GHSA-WJX4-4JCJ-G98J Pillow has an integer overflow when processing fonts

If a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This has been fixed...

PT-2026-37204

Name of the Vulnerable Software and Affected Versions AzuraCast versions prior to 0.23.6 Description An issue exists in the Flow.js media upload endpoint 'POST /api/station/station id/files/upload' where the currentDirectory request parameter is not sanitized for path traversal sequences. When...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/mseal: The end of the current VMA was correctly updated during merging. Previously, we stored the end of the current VMA in currend. When moving to the next VMA, we updated currstart to currend to proceed to the next VMA...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer check in IRQ handler Now that all other accesses to currxfer are done under the lock, protect the currxfer NULL check in tegraqspiisrthread. Without this protection, the following race conditi...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Do not balance tasks to their current running CPUs. We encountered a situation where the balancer attempts to balance a migrated task with disabled status, triggering a warning in settaskcpu. The detailed error messag...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Cache streams targeting the link when performing LT automation REASON The last LT automation update may cause a crash by referencing currentstate and calling dcupdateplanesandstream, which may corrupt currentstat...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed the RX consumer index logic in the error path. In bnxtrxpkt, the RX buffers are expected to complete in order. If the RX consumer index indicates an out-of-order buffer completion, it means we are encountering a...

Astra Linux – Vulnerability in qtbase-opensource-src

In Qt 5.9.x through 5.15.x before 5.15.9, and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when it was not found in the PATH...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Power: Supply: gpio-charger: Fixed the issue related to setting charge current limits. The issue involved devices that allow the lowest charge current limit to be greater than zero. If the requested charge current limit is below...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: udf: The use of uninit-value in udfgetfileshortad has been fixed. A check for overflow was added when calculating alen in udfcurrentaext, to mitigate potential issues with uninit-value usage in udfgetfileshortad. This is related ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: um: initcputasks earlier. This issue is currently addressed in umlfinishsetup. However, for example, when KCOV is enabled, this could still cause crashes, as some initialization code might call functions like memparse, which have...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: KVM: VMX: Fixed a crash caused by uninitialized currentvmcs. KVM enables “Enlightened VMCS” and “Enlightened MSR Bitmap” when running as a nested hypervisor on top of Hyper-V. When the MSR bitmap is updated, the...

Astra Linux – Vulnerability in jupyter-core

Jupyter Core is a package for the core common functionalities of Jupyter projects. Prior to version 4.11.2, Jupyter Core contained an arbitrary code execution vulnerability in “jupytercore,” which stemmed from “jupytercore” executing untrusted files in the CWD environment. This vulnerability...

Astra Linux – Vulnerability in LibreOffice

Versions of Apache OpenOffice prior to 4.1.14 may be configured to add an empty entry to the Java class path. This may allow for the execution of arbitrary Java code from the current directory...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfsd: Fixed a cred reference leak in nfsdnlthreadssetdoit. syzbot reported a memory leak of the struct cred object. 0 nfsdnlthreadssetdoit passes getcurrentcred to nfsdsvc, but putcred is not called afterward. The cred is...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not log conflicting inodes if it’s a directory that was moved during the current transaction. We cannot log an conflicting inode if it’s a directory that was moved from one parent directory to another parent directory...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: “smack”: fixed a bug where an unprivileged task could create labels. If an unprivileged task is allowed to relabel itself "/smack/relabel-self is not empty", it can freely create new labels by writing their names into its own...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-140.10.1esr-i686-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. For...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2026-122-03)

The version of mozilla-thunderbird installed on the remote host is prior to 140.10.1esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-122-03 advisory. New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues...

Slackware Linux 15.0 / current gnutls Vulnerability (SSA:2026-122-02)

The version of gnutls installed on the remote host is prior to 3.8.13. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-122-02 advisory. New gnutls packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...