Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
Does sandboxing completely stop hackers?
Loading...
Explore Latest Linux Security advisories
We found 9,991 articles for you...
219
security advisorydenial of servicenetwork securityRocky Linux 9 RLSA-2026-29703 Important Denial of Service in plugins
Important: containernetworking-plugins security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:29703", "synopsis": "Important: containernetworking-plugins security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for containernetworking-plugins.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. \n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2445356", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "description": ""}, {"ticket": "2456333", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333", "description": ""}, {"ticket": "2456338", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "description": ""}, {"ticket": "2456339", "sourceBy": "Red Hat", "sourceLink":"https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "description": ""}], "cves": [{"name": "CVE-2026-25679", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1286"}, {"name": "CVE-2026-32280", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-770"}, {"name": "CVE-2026-32281", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32281", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-1050"}, {"name": "CVE-2026-32283", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-764"}], "references": [], "publishedAt": "2026-06-26T12:03:13.137376Z", "rpms": {"Rocky Linux 9": {"nvras": ["containernetworking-plugins-1:1.9.0-3.el9_8.aarch64.rpm", "containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le.rpm", "containernetworking-plugins-1:1.9.0-3.el9_8.s390x.rpm", "containernetworking-plugins-1:1.9.0-3.el9_8.src.rpm", "containernetworking-plugins-1:1.9.0-3.el9_8.x86_64.rpm", "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64.rpm", "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le.rpm", "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x.rpm", "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64.rpm", "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64.rpm", "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le.rpm", "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x.rpm", "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}.Rocky Linux provides an important security update for containernetworking-plugins impacting network connectivity of containers.. Rocky Linux Security Update, containernetworking-plugins Fix, Important Linux Security. . Severity: Important. LinuxSecurity.com Team
Jun 26, 2026
•Important
Rocky Linux
219
security advisoryimportantinformation disclosureRocky Linux Thunderbird Essential Measures for Various CVEs RLSA-2026-29940
Important: thunderbird security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:29940", "synopsis": "Important: thunderbird security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for thunderbird.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* firefox: thunderbird: Sandbox escape in the DOM: Workers component (CVE-2026-12294)\n\n* firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12313)\n\n* firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12311)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12290)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12327)\n\n* firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component (CVE-2026-12299)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12329)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12312)\n\n* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12302)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12328)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Internationalization component (CVE-2026-12330)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12314)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12309)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR140.12 (CVE-2026-12310)\n\n* firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component (CVE-2026-12325)\n\n* firefox: thunderbird: Sandbox escape in the DOM: Navigation component (CVE-2026-12295)\n\n* firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-12289)\n\n* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12315)\n\n* firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component (CVE-2026-12296)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12306)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12307)\n\n* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component (CVE-2026-12297)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12305)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Web Audio component (CVE-2026-12292)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12308)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2026-12324)\n\n* firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component (CVE-2026-12304)\n\n* firefox: thunderbird: Use-after-free in the Networking: HTTP component (CVE-2026-12291)\n\n* firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12 (CVE-2026-12298)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2489207", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489207", "description": ""}, {"ticket": "2489208", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489208", "description": ""},{"ticket": "2489209", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489209", "description": ""}, {"ticket": "2489210", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489210", "description": ""}, {"ticket": "2489211", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489211", "description": ""}, {"ticket": "2489212", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489212", "description": ""}, {"ticket": "2489214", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489214", "description": ""}, {"ticket": "2489215", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489215", "description": ""}, {"ticket": "2489217", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489217", "description": ""}, {"ticket": "2489218", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489218", "description": ""}, {"ticket": "2489220", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489220", "description": ""}, {"ticket": "2489221", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489221", "description": ""}, {"ticket": "2489223", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489223", "description": ""}, {"ticket": "2489224", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489224", "description": ""}, {"ticket": "2489225", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489225", "description": ""}, {"ticket": "2489226", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489226", "description": ""}, {"ticket": "2489229", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489229", "description": ""}, {"ticket": "2489231", "sourceBy":"Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489231", "description": ""}, {"ticket": "2489232", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489232", "description": ""}, {"ticket": "2489233", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489233", "description": ""}, {"ticket": "2489234", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489234", "description": ""}, {"ticket": "2489235", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489235", "description": ""}, {"ticket": "2489236", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489236", "description": ""}, {"ticket": "2489237", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489237", "description": ""}, {"ticket": "2489239", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489239", "description": ""}, {"ticket": "2489240", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489240", "description": ""}, {"ticket": "2489243", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489243", "description": ""}, {"ticket": "2489244", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489244", "description": ""}, {"ticket": "2489248", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489248", "description": ""}], "cves": [{"name": "CVE-2026-12289", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12289", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-266"}, {"name": "CVE-2026-12290", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12290", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5","cwe": "CWE-823"}, {"name": "CVE-2026-12291", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12291", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-12292", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12292", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-787"}, {"name": "CVE-2026-12294", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12294", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-266"}, {"name": "CVE-2026-12295", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12295", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-653"}, {"name": "CVE-2026-12296", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12296", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-403"}, {"name": "CVE-2026-12297", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12297", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-653"}, {"name": "CVE-2026-12298", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12298", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-843"}, {"name": "CVE-2026-12299", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12299", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-733"}, {"name": "CVE-2026-12302", "sourceBy": "MITRE", "sourceLink":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12302", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": null}, {"name": "CVE-2026-12304", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12304", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-346"}, {"name": "CVE-2026-12305", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12305", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-825"}, {"name": "CVE-2026-12306", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12306", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-787"}, {"name": "CVE-2026-12307", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12307", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-825"}, {"name": "CVE-2026-12308", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12308", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": null}, {"name": "CVE-2026-12309", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12309", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-825"}, {"name": "CVE-2026-12310", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12310", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-825"}, {"name": "CVE-2026-12311", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12311", "cvss3ScoringVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-243"}, {"name": "CVE-2026-12312", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12312", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-787"}, {"name": "CVE-2026-12313", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12313", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-403"}, {"name": "CVE-2026-12314", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12314", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