RLSA-2026:20568 Important: jmc security update

JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis of the extensive data collected by JDK Flight Recorder. The tool chain enables developers and administrators to collect and analyze data from Java applications...

jmc security update

An update is available for jmc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced s...

RockyLinux 9 : jmc (RLSA-2026:20568)

The remote RockyLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:20568 advisory. lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing CVE-2025-66566 org.eclipse.jetty/jetty-http: HTTP request smuggling v...

Security Bulletin: Multiple security vulnerabilities addressed with IBM Business Automation Workflow cumulative fixes May 2026

Summary In addition to updating many operating system level packages, the following security vulnerabilities are addressed with IBM Business Automation Workflow cumulative fixes. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and...

SUSE CVE-2026-45999

In the Linux kernel, the following vulnerability has been resolved: erofs: fix unsigned underflow in zerofslz4handleoverlap Some crafted images can have illegal !partialdecoding && mllen out access reads past the decompressedpages array. However, such crafted cases can correctly result in a...

CVE-2026-45999

A flaw was found in the Linux kernel's EROFS Enhanced Read-Only File System component. A local user could provide a specially crafted EROFS image that triggers an unsigned underflow in the zerofslz4handleoverlap function during LZ4 inplace decompression. This vulnerability allows the system to re...

CVE-2026-45999

In the Linux kernel, the following vulnerability has been resolved: erofs: fix unsigned underflow in zerofslz4handleoverlap Some crafted images can have illegal !partialdecoding && mllen out access reads past the decompressedpages array. However, such crafted cases can correctly result in a...

UBUNTU-CVE-2026-45999

In the Linux kernel, the following vulnerability has been resolved: erofs: fix unsigned underflow in zerofslz4handleoverlap Some crafted images can have illegal !partialdecoding && mllen out access reads past the decompressedpages array. However, such crafted cases can correctly result in a...

EUVD-2026-32295

In the Linux kernel, the following vulnerability has been resolved: erofs: fix unsigned underflow in zerofslz4handleoverlap Some crafted images can have illegal !partialdecoding && mllen out access reads past the decompressedpages array. However, such crafted cases can correctly result in a...

CVE-2026-45999

In the Linux kernel, the following vulnerability has been resolved: erofs: fix unsigned underflow in zerofslz4handleoverlap Some crafted images can have illegal !partialdecoding && mllen out access reads past the decompressedpages array. However, such crafted cases can correctly result in a...

PT-2026-43866

In the Linux kernel, the following vulnerability has been resolved: erofs: fix unsigned underflow in z erofs lz4 handle overlap Some crafted images can have illegal !partial decoding && m llen out access reads past the decompressed pages array. However, such crafted cases can correctly result in ...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an unsigned overflow in the zerofslz4handleoverlap function within erofs. This vulnerability may...

Linux Distros Unpatched Vulnerability : CVE-2026-45999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: fix unsigned underflow in zerofslz4handleoverlap Some crafted images can have illegal !partialdecoding && mllen out access reads past the decompressedpag...

CVE-2026-45999

erofs: fix unsigned underflow in zerofslz4handleoverlap...

RHEL 9 : jmc (RHSA-2026:20568)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20568 advisory. JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis o...

lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing

A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...

Important: Red Hat Security Advisory: jmc security update

An update for jmc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: erofs: Fixed a memory leak caused by LZMA global compressed deduplication. When testing microLZMA EROFS images with the new global compressed deduplication feature enabled -Ededupe, I discovered that some short-lived temporary...

Updated firefox & thunderbird packages fix security vulnerabilities

LZ4 compression library issue. CVE-2025-62813 libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. CVE-2026-32776 libexpat before 2.7.5 allows an infinite loop while parsing DTD content. CVE-2026-32777 libexpat before 2.7.5 allows a NULL pointer...

MGASA-2026-0145 Updated firefox & thunderbird packages fix security vulnerabilities

LZ4 compression library issue. CVE-2025-62813 libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. CVE-2026-32776 libexpat before 2.7.5 allows an infinite loop while parsing DTD content. CVE-2026-32777 libexpat before 2.7.5 allows a NULL pointer...