https://security-tracker.debian.org/tracker/DSA-6247-1
May 5, 2026
curl could be made to expose sensitive information over the network.
May 4, 2026
Several security issues were fixed in Exim.
May 4, 2026
sed could be made to overwrite files.
May 4, 2026
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For Debian 11 bullseye, these problems have been fixed in version 1:140.10.1esr-1~deb11u1. We recommend that you upgrade your thunderbird packages.
May 4, 2026
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
May 4, 2026
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
May 4, 2026
Making AI work through eval hygiene
May 4, 2026
Important: libcap security update
May 3, 2026
Important: sudo security update
May 3, 2026
Important: libcap security update
May 3, 2026
Update to version 0.6.0. Addresses RUSTSEC-2026-0109.
May 3, 2026
Fix CVE-2026-6846.
May 3, 2026
This update provides various security fixes. Buffer overflow in scanf %mc (CVE-2026-5450) ns_sprintrrf buffer overreads (CVE-2026-6238) ns_sprintrrf buffer overflow in TSIG record processing (CVE-2026-5435) Memory corruption in ungetwc (CVE-2026-5928)
May 3, 2026
https://security-tracker.debian.org/tracker/DSA-6245-1
May 3, 2026
https://security-tracker.debian.org/tracker/DSA-6246-1
May 3, 2026
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For Debian 11 bullseye, these problems have been fixed in version 6.1.170-1~deb11u1.
May 2, 2026
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For Debian 11 bullseye, these problems have been fixed in version 5.10.251-3.
May 2, 2026
This update provides various security fixes. Buffer overflow in scanf %mc (CVE-2026-5450) ns_sprintrrf buffer overreads (CVE-2026-6238) ns_sprintrrf buffer overflow in TSIG record processing (CVE-2026-5435) Memory corruption in ungetwc (CVE-2026-5928)
May 2, 2026
Fix NegoEx parsing vulnerabilities (CVE-2026-40355, CVE-2026-40356) Add upstream patches to build against openssl 4.0 Make configure.ac work with autoconf 2.73
May 2, 2026
Fixes security defects GHSA-rpm5-65cw-6hj4, GHSA-x2qx-6953-8485, GHSA-7545-fcxq-7j24, and GHSA-v87r-6q3f-2j67.
May 2, 2026
oxenstored keeps quota related use counts across domain destruction [XSA-483, CVE-2026-23556] Xenstored DoS via XS_RESET_WATCHES command [XSA-484, CVE-2026-23557] grant table v2 race in status page mapping [XSA-486, CVE-2026-23558] x86: Floating Point Divider State Sampling [XSA-488, CVE-2025-54505]
May 2, 2026
https://security-tracker.debian.org/tracker/DSA-6244-1
May 2, 2026
https://security-tracker.debian.org/tracker/DSA-6238-1
May 1, 2026
This month in security with Tony Anscombe – April 2026 edition
Warnings about helpdesk impersonation scams and Iran-linked hackers targeting critical sectors in the US, plus the most damaging scams of 2025 – here’s some of what made the headlines this month
May 1, 2026
Three security vulnerabilities were discovered in libexif, a library to reads and writes EXIF metainformation from and to images files, that can causes crashes or information leaks. CVE-2026-32775 If the exif_mnote_data_get_value function in MakerNotes gets passed
May 1, 2026
Important: libtiff security update
May 1, 2026
Important: xorg-x11-server-Xwayland security update
May 1, 2026
Important: yggdrasil-worker-package-manager security update
May 1, 2026
Important: yggdrasil security update
May 1, 2026
Important: vim security update
May 1, 2026
Running AI in the cloud is easy – and expensive
May 1, 2026
https://security-tracker.debian.org/tracker/DSA-6239-1
May 1, 2026
https://security-tracker.debian.org/tracker/DSA-6197-3
May 1, 2026
https://security-tracker.debian.org/tracker/DSA-6240-1
May 1, 2026