Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3,632 articles for you...
100
security advisorydenial of servicecriticalopenSUSE HPLIP Critical Escalation DoS Advisory SUSE-2026-2380-1
An update that solves three vulnerabilities and has five security fixes can now be installed.. # Security update for hplip Announcement ID: SUSE-SU-2026:2380-1 Release Date: 2026-06-11T16:15:35Z Rating: critical References: * bsc#1209401 * bsc#1234745 * bsc#1245358 * bsc#1250481 * bsc#1257529 * bsc#1266023 * bsc#1266024 * bsc#1266031 Cross-References: * CVE-2025-43023 * CVE-2026-8631 * CVE-2026-8632 CVSS scores: * CVE-2025-43023 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43023 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43023 ( NVD ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-43023 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-8631 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-8631 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-8631 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-8631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-8632 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-8632 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-8632 ( NVD ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-8632 ( NVD ): 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities and has five security fixes can now be installed. ## Description: This update for hplip fixes the following issues Update to HPLIP 3.26.4: Security issues: * CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation (bsc#1266031). * CVE-2026-8631: escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path (bsc#1266023). * CVE-2026-8632: escalation of privileges and/or arbitrary code execution via operating system command injection (bsc#1266024). * unauthenticated remote (LAN) denial-of-service in the SLP parser (ReDoS) (bsc#1245358). * URI parameter injection via unsanitized USB serial number (bsc#1209401). Non security issues: * Can't set up fax for HP OfficeJet 3830 (bsc#1257529). * hplip requires foomatic-filters which does not exist in Leap 16 (bsc#1250481). Changes: * Add support for the following new printers: * HP LaserJet Pro MFP 3106sdw * HP LaserJet Pro MFP 3105sdw * HP Envy 6500e series * HP Envy 6500 series * HP OfficeJet Pro 9730 Series * HP OfficeJet Pro 9730e Series * HP OfficeJet Pro 9720 Series * HPOfficeJet Pro 9720e Series * HP OfficeJet Pro 8130e All-in-One series * HP OfficeJet Pro 8130 All-in-One series * HP OfficeJet 8130e All-in-One series * HP OfficeJet 8130 All-in-One series * HP OfficeJet Pro 8120e All-in-One series * HP OfficeJet Pro 8120 All-in-One series * HP OfficeJet 8120e All-in-One series * HP OfficeJet 8120 All-in-One series * HP DeskJet Ink Advantage ultra 5800 All-in-One Printer series * HP DeskJet Ink Advantage ultra 5100 All-in-One Printer series * HP DeskJet 4300e All-in-One Printer series * HP DeskJet Ink Advantage 4300 All-in-One Printer series * HP DeskJet 4300 All-in-One Printer series * HP DeskJet 2900e All-in-One Printer series * HP DeskJet Ink Advantage 2900 All-in-One Printer series * HP DeskJet 2900 All-in-One Printer series * HP LaserJet Enterprise Flow MFP 8601z * HP LaserJet Enterprise 5501 * HP LaserJet Enterprise MFP 5601dn * HP LaserJet Enterprise 6500dn * HP LaserJet Enterprise 5501n * HP LaserJet Enterprise MFP 5601 * HP LaserJet Enterprise 6500 * HP LaserJet Enterprise 5502dn * HP LaserJet Enterprise MFP 5602dn * HP LaserJet Enterprise 6500n * HP LaserJet Enterprise 5502 * HP LaserJet Enterprise MFP 5602f * HP LaserJet Enterprise 6501dn * HP LaserJet Enterprise X50452dn * HP LaserJet Enterprise Flow MFP 5602zfw * HP LaserJet Enterprise 6501 * HP LaserJet Enterprise X50452 * HP LaserJet Enterprise MFP 5602 * HP LaserJet Enterprise X60257dn * HP LaserJet Enterprise MFP X53052dn * HP LaserJet Enterprise Flow MFP X530 * HP LaserJet Enterprise X60257 * HP LaserJet Enterprise MFP X53052 * HP LaserJet Enterprise X60357dn * HP LaserJet Enterprise X60357 * HP LaserJet Enterprise MFP 6600dn * HP LaserJet Enterprise Flow MFP 6600zfw * HP LaserJet Enterprise MFP 6600 * HP LaserJet Enterprise Flow MFP 6600zfsw * HP LaserJet Enterprise MFP X62757dn * HP LaserJet Enterprise Flow MFP X62757zs * HP LaserJet Enterprise MFP X62757 * DEX D50452dn * DEX MFP D53052dn * HP LaserJet ProMFP M126a plus * HP LaserJet Pro MFP M126nw plus * HP LaserJet Pro MFP M126snw plus * HP Envy