Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Qubes OS, Red Hat Enterprise Linux, SUSE Linux, and Ubuntu Linux.

IPFire 2.29 - Core Update 197 is now available for testing, featuring a comprehensive update of OpenVPN, which has been upgraded to version 2.6. This update brings enhanced security, increased client compatibility, and a refined codebase. The update encompasses package enhancements aimed at bolstering system security and reliability. Significant updates encompass a consolidated client configuration export, cipher negotiation between the server and client, and the assignment of a unique IP address for each client. The web UI has been refined to enhance the configuration experience, and the code has been optimized for improved maintainability.

IPFire now sets its CPUs to default clock speeds to minimize power consumption and heat emission. Additional features encompass the capability to import configuration files utilizing Windows line breaks, the SSL fingerprint list sourced from abuse.ch, backup functionalities, a race condition, and a translation in Chinese. The IPFire kernel has been updated to Linux 6.12.41, incorporating new mitigations for Transient Scheduler Attacks. We invite contributions to support the development team and assist IPFire in its ongoing efforts to enhance security and functionality.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Gentoo Linux, Oracle Linux, Red Hat Enterprise Linux, SUSE Linux, and Ubuntu Linux.

A new version of OWASP CRS has been released, featuring a set of rules designed for detecting attacks through ModSecurity or comparable web application firewalls. This update includes notable changes, such as the removal of detection for LaTeX injection and the elimination of dot star.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Rocky Linux, SUSE Linux, and Ubuntu Linux.

OWASP CRS 4.17.0, a collection of general rules for spotting attacks that work with ModSecurity or similar web application firewalls, has been released and features important updates, such as the removal of PCI DSS tags and the introduction of new features and detection methods. These include detection for ASP.NET errors, RCE via the Referer header, LaTeX injection, and Ruby errors. Other changes include fixing dot stars, using word boundaries, updating java-classes.data, and updating file uris.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Gentoo Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

IPFire 2.29 - Core Update 196 is now available, following the introduction of WireGuard. The update includes improvements to the IPFire kernel, updated toolchain, a modernised console, and bug and security fixes. The kernel has been rebased to Linux 6.12.34, bringing improved hardware support, performance, and security enhancements. GCC, IPFire's main compiler suite, has been updated to version 15. WireGuard connections are now displayed on the dashboard of the web user interface, making it easier to monitor VPN connections. Performance improvements from Linux 6.13 have been backported to IPFire's kernel, increasing TCP throughput over WireGuard tunnels. Researchers from Italy have also removed bottlenecks in the kernel that have limited throughput over multiple WireGuard tunnels. The text console has been modernized by migrating it to use the Linux Direct Rendering Manager (DRM), providing faster mode-setting, improved performance, and better support for multi-GPU and embedded graphics environments.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Gentoo Linux, Oracle Linux, Cubes OS, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Gentoo Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

IPFire 2.29 - Core Update 196 is now available for testing, subsequent to the release of WireGuard. The update encompasses additional improvements to WireGuard, high-resolution consoles, and package updates, as well as bug and security fixes. The kernel has been updated to Linux 6.12.34, introducing enhanced hardware support, improved performance, and security upgrades. The main compiler suite of IPFire, GCC, has been upgraded to version 15. The dashboard of the web user interface now features WireGuard connections, enhancing the ability to monitor VPN connections effectively.

The kernel of IPFire has been enhanced with performance improvements from Linux 6.13, resulting in increased TCP throughput over WireGuard tunnels. Italian researchers have successfully addressed bottlenecks in the kernel that have constrained throughput across multiple WireGuard tunnels. The text console has undergone modernization through the implementation of the Linux Direct Rendering Manager (DRM), resulting in enhanced mode-setting speed, improved performance, and superior support for multi-GPU and embedded graphics environments. The update encompasses patches for firewall hosts, groups, and services, as well as IPsec, OpenVPN, and libloc. The safety barrier in the IP Blocklist feature has been eliminated, and a bug related to an edge case in libloc has been resolved. The Pakfire web UI page has been enhanced.

OWASP CRS v4.16.0, a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls, has been released, introducing new features and detections. The update encompasses remediation for Python SSTI, enhancements to rule sets, detection of generic configuration filenames, updates to java-errors.data, rule detection for Bash Brace Expansion, MongoDB operators, zmodload, and sudo-rs. Other changes include removing dot stars, moving printf to 933160 for better PHP syntax checking, creating a stricter sibling, and switching to regex assembly.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Rocky Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

IPFire 2.29 - Core Update 195 has been released and features the integration of native support for WireGuard, a contemporary VPN protocol crafted for efficiency and ease of use. The update features a comprehensive interface designed for the configuration and management of WireGuard tunnels via the web user interface. WireGuard serves as a versatile solution for both net-to-net and host-to-net VPN connections, offering a streamlined alternative to IPsec and OpenVPN. IPFire's implementation features comprehensive integration within the firewall GUI, support for multiple peers, a QR code display for mobile client configuration, a connection importer for interoperability with other vendors and VPN providers, and complete support for the Intrusion Prevention System and Connection Tracking. The system automatically updates its SMART database with information regarding hard drives.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Gentoo Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

Here is a roundup of last week's Linux security updates for Arch Linux, AlmaLinux, Debian GNU/Linux, Fedora Linux, Gentoo Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

The PostgreSQL JDBC team has released version 42.7.7 to address CVE-2025-49146. This update prevents incorrect connection progress when using non-channel binding authentication methods, which could potentially allow a man-in-the-middle attacker to intercept connections.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

A new version of the OWASP CRS for ModSecurity or similar web application firewalls has come out with improvements and new ways to detect issues, including adding User-Agent and Referer to the targets, updating java-classes.data, and adding ways to block database YAML files. Other changes include fixing false positives with title_strip_tags, removing the self command, getting rid of the rc shell, eliminating unnecessary character classes, and adding word endings to the Unix command sendmail. You can find the full list of changes in the coreruleset/coreruleset release. Additional modifications involve addressing false positives with title_strip_tags, eliminating the self command, removing the rc shell, discarding unnecessary character classes, and incorporating word endings into the Unix command sendmail.