FACEBOOK
TWITTER
MASTODON
GITHUB

GPL(GENERAL PUBLIC LICENSE) FREEDOM 0:
The freedom to run the program as you wish, for any purpose.
FREEDOM 1:
The freedom to study how the program works, and change it so it does your computing as you wish.
FREEDOM 2:
The freedom to redistribute copies so you can help others.
FREEDOM 3:
The freedom to distribute copies of your modified versions to others.

[Linux Security]

OS: CentOS

CentOS 7 CESA-2024-1498 Moderate Advisory: Thunderbird Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:1498

CentOS 7 CESA-2024-1486 Critical: Firefox Security Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:1486

CentOS 7 CESA-2024-1249 Important: Kernel Critical Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:1249

CentOS 7 CESA-2024-0957 Critical Thunderbird Security Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:0957

OS: OpenSuse

openSUSE Tumbleweed openCryptoki Moderate CVE-2026-40253 Advisory

An update that solves one vulnerability can now be installed.

openSUSE Tumbleweed kissfft Security Update for CVE-2026-41445

An update that solves one vulnerability can now be installed.

openSUSE Tumbleweed GraphicsMagick Moderate Fix for CVE-2026-33535

An update that solves one vulnerability can now be installed.

openSUSE 15.6 kea Important Stack Overflow Issue SUSE-SU-2026-1548-1

An update that solves one vulnerability can now be installed.

OS: Suse

openSUSE 15.6 kea Important Stack Overflow Fix 2026-1548-1

An update that solves one vulnerability can now be installed.

SUSE 12 SP5 openssl-1_1 Moderate NULL Pointer Issue 2026-1549-1

An update that solves one vulnerability can now be installed.

Fedora Silverblue 38 FDSC-2028-0568-2 Medium OpenSSL Memory Leak

An update that solves one vulnerability can now be installed.

SUSE gdk-pixbuf Major Denial of Service CVE-2026-5201 Advisory 2026-1539-1

An update that solves one vulnerability can now be installed.

OS: Redhat

Red Hat: RHSA-2023-5538-01 Important: libvpx Heap Overflow and Crash

An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Red Hat Enterprise Linux 8.2 RHSA-2023-5527 Important: Bind DoS Risk

An update for bind is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Enterprise Linux 8.2 RHSA-2023-5534-01 Important: libvpx Issues

An update for libvpx is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Important Advisory RHSA-2023-5539-01 for libvpx Crash and Heap Overflow

An update for libvpx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

OS: Debian LTS

Debian 11 PackageKit Important Privilege Escalation DLA-4545-1

Maik Schaefer discovered that a TOCTOU race condition in PackageKit (a package management service over a DBus interface) could result in local privilege escalation. For Debian 11 bullseye, this problem has been fixed in version 1.2.2-2+deb11u1.

Debian 11 DLA-4544-1 ntfs-3g Critical Buffer Overflow Risk CVE-2026-40706

Andrea Bocchetti discovered a heap-based buffer overflow in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of this flaw for local root privilege escalation. For Debian 11 bullseye, this problem has been fixed in version 1:2017.3.23AR.3-4+deb11u5.

Debian 11 bullseye xdg-dbus-proxy Moderate Info Leak DLA-4542-1

It was discovered that incorrect parsing of policy rules in the xdg-dbus-proxy (a filtering proxy for D-Bus connections) allowed the bypass of eavesdrop restrictions, which could result in information disclosure. For Debian 11 bullseye, this problem has been fixed in version

Debian 11 python-geopandas Critical SQL Threat Mitigated DLA-4523-1

It was discovered that there was a potential SQL vulnerability in python-geopandas, a tool for working with geographic/geospatial data in the Pandas data analysis suite. For Debian 11 bullseye, this problem has been fixed in version 0.8.2-1+deb11u1.

OS: Slackware

Ubuntu 22.04 chromium-browser Significant Upgrade SSA-2026-221-08

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues.

Slackware 15.0 mozilla-firefox Urgent Security Alert - PSA-2026-111-06

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues.