-787"}, {"name": "CVE-2026-12315", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12315", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-807"}, {"name": "CVE-2026-12324", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12324", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "cvss3BaseScore": "3.4", "cwe": "CWE-131"}, {"name": "CVE-2026-12325", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12325", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "cvss3BaseScore": "3.4", "cwe": "CWE-1286"}, {"name": "CVE-2026-12327", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12327", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-787"}, {"name": "CVE-2026-12328", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12328", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-12329","sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12329", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": null}, {"name": "CVE-2026-12330", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12330", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-131"}], "references": [], "publishedAt": "2026-06-26T12:03:13.137376Z", "rpms": {"Rocky Linux 9": {"nvras": ["thunderbird-0:140.12.0-1.el9_8.aarch64.rpm", "thunderbird-0:140.12.0-1.el9_8.ppc64le.rpm", "thunderbird-0:140.12.0-1.el9_8.s390x.rpm", "thunderbird-0:140.12.0-1.el9_8.src.rpm", "thunderbird-0:140.12.0-1.el9_8.x86_64.rpm", "thunderbird-debuginfo-0:140.12.0-1.el9_8.aarch64.rpm", "thunderbird-debuginfo-0:140.12.0-1.el9_8.ppc64le.rpm", "thunderbird-debuginfo-0:140.12.0-1.el9_8.s390x.rpm", "thunderbird-debuginfo-0:140.12.0-1.el9_8.x86_64.rpm", "thunderbird-debugsource-0:140.12.0-1.el9_8.aarch64.rpm", "thunderbird-debugsource-0:140.12.0-1.el9_8.ppc64le.rpm", "thunderbird-debugsource-0:140.12.0-1.el9_8.s390x.rpm", "thunderbird-debugsource-0:140.12.0-1.el9_8.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Explore the important thunderbird security update for Rocky Linux, addressing multiple critical issues and vulnerabilities.. thunderbird security update, rocky linux vulnerabilities, sandbox escape issues, memory safety fixes. . Severity: Important. LinuxSecurity.com Team
Jun 26, 2026
•Important
Rocky Linux
219
security advisorysecurity updatebuffer overflowRocky Linux tigervnc Important Buffer Overflow Issues RLSA-2026-29844
Important: tigervnc security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:29844", "synopsis": "Important: tigervnc security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for tigervnc.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.\n\nSecurity Fix(es):\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch (CVE-2026-50256)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in miSyncDestroyFence() (CVE-2026-50257)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB key types due to unchecked shift levels (CVE-2026-50258)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB SetMap request via mapWidths indexing (CVE-2026-50259)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter() (CVE-2026-50260)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in SyncChangeCounter() (CVE-2026-50261)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds read/write in GLX ChangeDrawableAttributes (CVE-2026-50262)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free information disclosure in CreateSaverWindow() (CVE-2026-50263)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat (CVE-2026-50264)\n\nFor more details aboutthe security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2485380", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485380", "description": ""}, {"ticket": "2485382", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485382", "description": ""}, {"ticket": "2485383", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485383", "description": ""}, {"ticket": "2485384", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485384", "description": ""}, {"ticket": "2485385", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485385", "description": ""}, {"ticket": "2485386", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485386", "description": ""}, {"ticket": "2485387", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485387", "description": ""}, {"ticket": "2485388", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485388", "description": ""}, {"ticket": "2485389", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485389", "description": ""}], "cves": [{"name": "CVE-2026-50256", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50256", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-121"}, {"name": "CVE-2026-50257", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50257", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-416"}, {"name": "CVE-2026-50258", "sourceBy": "MITRE", "sourceLink":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50258", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-121"}, {"name": "CVE-2026-50259", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50259", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-121"}, {"name": "CVE-2026-50260", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50260", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-416"}, {"name": "CVE-2026-50261", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50261", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-416"}, {"name": "CVE-2026-50262", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50262", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss3BaseScore": "5.5", "cwe": "CWE-125"}, {"name": "CVE-2026-50263", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50263", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss3BaseScore": "5.5", "cwe": "CWE-416"}, {"name": "CVE-2026-50264", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50264", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-787"}], "references": [], "publishedAt": "2026-06-26T12:03:13.137376Z", "rpms": {"Rocky Linux 9": {"nvras": ["tigervnc-0:1.15.0-7.el9_8.2.aarch64.rpm", "tigervnc-0:1.15.0-7.el9_8.2.ppc64le.rpm", "tigervnc-0:1.15.0-7.el9_8.2.s390x.rpm", "tigervnc-0:1.15.0-7.el9_8.2.src.rpm", "tigervnc-0:1.15.0-7.el9_8.2.x86_64.rpm", "tigervnc-debuginfo-0:1.15.0-7.el9_8.2.aarch64.rpm", "tigervnc-debuginfo-0:1.15.0-7.el9_8.2.ppc64le.rpm","tigervnc-debuginfo-0:1.15.0-7.el9_8.2.s390x.rpm", "tigervnc-debuginfo-0:1.15.0-7.el9_8.2.x86_64.rpm", "tigervnc-debugsource-0:1.15.0-7.el9_8.2.aarch64.rpm", "tigervnc-debugsource-0:1.15.0-7.el9_8.2.ppc64le.rpm", "tigervnc-debugsource-0:1.15.0-7.el9_8.2.s390x.rpm", "tigervnc-debugsource-0:1.15.0-7.el9_8.2.x86_64.rpm", "tigervnc-icons-0:1.15.0-7.el9_8.2.noarch.rpm", "tigervnc-license-0:1.15.0-7.el9_8.2.noarch.rpm", "tigervnc-selinux-0:1.15.0-7.el9_8.2.noarch.rpm", "tigervnc-server-0:1.15.0-7.el9_8.2.aarch64.rpm", "tigervnc-server-0:1.15.0-7.el9_8.2.ppc64le.rpm", "tigervnc-server-0:1.15.0-7.el9_8.2.s390x.rpm", "tigervnc-server-0:1.15.0-7.el9_8.2.x86_64.rpm", "tigervnc-server-debuginfo-0:1.15.0-7.el9_8.2.aarch64.rpm", "tigervnc-server-debuginfo-0:1.15.0-7.el9_8.2.ppc64le.rpm", "tigervnc-server-debuginfo-0:1.15.0-7.el9_8.2.s390x.rpm", "tigervnc-server-debuginfo-0:1.15.0-7.el9_8.2.x86_64.rpm", "tigervnc-server-minimal-0:1.15.0-7.el9_8.2.aarch64.rpm", "tigervnc-server-minimal-0:1.15.0-7.el9_8.2.ppc64le.rpm", "tigervnc-server-minimal-0:1.15.0-7.el9_8.2.s390x.rpm", "tigervnc-server-minimal-0:1.15.0-7.el9_8.2.x86_64.rpm", "tigervnc-server-minimal-debuginfo-0:1.15.0-7.el9_8.2.aarch64.rpm", "tigervnc-server-minimal-debuginfo-0:1.15.0-7.el9_8.2.ppc64le.rpm", "tigervnc-server-minimal-debuginfo-0:1.15.0-7.el9_8.2.s390x.rpm", "tigervnc-server-minimal-debuginfo-0:1.15.0-7.el9_8.2.x86_64.rpm", "tigervnc-server-module-0:1.15.0-7.el9_8.2.aarch64.rpm", "tigervnc-server-module-0:1.15.0-7.el9_8.2.ppc64le.rpm", "tigervnc-server-module-0:1.15.0-7.el9_8.2.s390x.rpm", "tigervnc-server-module-0:1.15.0-7.el9_8.2.x86_64.rpm", "tigervnc-server-module-debuginfo-0:1.15.0-7.el9_8.2.aarch64.rpm", "tigervnc-server-module-debuginfo-0:1.15.0-7.el9_8.2.ppc64le.rpm", "tigervnc-server-module-debuginfo-0:1.15.0-7.el9_8.2.s390x.rpm", "tigervnc-server-module-debuginfo-0:1.15.0-7.el9_8.2.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important tigervnc update available for Rocky Linux 9 addressing major security issues. Ensure yoursystems are protected.. Rocky Linux RLSA-2026 tigervnc update buffer overflow. . Severity: Important. LinuxSecurity.com Team
Jun 26, 2026
•Important
Rocky Linux
219
security advisorymoderatebug fixRocky Linux 9 RLSA-2026-29981 Golang Moderate Input Injection
Moderate: golang security, bug fix, and enhancement update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:29981", "synopsis": "Moderate: golang security, bug fix, and enhancement update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for golang.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The golang packages provide the Go programming language compiler.\n\nSecurity Fix(es):\n\n* net/textproto: golang: Golang net/textproto: Misleading error messages via input injection (CVE-2026-42507)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Go to version 1.26.4+1 [rhel-9.8.z] (JIRA:Rocky Linux-183350)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2484205", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2484205", "description": ""}], "cves": [{"name": "CVE-2026-42507", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42507", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss3BaseScore": "5.3", "cwe": "CWE-117"}], "references": [], "publishedAt": "2026-06-26T12:03:13.137376Z", "rpms": {"Rocky Linux 9": {"nvras": ["golang-0:1.26.4-1.el9_8.aarch64.rpm", "golang-0:1.26.4-1.el9_8.ppc64le.rpm", "golang-0:1.26.4-1.el9_8.s390x.rpm", "golang-0:1.26.4-1.el9_8.src.rpm", "golang-0:1.26.4-1.el9_8.x86_64.rpm", "golang-bin-0:1.26.4-1.el9_8.aarch64.rpm", "golang-bin-0:1.26.4-1.el9_8.ppc64le.rpm", "golang-bin-0:1.26.4-1.el9_8.s390x.rpm", "golang-bin-0:1.26.4-1.el9_8.x86_64.rpm", "golang-docs-0:1.26.4-1.el9_8.noarch.rpm", "golang-misc-0:1.26.4-1.el9_8.noarch.rpm", "golang-race-0:1.26.4-1.el9_8.aarch64.rpm","golang-race-0:1.26.4-1.el9_8.ppc64le.rpm", "golang-race-0:1.26.4-1.el9_8.s390x.rpm", "golang-race-0:1.26.4-1.el9_8.x86_64.rpm", "golang-src-0:1.26.4-1.el9_8.noarch.rpm", "golang-tests-0:1.26.4-1.el9_8.noarch.rpm", "go-toolset-0:1.26.4-1.el9_8.aarch64.rpm", "go-toolset-0:1.26.4-1.el9_8.ppc64le.rpm", "go-toolset-0:1.26.4-1.el9_8.s390x.rpm", "go-toolset-0:1.26.4-1.el9_8.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Update for golang available in Rocky Linux 9. Fixes misleading error messages due to input injection vulnerability.. Rocky Linux bug fix golang update. . Severity: moderate. LinuxSecurity.com Team
Jun 26, 2026
•moderate
Rocky Linux
219
security advisorydenial of servicepatchRocky Linux 9 RLSA-2026-29455 Buildah Important Denial of Service