Photo 7200 series * HP Envy Photo 7900 series * HP OfficeJet Pro 9110 Series * HP OfficeJet 9120 Series * HP OfficeJet Pro 9120 Series * HP OfficeJet Pro 9130 Series * HP LaserJet Enterprise Flow MFP 8601z+ * HP LaserJet Enterprise MFP 8601dn * HP Color LaserJet Enterprise MFP 8801dn * HP Color LaserJet Enterprise Flow MFP 8801z * HP Color LaserJet Enterprise Flow MFP 8801z+ * HP LaserJet Enterprise 8501dn * HP LaserJet Enterprise 8501x * HP LaserJet Enterprise 8501x+ * DEX MFP D826 * DEX MFP D82640 * DEX MFP D82650 * DEX MFP D82660 * DEX D50145 * DEX MFP D42540 * DEX MFP D52645 * DEX Color D55745 * DEX Color MFP D57945 * DEX Color MFP D677 * DEX Color MFP D67755 * DEX Color MFP D67765 * DEX Color MFP D877 * DEX Color MFP D87740 * DEX Color MFP D87750 * DEX Color MFP D87760 * DEX Color MFP D87770 * DEX Color MFP D786 * DEX Colour MFP D78625 * DEX Color MFP D78630 * DEX Color MFP D78635 * DEX MFP D731 * DEX MFP D73130 * DEX MFP D73135 * DEX MFP D73140 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2380=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2380=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2380=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2380=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2380=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patchSUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2380=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2380=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2380=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2380=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * hplip-debugsource-3.26.4-150400.3.22.1 * hplip-devel-3.26.4-150400.3.22.1 * hplip-udev-rules-3.26.4-150400.3.22.1 * hplip-sane-3.26.4-150400.3.22.1 * hplip-sane-debuginfo-3.26.4-150400.3.22.1 * hplip-hpijs-3.26.4-150400.3.22.1 * hplip-3.26.4-150400.3.22.1 * hplip-scan-utils-3.26.4-150400.3.22.1 * hplip-debuginfo-3.26.4-150400.3.22.1 * hplip-scan-utils-debuginfo-3.26.4-150400.3.22.1 * hplip-hpijs-debuginfo-3.26.4-150400.3.22.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * hplip-debugsource-3.26.4-150400.3.22.1 * hplip-devel-3.26.4-150400.3.22.1 * hplip-udev-rules-3.26.4-150400.3.22.1 * hplip-sane-debuginfo-3.26.4-150400.3.22.1 * hplip-sane-3.26.4-150400.3.22.1 * hplip-hpijs-3.26.4-150400.3.22.1 * hplip-3.26.4-150400.3.22.1 * hplip-debuginfo-3.26.4-150400.3.22.1 * hplip-hpijs-debuginfo-3.26.4-150400.3.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * hplip-debugsource-3.26.4-150400.3.22.1 * hplip-devel-3.26.4-150400.3.22.1 * hplip-sane-debuginfo-3.26.4-150400.3.22.1 * hplip-sane-3.26.4-150400.3.22.1 * hplip-udev-rules-3.26.4-150400.3.22.1 * hplip-hpijs-3.26.4-150400.3.22.1 * hplip-3.26.4-150400.3.22.1 * hplip-debuginfo-3.26.4-150400.3.22.1 * hplip-hpijs-debuginfo-3.26.4-150400.3.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * hplip-debugsource-3.26.4-150400.3.22.1 *hplip-devel-3.26.4-150400.3.22.1 * hplip-sane-debuginfo-3.26.4-150400.3.22.1 * hplip-sane-3.26.4-150400.3.22.1 * hplip-udev-rules-3.26.4-150400.3.22.1 * hplip-hpijs-3.26.4-150400.3.22.1 * hplip-3.26.4-150400.3.22.1 * hplip-debuginfo-3.26.4-150400.3.22.1 * hplip-hpijs-debuginfo-3.26.4-150400.3.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * hplip-debugsource-3.26.4-150400.3.22.1 * hplip-devel-3.26.4-150400.3.22.1 * hplip-sane-debuginfo-3.26.4-150400.3.22.1 * hplip-sane-3.26.4-150400.3.22.1 * hplip-udev-rules-3.26.4-150400.3.22.1 * hplip-hpijs-3.26.4-150400.3.22.1 * hplip-3.26.4-150400.3.22.1 * hplip-debuginfo-3.26.4-150400.3.22.1 * hplip-hpijs-debuginfo-3.26.4-150400.3.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * hplip-debugsource-3.26.4-150400.3.22.1 * hplip-devel-3.26.4-150400.3.22.1 * hplip-sane-debuginfo-3.26.4-150400.3.22.1 * hplip-sane-3.26.4-150400.3.22.1 * hplip-udev-rules-3.26.4-150400.3.22.1 * hplip-hpijs-3.26.4-150400.3.22.1 * hplip-3.26.4-150400.3.22.1 * hplip-debuginfo-3.26.4-150400.3.22.1 * hplip-hpijs-debuginfo-3.26.4-150400.3.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * hplip-debugsource-3.26.4-150400.3.22.1 * hplip-devel-3.26.4-150400.3.22.1 * hplip-sane-debuginfo-3.26.4-150400.3.22.1 * hplip-sane-3.26.4-150400.3.22.1 * hplip-udev-rules-3.26.4-150400.3.22.1 * hplip-hpijs-3.26.4-150400.3.22.1 * hplip-3.26.4-150400.3.22.1 * hplip-debuginfo-3.26.4-150400.3.22.1 * hplip-hpijs-debuginfo-3.26.4-150400.3.