): libsdb2_4_2-6.1.4-bp157.5.3.5 radare2-6.1.4-bp157.5.3.5 radare2-devel-6.1.4-bp157.5.3.5 - openSUSE Backports SLE-15-SP7 (noarch): radare2-zsh-completion-6.1.4-bp157.5.3.5 References: https://www.suse.com/security/cve/CVE-2025-1378.html https://www.suse.com/security/cve/CVE-2025-1744.html https://www.suse.com/security/cve/CVE-2025-1864.html https://www.suse.com/security/cve/CVE-2025-5641.html https://www.suse.com/security/cve/CVE-2026-40499.html https://www.suse.com/security/cve/CVE-2026-8695.html https://bugzilla.suse.com/1244121 https://bugzilla.suse.com/1262142 https://bugzilla.suse.com/1265403 . This update enhances radare2 with crucial fixes addressing several security issues and improves overall performance.. opensuse update security radare2 vulnerabilities patch. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 OpenSUSE
100

SUSE KubeVirt 1.6 Major DoS Resource Exhaustion Vulnerability 2026-2783-1

An update that solves three vulnerabilities can now be installed.. # Security update for kubevirt-1.6 Announcement ID: SUSE-SU-2026:2783-1 Release Date: 2026-07-07T15:05:10Z Rating: important References: * bsc#1256434 * bsc#1262265 * bsc#1266733 Cross-References: * CVE-2025-14525 * CVE-2026-35469 * CVE-2026-9804 CVSS scores: * CVE-2025-14525 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2025-14525 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2025-14525 ( NVD ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L * CVE-2026-35469 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35469 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35469 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-35469 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-9804 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2026-9804 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2026-9804 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * Containers Module 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for kubevirt-1.6 fixes the following issues: * CVE-2026-9804: Symlink escape in the VMExport dir handler let an attacker controlling an exported PVC read sensitive files (TLS keys, tokens, service- account creds) from the exporter pod. (bsc#1266733) * CVE-2025-14525: A VM reporting many guest-internal interfaces via the guest agent could flood VMI status and fill etcd (denial of service). Caps reportedinterfaces at 10. (bsc#1256434) * CVE-2026-35469: resource-exhaustion in the SPDY/3 protocol implementation of github.com/moby/spdystream. (GHSA-pc3f-x583-g7j2,bsc#1262265) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-2783=1 ## Package List: * Containers Module 15-SP7 (aarch64 x86_64) * kubevirt-1.6-virtctl-debuginfo-1.6.6-150700.15.10.1 * kubevirt-1.6-virtctl-1.6.6-150700.15.10.1 * kubevirt-1.6-manifests-1.6.6-150700.15.10.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14525.html * https://www.suse.com/security/cve/CVE-2026-35469.html * https://www.suse.com/security/cve/CVE-2026-9804.html * https://bugzilla.suse.com/show_bug.cgi?id=1256434 * https://bugzilla.suse.com/show_bug.cgi?id=1262265 * https://bugzilla.suse.com/show_bug.cgi?id=1266733 . Install the important security update for kubevirt-1.6 to fix three critical issues affecting your system. Learn how.. KubeVirt Update Security Fixes Vulnerabilities Denial of Service. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200