Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : GnuTLS vulnerabilities (USN-8284-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8284-1 advisory. Joshua Rogers discovered that GnuTLS did not properly handle malformed DTLS handshake fragments in certain cases. A remot...

PT-2026-42397

Name of the Vulnerable Software and Affected Versions FreeBSD libcasper3 affected versions not specified Description libcasper3 communicates with helper processes via UNIX domain sockets and utilizes the select2 system call to wait for available data. The software fails to verify if the socket...

OPENSUSE-SU-2026:10836-1 perl-Crypt-SaltedHash-0.110.0-1.1 on GA media

These are all security issues fixed in the perl-Crypt-SaltedHash-0.110.0-1.1 package on the GA media of openSUSE Tumbleweed...

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corrupti...

SUSE-SU-2026:2024-1 Security update for openssh

This update for openssh fixes the following issues...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: The X86CR4FRED bit was removed from the CR4 pinned bits mask. The commit in “Fixes” added the FRED CR4 bit to the CR4 pinned bits mask, so that whenever other processes modify CR4, that bit remains set. This is a perfect...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm: zynqmpdp: Fixed integer overflow in zynqmpdprateget This patch addresses a potential integer overflow in zynqmpdprateget. The issue arises when the expression drmdpbwcodetolinkratedp-test.bwcode 10000 is evaluated using 32-b...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: added vlangetprotocolanddepth helper. Previously, skbmaypull was used instead of skbheaderpointer in vlangetprotocol and related functions. Few calls relied on skb-head being populated with the MAC header. syzbot detected on...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Thermal/debugfs: Fixed two locking issues related to the thermal zone debug. With the current locking mechanism for thermal zones in the debugfs code, user space can open the “mitigations” file for a thermal zone before the...

Astra Linux - уязвимость в linux-5.10, linux

Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights from resources. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The backends that use these interfaces may n...

Astra Linux - уязвимость в libssh

A flaw was discovered in the abstract layer of the libssh library responsible for message digest MD operations, which is implemented by different supported crypto backends. The return values from these operations were not properly checked, which could lead to low-memory situations, NULL...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: gfs2: Check sbbsizeshift after reading the superblock. Fuzzers often modify sbbsizeshift, but in reality it’s very unlikely that this field would be corrupted on its own. Nevertheless, it should still be checked to avoid potentia...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: irqchip/gic-v3-its: Quirk probing for ACPI-based systems has been restored. While refactoring the way ITSs are probed, the handling of quirks applicable to ACPI-based platforms was lost. As a result, systems like HIP07 lose...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: iouring: Fixed the issue where multishot accept requests could lead to leaks. Setting REQFPOLLED does not guarantee that the request will be executed as a multishot from the polling path. Fortunately, if the code misidentifies...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

CVE-2026-34754

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2...

Quality and Security Signals in AI-Generated Python Refactoring Pull Requests

As AI agents increasingly contribute to code development and maintenance, there is still limited empirical evidence on the quality and risk characteristics of their changes in real-world projects, particularly for refactoring-oriented contributions. It remains unclear how agent-authored refactori...

HCL BigFix Service Management 安全漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management has a security vulnerability, which stems from configuration issues. Using outdated or insecure base images may introduce known vulnerabilitie...

Mantis Bug Tracker 信息泄露漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.1 contained a vulnerability related to information leakage. This vulnerability stemmed from allowing incorrect annotators to access the revised pages of...

Ubuntu 22.04 LTS : Linux kernel (Xilinx ZynqMP) vulnerabilities (USN-8275-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8275-1 advisory. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission chec...