RLSA-2026:0444 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: media: rc: fix races with imondisconnect CVE-2025-39993 kernel: sctp: avoid NULL dereference when chunk data buffer is missing CVE-2025-40240 kernel: libceph: fix potential use-after-free...

MGASA-2026-0012 Updated gimp packages fix security vulnerabilities

XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. CVE-2025-2760 FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. CVE-2025-2761 Multiple heap buffer overflows in tga parser. CVE-2025-48797 Multiple use after free in xcf parser. CVE-2025-48798 XWD File...

CVE-2021-47844

Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded JavaScript that execute system commands when opened, enabling remote code execution through mous...

OESA-2026-1115 gimp security update

The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...

SUSE CVE-2025-71139

In the Linux kernel, the following vulnerability has been resolved: kernel/kexec: fix IMA when allocation happens in CMA area Bug description When I tested kexec with the latest kernel, I ran into the following warning: 40.712410 ------------ cut here ------------ 40.712576 WARNING: CPU: 2 PID:...

PT-2026-3298

Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded JavaScript that execute system commands when opened, enabling remote code execution through mous...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000870)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000870 advisory. The xfsbuffind function in fs/xfs/xfsbuf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service NU...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003921)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003921 advisory. The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004116)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004116 advisory. In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in btrfsmapblock in...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004332)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004332 advisory. In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in btrfsmapblock in...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000613 advisory. The biomapuseriov and biounmapuser functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive...

MiracleLinux 4 : autofs-5.0.5-113.AXS4 (AXSA:2015-269:02)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2015-269:02 advisory. autofs is a daemon which automatically mounts filesystems when you use them, and unmounts them later when you are not using them. This can include network...

MiracleLinux 3 : autofs-5.0.1-0.rc2.177.0.1.AXS3 (AXSA:2013-77:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-77:01 advisory. autofs is a daemon which automatically mounts filesystems when you use them, and unmounts them later when you are not using them. This can include network...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003654)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003654 advisory. An issue was discovered in writetptentry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dmamapsingle a...

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.181-2.6.14.1.AXS4 (AXSA:2018-2999:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2999:02 advisory. OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass Hotspot, 8192025 CVE-2018-2814 OpenJDK: unrestricted deserialization of...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003623)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003623 advisory. The resvmaprelease function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service BUG via a crafted application that mak...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000827)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000827 advisory. The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, whic...

CVE-2026-23498

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...

kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()

A use-after-free vulnerability was found in the Ceph client session initialization in the Linux kernel. The havemonandosdmap function checks map epochs without holding the appropriate locks, racing with concurrent map updates that free the old map. This can result in dereferencing freed memory...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002201)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002201 advisory. The xfsbuffind function in fs/xfs/xfsbuf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service NU...