Security update for openexr

This update for openexr fixes the following issues: CVE-2026-40244: Integer overflow in DWA setupChannelData planarUncRle pointer arithmetic bsc1262426. CVE-2026-40250: Integer overflow in DWA decoder outBufferEnd pointer arithmetic bsc1262425. Patch Instructions: To install this SUSE update use...

SUSE-SU-2026:1712-1 Security update for openexr

This update for openexr fixes the following issues: - CVE-2026-40244: Integer overflow in DWA setupChannelData planarUncRle pointer arithmetic bsc1262426. - CVE-2026-40250: Integer overflow in DWA decoder outBufferEnd pointer arithmetic bsc1262425...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability caused by the exposure of Media channel information. This vulnerability could allow remote attackers to exploit the vulnerability through specially crafted...

OPENSUSE-SU-2026:20652-1 Security update for openexr

This update for openexr fixes the following issues: - CVE-2026-40244: integer overflow in DWA setupChannelData planarUncRle pointer arithmetic bsc1262426. - CVE-2026-40250: integer overflow in DWA decoder outBufferEnd pointer arithmetic bsc1262425...

SUSE-SU-2026:21433-1 Security update for openexr

This update for openexr fixes the following issues: - CVE-2026-40244: integer overflow in DWA setupChannelData planarUncRle pointer arithmetic bsc1262426. - CVE-2026-40250: integer overflow in DWA decoder outBufferEnd pointer arithmetic bsc1262425...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the setupChannelData function in internaldwacompressor.h due to improper handling of arithmetic operations on image dimensions. An attacker can cause unexpected behavior or potentially execute arbitrary...

CVE-2026-40244

OpenEXR exposed an integer overflow in the DWA setupChannelData path. In versions 3.4.0–3.4.9, 3.3.0–3.3.9, and 3.2.0–3.2.7, internal_dwa_compressor.h:1722 performs curc->width * curc->height using int32 arithmetic without a size_t cast, creating an overflow condition. A fix has been applie...

CVE-2026-40244 OpenEXR has integer overflow in DWA setupChannelData planarUncRle pointer arithmetic (missed variant of CVE-2026-34589)

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, internaldwacompressor.h:1722 performs curc-width curc-height in int32...

OpenEXR -- several integer overflow vulnerabilities

Cary Phillips reports: OpenEXR 3.4.10 is a patch release that addresses the following security vulnerabilities: CVE-2026-39886 HTJ2K Signed Integer Overflow in htundoimpl CVE-2026-40244 Integer overflow in DWA setupChannelData planarUncRle pointer arithmetic missed variant of CVE-2026-34589...

CVE-2025-41443

Mattermost versions 10.5.x = 10.5.12, 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the /api/v4/teams/teamid/channels/ids endpoint...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the /api/v4/teams/teamid/channels/ids endpoint. An attacker can access sensitive channel metadata by sending requests as a guest user. Remediation Upgrade...

openvpn: Fix of CVE-2020-15078

CVE-2020-15078: fix authentication bypass and access to control channel data on servers configured with deferred authentication...

CLSA-2025-1759485890 openvpn: Fix of CVE-2020-15078

CVE-2020-15078: fix authentication bypass and access to control channel data on servers configured with deferred authentication...

CLSA-2025-1759337779 openvpn: Fix of CVE-2020-15078

CVE-2020-15078: fix authentication bypass and access to control channel data on servers configured with deferred authentication...

Linux Distros Unpatched Vulnerability : CVE-2025-38473

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: Fix null-ptr-deref in l2capsockresumecb syzbot reported null-ptr-deref in l2capsockresumecb. 0 l2capsockresumecb has a similar problem that was fixed...

Qualcomm Chipsets 输入验证错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. An input validation error vulnerability exists in Qualcomm Chipsets, which stems from the fact that processing of invalid length CCCH data sent by the NW could result in a transient denial of service...

UBUNTU-CVE-2025-38473

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix null-ptr-deref in l2capsockresumecb syzbot reported null-ptr-deref in l2capsockresumecb. 0 l2capsockresumecb has a similar problem that was fixed by commit 1bff51ea59a9 "Bluetooth: fix use-after-free error in...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to incorrect validity check in the sftpdecodechanneldatatopacket function. An attacker can cause the server to crash by sending specially crafted SFTP packets with payload size field set to value...

Mutual Information Minimization for Side-Channel Attack Resistance Via Optimal Noise Injection

Side-channel attacks SCAs pose a serious threat to system security by extracting secret keys through physical leakages such as power consumption, timing variations, and electromagnetic emissions. Among existing countermeasures, artificial noise injection is recognized as one of the most effective...

SUSE CVE-2024-57791

In the Linux kernel, the following vulnerability has been resolved: net/smc: check return value of sockrecvmsg when draining clc data When receiving clc msg, the field length in smcclcmsghdr indicates the length of msg should be received from network and the value should not be fully trusted as i...