Slackware 15.0 libXpm Essential Buffer Overflow Resolution SSA-2026-111-02

New libXpm packages are available for Slackware 15.0 and -current to fix a security issue.

Slackware 15.0 tigervnc Vital Security Patch SSA-2026-109-03

New tigervnc packages are available for Slackware 15.0 and -current to fix security issues.

OS: Scientific

Scientific Linux 7 SLSA-2023:6885 Critical: Python TLS Handshake Bypass

python: TLS handshake bypass (CVE-2023-40217) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6885 SL7 srpm python-0:2.7.5-94.el7_9.src x86_64 python-0:2.7.5-94.el7_9.x86_64 i386 python-libs-0:2.7.5-94.el7_9.i686 - Scientific Linux Development Team

SciLinux: SLSA-2023:6886 Critical: Plexus-Archiver File Creation Risk

plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6886 SL7 srpm plexus-archiver-0:2.4.2-6.el7_9.src noarch plexus-archiver-0:2.4.2-6.el7_9.noarch - Scientific Linux Development Team

Scientific Linux 7 Advisory SLSA-2023:5691 Critical DoS in BIND

bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:5691 SL7 srpm bind-32:9.11.4-26.P2.el7_9.15.src i386 bind-export-libs-32:9.11.4-26.P2.el7_9.15.i686 x86_64 bind-export-libs-32:9.11.4-26.P2.el7_9.15.x86_64 noarch bind-license-32:9.11.4-26.P2.el7_9.15.noarch - Scie [More...]

Scientific Linux SLSA-2023:5615 Moderate Security Issue in libssh2

libssh2: use-of-uninitialized-value in _libssh2_transport_read (CVE-2020-22218) --- This content is derived from https://sso.redhat.com/auth/realms/redhat-external/protocol/saml?SAMLRequest=fZJBT8MwDIX%2FSm85ZWk7yrZonVQxIU0ChDbgwAVlqccipUmJXTb49aQbg3Hh6jy%2F79nOFFVjW1l1tHVLeOsAKakQIZDx7so77BoIKwjvRsPj8qZkW6IWpRBKa0AcBKi3igbaN6L2O2e9qlH0nmJjnLLmE1hSEQWz7giOfsa9fhsuXA37kmUsmUdu1PfQXwSiP%2FdXMaMIoGyD4ljmsCcIESPa4Mlrbw9olizmJXvJ9WgMWmV8qMcTfpGNUq7WxZCvVTEe5dmoUJebKEXsYhAk5ahkeZoXPL3g6eQhHcqikGn2zJInCHhIlg9Sluwb61D2oJJ1wUmv0KB0qgGUpOWqur2RUSjVaY3nLe3%2FPac52Gzaq%2BUhXZh1zmwM1PxnxVNx%2Fjw9HvEu2i3m994a%2FZFU1vrdVVwXQckodPEO1z40iv4P0FdMzTcHqWz7wZHAEROzI%2FPvX5l9AQ%3D%3D&RelayState=https%3A%2F%2Faccess.redhat.com%2Ferrata%2FRHSA-2&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=BrJPc%2FvdbvszAnFEmxMHTWhWO5IJXnU8CNik001PBsM04yezeCS%2B0pETxgMIupFPsrxTbmD1oepOHhERcPL4Byk1qKkm6TtFvfXm74lB8Pui6rdjg%2B8IwVmrenuF4Ph3LD4ZnDeuNW3YO4dDbN5Q4%2F89FIjEkeGKeLLar10vtkiy8GweKEe8cuja3717pxNrVTOi8ckfBHwomdUD8Xw1IE6M1qHI4u6pOMtxqpKQPu%2FZzsAgrME854P7NQqtGaZRI3eqZlBRVyG2FYrR7KFC6QtA%2FdVCYBxBWG4JdxZhXmbM%2Fc%2Bn%2B04WEKPpbhH12qa7URkjktnYMsJNcVF7rtYtn1D6gCyPnuXrwe7qcV0MgnrfuqmW4FoGsGrjhFdp7Eebe40wh78VaLxxAxO9hR%2BrYRDgNjvtewICpUbzYQUm6jzVk3i%2FYjt5Pmr9HesI1zvaI80Jmpgud1snf1z7VWoIqnAXwIZyLlo%2BxyFZs4qDUBgFr9tqrgbnGjBgTzdyJTItq7yFMVJDCt6dy5LjnMgKSMd%2BjjsoDBjssytWMM4ulzlyQHtn4IdVgCe4q4jgLQrHXf4ZucbUIA6q%2Fxgg7favSO%2FZaivTQq%2BoaQQKJ1NXxPiMXw6j354mdaEtz8jK549xaCEZi2OiF3l8Qrzc%2B7JikRXQ8wlX1gh8SbiNHfo6ZcE%3D 023:5615 SL7 srpm libssh2-0:1.8.0-4.el7_9.1.src i386 libssh2-0:1.8.0-4.el7_9.1.i686 x86_64 libssh2-0:1.8.0-4.el7_9.1.x86_64 noarch libssh2-docs-0:1.8.0- 4.el7_9.1.noarch - Scientific Linux Development Team

