SUSE-SU-2026:2254-1 Security update 5.0.8 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: - Security Fixes: - CVE-2022-21698: Fixed denial of service using InstrumentHandlerCounter bsc1248707 golang-github-prometheus-nodeexporter was updated from version 1.5.0 to 1.10.2: - Security Fixes: - Version...

wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()

...

CVE-2026-45997

CVE-2026-45997 concerns the Linux kernel SCSI disk driver (sd). The issue arises when device_add(&sdkp->disk_dev) fails during sd_probe; as a result, put_device() calls lead to scsi_disk_release() freeing the scsi_disk but leaving the gendisk referenced. The fix adds a missing put_disk(gd) in ...

Fedora 43 : SDL2_image (2026-f1f87b465a)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f1f87b465a advisory. Update to bugfix release 2.8.12. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Fedora 42 : SDL2_image (2026-8ac58f5cf3)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-8ac58f5cf3 advisory. Update to bugfix release 2.8.12. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Security update for curl

This update for curl fixes the following issues: Security issues fixed: CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. CVE-2026-6276:...

SUSE-SU-2026:1940-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. -...

Fedora 44 : SDL2_image (2026-7fe0476df9)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7fe0476df9 advisory. Update to bugfix release 2.8.12. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: iavf: fixed the hang that occurs upon reboot with ice When a system with E810 and existing VFs is rebooted, the following hang may occur. PID 1 is hung in iavfremove, part of a network driver: PID: 1 TASK: ffff965400e5a340 CPU...

Unbreakable Enterprise kernel security update: Copy Fail

5.4.17-2136.354.4.2 - crypto: algifaead - Fix minimum RX size check for decryption Herbert Xu Orabug: 39292250 - crypto: afalg - Fix page reassignment overflow in afalgpulltsgl Herbert Xu Orabug: 39292250 - crypto: authencesn - Fix src offset when decrypting in-place Herbert Xu Orabug: 39292250 -...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2025-39998: scsi: target: targetcoreconfigfs: Add length check to avoid buffer overflow bsc1252073. CVE-2025-68794: iomap: adjust read range correctly for...

EUVD-2026-24790

In the Linux kernel, the following vulnerability has been resolved: ext4: replace BUGON with proper error handling in ext4readinlinefolio Replace BUGON with proper error handling when inline data size exceeds PAGESIZE. This prevents kernel panic and allows the system to continue running while...

CVE-2026-31451

In the Linux kernel, the following vulnerability has been resolved: ext4: replace BUGON with proper error handling in ext4readinlinefolio Replace BUGON with proper error handling when inline data size exceeds PAGESIZE. This prevents kernel panic and allows the system to continue running while...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007495)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007495 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fssyncinodemeta syzbot reported an UAF issue as below: 1 2 1...

Joomla 4.0.x < 5.4.4 / 6.0.x < 6.0.4 Joomla 6.0.4 & 5.4.4 Security & Bugfix Release (5944-joomla-6-0-4-5-4-4-security-bugfix-release)

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.0.x prior to 5.4.4 or 6.0.x prior to 6.0.4. It is, therefore, affected by a vulnerability. - An improper access check allows unauthorized access to webservice endpoints. CVE-2026-23899 Note that...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-53817: crypto: lib/mpi - avoid null pointer deref in mpicmpui bsc1254992. CVE-2024-38542: RDMA/manaib: boundary check before installing cq callbacks bsc122659...

SUSE-SU-2026:0426-1 Security update for go1.24

This update for go1.24 fixes the following issues: Update to version 1.24.13. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session...

SUSE-SU-2026:20232-1 Security update for golang-github-prometheus-prometheus

This update for golang-github-prometheus-prometheus fixes the following issues: Update to version 3.5.0: Security issues fixed: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of methods from global bsc1257329. - CVE-2025-12816: interpretation conflict...

EUVD-2026-5460

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: unanchor URL on usbsubmiturb error In commit 7352e1d5932a "can: gsusb: gsusbreceivebulkcallback: fix URB memory leak", the URB was re-anchored before usbsubmiturb in gsusbreceivebulkcallback ...

EUVD-2026-5479

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix memory leak in wbrfrecord The tmp buffer is allocated using kcalloc but is not freed if acpievaluatedsm fails. This causes a memory leak in the error path. Fix this by explicitly freeing the tmp buffer in th...