Get alerts on this situation
We’ll email you as it develops, and you can follow the whole thread from day one.
Unsubscribe anytime.
[SITUATION] · [ACTIVE]
5 clusters · 11 sources · 18 days · First seen · Last updated
Categories: TECHNOLOGY
Linux security vulnerabilities and patch response
Overview
In late June 2026 a security bulletin disclosed a record 1,888 Linux‑related vulnerabilities, including 324 kernel flaws and 728 in Chromium. Exploits such as CVE‑2026‑11645 targeted V8, while critical bugs were found in the Linux kernel, Apache ActiveMQ, Nextcloud, Squid and ImageMagick. Red Hat issued three errata for Enterprise Linux, urging updates to Perl‑IO‑Compress, libxslt and other components. Within days major distributions rolled out coordinated patches. Ubuntu and Red Hat updated kernels and core services (OpenVPN, OpenShift, Vim, nginx, cifs‑utils, LibVNCServer, nghttp2, Perl) to remediate privilege‑escalation and container issues. Debian LTS issued emergency advisories with new kernel packages for bullseye and bookworm, plus updated nginx and OpenVPN builds, covering more than 200 flaws. On 9 July 2026 Ubuntu published USN‑8492‑4, fixing dozens of kernel defects for Ubuntu 24.04 LTSS and derivatives, including two high‑severity bugs disclosed by researchers: Januscape (CVE‑2026‑53359), a KVM hypervisor use‑after‑free allowing guest‑to‑host code execution, and GhostLock (CVE‑2026‑43499), a futex use‑after‑free enabling root escalation. Google awarded $250,000 and $92,337 in bounties. Both vulnerabilities were patched in the mainline kernel, and administrators were urged to upgrade promptly. On 11 July 2026 Microsoft released a patch for CVE‑2026‑20871, a use‑after‑free flaw in the Windows Desktop Window Manager that could grant system‑level code execution. Independent project 0patch supplied additional micro‑patches for legacy Windows 10 and Windows 11 builds that are no longer receiving official updates. Ubuntu reiterated its Januscape mitigation guidance, confirming forthcoming kernel updates and recommending that operators disable nested virtualization on Intel and AMD x86_64 platforms until the patches are applied. Security teams continue to stress rapid deployment of all updates, especially for public‑cloud providers.
Timeline
-
2 days ago
[TECHNOLOGY] 3 sourcesLinux kernel Januscape vulnerability threatens global data centersA 16‑year‑old Linux kernel flaw called Januscape lets a VM escape its host, risking data‑center breaches; major cloud providers have patched it.
-
6 days ago
[TECHNOLOGY] 2 sourcesSecurity patches roll out for Windows DWM and Ubuntu Linux kernel privilege‑escalation bugsPatches for Windows DWM (CVE‑2026‑20871) and Ubuntu Linux kernel (CVE‑2026‑53359) mitigate local privilege‑escalation bugs; Windows fixes include micropatches for legacy versions, Ubuntu advises disabling KVM‑n
-
8 days ago
[TECHNOLOGY] 4 sourcesLinux KVM “Januscape” VM Escape and GhostLock Vulnerabilities PatchedCritical Linux kernel bugs—Januscape VM escape (CVE‑2026‑53359) and GhostLock privilege escalation (CVE‑2026‑43499)—have been patched after years of existence; upgrades are urged to protect cloud hosts.
-
14 days ago
[TECHNOLOGY] 2 sourcesLinux Distributions Release Critical Security PatchesUbuntu, Red Hat and Debian released extensive kernel, OpenVPN, nginx and other Linux security patches to fix hundreds of vulnerabilities.
-
19 days ago
[TECHNOLOGY] 2 sourcesLinux and Red Hat security updates expose record 1,888 vulnerabilitiesJune’s Linux patch bulletin listed a record 1,888 flaws, including an actively exploited Chromium bug, while Red Hat released important updates for perl‑IO‑Compress and libxslt on RHEL 7/8.
Sources
avleonov.com · blog.0patch.com · hackaday.com · linuxcompatible.org · linuxsecurity.com · opensourceforu.com · sapo.pt · sempreupdate.com.br · spacemoney.com.br · thecyberexpress.com · ubuntulinux.org