Multiple vulnerabilities have been discocvered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code. For the stable distribution (trixie), these problems have been fixed in version 4.4.13-0+deb13u1.

An update that solves 6 vulnerabilities and has 6 bug fixes can now be installed.

An update that solves 2 vulnerabilities and has one bug fix can now be installed.

An update that solves 4 vulnerabilities can now be installed.

zabbix a popular network monitoring solution was affected by a vulnerabilty. Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution.

Update to 144.0.7559.132 * CVE-2026-1861: Heap buffer overflow in libvpx * CVE-2026-1862: Type Confusion in V8

Most Linux outages that get labeled as ''security issues'' are not breaches. They are TLS failures that sit quietly until a renewal expires, a client updates, or a service starts refusing connections for reasons that look unrelated at first. By the time users notice, traffic has already stopped, and the only clue is a vague handshake error buried in a log file.

Linux security is not about stacking tools and hoping for the best. It comes down to deliberate configuration, steady maintenance, and systems that can withstand real-world pressure.

Most of us don't decide to deploy AppArmor. We inherit it. It's already enabled on the system, already loaded at boot, and already assumed to be doing something useful. Over time, it fades into the background. That's usually when it starts to matter.

Most of us meet SELinux when something breaks. A service won't start, a port won't bind, a perfectly reasonable file write gets blocked, and the quickest path back to green looks like turning it off. That first experience sticks, and it shapes how people talk about SELinux afterward.

I keep seeing Rust show up in places it never could have five years ago. Kernel-adjacent tools. Security agents. Parsers that used to be a pile of careful C and comments warning you not to touch anything. It's not because developers suddenly got more patient or because everyone decided memory safety was fun. The cost equation changed, and AI coding is a big part of why.

Linux servers already have package managers. For most admins, that creates an assumption that patching is largely solved. Run updates, reboot when needed, move on. In small environments, that can feel true for a long time. Then the environment grows, security advisories start landing more often, and someone asks a simple question you cannot answer cleanly: Which systems are actually patched right now?