Security update for helm (important)

openSUSE security update: security update for helm ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20860-1 Rating: important References: bsc1265428 bsc1265758 Cross-References: CVE-2026-33814 CVE-2026-41888 CVSS scores: CVE-2026-33814 SUSE : 7.5...

SUSE-SU-2026:21915-1 Security update for helm

This update for helm fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. - CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled configuration...

OPENSUSE-SU-2026:10877-1 helm3-3.21.0-2.1 on GA media

These are all security issues fixed in the helm3-3.21.0-2.1 package on the GA media of openSUSE Tumbleweed...

SUSE SLES15 Security Update : helm (SUSE-SU-2026:2049-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2049-1 advisory. This update for helm fixes the following issues Security issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2...

Security update for helm

This update for helm fixes the following issues Security issues: CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled...

SUSE-SU-2026:2049-1 Security update for helm

This update for helm fixes the following issues Security issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. - CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled...

Astra Linux - уязвимость в freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, xfPointerNew would free cursorPixels if there was a failure. After that, pointerfree would call xfPointerFree to free it again, which could trigger an ASan UAF. A malicious server could exploit this...

Astra Linux - уязвимость в freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, deleting offscreen bitmaps caused gdi-drawing to point to freed memory, leading to UAF when related update packets arrived. A malicious server could trigger client-side use after the objects were freed,...

Astra Linux - уязвимость в freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurred in the decoding process of the ClearCodec band when crafted band coordinates allowed writes beyond the end of the destination surface buffer. A malicious server...

Astra Linux - уязвимость в freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing relied on cbData/remaining length, and never validated against the minimum size implied by cx/cy. A malicious server could trigger a client-side global buffer overflow, resulting in a crash...

Astra Linux - уязвимость в freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when glyphData was present, cleardecompress called freerdpimagecopynooverlap without validating the destination rectangle. This allowed out-of-bounds read/writing through crafted RDPGFX surfac...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-010662)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010662 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts cbData/remaining length and never validates agains...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007205)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007205 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,freerdpbitmapdecompressplanar does not validate nSrcWidth/nSrcHeight against...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007190)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007190 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode pa...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007207)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007207 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when glyphData is present, cleardecompress calls...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-006313)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006313 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode pa...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-006321)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006321 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory,...

WordPress Happy Addons for Elementor plugin <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Post Duplication via 'postid' Parameter vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Happy Addons for Elementor versions = 3.21.0...

Amazon Linux 2 : freerdp, --advisory ALAS2-2026-3162 (ALAS-2026-3162)

The version of freerdp installed on the remote host is prior to 2.11.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3162 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,freerdpbitmapdecompressplanar do...

Important: freerdp

Issue Overview: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,freerdpbitmapdecompressplanar does not validate nSrcWidth/nSrcHeight against planar-maxWidth/maxHeight before RLE decode. A malicious server can trigger a client-side heap buffer overflow,...