Here is the first Linux security roundup of this year with updates for multiple Linux distributions, including Debian GNU/Linux, Fedora Linux, Rocky Linux, Slackware Linux, and SUSE Linux. These updates address various security vulnerabilities such as denial of service, remote code execution, crashes when processing crafted files, and buffer overflows. Specific packages receiving updates include Kodi, Python-Django, OpenJPEG2, ImageMagick, MediaWiki, golang packages, Ruby 3, gnupg2, libpcap, and others. Users are recommended to update their systems with the latest security patches to ensure protection and stability against potential threats.

Debian GNU/Linux

Several important updates have been released for various software packages in Debian 11 LTS, including Kodi to fix multiple security vulnerabilities and a heap buffer overflow issue. Additionally, security updates were released for Python-Django, OpenJPEG2, Osslsigncode, pdf-dompdf, MediaWiki, ImageMagick, net-snmp, Smb4k, and the GNU Image Manipulation Program (GIMP). These updates address issues such as denial of service, remote code execution, crashes when processing crafted files, and buffer overflows. The patches are available for users to update their systems and ensure they have the latest security fixes.

• [DLA 4423-1] kodi security update
• ELA-1602-1 python-django security update
• [DLA 4424-1] openjpeg2 security update
• [DLA 4426-1] osslsigncode security update
• [DLA 4425-1] python-django security update
• [DLA 4427-1] php-dompdf security update
• [DLA 4428-1] mediawiki security update
• [DLA 4429-1] imagemagick security update
• ELA-1603-1 net-snmp security update
• [DLA 4430-1] net-snmp security update
• [DSA 6092-1] smb4k security update
• [DLA 4431-1] gimp security update
• ELA-1604-1 gimp security update

Fedora Linux

Several security updates have been released for Fedora Linux, including new versions of golang packages and opentofu. These updates affect various components, such as golang-github-evanw-esbuild, golang-github-alecthomas-chroma, and others on both Fedora 42 and Fedora 43. In addition to these updates, other security patches have been released for Fedora 42 and Fedora 43, addressing potential vulnerabilities in packages like webkitgtk, gh, direwolf, and usd. These updates aim to enhance the system's protection and stability by fixing various components of the Nginx web server and other affected packages.

• Fedora 42 Update: golang-github-evanw-esbuild-0.24.2-4.fc42
• Fedora 42 Update: golang-github-alecthomas-chroma-2-2.14.0-4.fc42
• Fedora 42 Update: golang-github-jwt-5-5.2.1-4.fc42
• Fedora 43 Update: golang-github-evanw-esbuild-0.24.2-6.fc43
• Fedora 43 Update: golang-github-jwt-5-5.2.1-6.fc43
• Fedora 43 Update: golang-github-alecthomas-chroma-2-2.14.0-6.fc43
• Fedora 43 Update: opentofu-1.11.2-1.fc43
• Fedora 42 Update: fluidsynth-2.5.2-1.fc42
• Fedora 42 Update: golang-github-projectdiscovery-mapcidr-1.1.97-1.fc42
• Fedora 42 Update: kustomize-5.8.0-1.fc42
• Fedora 42 Update: duc-1.4.6-1.fc42
• Fedora 43 Update: golang-github-projectdiscovery-mapcidr-1.1.97-1.fc43
• Fedora 43 Update: kustomize-5.8.0-1.fc43
• Fedora 42 Update: golang-github-google-wire-0.6.0-14.fc42
• Fedora 42 Update: delve-1.26.0-1.fc42
• Fedora 42 Update: golang-github-googlecloudplatform-cloudsql-proxy-1.31.2-9.fc42
• Fedora 43 Update: delve-1.26.0-1.fc43
• Fedora 43 Update: golang-github-googlecloudplatform-cloudsql-proxy-1.31.2-11.fc43
• Fedora 42 Update: webkitgtk-2.50.4-1.fc42
• Fedora 43 Update: gh-2.83.2-1.fc43
• Fedora 43 Update: direwolf-1.8.1-1.fc43
• Fedora 43 Update: usd-25.08-13.fc43
• Fedora 42 Update: direwolf-1.8.1-1.fc42
• Fedora 42 Update: usd-25.02a-5.fc42
• Fedora 43 Update: nginx-mod-fancyindex-0.5.2-13.fc43
• Fedora 43 Update: nginx-mod-modsecurity-1.0.4-5.fc43
• Fedora 43 Update: nginx-mod-brotli-1.0.0~rc-4.fc43
• Fedora 43 Update: nginx-1.28.1-1.fc43
• Fedora 43 Update: nginx-mod-vts-0.2.4-4.fc43
• Fedora 43 Update: nginx-mod-headers-more-0.39-4.fc43
• Fedora 43 Update: nginx-mod-naxsi-1.6-12.fc43
• Fedora 42 Update: nginx-mod-naxsi-1.6-12.fc42
• Fedora 42 Update: nginx-mod-headers-more-0.39-4.fc42
• Fedora 42 Update: doctl-1.148.0-1.fc42
• Fedora 42 Update: nginx-mod-vts-0.2.4-4.fc42
• Fedora 42 Update: nginx-1.28.1-1.fc42
• Fedora 42 Update: nginx-mod-modsecurity-1.0.4-5.fc42
• Fedora 42 Update: nginx-mod-brotli-1.0.0~rc-4.fc42
• Fedora 42 Update: nginx-mod-fancyindex-0.5.2-13.fc42
• Fedora 43 Update: grpcurl-1.9.3-6.fc43
• Fedora 43 Update: gitleaks-8.30.0-1.fc43
• Fedora 43 Update: doctl-1.148.0-1.fc43