Important: buildah security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:29455", "synopsis": "Important: buildah security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for buildah.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. \n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\n* golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters (CVE-2026-39829)\n\n* golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses (CVE-2026-39830)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2445356", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "description": ""}, {"ticket": "2456333", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333","description": ""}, {"ticket": "2456338", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "description": ""}, {"ticket": "2456339", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "description": ""}, {"ticket": "2480681", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2480681", "description": ""}, {"ticket": "2480684", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2480684", "description": ""}], "cves": [{"name": "CVE-2026-25679", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1286"}, {"name": "CVE-2026-32280", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-770"}, {"name": "CVE-2026-32281", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32281", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-1050"}, {"name": "CVE-2026-32283", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-764"}, {"name": "CVE-2026-39829", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39829", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1284"}, {"name": "CVE-2026-39830", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39830", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-772"}], "references": [],"publishedAt": "2026-06-26T12:03:13.137376Z", "rpms": {"Rocky Linux 9": {"nvras": ["buildah-2:1.43.1-2.el9_8.aarch64.rpm", "buildah-2:1.43.1-2.el9_8.ppc64le.rpm", "buildah-2:1.43.1-2.el9_8.s390x.rpm", "buildah-2:1.43.1-2.el9_8.src.rpm", "buildah-2:1.43.1-2.el9_8.x86_64.rpm", "buildah-debuginfo-2:1.43.1-2.el9_8.aarch64.rpm", "buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le.rpm", "buildah-debuginfo-2:1.43.1-2.el9_8.s390x.rpm", "buildah-debuginfo-2:1.43.1-2.el9_8.x86_64.rpm", "buildah-debugsource-2:1.43.1-2.el9_8.aarch64.rpm", "buildah-debugsource-2:1.43.1-2.el9_8.ppc64le.rpm", "buildah-debugsource-2:1.43.1-2.el9_8.s390x.rpm", "buildah-debugsource-2:1.43.1-2.el9_8.x86_64.rpm", "buildah-tests-2:1.43.1-2.el9_8.aarch64.rpm", "buildah-tests-2:1.43.1-2.el9_8.ppc64le.rpm", "buildah-tests-2:1.43.1-2.el9_8.s390x.rpm", "buildah-tests-2:1.43.1-2.el9_8.x86_64.rpm", "buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64.rpm", "buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le.rpm", "buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x.rpm", "buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important buildah security update for Rocky Linux enhances container image security and resolves several denial of service issues.. Rocky Linux buildah security important update denial of service. . Severity: Important. LinuxSecurity.com Team
Jun 26, 2026
•Important
Rocky Linux
219
security advisorydenial of serviceimportantRocky Linux 9 Runc Important Denial of Service Update RLSA-2026-29702
Important: runc security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:29702", "synopsis": "Important: runc security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for runc.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2445356", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "description": ""}, {"ticket": "2456333", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333", "description": ""}, {"ticket": "2456339", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "description": ""}], "cves": [{"name": "CVE-2026-25679", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1286"}, {"name": "CVE-2026-32280", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5","cwe": "CWE-770"}, {"name": "CVE-2026-32281", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32281", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-1050"}], "references": [], "publishedAt": "2026-06-26T12:03:13.137376Z", "rpms": {"Rocky Linux 9": {"nvras": ["runc-4:1.4.2-2.el9_8.aarch64.rpm", "runc-4:1.4.2-2.el9_8.ppc64le.rpm", "runc-4:1.4.2-2.el9_8.s390x.rpm", "runc-4:1.4.2-2.el9_8.src.rpm", "runc-4:1.4.2-2.el9_8.x86_64.rpm", "runc-debuginfo-4:1.4.2-2.el9_8.aarch64.rpm", "runc-debuginfo-4:1.4.2-2.el9_8.ppc64le.rpm", "runc-debuginfo-4:1.4.2-2.el9_8.s390x.rpm", "runc-debuginfo-4:1.4.2-2.el9_8.x86_64.rpm", "runc-debugsource-4:1.4.2-2.el9_8.aarch64.rpm", "runc-debugsource-4:1.4.2-2.el9_8.ppc64le.rpm", "runc-debugsource-4:1.4.2-2.el9_8.s390x.rpm", "runc-debugsource-4:1.4.2-2.el9_8.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Explore the important runc security update for Rocky Linux 9, addressing serious vulnerabilities including Denial of Service.. Rocky Linux runc Update security important. . Severity: Important. LinuxSecurity.com Team
Jun 26, 2026
•Important
Rocky Linux
197
security advisorycriticalinformation disclosureDebian LTS python-urllib3 Serious Information Leak Resolution DLA-4651-1
It was discovered that python-urllib3, an HTTP library with thread-safe connection pooling for Python, did not strip out sensitive headers (such as `Authorization` or `Cookie`) during cross-origin redirects followed from the low-level API, which could lead to information disclosure or authorization bypass.. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4651-1
Jun 26, 2026
•Critical
Debian LTS
197
security advisorydenial of servicecriticalDebian LTS giflib Critical Denial of Service Vulnerabilities DLA-4650-1
Two vulnerabilties have been found in giflib, a package of portable tools and library routines for working with GIF images, potentially allowing Denial of Service. CVE-2026-23868 Giflib contains a double-free vulnerability that is the result of a. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4650-1
Jun 26, 2026
•Critical
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
Does sandboxing completely stop hackers?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!