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * hplip-debugsource-3.26.4-150400.3.22.1 * hplip-devel-3.26.4-150400.3.22.1 * hplip-sane-debuginfo-3.26.4-150400.3.22.1 * hplip-sane-3.26.4-150400.3.22.1 * hplip-udev-rules-3.26.4-150400.3.22.1 * hplip-hpijs-3.26.4-150400.3.22.1 * hplip-3.26.4-150400.3.22.1 * hplip-debuginfo-3.26.4-150400.3.22.1 * hplip-hpijs-debuginfo-3.26.4-150400.3.22.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * hplip-debugsource-3.26.4-150400.3.22.1 * hplip-devel-3.26.4-150400.3.22.1 * hplip-sane-debuginfo-3.26.4-150400.3.22.1 * hplip-sane-3.26.4-150400.3.22.1 * hplip-udev-rules-3.26.4-150400.3.22.1 * hplip-hpijs-3.26.4-150400.3.22.1 * hplip-3.26.4-150400.3.22.1 * hplip-debuginfo-3.26.4-150400.3.22.1 * hplip-hpijs-debuginfo-3.26.4-150400.3.22.1 ## References: * https://www.suse.com/security/cve/CVE-2025-43023.html * https://www.suse.com/security/cve/CVE-2026-8631.html * https://www.suse.com/security/cve/CVE-2026-8632.html * https://bugzilla.suse.com/show_bug.cgi?id=1209401 * https://bugzilla.suse.com/show_bug.cgi?id=1234745 * https://bugzilla.suse.com/show_bug.cgi?id=1245358 * https://bugzilla.suse.com/show_bug.cgi?id=1250481 * https://bugzilla.suse.com/show_bug.cgi?id=1257529 * https://bugzilla.suse.com/show_bug.cgi?id=1266023 * https://bugzilla.suse.com/show_bug.cgi?id=1266024 * https://bugzilla.suse.com/show_bug.cgi?id=1266031 . Critical security update for HPLIP in openSUSE addressing three vulnerabilities with multiple fixes available.. HPLIP update, openSUSE patch, critical vulnerabilities, privilege escalation, DoS threat. . Severity: Critical. LinuxSecurity.com Team
Jun 12, 2026
•Critical
SuSE
89
security advisoryunauthorized accessfedoraFedora 43 Vaultwarden-Web 2026.4.1 Critical Access Control Issues
update to 2026.4.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-064873552d 2026-06-12 01:07:40.519533+00:00 -------------------------------------------------------------------------------- Name : vaultwarden-web Product : Fedora 43 Version : 2026.4.1 Release : 1.fc43 URL : https://github.com/dani-garcia/bw_web_builds Summary : Web vault for vaultwarden Description : Web vault for vaultwarden. -------------------------------------------------------------------------------- Update Information: update to 2026.4.1 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 3 2026 Jonathan Wright - 2026.4.1-1 - update to 2026.4.1 rhbz#2387335 - Fixes CVE-2026-27803 Unauthorized collection management operations due to improper access control - Fixes CVE-2026-27801 Two-factor authentication bypass allows unauthorized access and data deletion - Fixes CVE-2026-27802 Privilege Escalation via Unauthorized Bulk Permission Update - Fixes CVE-2026-27898 Information disclosure via API partial update * Sat Jan 17 2026 Fedora Release Engineering - 2025.7.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2444912 - CVE-2026-27898 vaultwarden-web: Vaultwarden: Information disclosure via API partial update [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2444912 [ 2 ] Bug #2444947 - CVE-2026-27801 vaultwarden-web: Vaultwarden: Two-factor authentication bypass allows unauthorized access and data deletion. [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2444947 [ 3 ] Bug #2444953 - CVE-2026-27802 vaultwarden-web: Vaultwarden: Privilege Escalation via Unauthorized Bulk Permission Update [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2444953 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-064873552d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 11, 2026
•Critical
Fedora
202
security advisorysecurity updateprivilege escalationopenSUSE Keybase-Client Important Security Issues Update 2026-0195-1
An update that fixes 20 vulnerabilities is now available.. openSUSE Security Update: Security update for keybase-client ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0195-1 Rating: important References: #1227158 #1253563 #1253864 #1254023 #1258591 #1260696 #1266158 #1266596 Cross-References: CVE-2024-24792 CVE-2025-47913 CVE-2025-47914 CVE-2025-58181 CVE-2026-26958 CVE-2026-33809 CVE-2026-39821 CVE-2026-39827 CVE-2026-39828 CVE-2026-39829 CVE-2026-39830 CVE-2026-39831 CVE-2026-39832 CVE-2026-39833 CVE-2026-39834 CVE-2026-39835 CVE-2026-42508 CVE-2026-46595 CVE-2026-46597 CVE-2026-46598 CVSS scores: CVE-2025-47913 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-47914 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-58181 