Important: Red Hat Security Advisory: General availability of the satellite/iop-puptoo-rhel9 container image

A new satellite/iop-puptoo-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, and...

drm/amdgpu/ras: Move ras data alloc before bad page check

...

RLSA-2026:13902 Important: resource-agents security update

The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability HA environment. Security Fixes: pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion...

PT-2026-38899

These are all security issues fixed in the libexif-devel-0.6.26-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-38445

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname but passes the original hostname to cURL without CURLOPT RESOLVE pinning on 10 of 11 outbound HTTP endpoints, leaving a DN...

PT-2026-39326

Name of the Vulnerable Software and Affected Versions streamlink versions prior to 8.4.0 Description Streamlink's HLS and DASH parsers fail to validate the URI scheme of segment entries and other resources. A remote attacker can host a malicious .m3u8 HLS playlist or .mpd DASH manifest that lists...

Linux Distros Unpatched Vulnerability : CVE-2026-43252

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mptcp: pm: in-kernel: always set ID as avail when rm endp Syzkaller managed to find a combination of actions that was generating this warning: WARNING:...

OPENSUSE-SU-2026:10718-1 python311-Django-5.2.14-1.1 on GA media

These are all security issues fixed in the python311-Django-5.2.14-1.1 package on the GA media of openSUSE Tumbleweed...

gnutls-3.8.13-1.1 on GA media (moderate)

gnutls-3.8.13-1.1 on GA media Announcement ID: openSUSE-SU-2026:10691-1 Rating: moderate Cross-References: CVE-2026-33845 CVE-2026-33846 CVE-2026-3832 CVE-2026-3833 CVE-2026-42009 CVE-2026-42010 CVE-2026-42011 CVE-2026-42012 CVE-2026-42013 CVE-2026-42014 CVE-2026-42015 CVE-2026-5260 CVE-2026-5419...

chromedriver-148.0.7778.96-1.1 on GA media (moderate)

chromedriver-148.0.7778.96-1.1 on GA media Announcement ID: openSUSE-SU-2026:10689-1 Rating: moderate Cross-References: CVE-2026-7333 CVE-2026-7334 CVE-2026-7335 CVE-2026-7336 CVE-2026-7337 CVE-2026-7338 CVE-2026-7339 CVE-2026-7340 CVE-2026-7341 CVE-2026-7342 CVE-2026-7343 CVE-2026-7344...

PT-2026-38898

These are all security issues fixed in the copacetic-0.14.0-1.1 package on the GA media of openSUSE Tumbleweed...

libmariadbd-devel-11.8.6-1.1 on GA media (moderate)

libmariadbd-devel-11.8.6-1.1 on GA media Announcement ID: openSUSE-SU-2026:10694-1 Rating: moderate Cross-References: CVE-2026-32710 CVSS scores: CVE-2026-32710 SUSE : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2026-32710 SUSE : 7.7...

CVE-2026-43249

A flaw was found in the Linux kernel's 9p/xen filesystem driver. A race condition can occur when the xenwatch thread and other back-end change notifications concurrently attempt to free the front-end state using the xen9pfsfrontfree function. This can lead to a double-free vulnerability, resultin...

DoS (Denial of Service) in Jira Service Management Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 5.15.2, 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Service Management Data Center. This DoS Denial of Service vulnerability, with a CVS...

CVE-2026-43252

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always set ID as avail when rm endp Syzkaller managed to find a combination of actions that was generating this warning: WARNING: net/mptcp/pmkernel.c:1074 at marksubflowendpavailable net/mptcp/pmkernel.c:10...

CVE-2026-43252 mptcp: pm: in-kernel: always set ID as avail when rm endp

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always set ID as avail when rm endp Syzkaller managed to find a combination of actions that was generating this warning: WARNING: net/mptcp/pmkernel.c:1074 at marksubflowendpavailable net/mptcp/pmkernel.c:10...

CVE-2026-43252

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always set ID as avail when rm endp Syzkaller managed to find a combination of actions that was generating this warning: WARNING: net/mptcp/pmkernel.c:1074 at marksubflowendpavailable net/mptcp/pmkernel.c:10...

RHEL 8 : resource-agents (RHSA-2026:13902)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:13902 advisory. The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several servic...

PT-2026-38530

These are all security issues fixed in the traefik-3.6.16-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-38522

These are all security issues fixed in the libpcp-devel-6.3.8-1.1 package on the GA media of openSUSE Tumbleweed...