USN-8344-3 python-pip vulnerability

USN-8344-1 introduced a regression in pip. This update provides a complete fix for this issue.. We apologize for the inconvenience. Original advisory details: It was discovered that pip's bundled urllib3 library improperly handled streaming decompression of highly compressed data. A remote attack...

USN-8338-2 apache2 regression

USN-8338-1 fixed vulnerabilities in Apache HTTP Server. The update introduced a regression that prevented modhttp2 from loading on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Apache HTTP Server incorrectly...

USN-8202-3: jq regression

USN-8202-1 fixed vulnerabilities in jq. The update caused a regression for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: core: Fixed a regression related to the removal of the procfs host directory. The scsiprochostdirrm function decreases a reference counter; therefore, it should only be called once per host that is removed. This change...

CVE-2026-43151

In the Linux kernel, the following vulnerability has been resolved: Revert "media: iris: Add sanity check for stop streaming" This reverts commit ad699fa78b59241c9d71a8cafb51525f3dab04d4. Revert the check that skipped stopstreaming when the instance was in IRISINSTERROR, as it caused multiple...

OpenStack Horizon has Incorrect Behavior Order

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

SUSE SLES16 : Recommended update for python-urllib3 (SUSE-SU-SUSE-RU-2026:21430-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2026:21430-1 advisory. This update for python-urllib3 fixes the following issue: - Fix regression in CVE-2025-66471.patch bsc1254867 Tenable has extracted...

CVE-2026-43002

CVE-2026-43002 (OpenStack Horizon) affects Horizon 25.6 and 25.7 prior to 25.7.3. A write operation to the session storage backend occurs before authentication, allowing unauthenticated requests to exhaust storage. This is a regression of CVE-2014-8124. Impact: potential denial of service due to ...

CVE-2026-43002

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/dp: Fixed a divide-by-zero regression that occurred when unplugging a StarTech MSTDP122DP DisplayPort 1.2 MST hub using nouveau. Fixed a regression that occurred when using nouveau and unplugging a StarTech MSTDP122DP...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: i40e: Fixed the issue where the “vf” variable might be used without initialization in this function. To address the regression introduced by commit 52424f974bc5, which causes servers to hang under very difficult-to-reproduce...

openSUSE 16 : Recommended update for python-urllib3 (SUSE-SU-openSUSE-RU-2026:20649-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU- openSUSE-RU-2026:20649-1 advisory. This update for python-urllib3 fixes the following issue: - Fix regression in CVE-2025-66471.patch bsc1254867 Tenable has extracted the precedin...

[SECURITY] [DSA 6197-3] dovecot regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-6197-3 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 01, 2026 https://www.debian.org/security/faq -...

CVE-2026-31713

In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason error, crash while processing FUSEINIT, the filesystem creation will hang. The reason is that while all other threads will...

USN-8136-2: Dovecot regression

USN-8136-1 fixed vulnerabilities in Dovecot. The update caused a regression on Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An...

CVE-2026-31538

In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirectsocket.recvio.credits.available The logic off managing recv credits by counting posted recvio and granted credits is racy. That's because the peer might already consumed a credit, but between...

Oracle Linux 10 : bind (ELSA-2026-8312)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-8312 advisory. - Prevent Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519 - Fix upstream reported regression in recent CVE fix CVE-2025-8677 -...

CVE-2026-39973

Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in brut/androlib/res/decoder/ResFileDecoder.java allows a maliciously crafted APK to write arbitrary files to the filesystem during standard decoding apktool d. This is a...

Fedora: Security Advisory (FEDORA-2026-f9d2152328)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 44 : libopenmpt (2026-b58c5b3cc0)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b58c5b3cc0 advisory. Update from 0.8.5 to 0.8.6 to fix regression: https://lib.openmpt.org/libopenmpt/2026/03/24/security-updates-0.8.6-0.7.19-0.6.28-0.5.42-0.4.54/ ---- Potentia...