Linux Security Roundup for Week 22, 2026

Security 10957 Published by

This week's Linux security updates deliver critical patches for widely used services like Nginx and Samba across nearly every major distribution. Enterprise-focused releases from Red Hat, AlmaLinux, Rocky, and Oracle include extensive fixes for .NET runtimes up to version 10, container tools, and hardened kernels. Debian and SUSE administrators should prioritize updates for ImageMagick, Exim4, Redis, and Podman to close dangerous infrastructure vulnerabilities. Meanwhile, Fedora and Ubuntu addressed memory corruption flaws in BIND and Chromium while rolling out specialized kernel variants and resolving recent package manager regressions.





Last Week's Linux Security Updates: Critical Patches for Nginx, Samba, and Kernels

System administrators face a massive backlog of linux security updates this week, driven by critical flaws in web servers, file sharing protocols, and kernels. Nginx and Samba took heavy hits across multiple distributions, leaving unpatched systems exposed to remote code execution and privilege escalation. Beyond the headline vulnerabilities, there is a wave of runtime updates for .NET, Python, and Java that affect everything from desktop workstations to cloud instances. Delaying these patches only increases the attack surface while prompt action keeps infrastructure secure.

Critical Fixes for Nginx and Samba

Nginx is the primary concern this week, with AlmaLinux, Rocky Linux, SUSE, and Ubuntu all releasing critical advisories. These updates address dangerous flaws that allow attackers to crash worker processes or execute code via crafted requests. If you run a reverse proxy or host content behind Nginx, verify the version immediately. Samba also received urgent patches on Debian, SUSE, and Ubuntu. File shares are prime targets for ransomware and data theft, so applying these fixes is non-negotiable for any system exposing SMB services.

RHEL Family Updates and .NET 10

AlmaLinux, Rocky Linux, Oracle Linux, and Red Hat all released updates that include .NET versions 8, 9, and even 10. Seeing .NET 10 in enterprise repositories this early is a sign of how fast the ecosystem moves now. These updates also cover Cockpit, Flatpak, and Thunderbird. Rocky Linux users should note version 10.2 just dropped with stricter x86_64-v3 hardware baselines for fresh installs, which might break compatibility on older machines if planning a clean install. Oracle Linux administrators need to apply patches for the Unbreakable Enterprise kernel alongside fixes for Firefox and Ruby modules.

Debian and SUSE Essentials

Debian pushed updates for ImageMagick, NodeJS, and Exim4 alongside the kernel. Mail admins using Exim should test this in staging first, as runtime updates can sometimes trip up custom configurations or break mail flow if dependencies shift unexpectedly. SUSE released critical advisories for Samba and Redis, along with fixes for Podman and Docker containers. If running containerized workloads on openSUSE or SLES, verify images against the new security baselines to prevent supply chain risks.

Fedora and Ubuntu Kernels

Fedora administrators managing versions 42 through 44 need to apply patches for BIND, Chromium, and Netatalk. The kernel updates here address memory corruption issues that could lead to heap overflows. Ubuntu has a sprawling list of kernel variants, including Low Latency, NVIDIA Tegra, and Azure builds. If running specialized hardware or cloud instances, make sure to grab the right kernel flavor. Ubuntu also fixed regressions in pip and Apache HTTP Server, which is a relief for Python developers who might have been stuck on broken package managers after previous updates.

Slackware Maintenance

Slackware users received a smaller but necessary update for version 15.0 and the development branch. The kernel fixes address CVE-2026-43503 and CVE-2026-46300 related to shared fragment markers, while Thunderbird received its own security refresh. Since Slackware moves at its own pace, these patches are essential for maintaining integrity on stable systems without introducing unnecessary changes.

Tuxrepair

Latest Security Patches by Distribution

Here’s a complete breakdown of the security updates:

AlmaLinux

AlmaLinux recently rolled out extensive security patches across versions 8 through 10 to address dozens of critical vulnerabilities. These updates target essential system components like Python, Glibc, Flatpak, and Apache HTTP Server while fixing dangerous flaws in the Linux kernel and various web applications. Administrators should prioritize installing these releases immediately since unpatched systems remain exposed to severe exploitation risks. The comprehensive wave of CVE fixes ensures that enterprise environments maintain a hardened posture against emerging threats without disrupting daily operations.

