Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 9,991 articles for you...
security advisoryfedoracriticalFedora 44 SentencePiece Memory Access Issue Advisory 2026-314504fd18
Update to 0.2.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-314504fd18 2026-06-09 01:21:40.783727+00:00 -------------------------------------------------------------------------------- Name : sentencepiece Product : Fedora 44 Version : 0.2.1 Release : 1.fc44 URL : https://github.com/google/sentencepiece Summary : An unsupervised text tokenizer for Neural Network-based text generation Description : The SentencePiece is an unsupervised text tokenizer for Neural Network-based text generation. It is an unsupervised text tokenizer and detokenizer mainly for Neural Network-based text generation systems where the vocabulary size is predetermined prior to the neural model training. SentencePiece implements subword units and unigram language model with the extension of direct training from raw sentences. SentencePiece allows us to make a purely end-to-end system that does not depend on language-specific pre/post-processing. -------------------------------------------------------------------------------- Update Information: Update to 0.2.1 -------------------------------------------------------------------------------- ChangeLog: * Tue May 19 2026 Peter Robinson - 0.2.1-1 - Update to 0.2.1 - Fixes CVE-2026-1260 (rhbz#2432139 rhbz#2432139) - Minor package updates for new rev -------------------------------------------------------------------------------- References: [ 1 ] Bug #2432139 - CVE-2026-1260 sentencepiece: Sentencepiece: Invalid memory access leading to potential arbitrary code execution via a crafted model file. [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2432139 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-314504fd18' at the command line. For more information, refer to the dnf documentationavailable at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 09, 2026
•Critical
Fedora
security advisorysecurity updateprivilege escalationopenSUSE Keybase-Client Important Security Issues Update 2026-0195-1
An update that fixes 20 vulnerabilities is now available.. openSUSE Security Update: Security update for keybase-client ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0195-1 Rating: important References: #1227158 #1253563 #1253864 #1254023 #1258591 #1260696 #1266158 #1266596 Cross-References: CVE-2024-24792 CVE-2025-47913 CVE-2025-47914 CVE-2025-58181 CVE-2026-26958 CVE-2026-33809 CVE-2026-39821 CVE-2026-39827 CVE-2026-39828 CVE-2026-39829 CVE-2026-39830 CVE-2026-39831 CVE-2026-39832 CVE-2026-39833 CVE-2026-39834 CVE-2026-39835 CVE-2026-42508 CVE-2026-46595 CVE-2026-46597 CVE-2026-46598 CVSS scores: CVE-2025-47913 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-47914 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-58181 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-26958 (SUSE): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N CVE-2026-39821 (SUSE): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2026-39827 (SUSE): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-39828 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2026-39829 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-39830 (SUSE): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-39831 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2026-39832 (SUSE): 6.2CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N CVE-2026-39833 (SUSE): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2026-39834 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-39835 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-42508 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2026-46595 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2026-46597 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-46598 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for keybase-client fixes the following issues: - Fixed multiple security issues in golang.org/x/crypto/ssh (boo#1266158). - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation (boo#1266596). - Update to version 6.6.2 * Improve git default branch handling - Switch to go1.25 as required by update go image library. - Update to version 6.6.0 * Various bug fixes and performance improvements - Update to version 6.5.1 * Fix team deletion not working * Chat attachments improvements * Miscellaneous bugfixes - Switch source download service from deprecated disabledrun to manualrun. - Update to version 6.3.1 * Archive your chats/files/repos for easy backups. * Wrap text in spoiler to hide spoilers. - Update the used Go version to 1.21 which is the first version to support the slicesmodules which is now used by Keybase. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-195=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64): kbfs-6.6.2-bp157.2.6.1 kbfs-git-6.6.2-bp157.2.6.1 kbfs-tool-6.6.2-bp157.2.6.1 keybase-client-6.6.2-bp157.2.6.1 References: https://www.suse.com/security/cve/CVE-2024-24792.html https://www.suse.com/security/cve/CVE-2025-47913.html https://www.suse.com/security/cve/CVE-2025-47914.html https://www.suse.com/security/cve/CVE-2025-58181.html https://www.suse.com/security/cve/CVE-2026-26958.html https://www.suse.com/security/cve/CVE-2026-33809.html https://www.suse.com/security/cve/CVE-2026-39821.html https://www.suse.com/security/cve/CVE-2026-39827.html https://www.suse.com/security/cve/CVE-2026-39828.html https://www.suse.com/security/cve/CVE-2026-39829.html https://www.suse.com/security/cve/CVE-2026-39830.html https://www.suse.com/security/cve/CVE-2026-39831.html https://www.suse.com/security/cve/CVE-2026-39832.html https://www.suse.com/security/cve/CVE-2026-39833.html https://www.suse.com/security/cve/CVE-2026-39834.html https://www.suse.com/security/cve/CVE-2026-39835.html https://www.suse.com/security/cve/CVE-2026-42508.html https://www.suse.com/security/cve/CVE-2026-46595.html https://www.suse.com/security/cve/CVE-2026-46597.html https://www.suse.com/security/cve/CVE-2026-46598.html https://bugzilla.suse.com/1227158 https://bugzilla.suse.com/1253563 https://bugzilla.suse.com/1253864 https://bugzilla.suse.com/1254023 https://bugzilla.suse.com/1258591 https://bugzilla.suse.com/1260696 https://bugzilla.suse.com/1266158 https://bugzilla.suse.com/1266596 . Critical updatefor openSUSE keybase-client fixes 20 important security issues including privilege escalation vulnerabilities.. openSUSE keybase-client update important security. . Severity: Important. LinuxSecurity.com Team
Jun 09, 2026
•Important
OpenSUSE
security advisoryarbitrary code executionUbuntuUbuntu 26.04 LTS php-twig Severe Arbitrary Code Execution Flaw USN-8408-1
Twig could be made to run programs if it received specially crafted network traffic from an authenticated user.. ========================================================================== Ubuntu Security Notice USN-8408-1 June 08, 2026 php-twig vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS Summary: Twig could be made to run programs if it received specially crafted network traffic from an authenticated user. Software Description: - php-twig: Flexible, fast, and secure template engine for PHP Details: It was discovered that Twig did not properly validate PHP callables when using a source policy. An authenticated user could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS php-twig 3.23.0-2ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8408-1 CVE-2026-24425 . Twig vulnerability on Ubuntu allows unauthorized program execution via crafted network traffic. Update recommended immediately.. Twig Vulnerability, Ubuntu Update, PHP Template Engine, Arbitrary Code Execution, Ubuntu Security Notice. . Severity: Important. LinuxSecurity.com Team
Jun 08, 2026
•Important
Ubuntu
security advisorymoderatesecurity issueSUSE Mutt Moderate Loop NULL Pointer Fix Vulnerability 2026-2300-1
An update that solves six vulnerabilities and has one security fix can now be installed.. # Security update for mutt Announcement ID: SUSE-SU-2026:2300-1 Release Date: 2026-06-08T13:54:59Z Rating: moderate References: * bsc#1263892 * bsc#1263893 * bsc#1263894 * bsc#1263895 * bsc#1263896 * bsc#1263897 * bsc#1264047 Cross-References: * CVE-2026-43859 * CVE-2026-43860 * CVE-2026-43861 * CVE-2026-43862 * CVE-2026-43863 * CVE-2026-43864 CVSS scores: * CVE-2026-43859 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43859 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43859 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43860 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43860 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43860 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43861 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43861 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43861 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43862 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43862 