SUSE-SU-2026:21980-1 Security update for rsync

This update for rsync fixes the following issues - CVE-2025-10158: Out of bounds array access via negative index bsc1254441. - CVE-2026-29518: Symlink-Race TOCTOU in Daemon use chroot = no bsc1264511. - CVE-2026-41035: count of entries mismatch can lead to a use-after-free bsc1262223. -...

Security update for rsync

This update for rsync fixes the following issues CVE-2026-29518: Symlink-Race TOCTOU in Daemon bsc1264511. CVE-2026-43617: Authorization Bypass via Hostname Resolution bsc1264515. CVE-2026-43618: Integer Overflow Information Disclosure bsc1264512. CVE-2026-43620: Out-of-Bounds Array Read via...

Rsync < 3.4.3 Authorization Bypass via Hostname Resolution

...

CVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname Resolution

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...

CVE-2026-43617

CVE-2026-43617 affects rsync

PT-2026-38308

Name of the Vulnerable Software and Affected Versions MISP Modules versions prior to 3.0.7 Description Unsafe remote resource fetching exists in expansion modules. The html to markdown module accepts arbitrary HTTPS URLs without sufficient validation, enabling Server-Side Request Forgery SSRF—a...

CVE-2026-33953 LinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAce

LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user t...

UBUNTU-CVE-2025-34468

libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentiall...

EUVD-2006-3410

Malware in sbrugna...

EUVD-2021-26822

Malware in sbrugna...

EUVD-2002-1733

Malware in sbrugna...

EUVD-2022-0518

Malicious code in bioql PyPI...

EUVD-2022-0457

Malicious code in bioql PyPI...

SUSE CVE-2025-8283

A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be us...

ALSA-2025:10862 Important: java-1.8.0-openjdk security update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: JDK: Better Glyph drawing CVE-2025-30749 JDK: Enhance TLS protocol support CVE-2025-30754 JDK: Improve scripting supports CVE-2025-30761 JDK: Better Glyp...

Bug fix of NetworkManager

1:1.40.16-18.0.1 - disable MPTCP handling by default Orabug: 35081472 - Fix ignore-carrier logic Orabug: 34956744 - Disable regeneration of the documentation Orabug: 34712048 - add connectivity check via Oracle servers Orabug: 32051972 - Disable the build of NetworkManager-config-connectivity-...

GO-2022-0389 Unchecked hostname resolution could allow access to local network resources by users outside the local network in github.com/pterodactyl/wings

Unchecked hostname resolution could allow access to local network resources by users outside the local network in github.com/pterodactyl/wings...

kernel: keys: Fix linking a duplicate key to a keyring's assoc_array

A race condition was found in the Linux kernel's keyring subsystem. When concurrent DNS queries resolve the same hostname, a duplicate index key can be created in the keyring's assocarray. The assocarray implementation has a BUGON check that detects this invalid state, causing a kernel crash. Thi...

Updated the curl packages to fix two security vulnerabilities

curl/libcurl is vulnerable to a heap buffer overflow in its SOCKS5 support that could be exploited by a remote web server when curl is configured to use a SOCKS5 proxy with remote hostname resolution. libcurl is vulnerable to a cookie injection attack where a local attacker can inject cookies int...

The vulnerability of the alarm() and siglongjmp() functions in the command-line utility cURL allows a hacker to trigger a service failure.

The vulnerability of the alarm and siglongjmp functions in the command-line utility cURL is related to improper synchronization during the resolution of host names. Exploiting this vulnerability can allow a remote attacker to cause service failures...