Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: arm-trusted-firmware (UTSA-2026-016502)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016502 advisory. Trusted Firmware-A TF-A before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in...

Unity Linux 20.1050e / 20.1070e Security Update: OpenEXR (UTSA-2026-016503)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016503 advisory. An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service DoS via the convert function of...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssh (UTSA-2026-016495)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016495 advisory. In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: microcode_ctl (UTSA-2026-016524)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016524 advisory. Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: vim (UTSA-2026-016512)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016512 advisory. Vim is an open source command line text editor. double-free in dialogchanged in Vim v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-016501)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016501 advisory. In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, due to an error inconvert.quoted-printable-decode filter certain data can lead to buffer...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pip (UTSA-2026-016500)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016500 advisory. Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-craft...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: squid (UTSA-2026-016517)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016517 advisory. Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Deni...

Unity Linux 20.1070a Security Update: osbuild-composer (UTSA-2026-016497)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016497 advisory. The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssh (UTSA-2026-016493)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016493 advisory. OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority tha...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-016513)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016513 advisory. In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, uncontrolled long string inputs to ldapescapefunction on 32-bit systems can cause an...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: runc (UTSA-2026-016515)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016515 advisory. runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: squid (UTSA-2026-016516)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016516 advisory. A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response head...

Unity Linux 20.1070a Security Update: osbuild-composer (UTSA-2026-016489)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016489 advisory. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssh (UTSA-2026-016496)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016496 advisory. In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: microcode_ctl (UTSA-2026-016522)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016522 advisory. Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel AtomR processors may allow a...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: vim (UTSA-2026-016508)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016508 advisory. The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers Buf...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-016519)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016519 advisory. In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, ifa password stored with passwordhash starts with a null byte \x00, testing a blank string ...

Unity Linux 20.1070a Security Update: osbuild-composer (UTSA-2026-016490)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016490 advisory. Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssh (UTSA-2026-016498)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016498 advisory. OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. Tenable has extracted the preceding description block directly...