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43862 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43863 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43863 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-43863 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-43864 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43864 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-43864 ( NVD ): 2.5CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves six vulnerabilities and has one security fix can now be installed. ## Description: This update for mutt fixes the following issues * CVE-2026-43859: `strfcpy` used instead of `memcpy` for the IMAP `auth_cram` MD5 digest (bsc#1263897). * CVE-2026-43860: truncation of `hash_passwd` by one byte for IMAP `auth_cram` MD5 digest (bsc#1263896). * CVE-2026-43861: missing check for `\0` in `url_pct_decode` (bsc#1263895). * CVE-2026-43862: mishandling of the `imap_auth_gss` security level (bsc#1263894). * CVE-2026-43863: infinite loop in `data_object_to_stream` in `crypt-gpgme.c` (bsc#1263893). * CVE-2026-43864: NULL pointer dereference in function `show_sig_summary` (bsc#1263892). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2300=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * mutt-1.10.1-55.33.1 * mutt-debuginfo-1.10.1-55.33.1 * mutt-debugsource-1.10.1-55.33.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43859.html * https://www.suse.com/security/cve/CVE-2026-43860.html * https://www.suse.com/security/cve/CVE-2026-43861.html * https://www.suse.com/security/cve/CVE-2026-43862.html * https://www.suse.com/security/cve/CVE-2026-43863.html * https://www.suse.com/security/cve/CVE-2026-43864.html * https://bugzilla.suse.com/show_bug.cgi?id=1263892 * https://bugzilla.suse.com/show_bug.cgi?id=1263893 *https://bugzilla.suse.com/show_bug.cgi?id=1263894 * https://bugzilla.suse.com/show_bug.cgi?id=1263895 * https://bugzilla.suse.com/show_bug.cgi?id=1263896 * https://bugzilla.suse.com/show_bug.cgi?id=1263897 * https://bugzilla.suse.com/show_bug.cgi?id=1264047 . Update for mutt resolves multiple vulnerabilities to enhance system security in SUSE Linux environments effectively.. mutt update,SUSE security update,mutt vulnerabilities,moderate advisory. . Severity: moderate. LinuxSecurity.com Team
Jun 08, 2026
•moderate
SuSE
security advisorybuffer overflowimportantopenSUSE Mutt Important Security Patch for 2026-2301-1 Release
An update that solves six vulnerabilities and has one security fix can now be installed.. # Security update for mutt Announcement ID: SUSE-SU-2026:2301-1 Release Date: 2026-06-08T13:55:10Z Rating: moderate References: * bsc#1263892 * bsc#1263893 * bsc#1263894 * bsc#1263895 * bsc#1263896 * bsc#1263897 * bsc#1264047 Cross-References: * CVE-2026-43859 * CVE-2026-43860 * CVE-2026-43861 * CVE-2026-43862 * CVE-2026-43863 * CVE-2026-43864 CVSS scores: * CVE-2026-43859 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43859 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43859 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43860 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43860 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43860 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43861 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43861 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43861 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43862 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43862 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43862 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43863 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43863 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-43863 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-43864 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43864 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-43864 ( NVD ): 2.5CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves six vulnerabilities and has one security fix can now be installed. ## Description: This update for mutt fixes the following issues * CVE-2026-43859: `strfcpy` used instead of `memcpy` for the IMAP `auth_cram` MD5 digest (bsc#1263897). * CVE-2026-43860: truncation of `hash_passwd` by one byte for IMAP `auth_cram` MD5 digest (bsc#1263896). * CVE-2026-43861: missing check for `\0` in `url_pct_decode` (bsc#1263895). * CVE-2026-43862: mishandling of the `imap_auth_gss` security level (bsc#1263894). * CVE-2026-43863: infinite loop in `data_object_to_stream` in `crypt-gpgme.c` (bsc#1263893). * CVE-2026-43864: NULL pointer dereference in function `show_sig_summary` (bsc#1263892). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2301=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2301=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * mutt-debuginfo-2.2.14-150600.3.6.1 * mutt-2.2.14-150600.3.6.1 * mutt-debugsource-2.2.14-150600.3.6.1 * openSUSE Leap 15.6 (noarch) * mutt-lang-2.2.14-150600.3.6.1 * mutt-doc-2.2.14-150600.3.6.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * mutt-debuginfo-2.2.14-150600.3.6.1 * mutt-2.2.14-150600.3.6.1 * mutt-debugsource-2.2.14-150600.3.6.1 * Basesystem Module 15-SP7 (noarch) * mutt-lang-2.2.14-150600.3.6.1 * mutt-doc-2.2.14-150600.3.6.1 ## References: *https://www.suse.com/security/cve/CVE-2026-43859.html * https://www.suse.com/security/cve/CVE-2026-43860.html * https://www.suse.com/security/cve/CVE-2026-43861.html * https://www.suse.com/security/cve/CVE-2026-43862.html * https://www.suse.com/security/cve/CVE-2026-43863.html * https://www.suse.com/security/cve/CVE-2026-43864.html * https://bugzilla.suse.com/show_bug.cgi?id=1263892 * https://bugzilla.suse.com/show_bug.cgi?id=1263893 * https://bugzilla.suse.com/show_bug.cgi?id=1263894 * https://bugzilla.suse.com/show_bug.cgi?id=1263895 * https://bugzilla.suse.com/show_bug.cgi?id=1263896 * https://bugzilla.suse.com/show_bug.cgi?id=1263897 * https://bugzilla.suse.com/show_bug.cgi?id=1264047 . Moderate security update for mutt resolves six issues, enhancing system integrity and performance in openSUSE 15.6.. mutt update, SUSE security, moderate vulnerabilities. . Severity: moderate. LinuxSecurity.com Team
Jun 08, 2026
•moderate
SuSE
security advisorymoderatedenial of serviceopenSUSE Mutt Moderate Security Issue Advisory 2026-2301-1 CVE-2026-43859
An update that solves six vulnerabilities and has one security fix can now be installed.. # Security update for mutt Announcement ID: SUSE-SU-2026:2301-1 Release Date: 2026-06-08T13:55:10Z Rating: moderate References: * bsc#1263892 * bsc#1263893 * bsc#1263894 * bsc#1263895 * bsc#1263896 * bsc#1263897 * bsc#1264047 Cross-References: * CVE-2026-43859 * CVE-2026-43860 * CVE-2026-43861 * CVE-2026-43862 * CVE-2026-43863 * CVE-2026-43864 CVSS scores: * CVE-2026-43859 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43859 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43859 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43860 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43860 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43860 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43861 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43861 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43861 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43862 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43862 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43862 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43863 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43863 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-43863 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-43864 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43864 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-43864 ( NVD ): 2.5CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves six vulnerabilities and has one security fix can now be installed. ## Description: This update for mutt fixes the following issues * CVE-2026-43859: `strfcpy` used instead of `memcpy` for the IMAP `auth_cram` MD5 digest (bsc#1263897). * CVE-2026-43860: truncation of `hash_passwd` by one byte for IMAP `auth_cram` MD5 digest (bsc#1263896). * CVE-2026-43861: missing check for `\0` in `url_pct_decode` (bsc#1263895). * CVE-2026-43862: mishandling of the `imap_auth_gss` security level (bsc#1263894). * CVE-2026-43863: infinite loop in `data_object_to_stream` in `crypt-gpgme.c` (bsc#1263893). * CVE-2026-43864: NULL pointer dereference in function `show_sig_summary` (bsc#1263892). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2301=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2301=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * mutt-debuginfo-2.2.14-150600.3.6.1 * mutt-2.2.14-150600.3.6.1 * mutt-debugsource-2.2.14-150600.3.6.1 * openSUSE Leap 15.6 (noarch) * mutt-lang-2.2.14-150600.3.6.1 * mutt-doc-2.2.14-150600.3.6.