SUSE-SU-2026:0039-1 Security update for qemu

This update for qemu fixes the following issues: - CVE-2024-6505: qemu-kvm: virtio-net: Fixed queue index out-of-bounds access in software RSS bsc1227397 - CVE-2025-12464: net: pad packets to minimum length in qemureceivepacket bsc1253002 - CVE-2025-11234: qemu-kvm: Fixed use-after-free in...

ALPINE-CVE-2023-38545

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host na...

Vulnerability fixed in libcurl

There is a vulnerability in the SOCKS5 proxy handshake of libcurl. A malicious party could potentially exploit the vulnerability to cause a crash in the application using libcurl. To perform this attack successfully, several conditions must be met such as using a SOCKS5 proxy, the use of a long...

DEBIAN-CVE-2017-3737

OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the...

UBUNTU-CVE-2017-3737

OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the...

netscape_ssl_bug.txt

Subject: Netscape Enterprise Server SSL Handshake Bug To: [email protected] Hi everybody, There exists a SSL handshake bug in Netscape Enterprise Server that can be exploited to crash the server. Netscape has confirmed this, and they also told me that another person reported this to them...