Debian GNU/Linux

Debian recently pushed out a heavy batch of security advisories that address critical flaws across dozens of essential packages. You should prioritize installing these updates right away since unpatched versions of the Linux kernel, ImageMagick, and NodeJS leave systems wide open to privilege escalation and data theft. Several other widely used tools like GnuTLS, Samba, and Varnish also received urgent fixes for bugs that could easily crash servers or let malicious actors run arbitrary code on your network. Delaying these patches only increases your exposure to dangerous exploits while prompt action keeps your entire infrastructure secure and running smoothly.

Fedora Linux

Fedora administrators managing versions 42 through 44 must immediately apply a coordinated wave of critical security patches across dozens of essential system packages. These updates address severe vulnerabilities in widely used tools like BIND, Chromium, the Linux kernel, and Netatalk that could otherwise allow remote code execution or heap buffer overflows. Many of the fixes focus on memory corruption flaws and policy bypasses that attackers frequently exploit to steal sensitive data or crash entire services. System operators should prioritize installing these releases right away to maintain network stability and protect against known exploitation paths.

Oracle Linux

Oracle has issued a wide range of security advisories for Oracle Linux versions seven through ten to fix serious flaws in essential system packages. These critical updates target memory corruption issues and network buffer handling problems within the Unbreakable Enterprise kernel. Administrators will also find important patches for widely used applications like Firefox, Thunderbird, and Flatpak alongside development frameworks such as .NET and Ruby. The new releases are now available on the Unbreakable Linux Network to help organizations maintain secure and stable server environments without delay.

Red Hat Enterprise Linux

Red Hat recently rolled out a broad collection of security advisories designed to patch known vulnerabilities across its enterprise Linux distributions. These updates hit foundational pieces like the kernel and glibc while also hardening container environments such as OpenShift. You will also notice important fixes for everyday tools including Squid, Grafana, Ruby modules, and Firefox that keep systems running smoothly. System administrators should prioritize installing these patches immediately to prevent potential exploits on RHEL versions eight through ten.

Rocky Linux

Rocky Linux administrators must apply a broad wave of critical security patches to protect systems running versions eight through ten. These urgent updates target essential components like the kernel, .NET framework, Firefox, Thunderbird, and various system libraries that power modern enterprise environments. Version 10.2 just dropped with stricter x86_64-v3 hardware baselines for fresh installs, though existing v10 machines can upgrade using a single command. Teams managing Flatpak, Cockpit, Golang, or Nginx should prioritize these fixes immediately to close newly discovered vulnerabilities before attackers exploit them.

Slackware Linux

The Slackware Linux Security Team recently deployed essential security patches for both the stable version 15.0 release and its active development branch. These updates address critical network vulnerabilities by fixing how shared fragment markers interact with buffer transfer helpers, effectively resolving CVE-2026-43503 and CVE-2026-46300 in the new kernel packages. Administrators relying on email services will also benefit from refreshed Thunderbird builds that close additional security gaps without disrupting daily workflows. Users should apply these updates immediately to maintain system integrity across all supported environments.

SUSE Linux

SUSE recently distributed several major security update batches across openSUSE Tumbleweed, Leap, and enterprise Linux distributions to fix dozens of newly discovered flaws. These patches target essential software like the Linux kernel, Firefox, Nginx, Samba, and Podman by closing dangerous gaps that could easily trigger remote code execution or crash network services. System administrators need to install these fixes right away because unpatched machines remain highly vulnerable to memory corruption bugs and unauthorized access attempts. The comprehensive advisories cover both rolling development releases and stable enterprise branches to keep the entire SUSE ecosystem protected against modern threats.

Ubuntu Linux

Ubuntu has released multiple urgent security notices that tackle severe vulnerabilities across dozens of popular software packages and specialized kernel builds. Malicious actors could exploit these weaknesses to crash systems, escalate privileges, or run unauthorized code by sending specially crafted network requests. The recent patches fix critical flaws in essential tools like the Apache HTTP Server, PHP runtime, Memcached, and various database utilities while also correcting regressions that accidentally broke previously stable modules. Linux administrators should deploy these updates right away to shield their infrastructure from exploitation and keep their systems running smoothly.

How to apply these Linux security updates safely

Before running any update commands, check which services are currently active on your system. If Nginx or Apache is handling live traffic, schedule a brief maintenance window or use rolling restarts to minimize downtime during the patching process. Desktop users can usually apply these fixes by opening a terminal and running the standard package manager command for their distribution followed by an upgrade flag. A reboot will be necessary if the kernel received updates to ensure the new security modules load correctly.

Power users who rely on command-line tools like jq should verify the patch level after installation. Regression bugs can occasionally break scripts that depend on specific JSON parsing behavior, so a quick test run is worth the few minutes it takes. If you use PackageKit or other GUI package managers and prefer to skip them because they sometimes hang or try to install junk, do not let that stop you from running the command-line equivalent to get these critical patches applied.

Applying these patches requires distribution-specific package management commands. RHEL-based systems typically use dnf update or yum update, while Debian and Ubuntu rely on apt upgrade. SUSE users should run zypper patch to properly address all security advisories, and Slackware administrators can manage updates with upgradepkg or slackpkg. After executing the commands, a reboot is usually necessary for kernel changes to take effect. Finally, review your package manager’s logs to verify that all patches installed successfully and no dependencies were disrupted.

Debian/Ubuntu (apt)

The first thing to do is refresh the local package index; running sudo apt update contacts all configured repositories and pulls in the newest lists of available versions. Skipping this step leaves the system blind to any recent uploads, which explains why “upgrade” sometimes claims there’s nothing to do even after a security advisory has been published. Once the index is current, invoke sudo apt upgrade -y; the -y flag answers every prompt automatically so the process doesn’t pause for user input. This command upgrades all installed packages that have newer versions in the repositories while preserving configuration files.

sudo apt update
sudo apt upgrade -y

Fedora/RedHat/Rocky/Alma/Oracle (dnf or yum)

On modern Fedora and recent Red Hat derivatives, dnf is the package manager; older RHEL releases still rely on yum. Begin with a check‑update operation—sudo dnf check-update or sudo yum check-update—to see exactly which packages are awaiting an upgrade. This preview step can be useful for spotting unexpected kernel bumps before they land. To actually apply the updates, run sudo dnf upgrade -y (or sudo yum update if you prefer the older tool). The upgrade command pulls down the new binaries and runs any necessary post‑install scripts, such as rebuilding initramfs when a kernel changes.

sudo dnf check-update
sudo dnf upgrade -y

or on older releases

sudo yum check-update
sudo yum update

SUSE (zypper)

SUSE’s command line front‑end is called zypper. First execute sudo zypper refresh so that the metadata for all enabled repos gets updated; without this, zypper will happily report “No updates available” even though newer packages sit on the mirror. After a fresh refresh, issue sudo zypper update -y; this upgrades every package to the latest version in the configured repositories and automatically handles service restarts when required.

sudo zypper refresh
sudo zypper update -y

Slackware (slackpkg and pkgtool)

Slackware doesn’t have a single unified updater, but the official way to pull updates is through slackpkg. Start with sudo slackpkg update to download the newest package list from the chosen mirror. Then run sudo slackpkg upgrade-all; this command walks through each installed package and replaces it with the most recent build available in the official repository. For users who prefer a more granular approach, specifying a package name after upgrade limits the operation to that single item. When dealing with community‑maintained repositories, pkgtool takes over: a combined sudo pkgtool update && sudo pkgtool upgrade will sync and apply updates from the mirrors listed in /etc/slackpkg/mirrors.

sudo slackpkg update
sudo slackpkg upgrade-all

Run your updates, check your logs for any service restarts, and don't forget to reboot if the kernel changed. Stay safe out there.

Apptainer, Memcached, Authlib, Live555, and Perl YAML Syck updates for SUSE

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...