Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: arm-trusted-firmware (UTSA-2026-016603)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016603 advisory. Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of getext and authnvctr...

RLSA-2026:4760 Moderate: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2: Missing...

grub2 security update

An update is available for grub2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a...

RLSA-2025:3367 Important: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2: net:...

CVE-2026-40975

A flaw was found in Spring Boot. The $random.value property source utilizes a weak pseudo-random number generator PRNG, meaning the values it produces are not sufficiently random for use as cryptographic secrets. An attacker could potentially predict these values, which may lead to information...

CLSA-2025-1751297888 Update of shim-signed

Make this package installable on a system having an either Cloudlinux or RHEL7 signed kernel - SBAT variables are used now...

Astra Linux - уязвимость в grub2

A carefully crafted JPEG image may cause the JPEG reader to underflow its data pointer, allowing user-controlled data to be written into the heap. For the attack to succeed, the attacker must analyze the heap layout and create an image with malicious format and payloads. This vulnerability can le...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: srcu: Delegating tasks to the booting CPU when using SRCUSIZESMALL. The commit 994f706872e6 “srcu: Making the Tree SRCU capable of operating without the snpnode array” assumes that CPU 0 is always online. However, there are...

Astra Linux - уязвимость в u-boot

An integer overflow occurs in the ext4fsreadsymlink function in Das U-Boot before version 2025.01-rc1. This issue arises due to the use of the zalloc function, which adds one to a le32 variable. This occurs through a crafted ext4 file system with an inode size of 0xffffffff. As a result, the mall...

Astra Linux - уязвимость в u-boot

A issue was discovered in Das U-Boot during the period from 2019.07. There is an unbounded memcpy operation when parsing a UDP packet, due to an underflow of the netprocessreceivedpacket integer value during the ncinputpacket call...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: Regulator: Core – Fix for usecount leakage when handling boot-on. I discovered a leakage of usecount related to the supplying regulator of rdev when the boot-on option is used. ┌───────────────────┐ ┌───────────────────┐ │...

Astra Linux - уязвимость в u-boot

The U-Boot 2022.01 has a Buffer Overflow, a different issue compared to CVE-2022-30552...

Astra Linux - уязвимость в qemu

A bug in QEMU could cause a guest I/O operation that is normally directed to an arbitrary disk offset to be directed instead to offset 0. This could potentially overwrite the VM’s boot code. For example, this could be exploited by L2 guests who have a virtual disk vdiskL2 stored on the virtual di...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Regulator: da9211 – Use the irq handler when ready. If the system does not start from a reset state such as when it is in kexec mode, the regulator might have an IRQ waiting for processing. If we enable the IRQ handler before its...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: EXT4: Zeroing idisksize when initializing the bootloader inode If the bootloader inode has never been used before, the EXT4IOCSWAPBOOT inode will initialize it, including setting isize to 0. However, if the “never before used”...

Astra Linux - уязвимость в linux

The Linux kernel up to version 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database also known as dbx protection mechanism. This issue affects the certs/blacklist.c and certs/systemkeyring.c files...

Astra Linux – Vulnerability in grub2

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader improperly handles string conversions when reading information from a USB device, allowing an attacker to exploit inconsistencies in the length values. A local attacker can...

Astra Linux - уязвимость в edk2

The Ubuntu edk2 UEFI firmware packages accidentally allowed access to the UEFI Shell in Secure Boot environments, potentially enabling bypass of Secure Boot restrictions. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some earlier versions introduced a security measure base...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Avoid device tree lookups in rtasosterm. rtasosterm is called during panic. Its behavior depends on several conditions in the /rtas node of the device tree; traversing these nodes involves locking and changes to loc...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: The X86CR4FRED bit was removed from the CR4 pinned bits mask. The commit in “Fixes” added the FRED CR4 bit to the CR4 pinned bits mask, so that whenever other processes modify CR4, that bit remains set. This is a perfect...