OPENSUSE-SU-2026:20850-1 Security update for evince

This update for evince fixes the following issues: Changes in evince: - Update to version 48.2 bsc1265880 CVE-2026-46529: + shell: Quote strings in arguments used when calling evspawn - Update to version 48.1+6: + build: bump DjVuLibre version required + libview: Fix crash in the accessible code...

CLSA-2026-1780132159 Fix of 7 CVEs

CVE-2026-23193 - scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount CVE-2026-23193 CVE-2025-71093 - e1000: fix OOB in e1000tbishouldaccept CVE-2025-71093 CVE-2025-71116 - libceph: make decodepool more resilient against corrupted osdmaps CVE-2025-71116 CVE-2025-71136 - media:...

SUSE-SU-2026:21952-1 Security update for helm

This update for helm fixes the following issues Security issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. - CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled...

OPENSUSE-SU-2026:20860-1 Security update for helm

This update for helm fixes the following issues Security issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. - CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled...

SUSE SLES15 Security Update : helm (SUSE-SU-2026:2049-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2049-1 advisory. This update for helm fixes the following issues Security issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2...

SUSE-SU-2026:2049-1 Security update for helm

This update for helm fixes the following issues Security issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. - CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled...

CLSA-2026-1779580341 qemu-kvm: Fix of CVE-2025-11234

CVE-2025-11234: io: use-after-free in websocket handshake code - Bump leading release 14 - 15 to overcome rpm-version-rank trap: previously released wrong-dist builds tagged .el9 outrank the correctly-tagged .el92 builds, blocking the proper release to stable. No source/code changes vs els9...

yggdrasil security update

0.4.8-5 - Bump release for rebuild...

SUSE-SU-2026:21635-1 Security update for helm

This update for helm fixes the following issues Security issues: - CVE-2025-55199: crafted JSON Schema can lead to out of memory OOM termination bsc1248093. - CVE-2026-35206: github.com/helm/helm: Helm: Files written to unexpected directory via specially crafted Chart bsc1261938. Non security...

SUSE-SU-2026:21628-1 Security update for helm

This update for helm fixes the following issues Security issues: - CVE-2025-55199: crafted JSON Schema can lead to out of memory OOM termination bsc1248093. - CVE-2026-35206: github.com/helm/helm: Helm: Files written to unexpected directory via specially crafted Chart bsc1261938. Non security...

openSUSE 16 Security Update : v2ray-core (openSUSE-SU-2026:20584-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20584-1 advisory. Changes in v2ray-core: - Update version to 5.47.0 Add sticky choice option for leastping Add support for enrollment links in tlsmirror Add Wireguard...

Security update for plexus-utils

This update for plexus-utils fixes the following issue: Security fixes: CVE-2025-67030: directory traversal via the extractFile method of org.codehaus.plexus.util.Expand bsc1260588. Update to version 4.0.2: Bug Fixes Specify /D for cmd.exe to bypass the Command Processor Autorun folder Dependency...

CLSA-2026-1775646020 Update of pki-servlet-engine

Bump release...

MAL-2026-2508 Malicious code in @fairwords/websocket (npm)

The @fairwords/websocket package was compromised as part of the TeamPCP/CanisterWorm campaign. A postinstall hook executes node scripts/check-env.js || true which performs multi-stage credential harvesting, encrypted exfiltration, and self-propagation. The payload harvests 40+ environment variabl...

CLSA-2026-1775238894 Update of alt-php

Bump ABI 5.4.0-226...

CLSA-2026-1775234419 Update of openexr

Bump release...

Fedora 45 : bpfman (2026-ae0b7bdc90)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ae0b7bdc90 advisory. Automatic update for bpfman-0.5.4-7.fc45. Changelog Sun Mar 22 2026 Daniel Mellado - 0.5.4-7 - Fix CVE-2026-31812: Bump tar-rs to .5.45 - Closes...

yggdrasil security update

0.4.8-3 - Bump release for rebuild...

PT-2026-22773

Name of the Vulnerable Software and Affected Versions HomeBox versions prior to 0.24.0-rc.1 Description HomeBox is a home inventory and organization system. A stored cross-site scripting XSS issue exists in the item attachment upload functionality. The application does not properly validate or...

libsoup3 security update

3.6.5-10 - Add patch for CVE-2026-1761 3.6.5-9 - Fix CVE-2026-0719 3.6.5-8 - Fix CVE-2025-14523 3.6.5-7 - Add patch for CVE-2025-12105 3.6.5-6 - Fix integer overflow in date/time parsing 3.6.5-5 - Bump revision number 3.6.5-4 - Fix several CVEs...