Linux Security Roundup for Week 7, 2026: Critical Updates and Vulnerability Fixes

Security 10929 Published 2026-02-22 09:05 by Philipp Esselbach

News

Several major Linux distributions, including AlmaLinux, Debian, Fedora, Oracle Linux, Red Hat Enterprise Linux, Rocky Linux, Slackware, and Ubuntu, have released security updates to address various vulnerabilities. These updates include fixes for Go, Golang, Node.js, Python-Django, Wireshark, LibPNG, GnuTLS, Roundcube, Ceph, Nova, ca-certificates, Chromium, Pillow, GEGL, and other packages, resolving issues such as denial-of-service attacks, crashes, infinite loops, HTML sanitization problems, buffer overflows, code execution vulnerabilities, and potential exploitation of vulnerabilities. The updates are available for various versions of each distribution, including kernel updates, to ensure users' systems remain secure and up-to-date. Users should install these updates as soon as possible to prevent their systems from being compromised by attackers exploiting the identified vulnerabilities.

Linux Security Roundup for Week 7, 2026

A summary of the past week's security patches is provided below, addressing critical issues in major Linux platforms:

AlmaLinux

AlmaLinux has released several important security updates to address various vulnerabilities. These updates include fixes for Go, Golang, and Node.js, which resolve issues like excessive CPU consumption, memory exhaustion, code smuggling, and unexpected session resumption. Additionally, updates have been released for GIMP, EDK2, Glibc, PHP, and Grafana, with the latter two specifically addressing Denial of Service attacks and cross-dashboard privilege escalation on AlmaLinux 9 and 10 respectively. These security updates are available for users to download and install to ensure their systems remain secure and up-to-date.

Debian GNU/Linux

Debian has released several important security updates to address various vulnerabilities, including fixes for Python-Django, Wireshark, and LibPNG. These updates resolve issues such as denial-of-service attacks, crashes, and infinite loops, as well as problems with HTML sanitization and buffer overflows. Other affected packages include GnuTLS, Roundcube, Ceph, Nova, ca-certificates, Chromium, Pillow, and GEGL, which have been patched to prevent information disclosure or code execution. The updates are available for Debian versions 9, 10, and 12, as well as for the LTS/ELTS branch, to ensure users' systems remain secure and up-to-date.

Fedora Linux

Fedora has released several important security updates to address various vulnerabilities, including fixes for GnuTLS, VIM, P11-Kit, and MinGW. These updates resolve issues such as denial-of-service attacks, buffer overflows, and excessive resource consumption during certificate verification. Other affected packages include GnuPG2, Rsync, LibPNG, Thunderbird, Python, Roundcube, Microcode, Mupdf, Rust, UV, and mupdf, which have been patched to prevent code execution or exploitation of vulnerabilities. The updates are available for Fedora versions 42 and 43 to ensure users' systems remain secure and up-to-date.

Oracle Linux

Oracle has released several important security updates to address various vulnerabilities on Oracle Linux, including kernel updates that fix multiple issues. These updates also resolve issues with GnuPG2, Go, PHP, NodeJS, and other packages, which have been patched to prevent code execution or exploitation of vulnerabilities. Other affected packages include Unbreakable Enterprise kernel, glibc, edk2, and more, which are available for Oracle Linux 9 to ensure users' systems remain secure and up-to-date. The updates address CVEs and other security issues, providing a secure environment for users on the Oracle Linux platform.<&p>

Red Hat Enterprise Linux

Red Hat has released several important security updates to address various vulnerabilities on Red Hat Enterprise Linux (RHEL) systems, including fixes for Python-Urllib3, PKI-Deps, and Resource-Agents. These updates also resolve issues with FreeRDP, NodeJS, GlibC, Munge, OpenShift Container Platform, gimp, freerdp, and grafana, among others, which have been patched to prevent code execution or exploitation of vulnerabilities. The updates are available for various versions of RHEL, including 8, and address CVEs and other security issues, providing a secure environment for users on the RHEL platform. Users should install these updates as soon as possible to ensure their systems remain secure and up-to-date.

Rocky Linux

Rocky Linux has released several important security updates to address various vulnerabilities, including kernel updates available for versions 8, 9, and 10. These updates also resolve issues with Go, Python, GCC, NodeJS, and GIMP, which have been patched to prevent code execution or exploitation of vulnerabilities. The updates are available for Rocky Linux 9 and 10, addressing moderate- and Important-level vulnerabilities, providing a secure environment for users on the Rocky Linux platform. Users should install these updates as soon as possible to ensure their systems remain secure and up-to-date.

Slackware Linux

Slackware has released important security updates to address vulnerabilities in Mozilla Firefox and Thunderbird, which have been fixed with new packages available for versions 15.0 and -current. Additionally, updates are also available for Lrzip and LibSSH to patch security issues, including a heap buffer overflow in libvpx. The updated packages can be downloaded from the official Slackware FTP servers or mirror sites near you, along with MD5 signatures for verification. Users should install these updates as soon as possible to ensure their systems remain secure and up-to-date.

SUSE Linux

openSUSE has released several important security updates to address vulnerabilities in various packages, including Go, openCryptoki, Python, Kernel, Protobuf, Libnvidia-Container, Chromium, NodeJS, Kubernetes, and others. These updates fix critical issues, such as heap buffer overflows and potential code execution vulnerabilities, which could be exploited by attackers. The list of updates also includes patches for Live Patch 43 and Live Patch 44 for SUSE Linux Enterprise 15 SP4, as well as fixes for other packages like nodejs22, python311-pip, kubernetes, and more. Users should install these updates as soon as possible to ensure their systems remain secure and up-to-date.

Ubuntu Linux

Ubuntu has released several important security updates to address vulnerabilities in various packages, including AIOHTTP, FreeRDP, Expat, .NET, alsa-lib, and GnuTLS. These updates also resolve issues with the Linux kernel, such as improper initialization of CPU cache memory and potential data leakage due to processor flaws (CVE-2024-36331, CVE-2025-21884), which could be exploited by attackers. Additionally, patches have been released for other packages like Pillow, FRR, Nova, Trafic Server, LibSSH, Inetutils, and Linux kernel flavors such as Low Latency, Intel IoTG, Azure, and HWE kernels. Users should install these updates as soon as possible to ensure their systems remain secure and up-to-date.

How to upgrade packages

This quick overview shows exactly what commands you need to run so the latest security patches and bug fixes actually make it onto your system without hunting down individual .deb or .rpm files.

Debian/Ubuntu (apt)

The first thing to do is refresh the local package index; running sudo apt update contacts all configured repositories and pulls in the newest lists of available versions. Skipping this step leaves the system blind to any recent uploads, which explains why “upgrade” sometimes claims there’s nothing to do even after a security advisory has been published. Once the index is current, invoke sudo apt upgrade -y; the -y flag answers every prompt automatically so the process doesn’t pause for user input. This command upgrades all installed packages that have newer versions in the repositories while preserving configuration files.

sudo apt update
sudo apt upgrade -y

Fedora/RedHat/Rocky/Alma/Oracle (dnf or yum)

On modern Fedora and recent Red Hat derivatives, dnf is the package manager; older RHEL releases still rely on yum. Begin with a check‑update operation—sudo dnf check-update or sudo yum check-update—to see exactly which packages are awaiting an upgrade. This preview step can be useful for spotting unexpected kernel bumps before they land. To actually apply the updates, run sudo dnf upgrade -y (or sudo yum update if you prefer the older tool). The upgrade command pulls down the new binaries and runs any necessary post‑install scripts, such as rebuilding initramfs when a kernel changes.

sudo dnf check-update
sudo dnf upgrade -y

or on older releases

sudo yum check-update
sudo yum update

SUSE (zypper)

SUSE’s command line front‑end is called zypper. First execute sudo zypper refresh so that the metadata for all enabled repos gets updated; without this, zypper will happily report “No updates available” even though newer packages sit on the mirror. After a fresh refresh, issue sudo zypper update -y; this upgrades every package to the latest version in the configured repositories and automatically handles service restarts when required.

sudo zypper refresh
sudo zypper update -y

Slackware (slackpkg and pkgtool)

Slackware doesn’t have a single unified updater, but the official way to pull updates is through slackpkg. Start with sudo slackpkg update to download the newest package list from the chosen mirror. Then run sudo slackpkg upgrade-all; this command walks through each installed package and replaces it with the most recent build available in the official repository. For users who prefer a more granular approach, specifying a package name after upgrade limits the operation to that single item. When dealing with community‑maintained repositories, pkgtool takes over: a combined sudo pkgtool update && sudo pkgtool upgrade will sync and apply updates from the mirrors listed in /etc/slackpkg/mirrors.

sudo slackpkg update
sudo slackpkg upgrade-all

Bazaar 0.7.9 Update: Improving Flatpak Management in GNOME