< Back to situations

We’ll email you as it develops, and you can follow the whole thread from day one.

[SITUATION] · [ACTIVE]

5 clusters · 11 sources · 18 days · First seen · Last updated

Categories: TECHNOLOGY

Linux security vulnerabilities and patch response

Overview

In late June 2026 a security bulletin disclosed a record 1,888 Linux‑related vulnerabilities, including 324 kernel flaws and 728 in Chromium. Exploits such as CVE‑2026‑11645 targeted V8, while critical bugs were found in the Linux kernel, Apache ActiveMQ, Nextcloud, Squid and ImageMagick. Red Hat issued three errata for Enterprise Linux, urging updates to Perl‑IO‑Compress, libxslt and other components. Within days major distributions rolled out coordinated patches. Ubuntu and Red Hat updated kernels and core services (OpenVPN, OpenShift, Vim, nginx, cifs‑utils, LibVNCServer, nghttp2, Perl) to remediate privilege‑escalation and container issues. Debian LTS issued emergency advisories with new kernel packages for bullseye and bookworm, plus updated nginx and OpenVPN builds, covering more than 200 flaws. On 9 July 2026 Ubuntu published USN‑8492‑4, fixing dozens of kernel defects for Ubuntu 24.04 LTSS and derivatives, including two high‑severity bugs disclosed by researchers: Januscape (CVE‑2026‑53359), a KVM hypervisor use‑after‑free allowing guest‑to‑host code execution, and GhostLock (CVE‑2026‑43499), a futex use‑after‑free enabling root escalation. Google awarded $250,000 and $92,337 in bounties. Both vulnerabilities were patched in the mainline kernel, and administrators were urged to upgrade promptly. On 11 July 2026 Microsoft released a patch for CVE‑2026‑20871, a use‑after‑free flaw in the Windows Desktop Window Manager that could grant system‑level code execution. Independent project 0patch supplied additional micro‑patches for legacy Windows 10 and Windows 11 builds that are no longer receiving official updates. Ubuntu reiterated its Januscape mitigation guidance, confirming forthcoming kernel updates and recommending that operators disable nested virtualization on Intel and AMD x86_64 platforms until the patches are applied. Security teams continue to stress rapid deployment of all updates, especially for public‑cloud providers.

Timeline

  1. 2 days ago

    [TECHNOLOGY] 3 sources
    Linux kernel Januscape vulnerability threatens global data centers

    A 16‑year‑old Linux kernel flaw called Januscape lets a VM escape its host, risking data‑center breaches; major cloud providers have patched it.

  2. 6 days ago

    [TECHNOLOGY] 2 sources
    Security patches roll out for Windows DWM and Ubuntu Linux kernel privilege‑escalation bugs

    Patches for Windows DWM (CVE‑2026‑20871) and Ubuntu Linux kernel (CVE‑2026‑53359) mitigate local privilege‑escalation bugs; Windows fixes include micropatches for legacy versions, Ubuntu advises disabling KVM‑n

  3. 8 days ago

    [TECHNOLOGY] 4 sources
    Linux KVM “Januscape” VM Escape and GhostLock Vulnerabilities Patched

    Critical Linux kernel bugs—Januscape VM escape (CVE‑2026‑53359) and GhostLock privilege escalation (CVE‑2026‑43499)—have been patched after years of existence; upgrades are urged to protect cloud hosts.

  4. 14 days ago

    [TECHNOLOGY] 2 sources
    Linux Distributions Release Critical Security Patches

    Ubuntu, Red Hat and Debian released extensive kernel, OpenVPN, nginx and other Linux security patches to fix hundreds of vulnerabilities.

  5. 19 days ago

    [TECHNOLOGY] 2 sources
    Linux and Red Hat security updates expose record 1,888 vulnerabilities

    June’s Linux patch bulletin listed a record 1,888 flaws, including an actively exploited Chromium bug, while Red Hat released important updates for perl‑IO‑Compress and libxslt on RHEL 7/8.

Sources

avleonov.com · blog.0patch.com · hackaday.com · linuxcompatible.org · linuxsecurity.com · opensourceforu.com · sapo.pt · sempreupdate.com.br · spacemoney.com.br · thecyberexpress.com · ubuntulinux.org