Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 9,991 articles for you...
89
security advisoryfedorasoftware updateFedora 44 mingw-objfw 1.5.5 Security Bug Fix Update 2026-2aa17af701
Update to 1.5.5, containing many bug fixes, some also security related.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-2aa17af701 2026-06-09 01:21:40.783752+00:00 -------------------------------------------------------------------------------- Name : mingw-objfw Product : Fedora 44 Version : 1.5.5 Release : 1.fc44 URL : https://objfw.nil.im Summary : MinGW port of ObjFW Description : ObjFW is a portable, lightweight framework for the Objective-C language. It enables you to write an application in Objective-C that will run on any platform supported by ObjFW without having to worry about differences between operating systems or various frameworks you would otherwise need if you want to be portable. It supports all modern Objective-C features when using Clang, but is also compatible with GCC ≥ 4.6 to allow maximum portability. ObjFW also comes with its own lightweight and extremely fast Objective-C runtime, which in real world use cases was found to be significantly faster than both GNU's and Apple's runtime. -------------------------------------------------------------------------------- Update Information: Update to 1.5.5, containing many bug fixes, some also security related. -------------------------------------------------------------------------------- ChangeLog: * Sun May 31 2026 Jonathan Schleifer - 1.5.5-1 - Update to 1.5.5 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2aa17af701' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Upgrade to mingw-objfw 1.5.5 on Fedora 44 addresses key security fixes and enhances functionality.. Fedora 44 Update, mingw-objfw Bug Fixes, Linux Security Enhancements. . LinuxSecurity.com Team
Jun 09, 2026
Fedora
89
security advisoryfedorasoftware updateFedora 44 ObjFW Update Critical Bug Fix Advisory 2026-729e540d74
Update to 1.5.5, containing many bug fixes, some also security related.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-729e540d74 2026-06-09 01:21:40.783749+00:00 -------------------------------------------------------------------------------- Name : objfw Product : Fedora 44 Version : 1.5.5 Release : 1.fc44 URL : https://objfw.nil.im Summary : Portable, lightweight framework for the Objective-C language Description : ObjFW is a portable, lightweight framework for the Objective-C language. It enables you to write an application in Objective-C that will run on any platform supported by ObjFW without having to worry about differences between operating systems or various frameworks you would otherwise need if you want to be portable. It supports all modern Objective-C features when using Clang, but is also compatible with GCC ≥ 4.6 to allow maximum portability. ObjFW also comes with its own lightweight and extremely fast Objective-C runtime, which in real world use cases was found to be significantly faster than both GNU's and Apple's runtime. -------------------------------------------------------------------------------- Update Information: Update to 1.5.5, containing many bug fixes, some also security related. -------------------------------------------------------------------------------- ChangeLog: * Sun May 31 2026 Jonathan Schleifer - 1.5.5-1 - Update to 1.5.5 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-729e540d74' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Explore the security and bug fixes in Fedora 44's ObjFW framework update, ensuring optimal performance and reliability.. Fedora update, ObjFW framework, application security, bug fixes, software performance. . Severity: Important. LinuxSecurity.com Team
Jun 09, 2026
•Important
Fedora
89
security advisorydenial of servicefedoraFedora 44 Tailscale 1.98.4 Security Alert Denial of Service CVE-2026-34165
update to 1.98.4 Allow nftables to satisfy firewall dependency in lieu of iptables rhbz#2453924 Fix 45s timeout on shutdowns in certain cases rhbz#2440864 Fixes CVE-2026-34165 rhbz#2454571 Fixes CVE-2026-33762 rhbz#2454572. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-07897c0238 2026-06-09 01:21:40.783737+00:00 -------------------------------------------------------------------------------- Name : tailscale Product : Fedora 44 Version : 1.98.4 Release : 1.fc44 URL : https://github.com/tailscale/tailscale Summary : The easiest, most secure way to use WireGuard and 2FA Description : The easiest, most secure way to use WireGuard and 2FA. -------------------------------------------------------------------------------- Update Information: update to 1.98.4 Allow nftables to satisfy firewall dependency in lieu of iptables rhbz#2453924 Fix 45s timeout on shutdowns in certain cases rhbz#2440864 Fixes CVE-2026-34165 rhbz#2454571 Fixes CVE-2026-33762 rhbz#2454572 -------------------------------------------------------------------------------- ChangeLog: * Sun May 31 2026 Jonathan Wright - 1.98.4-1 - update to 1.98.4 - Allow nftables to satisfy firewall dependency in lieu of iptables rhbz#2453924 - Fix 45s timeout on shutdowns in certain cases rhbz#2440864 - Fixes CVE-2026-34165 rhbz#2454571 - Fixes CVE-2026-33762 rhbz#2454572 * Sun May 31 2026 Jonathan Wright - 1.98.3-1 - update to 1.98.3 rhbz#2448765 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2440864 - tailscale causing reboot to delay by 45 seconds as service shutdown times out https://bugzilla.redhat.com/show_bug.cgi?id=2440864 [ 2 ] Bug #2448765 - tailscale-1.98.