Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read

Summary Fission runtime pods were created with ServiceAccountName: fission-fetcher, and the fission-fetcher ServiceAccount was granted namespace-wide get on secrets and configmaps it needs that to load function code, env vars, and config. The runtime pod's automounted token was reachable from...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: smb: client: Corrected the id, uid, and cruid values for multiuser automounts. When uid, gid, and cruid are not specified, we need to dynamically set them into the filesystem context used for automounting. Otherwise, they will en...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: NFS: Fixed an error in nfsdautomount When mounting from an NFSv4 reference, path-dentry may end up being a negative dentry. Therefore, the struct nfsserver structure is derived from the dentry itself instead...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed an DFS traversal error without CONFIGCIFSDFSUPCALL. When compiled with CONFIGCIFSDFSUPCALL disabled, cifsdfsdautomount is NULL. The logic for mapping CIFSFATTRDFSREFERRAL attributes to SAUTOMOUNT and corresponding...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021556)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021556 advisory. In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oops in nfsdautomount When mounting from a NFSv4 referral, path-dentry can end up bei...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: add NULL check in automountfullpath page is checked for null in buildpathfromdentryoptionalprefix when tcon-originfullpath is not set. However, the check is missing when it is set. Add a check to prevent a potential...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix the setting of capabilities when automounting a new filesystem Capabilities cannot be inherited when we cross into a new filesystem. They need to be reset to the minimal defaults, and then probed for again...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006762)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006762 advisory. In the Linux kernel, the following vulnerability has been resolved: NFS: Fix the setting of capabilities when automounting a new filesystem Capabilities cannot be...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38208)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38208 advisory. - In the Linux kernel, the following vulnerability has been resolved: smb: client: add NULL check in...

MiracleLinux 7 : systemd-219-42.el7.7 (AXSA:2018-2569:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-2569:02 advisory. A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of...

MiracleLinux 4 : firefox-60.2.0-1.0.1.AXS4 (AXSA:2018-3323:06)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-3323:06 advisory. Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 CVE-2018-12376 Mozilla: Use-after-free in driver timers CVE-2018-12377 Mozilla:...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003873)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003873 advisory. In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oops in nfsdautomount When mounting from a NFSv4 referral, path-dentry can end up bei...

kernel security update

4.18.0-553.92.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

CVE-2019-2787

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite subcomponent: Automount. Supported versions that are affected are 11.4 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via NFS to compromise Oracle Solaris. Successful...

CVE-2025-68764 NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags

In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock mount options, such as the "ro" flag...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the NFS automount file system not inheriting the ro, noexec, nodev, and sync flags, which could lead to...

PT-2026-1252

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to Network File System NFS automounting. Specifically, automounted filesystems do not consistently inherit superblock mount options like read-on...

Linux Distros Unpatched Vulnerability : CVE-2025-68764

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock moun...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992751)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992751 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: fix DFS traversal oops without CONFIGCIFSDFSUPCALL When compiled with CONFIGCIFSDFSUPCALL...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992244)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992244 advisory. In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oops in nfsdautomount When mounting from a NFSv4 referral, path-dentry can end up bei...