Linux Security Roundup for Week 23, 2026

Security 10959 Published 2026-06-07 07:52 by Philipp Esselbach

News

This week demands immediate action from every Linux system administrator because a massive wave of security patches just dropped across all major distributions. Critical vulnerabilities in Samba and the core kernel now allow attackers to execute remote code or escalate privileges without any user interaction. Web servers, mail daemons, and foundational crypto libraries like OpenSSL also receive urgent fixes that directly protect encrypted traffic from man-in-the-middle attacks. You must run the correct package manager commands for your exact release right now since skipping these updates leaves your entire infrastructure wide open to automated ransomware campaigns.

Massive weekly Linux security updates hit Samba, kernels, and web stacks hard

This week's batch of Linux security updates is a massive wave of patches that targets critical flaws in Samba, the kernel, OpenSSL, and dozens of web servers. System administrators managing RHEL, Debian, Ubuntu, Fedora, or any other distribution need to prioritize these installations immediately because unpatched systems face severe risks of remote code execution and privilege escalation. The volume of advisories across AlmaLinux, Oracle Linux, Rocky Linux, Slackware, SUSE, and others suggests a coordinated push to close vulnerabilities that attackers are actively exploiting in the wild. Running your package manager right now is not optional if you want to keep your infrastructure secure.

Critical Samba and kernel flaws drive urgent Linux security updates

Samba has critical vulnerabilities in AlmaLinux and RHEL that allow remote code execution or privilege escalation, so those packages must be updated before anything else. The kernel sees massive updates across every distribution this week. Slackware specifically targets the rxrpc networking module, while Ubuntu pushes separate kernels for NVIDIA Tegra, Raspberry Pi, Azure FIPS, and low latency builds. SUSE is rolling out live patches for SLES 15 SP4 through SP7, which means some systems can get fixed without a reboot, but others still need downtime. Skipping these kernel updates leaves the base system exposed to memory corruption exploits that have been around long enough for attackers to write automated tools against them. I've seen admins skip Samba patches because they thought it was just file sharing, until ransomware hit and encrypted everything on the network. Do not make that mistake this week.

Web servers, mail daemons, and browsers face widespread fixes

Apache httpd and Nginx are getting patched across Fedora, Slackware, Ubuntu, RHEL, Oracle, Alma, and Rocky. Exim and Dovecot see fixes in Debian, Fedora, and Ubuntu, which affects anyone running mail servers. Postfix updates land in Fedora and Ubuntu. Firefox, Thunderbird, and Chromium get security bumps everywhere. If you run a web server or handle email traffic, these are the packages that keep your infrastructure from becoming an open door for attackers. The sheer number of browser updates also means desktop users need to refresh their systems soon, as rendering engines often hide zero-day exploits in plain sight. Delaying these installations leaves services vulnerable to cross-site scripting and authentication bypasses that can compromise user data without any interaction required.

OpenSSL, GnuTLS, and crypto libraries get major updates

OpenSSL, GnuTLS, and compat-openssl10 or 11 updates appear in almost every distribution list. PHP 8.2, 8.3, and 8.4 get security bumps in RHEL, Rocky, Oracle, and Fedora. .NET 10.0 lands in RHEL and Rocky. Ruby 4.0 appears in Fedora and Rocky. Libsoup gets hammered with updates in SUSE, RHEL, Debian, Ubuntu, and Slackware. These libraries underpin secure communication, so leaving them outdated breaks the trust chain for encrypted traffic. Attackers can exploit weak crypto implementations to decrypt sensitive data or perform man-in-the-middle attacks on internal networks. Updating these packages ensures that TLS handshakes and certificate validation work as intended across all your services.

Distribution-specific paths for RHEL, Debian, Ubuntu, Fedora, and more

RHEL has a huge list including OpenSSH, Fence-agents, OVN, OpenShift, and Kpatch-patches alongside the core updates. Debian brings Sudo, Node.js, GIMP, FRRouting, Exim4, GSASL, Request Tracker5, and Tomcat9 to the table. Ubuntu pushes XZ Utils, MySQL, Apache Commons Lang, GoBGP, Pip, Twisted, and Libwww-perl in this cycle. Fedora covers Suricata, Perl, Vim, Unbound, HPLIP, Nextcloud, Rust-sequoia, Keylime, and NASM for both version 43 and 44. SUSE adds Busybox, Putty, Strongswan, Hplip, Xorg, Grafana, MariaDB, PostgreSQL18, Salt, Glibc, Python-Pillow, Evince, and Cloudflared to the mix. Slackware rounds out the week with Proftpd, TigerVNC, Net-Tools, Libinput, and Dnsmasq. Each distribution has its own advisory numbering system, so check the specific IDs for your release to ensure you are pulling the right packages from the repositories.