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-26958 (SUSE): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N CVE-2026-39821 (SUSE): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2026-39827 (SUSE): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-39828 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2026-39829 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-39830 (SUSE): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-39831 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2026-39832 (SUSE): 6.2CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N CVE-2026-39833 (SUSE): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2026-39834 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-39835 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-42508 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2026-46595 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2026-46597 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-46598 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for keybase-client fixes the following issues: - Fixed multiple security issues in golang.org/x/crypto/ssh (boo#1266158). - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation (boo#1266596). - Update to version 6.6.2 * Improve git default branch handling - Switch to go1.25 as required by update go image library. - Update to version 6.6.0 * Various bug fixes and performance improvements - Update to version 6.5.1 * Fix team deletion not working * Chat attachments improvements * Miscellaneous bugfixes - Switch source download service from deprecated disabledrun to manualrun. - Update to version 6.3.1 * Archive your chats/files/repos for easy backups. * Wrap text in spoiler to hide spoilers. - Update the used Go version to 1.21 which is the first version to support the slicesmodules which is now used by Keybase. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-195=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64): kbfs-6.6.2-bp157.2.6.1 kbfs-git-6.6.2-bp157.2.6.1 kbfs-tool-6.6.2-bp157.2.6.1 keybase-client-6.6.2-bp157.2.6.1 References: https://www.suse.com/security/cve/CVE-2024-24792.html https://www.suse.com/security/cve/CVE-2025-47913.html https://www.suse.com/security/cve/CVE-2025-47914.html https://www.suse.com/security/cve/CVE-2025-58181.html https://www.suse.com/security/cve/CVE-2026-26958.html https://www.suse.com/security/cve/CVE-2026-33809.html https://www.suse.com/security/cve/CVE-2026-39821.html https://www.suse.com/security/cve/CVE-2026-39827.html https://www.suse.com/security/cve/CVE-2026-39828.html https://www.suse.com/security/cve/CVE-2026-39829.html https://www.suse.com/security/cve/CVE-2026-39830.html https://www.suse.com/security/cve/CVE-2026-39831.html https://www.suse.com/security/cve/CVE-2026-39832.html https://www.suse.com/security/cve/CVE-2026-39833.html https://www.suse.com/security/cve/CVE-2026-39834.html https://www.suse.com/security/cve/CVE-2026-39835.html https://www.suse.com/security/cve/CVE-2026-42508.html https://www.suse.com/security/cve/CVE-2026-46595.html https://www.suse.com/security/cve/CVE-2026-46597.html https://www.suse.com/security/cve/CVE-2026-46598.html https://bugzilla.suse.com/1227158 https://bugzilla.suse.com/1253563 https://bugzilla.suse.com/1253864 https://bugzilla.suse.com/1254023 https://bugzilla.suse.com/1258591 https://bugzilla.suse.com/1260696 https://bugzilla.suse.com/1266158 https://bugzilla.suse.com/1266596 . Critical updatefor openSUSE keybase-client fixes 20 important security issues including privilege escalation vulnerabilities.. openSUSE keybase-client update important security. . Severity: Important. LinuxSecurity.com Team
Jun 09, 2026
•Important
OpenSUSE
87
security advisorydebianprivilege escalationDebian Oldstable Keystone Important Access Issues Fixed DSA-6331-1
Multiple vulnerabilities were discovered in Keystone, the OpenStack identity service, which may result in authorisation bypass, privilege escalation, user impersonation or incomplete termination of access privileges. For the oldstable distribution (bookworm), these problems have been fixed. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6331-1
Jun 08, 2026
•Important
Debian
89
security advisoryfedoraprivilege escalationFedora 44 Haveged Important Privilege Escalation Fix 2026-02b08daa05
