[SECURITY] Fedora 44 Update: rust-sccache-0.14.0-2.fc44

Sccache is a ccache-like tool. It is used as a compiler wrapper and avoids compilation when possible. Sccache has the capability to utilize caching in remote storage environments, including various cloud storage options, or alternatively, in local storage...

golang: cmd/compile: possible memory corruption after bound check elimination

A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially...

golang: cmd/compile: no-op interface conversion bypasses overlap checking

A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data...

golang: cmd/compile: possible memory corruption after bound check elimination

A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially...

CVE-2026-41197

Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA...

CVE-2026-41197

CVE-2026-41197 concerns Brillig/Noir: a bug in allocate_foreign_call_result_array when handling nested arrays (e.g., [(u32,u32);3]) during foreign calls. The code discards inner element types and uses the semantic length of the nested array, yielding under-allocation of semi-flattened size for co...

@marko/compiler (=5.0.0-next.0), @marko/translator-default (=5.0.0-next.0) +1 more potentially affected by CVE-2026-41591 via marko (>=5.0.0-next.0 <=5.20.9)

marko NPM version =5.0.0-next.0, =1.1.4, =1.2.1 Source cves: CVE-2026-41591 Source advisory: SNYK:JS-MARKO-16421453...

GHSA-JJ7C-X25R-R8R3 Brillig: Heap corruption in foreign call results with nested tuple arrays

Description Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructions are processed block-by-block in BrilligBlock::compileblock. When the compiler encounters an Instruction::Call with a Value::ForeignFunction target, it invokes...

Adding Compilation Metadata to Binaries to Make Disassembly Decidable

The binary executable format is the standard method for distributing and executing software. Yet, it is also as opaque a representation of software as can be. If the binary format were augmented with metadata that provides security-relevant information, such as which data is intended by the...

SUSE-SU-2026:21357-1 Security update for rust1.94

This update for rust1.94 fixes the following issues: Changes in rust1.94: - Don't force gcc-15 on SLE-16 and higher bsc1261876 Update to rust1.94.1: - Release notes can be found externally: https://github.com/rust-lang/rust/releases/tag/1.94.1 - Avoid unwrapping varint decoding during parameters...

OPENSUSE-SU-2026:20571-1 Security update for go1.26

This update for go1.26 fixes the following issues: - Update to version go1.26.2 bsc1255111. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. - CVE-2026-27144:...

BIT-GOLANG-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile

The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corruption at runtime...

BIT-GOLANG-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile

Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rust1.93 (SUSE-SU-2026:1415-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1415-1 advisory. Security issue: - CVE-2026-31812: denial of service via crafted QUIC initial packet bsc1259623. Non...

Security update for rust1.93

This update for rust1.93 fixes the following issues: Security issue: CVE-2026-31812: denial of service via crafted QUIC initial packet bsc1259623. Non security issue: Resolve missing gcc requirement that may affect some crate buildin bsc1253321. Patch Instructions: To install this SUSE update use...

LLM4C2Rust: Large Language Models for Automated Memory-Safe Code Transpilation

Memory safety has long been a critical challenge in software engineering, particularly for legacy systems written in memory-unsafe languages such as C and C++. Rust, one of the youngest modern programming languages, offers built-in memory-safety guarantees that make it a strong candidate for secu...

JLSEC-2026-117

GNU Bison before 3.5.4 allows attackers to cause a denial of service application crash. NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google. A type confusion vulnerability exists in Google Chrome's Turbofan compiler. The vulnerability stems from Turbofan's failure to properly handle types in certain JavaScript code, which can be exploited by an attacker to execute arbitrary code in t...

Ubuntu: Security Advisory (USN-8168-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the apiCall servicecall helper. An attacker can obtain sensitive service account tokens by crafting a policy that triggers an outbound request without an explicit Authorization...