Latest Security Patches by Distribution

Here’s a complete breakdown of recent security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Rocky Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

AlmaLinux

AlmaLinux recently deployed urgent security errata across its standard production repositories to fix critical flaws in widely used software. These patches directly address dangerous vulnerabilities in CIFSwitch, Samba, Apache HTTP Server, and OpenSSL while also resolving remote code execution risks within Vim and Ruby. System administrators managing PHP version 10 or the real-time kernel on version 8 must apply these updates quickly since unpatched systems remain highly vulnerable to denial of service attacks and memory corruption exploits. Keeping infrastructure regularly updated remains the only reliable defense against escalating network threats.

Debian GNU/Linux

Debian and Freexian have issued a series of urgent security advisories to address severe flaws across dozens of widely used software packages. These critical updates patch dangerous vulnerabilities that could allow attackers to execute arbitrary code, bypass authentication mechanisms, or steal sensitive user data. System administrators should immediately upgrade essential tools like Sudo, Apache2, Dovecot, and Node.js to prevent privilege escalation and cross-site scripting attacks. Rolling out these patches quickly remains vital for maintaining system integrity and protecting against widespread exploitation attempts.

Fedora Linux

Fedora administrators need to install a fresh wave of critical security patches across both version 43 and version 44 right away. These urgent updates tackle dangerous flaws in dozens of widely used tools including web browsers, email clients, database servers, and core system libraries. You will find fixes for zero day exploits, privilege escalation holes, and various rendering bugs that could otherwise compromise your entire network infrastructure. Delaying this installation leaves your systems exposed to serious threats so please prioritize the upgrade process immediately.

Oracle Linux

Oracle recently issued a comprehensive set of security advisories for its enterprise Linux distributions to patch critical flaws in essential system components. The latest releases address widespread vulnerabilities across core libraries and services by updating Apache httpd, the standard Linux kernel, GnuTLS, compat-openssl10, and Podman on versions eight and nine. A separate advisory batch focuses on the Unbreakable Enterprise Kernel alongside common software packages like Thunderbird, PHP 8.2, and core utilities to harden multiple operating system releases. System administrators should prioritize these patches immediately since unaddressed weaknesses could expose production environments to serious exploitation risks.

Red Hat Enterprise Linux

Red Hat recently rolled out several batches of security advisories that target multiple RHEL releases alongside niche update channels. System administrators need to apply these critical fixes right away since they resolve dangerous flaws in essential tools like PHP, Python, Java, OpenSSL, Firefox, OpenSSH, Samba, and the Linux kernel. The patches cover everything from container platforms to virtual networking utilities across RHEL versions eight through ten. You should check your server environments immediately because unpatched systems remain exposed to moderate and critical vulnerabilities.

Rocky Linux

Rocky Linux administrators managing versions eight through ten need to apply a broad wave of critical security patches right away. These advisories target essential components like PHP, Apache httpd, OpenSSL, and the system kernel while also updating widely used utilities such as Vim, Thunderbird, and Podman. The updates close dangerous gaps in the code that could otherwise lead to full system compromise. Administrators must install these fixes without delay to keep their networks secure and fully compliant with current industry standards.

Slackware Linux

Slackware Linux administrators need to apply several urgent security patches right away after the release of multiple critical vulnerability fixes across core system components. The kernel update specifically targets dangerous flaws within the rxrpc networking module while a separate advisory covers essential upgrades for HTTPd, Proftpd, TigerVNC, Net-Tools, and Xorg-Server. You should also apply the rolling current branch patches for libinput and dnsmasq immediately to prevent potential exploitation of known security weaknesses that could compromise your entire network infrastructure. Delaying these installations leaves servers exposed so regular maintenance routines must prioritize these official Slackware Security Team advisories without hesitation.

