Explore top 10 tips to secure your open-source projects now. Read More
×
Security update. Publication date: 18 Jul 2026 URL: https://advisories.mageia.org/MGASA-2026-0261.html Type: security Affected Mageia releases: 10 Description: The updated packages fix some security issues. References: - https://bugs.mageia.org/show_bug.cgi?id=35877 - https://lists.fedoraproject.org/archives/list/
Security update. Publication date: 18 Jul 2026 URL: https://advisories.mageia.org/MGASA-2026-0260.html Type: security Affected Mageia releases: 10 CVE: CVE-2026-58203 Description: The updated packages fix a security vulnerability: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size. (CVE-2026-58203) References: - https://bugs.mageia.org/show_bug.cgi?id=35774 - https://lists.fedoraproject.org/archives/list/
Security update. Publication date: 18 Jul 2026 URL: https://advisories.mageia.org/MGASA-2026-0259.html Type: security Affected Mageia releases: 10, 9 CVE: CVE-2026-6039, CVE-2026-6040, CVE-2026-6045, CVE-2026-8356, CVE-2026-8357, CVE-2026-8358 Description: The updated packages fix security vulnerabilities: Heap buffer overflow in DXF polyline import. (CVE-2026-6039) Heap use-after-free in ODF number-format blank-width parsing. (CVE-2026-6040) Heap buffer overflow in EMF+ gradient brush import. (CVE-2026-6045) Stack buffer overflow in PPT presentation import. (CVE-2026-8356) Heap buffer overflow in Calc formula compilation. (CVE-2026-8357) Heap buffer overflow in spreadsheet tracked-changes import. (CVE-2026-8358) References: - https://bugs.mageia.org/show_bug.cgi?id=35709 - https://lists.debian.org/debian-security-announce/2026/msg00257.html - https://www.libreoffice.org/security/ - https://www.cve.org/CVERecord?id=CVE-2026-6039 - https://www.cve.org/CVERecord?id=CVE-2026-6040 - https://www.cve.org/CVERecord?id=CVE-2026-6045 - https://www.cve.org/CVERecord?id=CVE-2026-8356 - https://www.cve.org/CVERecord?id=CVE-2026-8357 - https://www.cve.org/CVERecord?id=CVE-2026-8358 SRPMS: - 10/core/libreoffice-26.2.4.2-1.mga10 - 9/core/libreoffice-24.2.7.2-1.5.mga9 . Fixes important security issues in LibreOffice for Mageia 10 and 9, addressing various heap buffer overflows.. Mageia LibreOffice security buffer overflow important update. . Severity: Important. LinuxSecurity.com Team
Security update. Publication date: 18 Jul 2026 URL: https://advisories.mageia.org/MGASA-2026-0258.html Type: security Affected Mageia releases: 10, 9 Description: The updated bind packages fix a security vulnerability: When BIND 9 was configured to use DNS64 and encounters a DNAME redirect, it could end up using freed memory for the DNS response owner name. This caused the response to contain corrupted data. References: - https://bugs.mageia.org/show_bug.cgi?id=35725 - http://www.slackware.com/security/viewer.php?l=slackware-security&y=2026&m=slackware-security.373168 - https://downloads.isc.org/isc/bind9/9.20.24/doc/arm/html/changelog.html - https://downloads.isc.org/isc/bind9/9.18.50/doc/arm/html/changelog.html SRPMS: - 10/core/bind-9.20.24-1.mga10 - 9/core/bind-9.18.50-1.mga9 . BIND security update addresses corrupted data risk in responses due to DNAME redirect with freed memory.. BIND security update, Mageia security advisory, DNS64 issue, memory corruption fix. . Severity: Critical. LinuxSecurity.com Team
