Unity Linux 20.1060e / 20.1070e Security Update: rubygem-addressable (UTSA-2026-016622)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016622 advisory. Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability...

SUSE SLES15 Security Update : rmt-server (SUSE-SU-2026:1745-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1745-1 advisory. Update to version 2.27. Security issues fixed: - CVE-2026-26961: rack: greedy multipart boundary parsing can lead to parser...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in addressable-2.5.2.gem

Summary IBM Watson Discovery Cartridge affected by vulnerability in addressable-2.5.2.gem Vulnerability Details CVEID:CVE-2026-35611 DESCRIPTION: Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the...

Security update for rmt-server

This update for rmt-server fixes the following issues: Update to version 2.27. Security issues fixed: CVE-2026-26961: rack: greedy multipart boundary parsing can lead to parser differentials and WAF bypass bsc1261398. CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead t...

SUSE-SU-2026:1745-1 Security update for rmt-server

This update for rmt-server fixes the following issues: Update to version 2.27. Security issues fixed: - CVE-2026-26961: rack: greedy multipart boundary parsing can lead to parser differentials and WAF bypass bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can le...

EUVD-2026-27690

In the Linux kernel, the following vulnerability has been resolved: ima: verify the previous kernel's IMA buffer lies in addressable RAM Patch series "Address page fault in imarestoremeasurementlist", v3. When the second-stage kernel is booted via kexec with a limiting command line such as "mem="...

CVE-2026-43129

In the Linux kernel, the following vulnerability has been resolved: ima: verify the previous kernel's IMA buffer lies in addressable RAM Patch series "Address page fault in imarestoremeasurementlist", v3. When the second-stage kernel is booted via kexec with a limiting command line such as "mem="...

CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM

In the Linux kernel, the following vulnerability has been resolved: ima: verify the previous kernel's IMA buffer lies in addressable RAM Patch series "Address page fault in imarestoremeasurementlist", v3. When the second-stage kernel is booted via kexec with a limiting command line such as "mem="...

CVE-2026-43129

The CVE-2026-43129 issue stems from the Linux kernel IMA subsystem: when booting a second-stage kernel via kexec with a memory-limited command line, the IMA measurement buffer from the previous kernel could lie outside the new kernel’s addressable RAM, causing an early-page fault on x86_64. The f...

CVE-2026-43129

In the Linux kernel, the following vulnerability has been resolved: ima: verify the previous kernel's IMA buffer lies in addressable RAM Patch series "Address page fault in imarestoremeasurementlist", v3. When the second-stage kernel is booted via kexec with a limiting command line such as "mem="...

PT-2026-37469

In the Linux kernel, the following vulnerability has been resolved: ima: verify the previous kernel's IMA buffer lies in addressable RAM Patch series "Address page fault in ima restore measurement list", v3. When the second-stage kernel is booted via kexec with a limiting command line such as...

Important Photon OS Security Update - PHSA-2026-5.0-0835

Updates of 'rubygem-addressable' packages of Photon OS have been released...

Critical Photon OS Security Update - PHSA-2026-4.0-1005

Updates of 'erlang', 'rubygem-addressable' packages of Photon OS have been released...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: rubygem-addressable (UTSA-2026-014268)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014268 advisory. Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template...

OESA-2026-1967 rubygem-addressable security update

Addressable is a replacement for the URI implementation that is part of Ruby's standard library. It more closely conforms to the relevant RFCs and adds support for URI and URL templates. Security Fixes: Within the URI template implementation in Addressable, two classes of URI template generate...

Security Bulletin: Multiple Vulnerabilities in IBM Aspera Faspex

Summary Multiple Vulnerabilities were addressed in IBM Aspera Faspex 5.0.15.1 Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking...

CVE-2026-35611 affecting package rubygem-addressable for versions less than 2.9.0-1

CVE-2026-35611 affecting package rubygem-addressable for versions less than 2.9.0-1. An upgraded version of the package is available that resolves this issue...

Addressable has a Regular Expression Denial of Service in Addressable templates

...

SUSE CVE-2026-35611

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking...

CVE-2026-35611

A flaw was found in Addressable. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing a maliciously crafted Uniform Resource Identifier URI to the URI template implementation. Specifically, certain URI templates using the explode modifier or multiple variables...