Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: poppler (UTSA-2026-005304)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005304 advisory. Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005324)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005324 advisory. Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser can accumulate unbounded data when a multipart...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: osbuild-composer (UTSA-2026-005329)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005329 advisory. golang-jwt is a Go implementation of JSON Web Tokens. Prior to 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssl (UTSA-2026-005327)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005327 advisory. Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary:...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005306)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005306 advisory. Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host XFH header. When making a...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005312)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005312 advisory. REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005328)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005328 advisory. Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its paramslimit only for parameters separated by &, while still...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: resource-agents (UTSA-2026-005325)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005325 advisory. Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-craft...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005310)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005310 advisory. REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: clickhouse (UTSA-2026-005321)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005321 advisory. An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by defaul...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: osbuild-composer (UTSA-2026-005319)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005319 advisory. Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Tenable...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005309)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005309 advisory. Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form- data parser encounters certain errors, it logs a warning but...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005323)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005323 advisory. Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencod...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: raptor2 (UTSA-2026-005330)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005330 advisory. In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptorurinormalizepath. Tenable has...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: osbuild-composer (UTSA-2026-005317)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005317 advisory. A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled input...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005316)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005316 advisory. Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes befo...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005315)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005315 advisory. Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: raptor2 (UTSA-2026-005274)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005274 advisory. In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptorurinormalizepath. Tenable has...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: varnish (UTSA-2026-005271)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005271 advisory. A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may resul...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: wireshark (UTSA-2026-005269)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005269 advisory. Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service Tenable has extracted the preceding description block directly from the Unity...