SUSE Linux

SUSE recently pushed out several major update cycles that tackle dozens of dangerous security flaws across its openSUSE and enterprise Linux platforms. You really need to apply these patches immediately since the unpatched vulnerabilities could easily let attackers run arbitrary code or steal system access. The updates span everything from the core kernel and database engines to printing utilities and Python libraries. Administrators should prioritize these installations across all supported versions because delayed deployment leaves critical services like OpenSSH, Grafana, and MariaDB exposed to well-documented exploits that could compromise entire networks.

Ubuntu Linux

Ubuntu recently distributed multiple batches of critical security patches that address severe vulnerabilities across dozens of widely deployed system packages and applications. These updates resolve dangerous flaws in foundational software like the Linux kernel, Nginx web server, MySQL database, and Apache HTTP service to stop attackers from escalating privileges or leaking sensitive data. System administrators must apply these fixes promptly because unpatched servers face immediate risks of remote code execution and complete service outages. Keeping core utilities and external tools current remains a fundamental requirement for maintaining secure Linux infrastructure.

Keep Your Linux System Secure: Safely Applying Critical Updates

Applying these patches requires distribution-specific package management commands. RHEL-based systems typically use dnf update or yum update, while Debian and Ubuntu rely on apt upgrade. SUSE users should run zypper patch to properly address all security advisories, and Slackware administrators can manage updates with upgradepkg or slackpkg. After executing the commands, a reboot is usually necessary for kernel changes to take effect. Finally, review your package manager’s logs to verify that all patches installed successfully and no dependencies were disrupted.

Debian/Ubuntu (apt)

The first thing to do is refresh the local package index; running sudo apt update contacts all configured repositories and pulls in the newest lists of available versions. Skipping this step leaves the system blind to any recent uploads, which explains why “upgrade” sometimes claims there’s nothing to do even after a security advisory has been published. Once the index is current, invoke sudo apt upgrade -y; the -y flag answers every prompt automatically so the process doesn’t pause for user input. This command upgrades all installed packages that have newer versions in the repositories while preserving configuration files.

sudo apt update
sudo apt upgrade -y

Fedora/RedHat/Rocky/Alma/Oracle (dnf or yum)

On modern Fedora and recent Red Hat derivatives, dnf is the package manager; older RHEL releases still rely on yum. Begin with a check‑update operation—sudo dnf check-update or sudo yum check-update—to see exactly which packages are awaiting an upgrade. This preview step can be useful for spotting unexpected kernel bumps before they land. To actually apply the updates, run sudo dnf upgrade -y (or sudo yum update if you prefer the older tool). The upgrade command pulls down the new binaries and runs any necessary post‑install scripts, such as rebuilding initramfs when a kernel changes.

sudo dnf check-update
sudo dnf upgrade -y

or on older releases

sudo yum check-update
sudo yum update

SUSE (zypper)

SUSE’s command line front‑end is called zypper. First execute sudo zypper refresh so that the metadata for all enabled repos gets updated; without this, zypper will happily report “No updates available” even though newer packages sit on the mirror. After a fresh refresh, issue sudo zypper update -y; this upgrades every package to the latest version in the configured repositories and automatically handles service restarts when required.

sudo zypper refresh
sudo zypper update -y

Slackware (slackpkg and pkgtool)

Slackware doesn’t have a single unified updater, but the official way to pull updates is through slackpkg. Start with sudo slackpkg update to download the newest package list from the chosen mirror. Then run sudo slackpkg upgrade-all; this command walks through each installed package and replaces it with the most recent build available in the official repository. For users who prefer a more granular approach, specifying a package name after upgrade limits the operation to that single item. When dealing with community‑maintained repositories, pkgtool takes over: a combined sudo pkgtool update && sudo pkgtool upgrade will sync and apply updates from the mirrors listed in /etc/slackpkg/mirrors.

sudo slackpkg update
sudo slackpkg upgrade-all

The update queues are full this week, so grab a coffee and let the package managers do their work. If automated patching is in place, verify those jobs ran successfully and check for any service restarts that might have failed. For manual updates, prioritize Samba, OpenSSL, and your web server before moving on to the smaller libraries. Stay safe out there, and try not to be the admin who wakes up to a support ticket because they skipped one critical patch.

Grafana, OpenSSH, MariaDB, FFmpeg, and Perl Modules updates for SUSE

WSL 2.7.8 (Windows Subsystem for Linux) Pre-Release Fixes Hosts File Crash and Updates the Kernel