Linux Security Roundup for Week 16, 2026

Security 10944 Published by

This week's Linux security updates demand immediate attention because a critical unauthenticated remote code execution flaw in Cockpit leaves AlmaLinux and Oracle Linux systems wide open to unauthorized command execution, so patching those servers should be your absolute top priority. Fedora 42 through 44 are getting hammered with massive patch waves that fix KDE Plasma components, core libraries like cURL and Python, and several memory corruption bugs that would otherwise let attackers run wild on your desktops. RHEL and Rocky admins need to grab the critical authentication fix for the rhc package first, then tackle important updates for BIND, Firefox, and NodeJS while carefully installing Ubuntu cloud kernels to avoid breaking Azure, GCP, or NVIDIA driver stability. Debian, SUSE, Slackware, Gentoo, and Qubes OS also pushed essential fixes for systemd, sudo, FUSE, and a screensaver login bypass that could easily let attackers skip authentication during brief display transitions if you leave your workstation unattended.





Linux Security Updates: Critical Cockpit RCE and Fedora 44 Patches Require Immediate Attention

This week's Linux security updates bring a dangerous unauthenticated remote code execution flaw in Cockpit to AlmaLinux and Oracle Linux systems, alongside massive patch waves for Fedora 42 through 44 and critical kernel fixes across Ubuntu cloud variants. Administrators managing production environments should prioritize the Cockpit remediation immediately, as this vulnerability allows attackers to execute arbitrary commands without credentials. The rest of the release cycle includes important updates for BIND, Firefox, NodeJS, and a slew of KDE Plasma components that demand routine maintenance windows.

Critical Alert: Unauthenticated Cockpit RCE in This Week's Linux Security Updates

The most urgent item in this batch targets the Cockpit web management tool on AlmaLinux and Oracle Linux systems running versions eight through ten. Both distributions have released advisories addressing an unauthenticated remote code execution vulnerability caused by SSH command-line argument injection. This flaw allows malicious actors to bypass authentication entirely and run arbitrary code on affected machines, which is a nightmare scenario for any server administrator. The severity rating is critical, indicating that automated exploitation tools are likely already circulating in the wild. System owners should apply the patches labeled ALSA-2026:7383 for AlmaLinux and ELSA-2026-7383 for Oracle Linux without delay. If immediate patching is impossible due to operational constraints, restricting network access to the Cockpit port until remediation occurs is a necessary stopgap measure to prevent unauthorized control of the infrastructure.

Fedora 42 Through 44 Receive Massive KDE Plasma and Core Fixes

Fedora users are facing a significant update cycle across versions 42, 43, and 44 that addresses heap buffer overflows, credential leaks, and memory corruption issues. A large portion of the updates focuses on KDE Plasma tools, with dozens of packages like plasma-workspace, kwin, and various framework components receiving version bumps to address stability and security concerns. Beyond the desktop environment, core libraries such as cURL, Python, libpng, and erlang also require attention. The volume of changes suggests a coordinated push to harden the stack before broader deployment, so administrators should expect service restarts for affected services like Podman and NetworkManager during the update process. Running these updates promptly will prevent potential privilege escalation risks that could compromise system integrity on workstations and development servers alike.

RHEL and Rocky Linux Updates Highlight Critical RHC Patch

Red Hat Enterprise Linux distributions continue their steady stream of security advisories, though one item stands out due to its critical rating. The rhc package has received a critical update that addresses authentication flaws, making this a priority over the numerous important fixes for Firefox, NodeJS, and GStreamer. Rocky Linux mirrors much of this content, with updates targeting the kernel, BIND, Vim, and .NET frameworks across versions eight through ten. Administrators running OpenShift Container Platform should also review the associated bug fix and security advisories to ensure cluster stability. The presence of multiple Perl XML-Parser and nghttp2 updates indicates ongoing efforts to mitigate parsing vulnerabilities that have plagued these libraries in recent months, so verifying application compatibility after installation is a prudent step for enterprise environments.

Ubuntu Kernels and Qubes Screensaver Bypass Need Review

Ubuntu has issued a wide array of updates spanning USN-8166 through USN-8188, covering everything from Vim and Rust to Redis and Polkit. Cloud administrators managing instances on Azure, GCP, or NVIDIA infrastructure must pay close attention to the kernel variants, as these fixes address vulnerabilities in drivers and networking stacks specific to those environments. The FIPS and Real-time kernel updates also require verification to ensure compliance and latency requirements remain met after installation. Meanwhile, Qubes OS users should apply bulletin 111 to fix a login bypass vulnerability in xfce4-screensaver version four point three. This flaw allows input to skip the lock screen during display transitions, potentially granting unauthorized access to underlying applications if the system is left unattended for brief periods. Patching this issue restores standard login procedures and closes the gap that attackers could exploit during activation phases.