Update to 1.9.22 — fix systemd sandboxing: add ReadWritePaths=/dev/shm for semaphore creation Backport fix for CVE-2026-41054: privilege escalation via command socket. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-02b08daa05 2026-06-08 01:23:19.405839+00:00 -------------------------------------------------------------------------------- Name : haveged Product : Fedora 44 Version : 1.9.22 Release : 1.fc44 URL : https://github.com/jirka-h/haveged Summary : A Linux entropy source using the HAVEGE algorithm Description : A Linux entropy source using the HAVEGE algorithm Haveged is a user space entropy daemon which is not dependent upon the standard mechanisms for harvesting randomness for the system entropy pool. This is important in systems with high entropy needs or limited user interaction (e.g. headless servers). Haveged uses HAVEGE (HArdware Volatile Entropy Gathering and Expansion) to maintain a 1M pool of random bytes used to fill /dev/random whenever the supply of random bits in /dev/random falls below the low water mark of the device. The principle inputs to haveged are the sizes of the processor instruction and data caches used to setup the HAVEGE collector. The haveged default is a 4kb data cache and a 16kb instruction cache. On machines with a cpuid instruction, haveged will attempt to select appropriate values from internal tables. -------------------------------------------------------------------------------- Update Information: Update to 1.9.22 — fix systemd sandboxing: add ReadWritePaths=/dev/shm for semaphore creation Backport fix for CVE-2026-41054: privilege escalation via command socket -------------------------------------------------------------------------------- ChangeLog: * Thu May 21 2026 Jirka Hladky - 1.9.22-1 - Update to 1.9.22 - Fix systemd sandboxing: add ReadWritePaths=/dev/shm for semaphorecreation -------------------------------------------------------------------------------- References: [ 1 ] Bug #2480051 - CVE-2026-41054 haveged: privilege escalation via command socket https://bugzilla.redhat.com/show_bug.cgi?id=2480051 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-02b08daa05' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Patch for Fedora 44 addresses important security issue in haveged, mitigating privilege escalation risk and enhancing sandboxing.. Fedora Update, haveged Security, privilege escalation, systemd sandboxing. . Severity: Important. LinuxSecurity.com Team
Jun 08, 2026
•Important
Fedora
87
security advisorySQL InjectiondebianDebian's Request Tracker 5 SQL Injection Vulnerability Leads to DSA-6324-1
Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system, which could result privilege escalation, information disclosure, SQL injections, LDAP authentication bypass, cross-site scripting or spreadsheet (CSV/formula) injection. For the oldstable distribution (bookworm), these problems have been fixed. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6324-1
Jun 06, 2026
•Important
Debian
202
security advisoryhtml parsingprivilege escalationopenSUSE Leap 15.5 yq Critical Parsing and Escalation Issues Advisory
An update that solves six vulnerabilities can now be installed.. # Security update for yq Announcement ID: SUSE-SU-2026:2285-1 Release Date: 2026-06-05T12:16:32Z Rating: important References: * bsc#1267053 * bsc#1267199 Cross-References: * CVE-2026-25680 * CVE-2026-25681 * CVE-2026-27136 * CVE-2026-39821 * CVE-2026-42502 * CVE-2026-42506 CVSS scores: * CVE-2026-25680 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25680 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25680 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-25681 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-25681 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-25681 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-27136 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-27136 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-27136 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39821 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-42502 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-42502 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-42502 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-42506 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-42506 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-42506 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE LinuxEnterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves six vulnerabilities can now be installed. ## Description: This update for yq fixes the following issues: * CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files (bsc#1267053). * CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation (bsc#1267199). