Greg Kroah-Hartman has announced the 7.0.8, 6.18.31, 6.12.89, 6.6.139, 6.1.173, 5.15.207, and 5.10.256 stable kernels. These kernels contain a patch for CVE-2026-46333 a vulnerability reported by the Qualys Security Advisory team, though Jann Horn proposed a patch in 2020. The vulnerability has a proof-of-concept exploit published already. Some of the kernels have additional patches for other bugs; as always, users are advised to upgrade.

Security updates have been issued by Debian (ffmpeg, gsasl, nodejs, postgresql-15, postgresql-17, python3.9, and thunderbird), Fedora (expat, firefox, freerdp, GitPython, kernel, php, rust-podman-sequoia, rust-rpm-sequoia, rust-sequoia-chameleon-gnupg, rust-sequoia-git, rust-sequoia-keystore-server, rust-sequoia-octopus-librnp, rust-sequoia-openpgp, rust-sequoia-sop, rust-sequoia-sq, and rust-sequoia-sqv), Mageia (awstats, libreoffice, perl-HTTP-Tiny, and tomcat), Oracle (corosync, freerdp, gimp, git-lfs, glib2, jq, kernel, krb5, libsoup3, libtiff, openexr, thunderbird, uek-kernel, and yggdrasil), Red Hat (podman and skopeo), SUSE (amazon-ssm-agent, avahi, c-ares, cairo, containerd, cpp-httplib, dnsmasq, dovecot24, ffmpeg-4, firefox, helm, ImageMagick, iproute2, kernel, krb5, libtpms, ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu, openCryptoki, openssh, perl-Text-CSV_XS, php8, python-lxml, python-Twisted-doc, python311-click, python311-GitPython, rclone, regclient, and syncthing), and Ubuntu (avahi).