Debian, SUSE, Slackware, and Gentoo Roundup

Other distributions are also pushing essential fixes that should not be ignored. Debian has released advisories targeting FFmpeg, systemd, OpenSSH, PostgreSQL, and BIND, with several updates addressing privilege escalation risks and excessive CPU drain from malicious DNS zones. SUSE and openSUSE have deployed a massive wave of kernel live patches alongside updates for sudo, Podman, Chromium, and Python libraries, reflecting the breadth of vulnerabilities affecting enterprise workloads. Slackware administrators need to apply fixes for libarchive, Xorg-server, libexif, and CUPS to address heap buffer overflows and type confusion errors that could crash services or leak data. Gentoo users should install advisories GLSA 202604-03 and 202604-04 to patch arbitrary file creation flaws in DTrace and multiple vulnerabilities within FUSE, which could allow attackers to run unauthorized code on compromised systems.

Tuxrepair

A Closer Look at Recent Security Updates

Below is a comprehensive breakdown of the latest security patches released for AlmaLinux, Debian GNU/Linux, Fedora Linux, Gentoo Linux, Qubes OS, Red Hat Enterprise Linux, Rocky Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

AlmaLinux

AlmaLinux recently released a batch of security patches to address dangerous flaws across versions eight through ten. These updates target critical and important vulnerabilities in widely used packages like Firefox, Squid, NodeJS, BIND, and Thunderbird. The patched weaknesses could allow malicious actors to execute arbitrary code or trigger denial of service attacks on affected systems. Server administrators need to install these fixes promptly to maintain a secure environment.

Debian GNU/Linux

Debian recently issued a series of security advisories targeting critical vulnerabilities across numerous widely used software packages. The updates address serious flaws in essential tools like FFmpeg, systemd, OpenSSH, PostgreSQL, and Perl that could allow attackers to execute arbitrary code or escalate privileges. Certain flaws in systemd could let local attackers bypass security checks, whereas BIND resolvers face excessive CPU drain from malicious DNS zones. System administrators should prioritize applying these patches right away to keep their Debian systems secure against active exploitation attempts.

Fedora Linux

Fedora recently pushed critical security patches across versions 42 through 44 to fix dangerous flaws in widely used software. The updates cover a messy mix of packages ranging from cURL and Python to libpng and various KDE Plasma tools. You will find corrections for heap buffer overflows, credential leaks, and memory corruption issues that could let attackers run arbitrary code on your machines. Get these installed as soon as possible before threat actors exploit the gaps.

Gentoo Linux

Gentoo Linux recently published two security advisories to patch critical vulnerabilities in DTrace and FUSE. Attackers could exploit these weaknesses to run arbitrary code on compromised systems. The first advisory focuses on a flaw within the dtprobed component that allows specially crafted USDT provider names to trigger unauthorized file creation. System administrators should install these patches immediately to prevent potential security breaches.

Oracle Linux

Oracle Linux administrators across versions seven through ten must install a fresh wave of security patches and bug fixes. These updates target foundational software including the Unbreakable Enterprise Kernel, Node, Libarchive, FreeRDP, and Grafana to close known exploitation paths. A particularly dangerous flaw in the Cockpit management tool enables unauthenticated remote code execution on version ten systems, so immediate remediation is essential. Delaying this installation leaves enterprise networks exposed to serious security risks that could compromise critical infrastructure.

Qubes OS

Qubes OS recently published security bulletin one hundred eleven to address a critical authentication flaw in their desktop environment. The vulnerability specifically affects version four point three of the xfce4 screensaver tool and opens a brief window where input can skip the lock screen entirely. Attackers could exploit this gap during display transitions or activation phases to access underlying applications directly without proper credentials. A patched software release is now available to close this security hole and restore standard login procedures.

Red Hat Enterprise Linux

Red Hat Product Security recently rolled out a series of security patches for RHEL versions 7 through 10. These updates target vulnerabilities in widely used software like Firefox, NodeJS, GStreamer, and Go across both standard and extended support environments. Most advisories carry an important rating but administrators should prioritize the critical patch released for the RHC package. System managers need to apply these fixes quickly to keep their enterprise Linux deployments secure.

