CVE-2026-42574 apko dirFS has a symlink-following path traversal that allows multiple entry points to escape the build root

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before version 1.2.5, a crafted .apk could install a TypeSymlink tar entry whose target pointed outside the build root, and a subsequent directory-creation or file-write entry in the same o...

Ubuntu: Security Advisory (USN-7360-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2024:12314-1 alpine-2.26-27.1 on GA media

These are all security issues fixed in the alpine-2.26-27.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10613-1 alpine-2.25-24.1 on GA media

These are all security issues fixed in the alpine-2.25-24.1 package on the GA media of openSUSE Tumbleweed...

MGASA-2021-0014 Updated alpine and c-client packages fix security vulnerability

Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do CVE-2020-14929...