Astra Linux - уязвимость в linux

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP does not require that all fragments of a frame be encrypted with the same key. An adversary can exploit this weakness to decrypt selected fragments when another device sends fragmented...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iouring: Fixed the issue of releasing pinned pages when iouaddrmap fails. Looking at the error path of iouaddrmap, if we fail to pin the pages for any reason, ret will be set to -EINVAL, and the error handler will not properly...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: virtio-net: fixed an overflow issue within virtnetrqalloc. When a fragment receives a single page, it may lead to regressions in the virtual machine. This issue is particularly significant if the sysctl...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fixed an issue where stack out-of-bounds reading occurred when fragmenting IPv4 packets. When running openvswitch on kernels built with KASAN, it is possible to observe the following error during the testing of IPv4...

Astra Linux - уязвимость в linux

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP does not require that received fragments be cleared from memory after reconnecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted usin...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

The fix for XSA-423 added logic to the Linux’s netback driver to handle cases where a packet is split by a frontend, resulting in not all of the headers being together in one piece. Unfortunately, the introduced logic did not account for the extreme case where the entire packet is split into as...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mac80211: fixed use-after-free in CCMP/GCMP RX When PN checking is performed in mac80211, for fragmentation purposes, we need to copy the PN into the RX struct so that it can be used later for comparison. In the commit...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k – decreasing the MHI channel buffer length to 8KB Currently, the buflen field of ath11kmhiconfigqca6390 is set to 0, causing MHI to use the default size of 64KB to allocate channel buffers. This may lead to failures ...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: Fixed a memory leak in skbSegmentList for GRO packets When skbSegmentList is called during packet forwarding, it handles packets that were aggregated by the GRO engine. Historically, the segmentation logic in skbSegmentList...

SUSE SLES15 Security Update : kernel (SUSE-SU-2026:1840-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1840-1 advisory. The SUSE Linux Enterprise 15 SP6 kernel was updated to fix the following issue: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt...

OESA-2026-2334 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

OESA-2026-2332 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

The Authorization-Execution Gap Is a Major Safety and Security Problem in Open-World Agents

This position paper argues that the Authorization-Execution Gap AEG is a major safety and security problem in open-world agents. The AEG is the divergence between what a principal intends to authorize and what an open-world agent ultimately executes. Because such agents act autonomously across...

CLSA-2026-1778261513 Update of alt-php

Miscellaneous Ubuntu changes - Packaging: add tuxcare suffix Miscellaneous upstream changes - xfrm: esp: avoid in-place decrypt on shared skb frags - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present...

SUSE CVE-2026-43036

In the Linux kernel, the following vulnerability has been resolved: net: use skbheaderpointer for TCPv4 GSO fragoff check Syzbot reported a KMSAN uninit-value warning in gsofeaturescheck called from netifskbfeatures 1. gsofeaturescheck reads iph-fragoff to decide whether to clear mangleidfeatures...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid infinite loops when trying to resize the local TT. If the MTU of one of the attached interfaces becomes too small to transmit the local translation table, then it must be resized to fit within all fragments when...

CVE-2026-42786

CVE-2026-42786 describes an unbounded memory growth problem in Bandit’s WebSocket fragment reassembly: per-connection iolists accumulate payloads from Continuation frames (fin: false) without a cumulative size cap, while max_frame_size only bounds individual frames. Since accumulation happens bef...

CVE-2026-43036

Summary (CVE-2026-43036) : The issue resides in the Linux kernel networking path, where gso_features_check() read IPv4 header offsets (iph->frag_off) in a way that could dereference uninitialized data when packets are injected via PF_PACKET paths. The root cause is unsafe header dereferencing ...

CVE-2026-31588

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Use scratch field in MMIO fragment to hold small write values When exiting to userspace to service an emulated MMIO write, copy the to-be-written value to a scratch field in the MMIO fragment if the size of the data...

CVE-2026-31517

A flaw was found in the Linux kernel's IP-TFS IP-Transparent Fragmentation Service subsystem. A remote attacker could send specially crafted network packets that, during the reassembly process, cause the kernel to attempt an invalid operation on a network buffer. This improper handling of network...