Linux Security Roundup for Week 7, 2026: Summary of Recent Updates and Patch Releases

Security 10928 Published 2026-02-15 08:44 by Philipp Esselbach

News

Multiple security updates have been released for various Linux distributions, including AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Rocky Linux, Slackware Linux, and SUSE Linux. These updates address vulnerabilities in packages such as Node.js, Mozilla Thunderbird, Firefox, FreeRDP, Keylime, kernel, and others, with some updates rated as having Critical or Important security impacts. The distributions have released patches to fix issues including remote code execution, memory corruption, use-after-free bugs, path traversal, denial of service, buffer underflow vulnerabilities, and more.

Linux Security Roundup for Week 7, 2026: Multiple Distributions Release Critical and Important Security Updates to Address Vulnerabilities in Node.js, Mozilla Thunderbird, Firefox, and More

Below is a concise summary of the newest security patches released for today’s leading Linux distributions.

AlmaLinux

AlmaLinux has released multiple security updates to address vulnerabilities in several packages. These updates include patches for FontForge, Node.js, Mozilla Thunderbird, and Firefox to fix remote code execution issues. In addition to these updates, other vulnerable packages have been addressed including FreeRDP and Keylime, which had six vulnerabilities fixed by a single update. Multiple kernel updates were also released to address memory corruption and use-after-free bugs in the kernel package for AlmaLinux.

Debian GNU/Linux

Several security updates have been released for Debian, addressing vulnerabilities in various packages. The updates include patches for Zabbix and Wireshark to fix remote code execution issues and other potential problems. Additionally, multiple kernel updates were released to address memory corruption and use-after-free bugs, along with fixes for HAProxy, PostgreSQL, Nginx, ClamAV, and PDNS-Recursor vulnerabilities. Debian users are also advised to update their Chromium package to prevent arbitrary code execution and denial of service attacks.

Fedora Linux

Fedora has released multiple security updates to address vulnerabilities in various packages. The updates include patches for Plantuml and Node-Exporter, which were updated on both Fedora 42 and Fedora 43, as well as fixes for tbtools, rust-wiremix, and other related packages. In addition, the chromium package was updated to prevent arbitrary code execution via crafted HTML pages, and a heap buffer overflow in libvpx was also addressed. Furthermore, updates were released for libssh, Linux SGX, Python-Aiohttp, MinGW, Nginx, and Xen to fix various security issues such as path traversal, denial of service, and buffer underflow vulnerabilities.

Oracle Linux

Oracle has released multiple security updates to address vulnerabilities in various packages on Oracle Linux. These updates include kernel security patches for Oracle Linux 8, 9, and 10, as well as fixes for FreeRDP and Dtrace. Additionally, other packages such as libsoup3, Python, NodeJS, .NET Core, PHP, and GCC toolset have received updates to address security issues and provide new features. The updates are available for Oracle Linux versions 8, 9, and 10.

Red Hat Enterprise Linux

Red Hat Enterprise Linux (RHEL) has released multiple security updates to address vulnerabilities in various packages. The updates include patches for Thunderbird, Libsoup, Brotli, kernel, keylime, python3, golang, fence-agents, and more, with some of the updates rated as having Critical or Important security impacts. Additionally, other packages such as spice-client-win, GCC-Toolset, Libsoup OpenStack, OSBuild-Composer, and python-eventlet have also received updates to address various security vulnerabilities affecting different versions of RHEL.

Rocky Linux

Rocky Linux has released multiple security updates to address vulnerabilities in various packages. The updates include kernel patches for Rocky Linux 10 with a Common Vulnerability Scoring System (CVSS) base score, as well as fixes for Thunderbird on Rocky Linux 8 and other critical severity ratings. Additionally, important security updates were released for fontforge, python-urllib3, freerdp, fence-agents, PHP, NodeJS, libsoup3, PCS, Keylime, and Java-25-OpenJDK affecting various versions of Rocky Linux including 8, 9, and 10.

