SUSE-SU-2026:21352-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-39998: scsi: target: targetcoreconfigfs: Add length check to avoid buffer overflow bsc1252073. - CVE-2025-40253: s390/ctcm: Fix double-kfree bsc1255084. -...

PT-2026-33838

A local attacker who can execute privileged CSR operations or can induce firmware to do so performs carefully crafted reads/writes to menvcfg e.g., csrrs in M-mode. On affected XiangShan versions commit aecf601e803bfd2371667a3fb60bfcd83c333027, 2024-11-19, these menvcfg accesses can unexpectedly...

CVE-2026-29642

A local attacker who can execute privileged CSR operations or can induce firmware to do so performs carefully crafted reads/writes to menvcfg e.g., csrrs in M-mode. On affected XiangShan versions commit aecf601e803bfd2371667a3fb60bfcd83c333027, 2024-11-19, these menvcfg accesses can unexpectedly...

CVE-2026-29642

CVE-2026-29642 affects XiangShan (RISC-V) and is triggered by local access performing privileged CSR operations on menvcfg (e.g., csrrs in M-mode). Careful reads/writes can cause WPRI bits in the status view (xstatus) to be set to 1, despite WPRI being defined as values that should not be modifie...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the XWD decoder when there is a type confusion between bitsperpixel and pixmapdepth during the byte-swap process. An attacker can achieve arbitrary code execution or cause a denial of service by providing a crafte...

CVE-2026-40492

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmapdepth but the byte-swap code uses bitsperpixel independently. When...

DEBIAN-CVE-2026-40492

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmapdepth but the byte-swap code uses bitsperpixel independently. When...

CVE-2026-40493

SAIL PSD decoder in LAB mode (3 channels, 16-bit depth) suffers a heap buffer overflow due to a bpp mismatch: bytes-per-pixel is computed as (channelsdepth) but the allocated buffer uses the resolved pixel format (BPP40_CIE_LAB yields 5 bytes/pixel while 3 16 would imply 6). This causes every pix...

CVE-2026-40493

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel bpp from raw header fields channels depth, but the pixel buffer is allocated base...

CVE-2026-40493 SAIL has heap buffer overflow in PSD decoder — bpp mismatch in LAB 16-bit mode

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel bpp from raw header fields channels depth, but the pixel buffer is allocated base...

CVE-2026-40492 SAIL has heap buffer overflow in XWD decoder — bits_per_pixel vs pixmap_depth type confusion in byte-swap

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmapdepth but the byte-swap code uses bitsperpixel independently. When...

EUVD-2026-23644

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmapdepth but the byte-swap code uses bitsperpixel independently. When...

CVE-2026-40492 SAIL has heap buffer overflow in XWD decoder — bits_per_pixel vs pixmap_depth type confusion in byte-swap

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmapdepth but the byte-swap code uses bitsperpixel independently. When...

CVE-2026-40492

SAIL’s CVE-2026-40492 describes a heap buffer overflow in the XWD decoder caused by a mismatch: when pixmap_depth=8, the code uses bits_per_pixel=32 for byte-swapping, leading to memory access beyond the 1-byte/pixel buffer. The issue affects versions prior to the patch 36aa5c7ec8a2bb35f6fb867a11...

CVE-2026-40492

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmapdepth but the byte-swap code uses bitsperpixel independently. When...

CVE-2026-40492

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmapdepth but the byte-swap code uses bitsperpixel independently. When...

PT-2026-33585

Name of the Vulnerable Software and Affected Versions SAIL versions prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02 Description The XWD codec resolves pixel format based on the pixmap depth variable, but the byte-swap code independently uses bits per pixel. When pixmap depth is 8 BPP8...

Metasploit Wrap-Up 04/17/2026

Happy Friday - Seven New Metasploit Modules We’re happy to announce that Metasploit Framework had a big week, landing seven new modules alongside various bug fixes and enhancements. This week’s highlights include RCE modules targeting AVideo, openDCIM, Selenium Grid/Selenoid, and ChurchCRM. On th...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-010667)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010667 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdisurfacebits function processes SURFACEBITSCOMMAND messages sent by the RDP...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007523)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007523 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is...