Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 9,991 articles for you...
202
security advisoryimportantOpenSUSEopenSUSE 2025 0367 1 Chromium Important Type Confusion Heap Buffer Overflow
An update that fixes four vulnerabilities is now available.. openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0367-1 Rating: important References: #1249999 Cross-References: CVE-2025-10500 CVE-2025-10501 CVE-2025-10502 CVE-2025-10585 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: Chromium was updated to 140.0.7339.185 (stable released 2025-09-17) boo#1249999 Security issues fixed: * CVE-2025-10585: Type Confusion in V8 * CVE-2025-10500: Use after free in Dawn * CVE-2025-10501: Use after free in WebRTC * CVE-2025-10502: Heap buffer overflow in ANGLE Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2025-367=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 x86_64): chromedriver-140.0.7339.185-bp157.2.52.1 chromium-140.0.7339.185-bp157.2.52.1 References: https://www.suse.com/security/cve/CVE-2025-10500.html https://www.suse.com/security/cve/CVE-2025-10501.html https://www.suse.com/security/cve/CVE-2025-10502.html https://www.suse.com/security/cve/CVE-2025-10585.html https://bugzilla.suse.com/1249999 . OpenSUSE updates Chromium fixing four important security issues including use after free and heap buffer overflow.. openSUSE Security, Chromium Update, CVE-2025-10500, Important Patch, Vulnerability Fix. . Severity: Important. LinuxSecurity.com Team
Jun 12, 2026
•Important
OpenSUSE
172
security advisorydenial of servicesoftware updateUbuntu 20.04 Apache2 Denial of Service Information Issues USN-8396-1
Several security issues were fixed in Apache HTTP Server.. ========================================================================== Ubuntu Security Notice USN-8396-1 June 08, 2026 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: It was discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain privileges. A local attacker could possibly use this issue to obtain sensitive information. (CVE-2026-24072) Andrew Lacambra, Elhanan Haenel, Tianshuo Han, and Tristan Madani discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly handled certain AJP server messages. An attacker in control of a backend AJP server could use this issue to cause Apache HTTP Server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-28780) Pavel Kohout discovered that the Apache HTTP Server incorrectly handled certain memory operations in mod_dav_lock. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. (CVE-2026-29169) Elhanan Haenel discovered that Apache HTTP Server incorrectly handled certain memory operations in mod_proxy_ajp. A remote attacker could use this issue to cause Apache HTTP Server to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2026-34059) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS apache2 2.4.41-4ubuntu3.23+esm4 Available with Ubuntu Pro apache2-bin 2.4.41-4ubuntu3.23+esm4 Available with Ubuntu Pro apache2-dev 2.4.41-4ubuntu3.23+esm4 Available with Ubuntu Pro apache2-ssl-dev 2.4.41-4ubuntu3.23+esm4 Available with Ubuntu Pro apache2-utils 2.4.41-4ubuntu3.23+esm4 Available with Ubuntu Pro libapache2-mod-md 2.4.41-4ubuntu3.23+esm4 Available with Ubuntu Pro Ubuntu 18.04 LTS apache2 2.4.29-1ubuntu4.27+esm9 Available with Ubuntu Pro apache2-bin 2.4.29-1ubuntu4.27+esm9 Available with Ubuntu Pro apache2-dev 2.4.29-1ubuntu4.27+esm9 Available with Ubuntu Pro apache2-ssl-dev 2.4.29-1ubuntu4.27+esm9 Available with Ubuntu Pro apache2-utils 2.4.29-1ubuntu4.27+esm9 Available with Ubuntu Pro Ubuntu 16.04 LTS apache2 2.4.18-2ubuntu3.17+esm18 Available with Ubuntu Pro apache2-bin 2.4.18-2ubuntu3.17+esm18 Available with Ubuntu Pro apache2-data 2.4.18-2ubuntu3.17+esm18 Available with Ubuntu Pro apache2-dev 2.4.18-2ubuntu3.17+esm18 Available with Ubuntu Pro apache2-utils 2.4.18-2ubuntu3.17+esm18 Available with Ubuntu Pro Ubuntu 14.04 LTS apache2 2.4.7-1ubuntu4.22+esm13 Available with Ubuntu Pro apache2-bin 2.4.7-1ubuntu4.22+esm13 Available with Ubuntu Pro apache2-dev 2.4.7-1ubuntu4.22+esm13 Availablewith Ubuntu Pro apache2-utils 2.4.7-1ubuntu4.22+esm13 Available with Ubuntu Pro apache2.2-bin 2.4.7-1ubuntu4.22+esm13 Available with Ubuntu Pro After a standard system update you need to restart apache2 to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8396-1 CVE-2026-24072, CVE-2026-28780, CVE-2026-29169, CVE-2026-34059 . Numerous security fixes are applied to Apache HTTP Server in various Ubuntu versions. Ensure your systems are secured.. Ubuntu Apache Update Security Issues Denial of Service. . Severity: Important. LinuxSecurity.com Team
Jun 12, 2026
•Important
Ubuntu
202