OS: Gentoo

Gentoo DTrace Arbitrary File Creation Normal Risk 202604-04

A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.

Gentoo FUSE Security Advisory Highlights Key Vulnerabilities GLSA 202604-03

Multiple vulnerabilities have been found in FUSE, the worst of which can lead to code execution.

Gentoo Commons-BeanUtils High Risk Arbitrary Code Exec GLSA 202601-05

A vulnerability has been discovered in Commons-BeanUtils, which can lead to execution of arbitrary code.

Gentoo Asterisk High Code Execution Risks GLSA-202601-04

Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution.

OS: Arch

Fedora: 203105-8 moderate: ruby-on-rails sql injection vulnerability

The package python-django before version 5.1.11-1 is vulnerable to content spoofing.

Ubuntu: 303103-1 medium: gnome-terminal privilege escalation

The package konsole before version 25.04.2-1 is vulnerable to arbitrary code execution.

ArchLinux: ASA-202506-4 medium risk of go certificate bypass issue

The package go before version 1.24.4-1 is vulnerable to multiple issues including certificate verification bypass and information disclosure.

Arch Linux: ASA-202506-3 CVE-2025-0620 low: samba access issue

The package samba before version 4.22.2-1 is vulnerable to access restriction bypass.

OS: Mageia

Mageia 9 Light-Locker Bug Fix Update Announcement MGAA-2026-0030

MGAA-2026-0030 - Updated light-locker packages fix bug

Mageia 9 gvfs Important Info Disclosure Command Injection MGASA-2026-0107

MGASA-2026-0107 - Updated gvfs packages fix security vulnerabilities

Mageia 9 MGAA-2026-0029 Updated mga-dorsync Tool Bugfix

MGAA-2026-0029 - Updated mga-dorsync packages fix bugs

Mageia 9 Firefox Thunderbird Important Memory Safety Fixes MGASA-2026-0106

MGASA-2026-0106 - Updated firefox & thunderbird packages fix security vulnerabilities

CVEMAP.ORG: Vulnerabilities & Exposures

OS: Fedora

Fedora 43 sudo Important CVE-2026-35535 Remote Access Issue

Fix CVE-2026-35535

Fedora 43 Pie 1.4.1 Update PHP Installer FEDORA-2026-3f4283f831

Version 1.4.1 Update bundled Composer to 2.9.7 Version 1.4.0 New features! Prompt to install missing system dependencies

Fedora 43 pgAdmin 4 Critical Axios Exec Issue FEDORA-2026-e9ecdd44c4

Update axios to 1.15.0, fixes CVE-2026-40175 and CVE-2025-62718. Update to pgadmin4-9.14.

Fedora 43 Python3 Documentation Critical Update for Buffer Overflow Issues

New minor version of the Python interpreter

OS: Ubuntu

Ubuntu 18.04 LTS USN-8201-1 linux-azure-5.4 Critical DoS Priv Escalation

Several security issues were fixed in the Linux kernel.

