Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-021475)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021475 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers wher...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: firebird (UTSA-2026-021466)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021466 advisory. Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: xnio (UTSA-2026-021490)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021490 advisory. A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: bwa (UTSA-2026-021486)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021486 advisory. BWA aka Burrow-Wheeler Aligner before 2019-01-23 has a stack-based buffer overflow in the bnsrestore function in bntseq.c via a long sequence name in a .alt file...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libarchive (UTSA-2026-021482)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021482 advisory. A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can explo...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: google-oauth-java-client (UTSA-2026-021491)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021491 advisory. PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorizatio...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-lxml (UTSA-2026-021468)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021468 advisory. lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: libpng (UTSA-2026-021494)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021494 advisory. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: undertow (UTSA-2026-021479)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021479 advisory. A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames can cause an OutOfMemoryError when the client sends a reque...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-021488)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021488 advisory. In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: nodejs-requirejs (UTSA-2026-021492)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021492 advisory. jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts..configure. This vulnerability allows attackers to execute...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-021473)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021473 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed i...

Fedora 42 : coturn (2026-dfa8ea5809)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-dfa8ea5809 advisory. Coturn 4.11.0 - Fix prometheus response memory leak introduced in 4.10.0 - Use constant-time compare for STUN MESSAGE-INTEGRITY HMAC - Fix format-string...

Authentication Bypass

Unity Catalog is vulnerable to Authentication Bypass. The vulnerability is due to improper validation of the iss claim in JWT tokens, where the token exchange endpoint dynamically fetches JWKS data based on attacker-controlled issuer values without verifying trusted identity providers, allowing...

Unity Linux 20.1070a Security Update: git (UTSA-2026-021308)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021308 advisory. Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals...

Unity Linux 20.1070a Security Update: git (UTSA-2026-021355)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021355 advisory. Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gstreamer1-plugins-bad-free (UTSA-2026-021393)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021393 advisory. GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: git-lfs (UTSA-2026-021307)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021307 advisory. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is us...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gdk-pixbuf2 (UTSA-2026-021389)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021389 advisory. A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color compone...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gstreamer1-plugins-base (UTSA-2026-021387)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021387 advisory. GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affecte...