SUSE CVE-2026-46306

In the Linux kernel, the following vulnerability has been resolved: flowdissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow...

EUVD-2026-35171

In the Linux kernel, the following vulnerability has been resolved: flowdissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow...

CVE-2026-46306

CVE-2026-46306 affects the Linux kernel where the flow_dissector incorrectly dissects PPPoE PFC frames. The root cause is handling a compressed (1-byte) Protocol Field Compression (PFC) in PPPoE, which shifts the subsequent PPP payload by one byte, causing a 4-byte network-header misalignment and...

Linux Distros Unpatched Vulnerability : CVE-2026-46085

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rxrpc: Fix rxkad crypto unalignment handling Fix handling of a packet with a misaligned crypto length. Also handle non-ENOMEM errors from decryption by aborting...

CVE-2026-46085

A flaw was found in the Linux kernel's rxrpc subsystem, specifically in the rxkad crypto unalignment handling. A remote attacker could send a specially crafted packet with a misaligned crypto length. This improper handling could lead to system instability or a denial of service DoS due to incorre...

EUVD-2026-32468

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxkad crypto unalignment handling Fix handling of a packet with a misaligned crypto length. Also handle non-ENOMEM errors from decryption by aborting. Further, remove the WARNONONCE so that it can't be remotely trigger...

CVE-2026-46085 rxrpc: Fix rxkad crypto unalignment handling

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxkad crypto unalignment handling Fix handling of a packet with a misaligned crypto length. Also handle non-ENOMEM errors from decryption by aborting. Further, remove the WARNONONCE so that it can't be remotely trigger...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper handling of misaligned memory during the creation of the AppArmor table. This...

DEBIAN-CVE-2026-48684

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the NetFlow v9 options template parser. In processnetflowv9optionstemplate src/netflowplugin/netflowv9collector.cpp, the scope parsing loop lines 224-229 iterates until scopesoffset reaches the attacker-controlled...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: virtionet: Fixed a misalignment bug in struct virtnetinfo. Use the new TRAILINGOVERLAP helper to fix the misalignment bug, along with the following warning: drivers/net/virtionet.c:429:46: warning: The structure containing a...

CVE-2026-43254 ovpn: tcp - fix packet extraction from stream

In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - fix packet extraction from stream When processing TCP stream data in ovpntcprecv, we receive large cloned skbs from strprcv that may contain multiple coalesced packets. The current implementation has two bugs: 1. Head...

PT-2026-37594

In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - fix packet extraction from stream When processing TCP stream data in ovpn tcp recv, we receive large cloned skbs from strp rcv that may contain multiple coalesced packets. The current implementation has two bugs: 1...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from issues with header offset overflow and protocol header misalignment during the extraction of data...

OPENSUSE-SU-2026:20605-1 Security update for openexr

This update for openexr fixes the following issues: - CVE-2026-34379: misaligned memory write during file decoding can cause a denial of service bsc1261621. - CVE-2026-34380: lack of proper check can lead to integer overflow in image decoding bsc1261622. - CVE-2026-34588: crafted EXR file can lea...

CVE-2026-40613

A flaw was found in coturn, an open-source implementation of TURN and STUN servers. Unsafe pointer casts in the STUN Session Traversal Utilities for NAT and TURN Traversal Using Relays around NAT attribute parsing functions can lead to misaligned memory reads. An unauthenticated remote attacker c...

CVE-2026-40613 Coturn: Misaligned Memory Access in coturn STUN Attribute Parser (Remote DoS on ARM64)

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform unsafe pointer casts from uint8t to uint16t without alignment checks. When processing a crafted STUN message with odd-aligned attribute boundaries, thi...

CVE-2026-40613

CVE-2026-40613 affects coturn prior to 4.10.0, where STUN/TURN attribute parsing in ns_turn_msg.c performs unsafe pointer casts from uint8_t* to uint16_t* without alignment checks. On ARM64 (AArch64) with strict alignment, processing crafted STUN messages with odd-aligned attribute boundaries tri...

Coturn 安全漏洞

Coturn is an open-source implementation of TURN TURN VoIP Media Services NAT Traversal Server and Gateway and STUN Simple Transfer of User Datagram Protocol Network Address Translators Servers. Versions prior to Coturn 4.10.0 contained security vulnerabilities. These vulnerabilities stemmed from...

Fedora 43 : util-linux (2026-840b40ef4c)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-840b40ef4c advisory. upstream update, fixes security-related bugs CVE-2026-27456 - mount8 TOCTOU symlink attack via loop device. The SUID mount follows symlinks when resolving lo...

OESA-2026-1842 OpenEXR security update

OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light Magic for use in computer imaging applications. Security Fixes: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture...