Security update for unbound

This update for unbound fixes the following issues CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. CVE-2026-40622: "Ghost domain name" variant bsc1265581. CVE-2026-41292: Parsing a long list of incoming...

CVE-2026-41292 Long list of incoming EDNS options degrades performance

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed string copying in parseapplysbmountoptions. The strnlen function cannot be used to copy a non-NUL-terminated string into a NUL-terminated string of possibly larger size. Commit 0efc5990bca5 “string.h: Introduce memtos...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: mptcp: consolidate suboption status MPTCP maintains the received sub-options status as a bitmask carrying the received sub-options, with additional information carried in several bitfields for each suboption. Zeroing the bitma...

SUSE CVE-2026-31682

In the Linux kernel, the following vulnerability has been resolved: bridge: brndsend: linearize skb before parsing ND options brndsend parses neighbour discovery options from ns-opt and assumes that these options are in the linear part of request. Its callers only guarantee that the ICMPv6 header...

SUSE SLES12 Security Update : ovmf (SUSE-SU-2026:0196-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0196-1 advisory. - CVE-2023-45231: Fixed out of bounds read when handling a ND Redirect message with truncated options bsc1218881. - CVE-2023-45232: Fixed...

EUVD-2025-150376

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid potential buffer over-read in parseapplysbmountoptions Unlike other strings in the ext4 superblock, we rely on tune2fs to make sure smountopts is NUL terminated. Harden parseapplysbmountoptions by treating smountopts ...

CVE-2025-40198

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid potential buffer over-read in parseapplysbmountoptions Unlike other strings in the ext4 superblock, we rely on tune2fs to make sure smountopts is NUL terminated. Harden parseapplysbmountoptions by treating smountopts ...

kernel: netfilter: nft_tunnel: fix geneve_opt type confusion addition

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfttunnel: fix geneveopt type confusion addition When handling multiple NFTATUNNELKEYOPTSGENEVE attributes, the parsing logic should place every geneveopt structure one by one compactly. Hence, when deciding the next...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988991)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988991 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: Fix out of bounds when parsing TCP options The TCP option parser in synproxy...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989100)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989100 advisory. In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix out of bounds when parsing TCP options The TCP option parser in mptcp mptcpgetoptions...

EUVD-2003-0384

Malware in sbrugna...

EUVD-2019-3898

Malware in sbrugna...

Security update for ovmf

This update for ovmf fixes the following issues: CVE-2023-45229: out-of-bounds read in edk2 when processing IANA/IATA options in DHCPv6 Advertise messages. bsc1218879 CVE-2023-45230: buffer overflow in the DHCPv6 client in edk2 via a long Server ID option. bsc1218880 CVE-2023-45231: out-of-bounds...

CVE-2024-50165 bpf: Preserve param->string when parsing mount options

In the Linux kernel, the following vulnerability has been resolved: bpf: Preserve param-string when parsing mount options In bpfparseparam, keep the value of param-string intact so it can be freed later. Otherwise, the kmalloc area pointed to by param-string will be leaked as shown below:...

SUSE CVE-2021-47244

In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix out of bounds when parsing TCP options The TCP option parser in mptcp mptcpgetoptions could read one byte out of bounds. When the length is 1, the execution flow gets into the loop, reads one byte of the opcode, and if...

DEBIAN-CVE-2021-47244

In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix out of bounds when parsing TCP options The TCP option parser in mptcp mptcpgetoptions could read one byte out of bounds. When the length is 1, the execution flow gets into the loop, reads one byte of the opcode, and if...

UBUNTU-CVE-2021-47243

In the Linux kernel, the following vulnerability has been resolved: schcake: Fix out of bounds when parsing TCP options and header The TCP option parser in cake qdisc cakegettcpopt and caketcphmaydrop could read one byte out of bounds. When the length is 1, the execution flow gets into the loop,...

OESA-2024-1433 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: A buffer overread flaw was found in rubygem StringIO. The ungetbyte and ungetc methods on a...

OESA-2024-1318 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage function, allowing a user to trigger a heap buffer overflow via a local network. Successful...