Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2025-1240)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

net: rose: lock the socket in rose_bind()

...

usb: gadget: f_fs: Remove WARN_ON in functionfs_bind

...

drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err

...

Oracle Linux 7 : bind (ELSA-2025-1718)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1718 advisory. 32:9.11.4-26.0.3.P2.16 - Resolve CVE-2024-11187 Orabug: 37616907 Tenable has extracted the preceding description block directly from the Oracle Linux security...

GHSA-2P82-5WWR-43CW Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak

The issue arises because Keycloak does not perform an LDAP bind after a password reset, leading to potential authentication bypass for expired or disabled AD accounts. A fix should enforce LDAP validation after password updates to ensure consistency with AD authentication policies...

Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak

The issue arises because Keycloak does not perform an LDAP bind after a password reset, leading to potential authentication bypass for expired or disabled AD accounts. A fix should enforce LDAP validation after password updates to ensure consistency with AD authentication policies...

keycloak-ldap-federation: Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak

A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without performing an LDAP bind to validate the new credentials against AD. This vulnerability allows users whose AD accounts are expired or disabled to regain access in Keycloak, bypassing AD...

CLSA-2025-1741624657 bind: Fix of CVE-2024-11187

CVE-2024-11187: fix Denial of Service via Additional Section Resource Exhaustion in BIND 9...

Amazon Linux 2 : aws-kinesis-agent (ALAS-2025-2788)

The version of aws-kinesis-agent installed on the remote host is prior to 2.0.10-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2788 advisory. In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in...

CLSA-2025-1741291194 flatpak: Fix of CVE-2024-42472

CVE-2024-42472: patch Flatpak to include the new --bind-fd option in bubblewrap to prevent symlink attacks on persistent directories...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: iommu: Return right value in iommusvabinddevice CVE-2024-40945 In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfqlimitdepth CVE-2024-53166 In the Linux kernel, the...

CLSA-2025-1741216880 bind: Fix of CVE-2024-11187

CVE-2024-11187: fix Denial of Service via Additional Section Resource Exhaustion in BIND 9...

CLSA-2025-1741216137 bind: Fix of CVE-2024-11187

CVE-2024-11187: limit additional section record while queries processing to prevent CPU exhaustion...

CLSA-2025-1741216108 bind: Fix of CVE-2024-11187

CVE-2024-11187: limit additional section record while queries processing to prevent CPU exhaustion...

Linux Distros Unpatched Vulnerability : CVE-2024-12705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects...

Linux Distros Unpatched Vulnerability : CVE-2024-11187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sendi...

Linux Distros Unpatched Vulnerability : CVE-2022-3094

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This, in turn, may cause named to exit due to a lack of free memory...

CLSA-2025-1741125454 bubblewrap: Fix of CVE-2024-42472

fix CVE-2024-42472 in flatpak by adding --bind-fd and --ro-bind-fd options in in bubblewrap, enabling race-free bind mounts using an OPATH file descriptor instead of a direct path...

Security update for podman

This update for podman fixes the following issues: CVE-2025-27144: Fixed denial of service in parsing function of embedded library Go JOSE bsc1237641 CVE-2024-9676: github.com/containers/storage: Fixed symlink traversal vulnerability in the containers/storage library can cause Denial of Service D...