Ubuntu 20.04 Security Notice USN-8200-2 Kernel Issues Important Threats

Several security issues were fixed in the Linux kernel.

Ubuntu 22.04 21.10 Kernel Severe Network Management Errors USN-8300-1

Several security issues were fixed in the Linux kernel.

Ubuntu 25.10 PackageKit High Privilege Escalation USN-8195-1

PackageKit could be made to install packages as the administrator.

NIST Vulnerability Database

CVE-2023-36409
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2023-36769
Microsoft OneNote Spoofing Vulnerability

CVE-2023-47004
Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication.

CVE-2023-45556
Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.

OS: Debian

Debian Trixie cpp-httplib Critical Denial of Service DSA-6228-1

Multiple security issues were discovered in cpp-httplib, a C++ cross platform HTTP/HTTPS library, which could result in denial of service. For the stable distribution (trixie), these problems have been fixed in version 0.18.7-1+deb13u1. We recommend that you upgrade your cpp-httplib packages.

Debian DSA-6227-1 StrongSwan Critical Infinite Loop Crash Vulnerabilities

Multiple vulnerabilities were fixed in strongSwan, an IKE/IPsec suite. CVE-2026-35328 A vulnerability in libtls related to the processing of the supported_versions extension in TLS that can result in an infinite loop.

Debian Bookworm PackageKit Local Privilege Escalation Advisory DSA-6226-1

Maik Schaefer discovered that a TOCTOU race condition in PackageKit (a package management service over a DBus interface) could result in local privilege escalation. For the oldstable distribution (bookworm), this problem has been fixed in version 1.2.6-5+deb12u1.

Debian DSA-6225-1 firefox-esr Important Arbitrary Code Exec

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, spoofing, information disclosure or privilege escalation. For the oldstable distribution (bookworm), these problems have been fixed in version 140.10.0esr-1~deb12u1.

NIST Vulnerability Database

CVE-2023-36409
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2023-36769
Microsoft OneNote Spoofing Vulnerability

CVE-2023-47004
Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication.

CVE-2023-45556
Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.

OS: Rocky

Rocky Linux 11 Update Alert RLSB-2026-2451 CVE-2026-47362 CVE-2026-59214

Important: delve security update

Rocky Linux 10 Security Alert Upgrade Notification RLSA-2026-8845

Important: delve security update

Mountain OS 4.22 RFTN-3078-1458 dev-package-functions Flaw in IPV6 Handling

Important: go-rpm-macros security update

Rocky Linux 10 Delve Key Security Update RLSA-2026-8842 CVE-2026-25679

Important: delve security update

Exploit-DB.com

[local] AVAST Antivirus 25.11 - Unquoted Service Path
AVAST Antivirus 25.11 - Unquoted Service Path

[webapps] WordPress Plugin 5.2.0 - Broken Access Control
WordPress Plugin 5.2.0 - Broken Access Control

[local] Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalation
Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalation

[webapps] D-Link DIR-650IN - Authenticated Command Injection
D-Link DIR-650IN - Authenticated Command Injection

Legal

[Privacy Statement]
[Terms Of Service]
[ Licenses]
[ Citation]
[ What Is Copyleft ]

Impact

[Social Benefit Award ]
[Advancement of Free Software Award]
[Open Source Organizations]
[Userspace Mission]

Resources

[Linux Founation Event List]
[EdX - Free Online Courses]
[Free Computer EBooks]
[Supported Hardware]

Design by [Daniel Yount] ::: Powered By [WordPress] ::: Encrypted By [LetsEncrypt]

L O A D I N G

General Contact Email

[md-form]

[md-text label="Your Name"]

[/md-text]

[md-text label="Your Email"]

[/md-text]

ENTER "QUESTION:" IN MESSAGE OR IT WONT BE SENT.
[md-textarea label="Message"]

[/md-textarea]

[md-submit]

[/md-submit]

[/md-form]