Security update. Publication date: 18 Jul 2026 URL: https://advisories.mageia.org/MGASA-2026-0257.html Type: security Affected Mageia releases: 10, 9 CVE: CVE-2026-48615, CVE-2026-48617, CVE-2026-48618, CVE-2026-48619, CVE-2026-48928, CVE-2026-48930, CVE-2026-48931, CVE-2026-48933, CVE-2026-48934, CVE-2026-48935, CVE-2026-48937 Description: lib,test: redact proxy credentials in tunnel errors. (CVE-2026-48615) permission: handle process.chdir on writereport. (CVE-2026-48617) tls: normalize hostname for server identity checks. (CVE-2026-48618) http2: cap originSet size to prevent unbounded memory growth. (CVE-2026-48619) tls: fix case-sensitive SNI context matching. (CVE-2026-48928) dns,net: reject hostnames with embedded NUL bytes. (CVE-2026-48930) http: fix response queue poisoning in http.Agent. (CVE-2026-48931) crypto: guard WebCrypto cipher output length. (CVE-2026-48933) tls: bind reusable sessions to authenticated host. (CVE-2026-48934) permission: disable FileHandle utimes with permission model. (CVE-2026-48935) deps: fix integration issues with the latest nghttp2. (CVE-2026-48937) References: - https://bugs.mageia.org/show_bug.cgi?id=35724 - https://nodejs.org/en/blog/release/v22.23.0 - https://nodejs.org/en/blog/vulnerability/june-2026-security-releases - https://www.cve.org/CVERecord?id=CVE-2026-48615 - https://www.cve.org/CVERecord?id=CVE-2026-48617 - https://www.cve.org/CVERecord?id=CVE-2026-48618 - https://www.cve.org/CVERecord?id=CVE-2026-48619 - https://www.cve.org/CVERecord?id=CVE-2026-48928 - https://www.cve.org/CVERecord?id=CVE-2026-48930 - https://www.cve.org/CVERecord?id=CVE-2026-48931 - https://www.cve.org/CVERecord?id=CVE-2026-48933 - https://www.cve.org/CVERecord?id=CVE-2026-48934 - https://www.cve.org/CVERecord?id=CVE-2026-48935 - https://www.cve.org/CVERecord?id=CVE-2026-48937 SRPMS: - 10/core/nodejs-22.23.1-2.mga10 - 9/core/nodejs-22.23.1-2.mga9 . Security vulnerabilities identified in Node.js for Mageia 10 and 9 requireimmediate attention. Patching instructions included.. nodejs security update,mageia vulnerability,critical security alert. . Severity: Critical. LinuxSecurity.com Team
Security update. Publication date: 18 Jul 2026 URL: https://advisories.mageia.org/MGAA-2026-0057.html Type: bugfix Affected Mageia releases: 10 Description: Sticky did not work in Wayland sessions. This update fixes the issue. References: - https://bugs.mageia.org/show_bug.cgi?id=35816 SRPMS: - 10/core/sticky-1.31-1.2.mga10 . Recent Mageia update addresses critical bugfix for sticky functionality in Wayland sessions, enhancing stability and performance.. Mageia Sticky Update, Linux Bugfix, Wayland Functionality Issue. . Severity: Critical. LinuxSecurity.com Team
Security update. Publication date: 18 Jul 2026 URL: https://advisories.mageia.org/MGAA-2026-0056.html Type: bugfix Affected Mageia releases: 10 Description: Some Xfce packages were not updated to the latest versions during the version freeze. They are available as updates now. References: - https://bugs.mageia.org/show_bug.cgi?id=35827 SRPMS: - 10/core/libxfce4ui-4.21.8-1.mga10 - 10/core/xfce4-panel-4.21.2-1.mga10 - 10/core/xfce4-settings-4.21.2-1.mga10 - 10/core/xfdesktop-4.21.0-1.mga10 . Mageia releases an update for Xfce packages addressing issues from the version freeze. Important fixes available now.. Mageia Update, Xfce Packages, Security Advisory, System Security. . Severity: Informational. LinuxSecurity.com Team
Security update. Publication date: 18 Jul 2026 URL: https://advisories.mageia.org/MGAA-2026-0055.html Type: bugfix Affected Mageia releases: 10 Description: Rawtherapee crashed on startup. This update fixes the issue. References: - https://bugs.mageia.org/show_bug.cgi?id=35921 - https://github.com/RawTherapee/RawTherapee/issues/7532 SRPMS: - 10/core/rawtherapee-5.12-2.1.mga10 . A critical security update for Mageia 10 addresses startup crashes in Rawtherapee, ensuring stable functioning.. Mageia 10, Rawtherapee fix, security update, software stability. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.