Rocky Linux

There are two available security updates for Ruby on Rocky Linux systems. The first update, RLSA-2025:23063, specifically affects Rocky Linux 9 and addresses various vulnerabilities in the Ruby 3 version. This update is intended to improve the security of Rocky Linux systems running Ruby.

• RLSA-2025:23063: Moderate: ruby:3.3 security update
• RLSA-2025:23062: Moderate: ruby:3.3 security update

Slackware Linux

New packages are available for Slackware 15.0 and -current, including gnupg2, libpcap, and seamonkey. These updates address security issues such as CVE-2025-68973 and CVE-2025-68972 in gnupg2, along with various bugs and vulnerabilities in libpcap. The packages also include improvements for character encoding mapping and other fixes for the pcap_ether_aton() function. Installing these new packages is recommended to ensure system security.

• gnupg2 (SSA:2025-364-01)
• wget2 (SSA:2025-364-02)
• libpcap (SSA:2026-001-02)
• seamonkey (SSA:2026-001-01)

SUSE Linux

SUSE Linux has received recent security and feature enhancements, including two moderate updates affecting Anubis version 1 and other packages. Several security updates have been released to address vulnerabilities in packages such as dpdk22, Trivy, and Podman. Additionally, openSUSE has released a security update for the Kepler package on Tumbleweed, addressing two vulnerabilities rated as moderate. Overall, these updates aim to fix potential security issues and enhance functionality across various SUSE Linux distributions.

• openSUSE-SU-2025:15847-1: moderate: anubis-1.24.0-1.1 on GA media
• openSUSE-SU-2025:15848-1: moderate: python311-openapi-core-0.22.0-1.1 on GA media
• SUSE-SU-2025:4530-1: important: Security update for the Linux Kernel
• SUSE-SU-2025:4532-1: important: Security update for apache2-mod_auth_openidc
• SUSE-SU-2025:4534-1: important: Security update for dpdk22
• openSUSE-SU-2025:0489-1: important: Security update for trivy
• openSUSE-SU-2025:0490-1: important: Security update for trivy
• openSUSE-SU-2025:15850-1: moderate: python312-3.12.12-4.1 on GA media
• openSUSE-SU-2025:15852-1: moderate: trivy-0.68.2-1.1 on GA media
• openSUSE-SU-2025:15849-1: moderate: python311-3.11.14-3.1 on GA media
• openSUSE-SU-2025:15851-1: moderate: python313-3.13.11-1.1 on GA media
• openSUSE-SU-2025:0493-1: important: Security update for go-sendxmpp
• openSUSE-SU-2025:0491-1: important: Security update for flannel
• openSUSE-SU-2025:0492-1: important: Security update for cheat
• openSUSE-SU-2025:0496-1: moderate: Security update for duc
• SUSE-SU-2025:4536-1: moderate: Security update for podman
• openSUSE-SU-2025:15854-1: moderate: kepler-0.11.3-1.1 on GA media
• openSUSE-SU-2026:10002-1: moderate: libmatio-devel-1.5.29-1.1 on GA media
• openSUSE-SU-2026:10001-1: moderate: dirmngr-2.5.16-1.1 on GA media
• openSUSE-SU-2026:10000-1: moderate: gnu-recutils-1.9-3.1 on GA media
• openSUSE-SU-2026:20002-1: important: Security update for MozillaThunderbird
• openSUSE-SU-2026:10003-1: moderate: python311-marshmallow-3.26.2-1.1 on GA media