security advisorybuffer overflowsoftware patchopenSUSE Chromium Important Four Issues Fixed Vuln 2024-0302-1
An update that fixes four vulnerabilities is now available.. openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0302-1 Rating: important References: #1230391 Cross-References: CVE-2024-8636 CVE-2024-8637 CVE-2024-8638 CVE-2024-8639 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium 128.0.6613.137 (released 2024-09-10) (boo#1230391) * CVE-2024-8636: Heap buffer overflow in Skia * CVE-2024-8637: Use after free in Media Router * CVE-2024-8638: Type Confusion in V8 * CVE-2024-8639: Use after free in Autofill Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-302=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 x86_64): chromedriver-128.0.6613.137-bp156.2.26.1 chromedriver-debuginfo-128.0.6613.137-bp156.2.26.1 chromium-128.0.6613.137-bp156.2.26.1 chromium-debuginfo-128.0.6613.137-bp156.2.26.1 References: https://www.suse.com/security/cve/CVE-2024-8636.html https://www.suse.com/security/cve/CVE-2024-8637.html https://www.suse.com/security/cve/CVE-2024-8638.html https://www.suse.com/security/cve/CVE-2024-8639.html https://bugzilla.suse.com/1230391 . Update for openSUSE addresses multiple issues in Chromium, ensuring enhanced performance and security. Immediate action recommended.. Chromium update, openSUSE patch, buffer overflow, security update. . Severity: Important.LinuxSecurity.com Team
Jun 12, 2026
•Important
OpenSUSE
202
security advisorymoderateinformation leakopenSUSE Roundcubemail Moderate XSS Info Leak Advisory 2024-0328-1
An update that fixes three vulnerabilities is now available.. openSUSE Security Update: Security update for roundcubemail ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0328-1 Rating: moderate References: #1228900 #1228901 Cross-References: CVE-2024-42008 CVE-2024-42009 CVE-2024-42010 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for roundcubemail fixes the following issues: Update to 1.6.8 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: * Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] * Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] * Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] CHANGELOG * Managesieve: Protect special scripts in managesieve_kolab_master mode * Fix newmail_notifier notification focus in Chrome (#9467) * Fix fatal error when parsing some TNEF attachments (#9462) * Fix double scrollbar when composing a mail with many plain text lines (#7760) * Fix decoding mail parts with multiple base64-encoded text blocks (#9290) * Fix bug where some messages could get malformed in an import from a MBOX file (#9510) * Fix invalid line break characters in multi-line text in Sieve scripts (#9543) * Fix bug where "with attachment" filter could fail on some fts engines (#9514) * Fix bug where an unhandled exception was caused by an invalid image attachment (#9475) * Fix bug where a long subject title could not be displayed in some cases(#9416) * Fix infinite loop when parsing malformed Sieve script (#9562) * Fix bug where imap_conn_option's 'socket' was ignored (#9566) * Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] * Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] * Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-328=1 Package List: - openSUSE Backports SLE-15-SP6 (noarch): roundcubemail-1.6.8-bp156.2.3.1 References: https://www.suse.com/security/cve/CVE-2024-42008.html https://www.suse.com/security/cve/CVE-2024-42009.html https://www.suse.com/security/cve/CVE-2024-42010.html https://bugzilla.suse.com/1228900 https://bugzilla.suse.com/1228901 . Update for openSUSE roundcubemail resolves security issues, including XSS and information leaks with moderate severity.. openSUSE security, roundcubemail update, moderate security issues, webmail vulnerabilities. . Severity: moderate. LinuxSecurity.com Team
Jun 12, 2026
•moderate
OpenSUSE
202
security advisorybuffer overflowimportantopenSUSE Backports SLE-15-SP6 Doomsday Critical Buffer Overflow Issue
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for doomsday ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0117-1 Rating: important References: #1239917 Cross-References: CVE-2025-2592 CVSS scores: CVE-2025-2592 (SUSE): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for doomsday fixes the following issues: - CVE-2025-2592: Use system assimp library to fix a heap-based buffer overflow (boo#1239917) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2025-117=1 Package List: - openSUSE Backports SLE-15-SP6 (ppc64le s390x x86_64): doomsday-2.3.1-bp156.4.3.1 References: https://www.suse.com/security/cve/CVE-2025-2592.html https://bugzilla.suse.com/1239917 . An important update for openSUSE doomsday addresses a critical buffer overflow issue. Stay secured with the latest patch.. openSUSE update doomsday buffer overflow security. . Severity: Important. LinuxSecurity.com Team
Jun 12, 2026
•Important
OpenSUSE
197
security advisorylocal privilege escalationdebianDebian libinput Important Code Execution Vulnerability DLA-4626-1
Two vulnerabilities were found in libinput, an input device management and event handling library. CVE-2022-1215 libinput did not properly handled evdev devices, which may potentially be exploited by malicious local users in specific setup to execute arbitrary. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4626-1
Jun 11, 2026
•Important
Debian LTS
202
security advisoryimportantOpenSUSEopenSUSE Backports SLE-15-SP7 Python-Simpleeval Sandbox Access Issue
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for python-simpleeval ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0087-1 Rating: important References: #1259685 Cross-References: CVE-2026-32640 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-simpleeval fixes the following issues: - CVE-2026-32640: Objects (including modules) can leak dangerous modules through to direct access inside the sandbox (boo#1259685) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-87=1 Package List: - openSUSE Backports SLE-15-SP7 (noarch): python311-simpleeval-0.9.13-bp157.2.3.1 References: https://www.suse.com/security/cve/CVE-2026-32640.html https://bugzilla.suse.com/1259685 . An important update for openSUSE fixes a security flaw in python-simpleeval, which allowed module leakage in the sandbox.. openSUSE updates, python-simpleeval security, module leakage fix, sandbox access vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Jun 11, 2026
•Important
OpenSUSE
202
security advisorySQL InjectionXSSopenSUSE Roundcubemail Important XSS SQL Injection Fix Advisory 2026-0183-1
An update that fixes 8 vulnerabilities is now available.. openSUSE Security Update: Security update for roundcubemail ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0183-1 Rating: important References: #1266329 #1266331 #1266332 #1266333 #1266334 #1266335 #1266336 #1266337 Cross-References: CVE-2026-48842 CVE-2026-48843 CVE-2026-48844 CVE-2026-48845 CVE-2026-48846 CVE-2026-48847 CVE-2026-48848 CVE-2026-48849 Affected Products: openSUSE Backports SLE-15-SP6 openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for roundcubemail fixes the following issues: Update to 1.6.16 - Fix potential too long value in IMAP ID command (#10136) - CVE-2026-48849: Fix stored XSS/HTML/CSS injection in subject field of the draft restore dialog [boo#1266337] - CVE-2026-48848: Fix CSS injection bypass in HTML sanitizer via SVG [boo#1266336] - CVE-2026-48842: Fix pre-auth SQL injection in virtuser_query plugin via preg_replace backslash escape bypass [boo#1266329] - CVE-2026-48843: Fix SSRF bypass via specific local address URLs [boo#1266331] - CVE-2026-48846: Fix bypass of remote image blocking via CSS var() [boo#1266334] - CVE-2026-48845: Fix local/private URL fetch bypass when remote resources were not allowed [boo#1266333] - CVE-2026-48847: Fix pre-auth arbitrary file delete via redis/memcache session poisoning bypass [boo#1266335] - CVE-2026-48844: Fix code injection vulnerability - remove support for code evaluation in LDAP autovalues option [boo#1266332] Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-183=1 - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2026-183=1 Package List: - openSUSE Backports SLE-15-SP7 (noarch): roundcubemail-1.6.16-bp157.2.12.1 - openSUSE Backports SLE-15-SP6 (noarch): roundcubemail-1.6.16-bp156.2.18.1 References: https://www.suse.com/security/cve/CVE-2026-48842.html https://www.suse.com/security/cve/CVE-2026-48843.html https://www.suse.com/security/cve/CVE-2026-48844.html https://www.suse.com/security/cve/CVE-2026-48845.html https://www.suse.com/security/cve/CVE-2026-48846.html https://www.suse.com/security/cve/CVE-2026-48847.html https://www.suse.com/security/cve/CVE-2026-48848.html https://www.suse.com/security/cve/CVE-2026-48849.html https://bugzilla.suse.com/1266329 https://bugzilla.suse.com/1266331 https://bugzilla.suse.com/1266332 https://bugzilla.suse.com/1266333 https://bugzilla.suse.com/1266334 https://bugzilla.suse.com/1266335 https://bugzilla.suse.com/1266336 https://bugzilla.suse.com/1266337 . OpenSUSE delivers security updates addressing 8 vulnerabilities in RoundcubeMail ensuring protection against critical risks.. openSUSE updates, RoundcubeMail vulnerabilities, SQL injection, security fixes. . Severity: Important. LinuxSecurity.com Team
Jun 11, 2026
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!