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * mutt-debuginfo-2.2.14-150600.3.6.1 * mutt-2.2.14-150600.3.6.1 * mutt-debugsource-2.2.14-150600.3.6.1 * Basesystem Module 15-SP7 (noarch) * mutt-lang-2.2.14-150600.3.6.1 * mutt-doc-2.2.14-150600.3.6.1 ## References: *https://www.suse.com/security/cve/CVE-2026-43859.html * https://www.suse.com/security/cve/CVE-2026-43860.html * https://www.suse.com/security/cve/CVE-2026-43861.html * https://www.suse.com/security/cve/CVE-2026-43862.html * https://www.suse.com/security/cve/CVE-2026-43863.html * https://www.suse.com/security/cve/CVE-2026-43864.html * https://bugzilla.suse.com/show_bug.cgi?id=1263892 * https://bugzilla.suse.com/show_bug.cgi?id=1263893 * https://bugzilla.suse.com/show_bug.cgi?id=1263894 * https://bugzilla.suse.com/show_bug.cgi?id=1263895 * https://bugzilla.suse.com/show_bug.cgi?id=1263896 * https://bugzilla.suse.com/show_bug.cgi?id=1263897 * https://bugzilla.suse.com/show_bug.cgi?id=1264047 . # Security update for mutt Announcement ID: SUSE-SU-2026:2301-1 Release Date: 2026-06-08T13:55:10Z R. security, update, solves, vulnerabilities, installed. . Severity: moderate. LinuxSecurity.com Team
Jun 08, 2026
•moderate
OpenSUSE
security advisorymoderatefirewallopenSUSE Medium firewalld D-Bus authorization vulnerability CVE-2026-4948
An update that solves one vulnerability can now be installed.. # Security update for firewalld Announcement ID: SUSE-SU-2026:2302-1 Release Date: 2026-06-08T15:27:07Z Rating: moderate References: * bsc#1260903 Cross-References: * CVE-2026-4948 CVSS scores: * CVE-2026-4948 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-4948 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for firewalld fixes the following issue: * CVE-2026-4948: local unprivileged users can modify the runtime firewall state without proper authentication due to D-Bus setter mis-authorizations (bsc#1260903). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2302=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2302=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2302=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2302=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2302=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-2302=1 ## Package List: * openSUSE Leap 15.4 (noarch) * firewalld-lang-0.9.3-150400.8.15.1 * firewall-applet-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 *firewall-macros-0.9.3-150400.8.15.1 * python3-firewall-0.9.3-150400.8.15.1 * firewall-config-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4948.html * https://bugzilla.suse.com/show_bug.cgi?id=1260903 . A security update for firewalld addresses a vulnerability in openSUSE and SUSE Enterprise Micro, requiring patch installation.. firewalld security, openSUSE patch, SUSE Linux update, firewall vulnerability. . Severity: moderate. LinuxSecurity.com Team
Jun 08, 2026
•moderate
SuSE
security advisoryimportantauthentication issueopenSUSE Firewalld Moderate D-Bus Auth Issue Advisory SUSE-2026-2302-1
An update that solves one vulnerability can now be installed.. # Security update for firewalld Announcement ID: SUSE-SU-2026:2302-1 Release Date: 2026-06-08T15:27:07Z Rating: moderate References: * bsc#1260903 Cross-References: * CVE-2026-4948 CVSS scores: * CVE-2026-4948 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-4948 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for firewalld fixes the following issue: * CVE-2026-4948: local unprivileged users can modify the runtime firewall state without proper authentication due to D-Bus setter mis-authorizations (bsc#1260903). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2302=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2302=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2302=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2302=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2302=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-2302=1 ## Package List: * openSUSE Leap 15.4 (noarch) * firewalld-lang-0.9.3-150400.8.15.1 * firewall-applet-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 *firewall-macros-0.9.3-150400.8.15.1 * python3-firewall-0.9.3-150400.8.15.1 * firewall-config-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4948.html * https://bugzilla.suse.com/show_bug.cgi?id=1260903 . # Security update for firewalld Announcement ID: SUSE-SU-2026:2302-1 Release Date: 2026-06-08T15:27:. update, solves, vulnerability, installed, security, firewalld, announ. . Severity: Important. LinuxSecurity.com Team
Jun 08, 2026
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!