JLSEC-2026-606

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

RLSA-2026:23360 Important: bind9.16 security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

Ubuntu 25.10 / 26.04 LTS : OpenJDK 26 vulnerabilities (USN-8341-1)

The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8341-1 advisory. Thomas Beckers discovered that the JAXP component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker...

Ubuntu 25.10 / 26.04 LTS : CRaC JDK 25 vulnerabilities (USN-8334-1)

The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8334-1 advisory. Thomas Beckers discovered that the JAXP component of CRaC JDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker...

USN-8339-1 openjdk-25 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

USN-8334-1 openjdk-25-crac vulnerabilities

Thomas Beckers discovered that the JAXP component of CRaC JDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...

USN-8333-1 openjdk-21-crac vulnerabilities

Thomas Beckers discovered that the JAXP component of CRaC JDK 21 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...

USN-8327-1 openjdk-17 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

BIND 9 server memory exhaustion during GSS-API TKEY negotiation

...

EUVD-2026-31260

Concurrency and locking defects in GSS-TSIG...

CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

CVE-2026-3039 BIND 9 server memory exhaustion during GSS-API TKEY negotiation

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through the SSL or GSS negotiation process. An attacker can cause the service to become unresponsive by triggering uncontrolled recursion when connecting to an AFUNIX socket. If both SSL and GSS are disabled, the...

CVE-2026-6479

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

CVE-2026-6479

CVE-2026-6479 affects PostgreSQL: uncontrolled recursion during SSL/GSS negotiation can cause sustained denial of service. Affected are versions older than 18.4, 17.10, 16.14, 15.18, and 14.23. An attacker connected to a PostgreSQL AF_UNIX socket can trigger the issue; if SSL and GSS are both dis...

CLSA-2026-1778490111 libssh: Fix of CVE-2026-0966

CVE-2026-0966: fix heap buffer underflow in sshgethexa on NULL or zero-length input, remotely reachable via GSSAPI authentication logging...

PT-2026-36775

Name of the Vulnerable Software and Affected Versions mutt versions prior to 2.3.2 Description The imap auth gss security level is mishandled. Recommendations Update to version 2.3.2...

openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables

A flaw was found in the OpenSSH GSSAPI Generic Security Service Application Program Interface delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the...

openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables

A flaw was found in the OpenSSH GSSAPI Generic Security Service Application Program Interface delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the...

[SECURITY] Fedora 42 Update: libgsasl-1.10.0-15.fc42

The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms...