Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39829)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39829 advisory. - The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted...

CVE-2026-9605

A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bitreadRC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be...

UBUNTU-CVE-2026-46193

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

EUVD-2026-32820

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

CVE-2026-46193

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

CVE-2026-46193

CONCRETE DETAILS FOUND: CVE-2026-46193 concerns the Linux kernel’s IPsec AH/xfrm path with ESN enabled. The issue arises when the async ahash setup appends a 4-byte ESN seqhi slot before the ICV/auth_data, but the async completion callbacks reconstruct the layout as if seqhi were absent, causing ...

cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification ECDSA and...

SUSE CVE-2026-39829

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

EUVD-2026-31396

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Properly hiding the first-in-list PCIe extended capabilities There are cases where a PCIe extended capability should be hidden from the user. For example, an unknown capability i.e., a capability with an ID greater than...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fs/9p: Only the RWX permissions are translated for the plain 9P2000. Garbage data is allowed to pass through the perm bits of the plain 9P2000, allowing it to set, among other things, the suid bit. This probably wasn’t the intend...

Astra Linux - уязвимость в firefox

When parsing internationalized domain names, the high bits of the characters in the URLs were sometimes removed, resulting in inconsistencies that could cause confusion for users or lead to attacks like phishing. This vulnerability affects Firefox versions earlier than 94...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: A stack overflow issue was fixed when loading vlenb. The user-space load mechanism can place up to 2048 bits into the xlen bit stack buffer. Since we only need the xlen bits, we check the size of the buffer in advanc...

Astra Linux - уязвимость в p7zip

7-Zip 22.01 does not report an error for certain invalid xz files that involve stream flags and reserved bits. Some later versions are unaffected...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: BPF: synclinked regs must preserve subregdef. Range propagation must not affect subregdef markers. Otherwise, the following example is rewritten incorrectly by the verifier when the BPFFTESTRNDHI32 flag is set: 0: call...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channel bits when all channels are found. If a USB audio device sets more bits than the number of channels, it may write data outside of the map array...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM – Writing hgatp registers with valid mode bits According to the RISC-V Privileged Architecture Specification, when MODE=Bare is selected, software must write zero to the remaining fields of hgatp. We have previously...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ovpn: TCP – fix for extracting packets from the stream When processing TCP stream data in ovpntcprecv, we receive large cloned skbs from strprcv, which may contain multiple coalesced packets. The current implementation has two...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fscrypt: Fixed an underflow issue during left shift operations when inode-iblkbits PAGESHIFT. When simulating an NVMe device on QEMU with both logicalblocksize and physicalblocksize set to 8 KiB, an error trace appeared during...

cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification ECDSA and...