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2448765 [ 3 ] Bug #2453924 - drop hard dependency on iptables from tailscale https://bugzilla.redhat.com/show_bug.cgi?id=2453924 [ 4 ] Bug #2454571 - CVE-2026-34165 tailscale: go-git: Denial of Service via crafted .idx file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454571 [ 5 ] Bug #2454572 - CVE-2026-33762 tailscale: go-git: Denial of Service via crafted Git index file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454572 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-07897c0238' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 09, 2026
•Critical
Fedora
89
security advisoryfedoracriticalFedora 44 SentencePiece Memory Access Issue Advisory 2026-314504fd18
Update to 0.2.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-314504fd18 2026-06-09 01:21:40.783727+00:00 -------------------------------------------------------------------------------- Name : sentencepiece Product : Fedora 44 Version : 0.2.1 Release : 1.fc44 URL : https://github.com/google/sentencepiece Summary : An unsupervised text tokenizer for Neural Network-based text generation Description : The SentencePiece is an unsupervised text tokenizer for Neural Network-based text generation. It is an unsupervised text tokenizer and detokenizer mainly for Neural Network-based text generation systems where the vocabulary size is predetermined prior to the neural model training. SentencePiece implements subword units and unigram language model with the extension of direct training from raw sentences. SentencePiece allows us to make a purely end-to-end system that does not depend on language-specific pre/post-processing. -------------------------------------------------------------------------------- Update Information: Update to 0.2.1 -------------------------------------------------------------------------------- ChangeLog: * Tue May 19 2026 Peter Robinson - 0.2.1-1 - Update to 0.2.1 - Fixes CVE-2026-1260 (rhbz#2432139 rhbz#2432139) - Minor package updates for new rev -------------------------------------------------------------------------------- References: [ 1 ] Bug #2432139 - CVE-2026-1260 sentencepiece: Sentencepiece: Invalid memory access leading to potential arbitrary code execution via a crafted model file. [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2432139 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-314504fd18' at the command line. For more information, refer to the dnf documentationavailable at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 09, 2026
•Critical
Fedora
202
security advisorysecurity updateprivilege escalationopenSUSE Keybase-Client Important Security Issues Update 2026-0195-1
An update that fixes 20 vulnerabilities is now available.. openSUSE Security Update: Security update for keybase-client ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0195-1 Rating: important References: #1227158 #1253563 #1253864 #1254023 #1258591 #1260696 #1266158 #1266596 Cross-References: CVE-2024-24792 CVE-2025-47913 CVE-2025-47914 CVE-2025-58181 CVE-2026-26958 CVE-2026-33809 CVE-2026-39821 CVE-2026-39827 CVE-2026-39828 CVE-2026-39829 CVE-2026-39830 CVE-2026-39831 CVE-2026-39832 CVE-2026-39833 CVE-2026-39834 CVE-2026-39835 CVE-2026-42508 CVE-2026-46595 CVE-2026-46597 CVE-2026-46598 CVSS scores: CVE-2025-47913 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-47914 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-58181 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-26958 (SUSE): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N CVE-2026-39821 (SUSE): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2026-39827 (SUSE): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-39828 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2026-39829 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-39830 (SUSE): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-39831 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2026-39832 (SUSE): 6.2CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N CVE-2026-39833 (SUSE): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2026-39834 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-39835 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-42508 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2026-46595 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2026-46597 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-46598 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for keybase-client fixes the following issues: - Fixed multiple security issues in golang.org/x/crypto/ssh (boo#1266158). - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation (boo#1266596). - Update to version 6.6.2 * Improve git default branch handling - Switch to go1.25 as required by update go image library. - Update to version 6.6.0 * Various bug fixes and performance improvements - Update to version 6.5.1 * Fix team deletion not working * Chat attachments improvements * Miscellaneous bugfixes - Switch source download service from deprecated disabledrun to manualrun. - Update to version 6.3.1 * Archive your chats/files/repos for easy backups. * Wrap text in spoiler to hide spoilers. - Update the used Go version to 1.21 which is the first version to support the slicesmodules which is now used by Keybase. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-195=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64): kbfs-6.6.2-bp157.2.6.1 kbfs-git-6.6.2-bp157.2.6.1 kbfs-tool-6.6.2-bp157.2.6.1 keybase-client-6.6.2-bp157.2.6.1 References: https://www.suse.com/security/cve/CVE-2024-24792.html https://www.suse.com/security/cve/CVE-2025-47913.html https://www.suse.com/security/cve/CVE-2025-47914.html https://www.suse.com/security/cve/CVE-2025-58181.html https://www.suse.com/security/cve/CVE-2026-26958.html https://www.suse.com/security/cve/CVE-2026-33809.html https://www.suse.com/security/cve/CVE-2026-39821.html https://www.suse.com/security/cve/CVE-2026-39827.html https://www.suse.com/security/cve/CVE-2026-39828.html https://www.suse.com/security/cve/CVE-2026-39829.html https://www.suse.com/security/cve/CVE-2026-39830.html https://www.suse.com/security/cve/CVE-2026-39831.html https://www.suse.com/security/cve/CVE-2026-39832.html https://www.suse.com/security/cve/CVE-2026-39833.html https://www.suse.com/security/cve/CVE-2026-39834.html https://www.suse.com/security/cve/CVE-2026-39835.html https://www.suse.com/security/cve/CVE-2026-42508.html https://www.suse.com/security/cve/CVE-2026-46595.html https://www.suse.com/security/cve/CVE-2026-46597.html https://www.suse.com/security/cve/CVE-2026-46598.html https://bugzilla.suse.com/1227158 https://bugzilla.suse.com/1253563 https://bugzilla.suse.com/1253864 https://bugzilla.suse.com/1254023 https://bugzilla.suse.com/1258591 https://bugzilla.suse.com/1260696 https://bugzilla.suse.com/1266158 https://bugzilla.suse.com/1266596 . Critical updatefor openSUSE keybase-client fixes 20 important security issues including privilege escalation vulnerabilities.. openSUSE keybase-client update important security. . Severity: Important. LinuxSecurity.com Team
Jun 09, 2026
•Important
OpenSUSE
172
security advisoryarbitrary code executionUbuntuUbuntu 26.04 LTS php-twig Severe Arbitrary Code Execution Flaw USN-8408-1
Twig could be made to run programs if it received specially crafted network traffic from an authenticated user.. ========================================================================== Ubuntu Security Notice USN-8408-1 June 08, 2026 php-twig vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS Summary: Twig could be made to run programs if it received specially crafted network traffic from an authenticated user. Software Description: - php-twig: Flexible, fast, and secure template engine for PHP Details: It was discovered that Twig did not properly validate PHP callables when using a source policy. An authenticated user could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS php-twig 3.23.0-2ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8408-1 CVE-2026-24425 . Twig vulnerability on Ubuntu allows unauthorized program execution via crafted network traffic. Update recommended immediately.. Twig Vulnerability, Ubuntu Update, PHP Template Engine, Arbitrary Code Execution, Ubuntu Security Notice. . Severity: Important. LinuxSecurity.com Team
Jun 08, 2026
•Important
Ubuntu
100
security advisorymoderatesecurity issueSUSE Mutt Moderate Loop NULL Pointer Fix Vulnerability 2026-2300-1
An update that solves six vulnerabilities and has one security fix can now be installed.. # Security update for mutt Announcement ID: SUSE-SU-2026:2300-1 Release Date: 2026-06-08T13:54:59Z Rating: moderate References: * bsc#1263892 * bsc#1263893 * bsc#1263894 * bsc#1263895 * bsc#1263896 * bsc#1263897 * bsc#1264047 Cross-References: * CVE-2026-43859 * CVE-2026-43860 * CVE-2026-43861 * CVE-2026-43862 * CVE-2026-43863 * CVE-2026-43864 CVSS scores: * CVE-2026-43859 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43859 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43859 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43860 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43860 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43860 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43861 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43861 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43861 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43862 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43862 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43862 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43863 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43863 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-43863 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-43864 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43864 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-43864 ( NVD ): 2.5CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves six vulnerabilities and has one security fix can now be installed. ## Description: This update for mutt fixes the following issues * CVE-2026-43859: `strfcpy` used instead of `memcpy` for the IMAP `auth_cram` MD5 digest (bsc#1263897). * CVE-2026-43860: truncation of `hash_passwd` by one byte for IMAP `auth_cram` MD5 digest (bsc#1263896). * CVE-2026-43861: missing check for `\0` in `url_pct_decode` (bsc#1263895). * CVE-2026-43862: mishandling of the `imap_auth_gss` security level (bsc#1263894). * CVE-2026-43863: infinite loop in `data_object_to_stream` in `crypt-gpgme.c` (bsc#1263893). * CVE-2026-43864: NULL pointer dereference in function `show_sig_summary` (bsc#1263892). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2300=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * mutt-1.10.1-55.33.1 * mutt-debuginfo-1.10.1-55.33.1 * mutt-debugsource-1.10.1-55.33.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43859.html * https://www.suse.com/security/cve/CVE-2026-43860.html * https://www.suse.com/security/cve/CVE-2026-43861.html * https://www.suse.com/security/cve/CVE-2026-43862.html * https://www.suse.com/security/cve/CVE-2026-43863.html * https://www.suse.com/security/cve/CVE-2026-43864.html * https://bugzilla.suse.com/show_bug.cgi?id=1263892 * https://bugzilla.suse.com/show_bug.cgi?id=1263893 *https://bugzilla.suse.com/show_bug.cgi?id=1263894 * https://bugzilla.suse.com/show_bug.cgi?id=1263895 * https://bugzilla.suse.com/show_bug.cgi?id=1263896 * https://bugzilla.suse.com/show_bug.cgi?id=1263897 * https://bugzilla.suse.com/show_bug.cgi?id=1264047 . Update for mutt resolves multiple vulnerabilities to enhance system security in SUSE Linux environments effectively.. mutt update,SUSE security update,mutt vulnerabilities,moderate advisory. . Severity: moderate. LinuxSecurity.com Team
Jun 08, 2026
•moderate
SuSE
202
security advisorymoderatedenial of serviceopenSUSE Mutt Moderate Security Issue Advisory 2026-2301-1 CVE-2026-43859
An update that solves six vulnerabilities and has one security fix can now be installed.. # Security update for mutt Announcement ID: SUSE-SU-2026:2301-1 Release Date: 2026-06-08T13:55:10Z Rating: moderate References: * bsc#1263892 * bsc#1263893 * bsc#1263894 * bsc#1263895 * bsc#1263896 * bsc#1263897 * bsc#1264047 Cross-References: * CVE-2026-43859 * CVE-2026-43860 * CVE-2026-43861 * CVE-2026-43862 * CVE-2026-43863 * CVE-2026-43864 CVSS scores: * CVE-2026-43859 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43859 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43859 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43860 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43860 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43860 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43861 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43861 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43861 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43862 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43862 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43862 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-43863 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43863 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-43863 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-43864 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43864 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-43864 ( NVD ): 2.5CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves six vulnerabilities and has one security fix can now be installed. ## Description: This update for mutt fixes the following issues * CVE-2026-43859: `strfcpy` used instead of `memcpy` for the IMAP `auth_cram` MD5 digest (bsc#1263897). * CVE-2026-43860: truncation of `hash_passwd` by one byte for IMAP `auth_cram` MD5 digest (bsc#1263896). * CVE-2026-43861: missing check for `\0` in `url_pct_decode` (bsc#1263895). * CVE-2026-43862: mishandling of the `imap_auth_gss` security level (bsc#1263894). * CVE-2026-43863: infinite loop in `data_object_to_stream` in `crypt-gpgme.c` (bsc#1263893). * CVE-2026-43864: NULL pointer dereference in function `show_sig_summary` (bsc#1263892). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2301=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2301=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * mutt-debuginfo-2.2.14-150600.3.6.1 * mutt-2.2.14-150600.3.6.1 * mutt-debugsource-2.2.14-150600.3.6.1 * openSUSE Leap 15.6 (noarch) * mutt-lang-2.2.14-150600.3.6.1 * mutt-doc-2.2.14-150600.3.6.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * mutt-debuginfo-2.2.14-150600.3.6.1 * mutt-2.2.14-150600.3.6.1 * mutt-debugsource-2.2.14-150600.3.6.1 * Basesystem Module 15-SP7 (noarch) * mutt-lang-2.2.14-150600.3.6.1 * mutt-doc-2.2.14-150600.3.6.1 ## References: *https://www.suse.com/security/cve/CVE-2026-43859.html * https://www.suse.com/security/cve/CVE-2026-43860.html * https://www.suse.com/security/cve/CVE-2026-43861.html * https://www.suse.com/security/cve/CVE-2026-43862.html * https://www.suse.com/security/cve/CVE-2026-43863.html * https://www.suse.com/security/cve/CVE-2026-43864.html * https://bugzilla.suse.com/show_bug.cgi?id=1263892 * https://bugzilla.suse.com/show_bug.cgi?id=1263893 * https://bugzilla.suse.com/show_bug.cgi?id=1263894 * https://bugzilla.suse.com/show_bug.cgi?id=1263895 * https://bugzilla.suse.com/show_bug.cgi?id=1263896 * https://bugzilla.suse.com/show_bug.cgi?id=1263897 * https://bugzilla.suse.com/show_bug.cgi?id=1264047 . # Security update for mutt Announcement ID: SUSE-SU-2026:2301-1 Release Date: 2026-06-08T13:55:10Z R. security, update, solves, vulnerabilities, installed. . Severity: moderate. LinuxSecurity.com Team
Jun 08, 2026
•moderate
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!