Rocky Linux

Rocky Linux administrators managing versions eight through ten need to install multiple security patches right away to close known vulnerabilities in their systems. Critical updates target foundational tools like the kernel, while important fixes address widely used packages including NodeJS, Firefox, Vim, and BIND. Some of these advisories only carry moderate severity ratings, but ignoring them entirely could still cause unexpected instability across your infrastructure. You should prioritize applying these changes immediately to keep both development workstations and production servers secure against emerging threats.

Slackware Linux

Slackware has rolled out urgent security patches for several key packages across its 15.0 and current release branches. The updates target libarchive, Xorg-server, libexif, libxml2, CUPS, and TigerVNC to fix a range of dangerous flaws. Administrators will find these builds addressing critical issues such as heap buffer overflows, use-after-free bugs, type confusion errors, and weak certificate validation. System owners should apply these fixes right away to keep their environments secure against potential exploits.

SUSE Linux

SUSE and openSUSE have rolled out a massive wave of security advisories targeting critical vulnerabilities across their Linux distributions. These urgent patches cover essential software like the kernel, Chromium browser, Python libraries, sudo, and container tools such as Podman. Many of the fixes address dangerous flaws including memory corruption issues, privilege escalation risks, and unauthorized access vectors that could compromise system integrity. System administrators should prioritize installing these updates right away to keep their production environments secure against active threats.

Ubuntu Linux

Ubuntu has rolled out a wave of critical security patches targeting dozens of widely used packages and kernel variants. These updates address severe flaws in essential tools like Vim, Rust, Redis, Polkit, and FRRouting that could otherwise let attackers execute arbitrary code or crash systems. The Linux kernel receives particular attention with fixes spanning Azure, GCP, NVIDIA, and FIPS environments to patch dangerous vulnerabilities in drivers and networking stacks. Administrators should install these updates immediately to prevent unauthorized access and maintain overall system stability across all supported releases.

How to upgrade packages

This quick overview shows exactly what commands you need to run so the latest security patches and bug fixes actually make it onto your system without hunting down individual .deb or .rpm files.

Debian/Ubuntu (apt)

The first thing to do is refresh the local package index; running sudo apt update contacts all configured repositories and pulls in the newest lists of available versions. Skipping this step leaves the system blind to any recent uploads, which explains why “upgrade” sometimes claims there’s nothing to do even after a security advisory has been published. Once the index is current, invoke sudo apt upgrade -y; the -y flag answers every prompt automatically so the process doesn’t pause for user input. This command upgrades all installed packages that have newer versions in the repositories while preserving configuration files.

sudo apt update
sudo apt upgrade -y

Fedora/RedHat/Rocky/Alma/Oracle (dnf or yum)

On modern Fedora and recent Red Hat derivatives, dnf is the package manager; older RHEL releases still rely on yum. Begin with a check‑update operation—sudo dnf check-update or sudo yum check-update—to see exactly which packages are awaiting an upgrade. This preview step can be useful for spotting unexpected kernel bumps before they land. To actually apply the updates, run sudo dnf upgrade -y (or sudo yum update if you prefer the older tool). The upgrade command pulls down the new binaries and runs any necessary post‑install scripts, such as rebuilding initramfs when a kernel changes.

sudo dnf check-update
sudo dnf upgrade -y

or on older releases

sudo yum check-update
sudo yum update

SUSE (zypper)

SUSE’s command line front‑end is called zypper. First execute sudo zypper refresh so that the metadata for all enabled repos gets updated; without this, zypper will happily report “No updates available” even though newer packages sit on the mirror. After a fresh refresh, issue sudo zypper update -y; this upgrades every package to the latest version in the configured repositories and automatically handles service restarts when required.

sudo zypper refresh
sudo zypper update -y

Slackware (slackpkg and pkgtool)

Slackware doesn’t have a single unified updater, but the official way to pull updates is through slackpkg. Start with sudo slackpkg update to download the newest package list from the chosen mirror. Then run sudo slackpkg upgrade-all; this command walks through each installed package and replaces it with the most recent build available in the official repository. For users who prefer a more granular approach, specifying a package name after upgrade limits the operation to that single item. When dealing with community‑maintained repositories, pkgtool takes over: a combined sudo pkgtool update && sudo pkgtool upgrade will sync and apply updates from the mirrors listed in /etc/slackpkg/mirrors.

sudo slackpkg update
sudo slackpkg upgrade-all

Gentoo Linux

Updating Gentoo Linux is more involved than binary distributions because it's a source-based system with highly customizable packages.

sudo emerge --sync
sudo emerge -avuDN @world

Keep those systems patched, and watch the logs for any signs of exploitation attempts on Cockpit.

XanMod Kernel 6.18.23 LTS and 6.19.13 released

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...