Slackware Linux

Slackware has released security updates to address vulnerabilities in libpng and gnutls. The updates, available for Slackware 15.0 and -current, fix a high-severity heap buffer overflow issue in libpng and two security vulnerabilities, including a NULL pointer dereference, in gnutls.

SUSE Linux

openSUSE has released multiple security updates to address vulnerabilities in various packages. The updates include patches for Python-Django, Chromium, localsearch, govulncheck-vulndb, OpenJDK, FreeRDP, libsoup, lemon, libp11, NodeJS, Glib2, Kernel, nvidia-modprobe, munge, HaProxy, PostgreSQL, and more. Additionally, updates were released for python310 to fix six vulnerabilities and another update for python-aiohttp and Brotli that solves eight vulnerabilities.

Ubuntu Linux

Ubuntu has released multiple security updates to address vulnerabilities in various packages. The updates include patches for python-pip, libsoup, FreeRDP, ImageMagick, GLib, expat, libxmltok, Linux kernel, .NET, HAProxy, and more. Additionally, a critical security issue was found in the Linux kernel for Amazon Web Services (AWS) systems affecting Ubuntu 20.04 LTS and its derivatives.

How to upgrade packages

This quick overview shows exactly what commands you need to run so the latest security patches and bug fixes actually make it onto your system without hunting down individual .deb or .rpm files.

Debian/Ubuntu (apt)

The first thing to do is refresh the local package index; running sudo apt update contacts all configured repositories and pulls in the newest lists of available versions. Skipping this step leaves the system blind to any recent uploads, which explains why “upgrade” sometimes claims there’s nothing to do even after a security advisory has been published. Once the index is current, invoke sudo apt upgrade -y; the -y flag answers every prompt automatically so the process doesn’t pause for user input. This command upgrades all installed packages that have newer versions in the repositories while preserving configuration files.

sudo apt update
sudo apt upgrade -y

Fedora/RedHat/Rocky/Alma/Oracle (dnf or yum)

On modern Fedora and recent Red Hat derivatives, dnf is the package manager; older RHEL releases still rely on yum. Begin with a check‑update operation—sudo dnf check-update or sudo yum check-update—to see exactly which packages are awaiting an upgrade. This preview step can be useful for spotting unexpected kernel bumps before they land. To actually apply the updates, run sudo dnf upgrade -y (or sudo yum update if you prefer the older tool). The upgrade command pulls down the new binaries and runs any necessary post‑install scripts, such as rebuilding initramfs when a kernel changes.

sudo dnf check-update
sudo dnf upgrade -y

or on older releases

sudo yum check-update
sudo yum update

SUSE (zypper)

SUSE’s command line front‑end is called zypper. First execute sudo zypper refresh so that the metadata for all enabled repos gets updated; without this, zypper will happily report “No updates available” even though newer packages sit on the mirror. After a fresh refresh, issue sudo zypper update -y; this upgrades every package to the latest version in the configured repositories and automatically handles service restarts when required.

sudo zypper refresh
sudo zypper update -y

Slackware (slackpkg and pkgtool)

Slackware doesn’t have a single unified updater, but the official way to pull updates is through slackpkg. Start with sudo slackpkg update to download the newest package list from the chosen mirror. Then run sudo slackpkg upgrade-all; this command walks through each installed package and replaces it with the most recent build available in the official repository. For users who prefer a more granular approach, specifying a package name after upgrade limits the operation to that single item. When dealing with community‑maintained repositories, pkgtool takes over: a combined sudo pkgtool update && sudo pkgtool upgrade will sync and apply updates from the mirrors listed in /etc/slackpkg/mirrors.

sudo slackpkg update
sudo slackpkg upgrade-all

Ungoogled Chromium 145 Patched for Critical CSS Vulnerability (CVE-2026-2441)

Installing PHP 8.5.3, 8.4.18, and Backported Security Builds on Debian with Ondřej Surý's Repository