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-2285=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2285=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * yq-4.53.2-150500.3.9.1 * yq-debuginfo-4.53.2-150500.3.9.1 * openSUSE Leap 15.5 (noarch) * yq-fish-completion-4.53.2-150500.3.9.1 * yq-zsh-completion-4.53.2-150500.3.9.1 * yq-bash-completion-4.53.2-150500.3.9.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * yq-4.53.2-150500.3.9.1 * yq-debuginfo-4.53.2-150500.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25680.html * https://www.suse.com/security/cve/CVE-2026-25681.html * https://www.suse.com/security/cve/CVE-2026-27136.html * https://www.suse.com/security/cve/CVE-2026-39821.html * https://www.suse.com/security/cve/CVE-2026-42502.html * https://www.suse.com/security/cve/CVE-2026-42506.html * https://bugzilla.suse.com/show_bug.cgi?id=1267053 * https://bugzilla.suse.com/show_bug.cgi?id=1267199 . Update for yq resolves six important vulnerabilities enhancing system security and functionality..openSUSE yq update vulnerabilities security advisory. . Severity: Important. LinuxSecurity.com Team
Jun 05, 2026
•Important
OpenSUSE
100
security advisoryhtml parsingprivilege escalationopenSUSE Security Advisory 2026-2285-1 yq Important HTML Parsing Issues
An update that solves six vulnerabilities can now be installed.. # Security update for yq Announcement ID: SUSE-SU-2026:2285-1 Release Date: 2026-06-05T12:16:32Z Rating: important References: * bsc#1267053 * bsc#1267199 Cross-References: * CVE-2026-25680 * CVE-2026-25681 * CVE-2026-27136 * CVE-2026-39821 * CVE-2026-42502 * CVE-2026-42506 CVSS scores: * CVE-2026-25680 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25680 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25680 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-25681 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-25681 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-25681 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-27136 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-27136 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-27136 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39821 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-42502 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-42502 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-42502 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-42506 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-42506 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-42506 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE LinuxEnterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves six vulnerabilities can now be installed. ## Description: This update for yq fixes the following issues: * CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files (bsc#1267053). * CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation (bsc#1267199). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-2285=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2285=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * yq-4.53.2-150500.3.9.1 * yq-debuginfo-4.53.2-150500.3.9.1 * openSUSE Leap 15.5 (noarch) * yq-fish-completion-4.53.2-150500.3.9.1 * yq-zsh-completion-4.53.2-150500.3.9.1 * yq-bash-completion-4.53.2-150500.3.9.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * yq-4.53.2-150500.3.9.1 * yq-debuginfo-4.53.2-150500.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25680.html * https://www.suse.com/security/cve/CVE-2026-25681.html * https://www.suse.com/security/cve/CVE-2026-27136.html * https://www.suse.com/security/cve/CVE-2026-39821.html * https://www.suse.com/security/cve/CVE-2026-42502.html * https://www.suse.com/security/cve/CVE-2026-42506.html * https://bugzilla.suse.com/show_bug.cgi?id=1267053 * https://bugzilla.suse.com/show_bug.cgi?id=1267199 . SUSE has released an important security update for yq addressing six issues including privilegeescalation risks.. SUSE Linux,yq security update,openSUSE vulnerabilities,security patches,important updates. . Severity: Important. LinuxSecurity.com Team
Jun 05, 2026
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!