SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-urllib3_1 (SUSE-SU-2026:0635-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0635-1 advisory. - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in...

Ubuntu 22.04 LTS / 24.04 LTS : Authlib vulnerabilities (USN-8065-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8065-1 advisory. Millie Solem discovered that Authlib did not properly restrict algorithm selection during JWT verification, allowing HMAC verification with...

OESA-2026-1445 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 6 Summary: A...

Denial Of Service

pypdf is vulnerable to Denial of Service. The vulnerability is due to a malformed /FlateDecode stream, where the byte-by-byte decompression is used, and an attacker can craft a PDF which leads to long runtimes...

Security Bulletin: Multiple Vulnerabilities in IBM Data Product Hub

Summary Multiple vulnerabilities were addressed in IBM Data Product Hub version 5.3.1 Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content...

kaniko 路径遍历漏洞

Kaniko is a tool developed by Chainguard Forks for building container images in Kubernetes. Versions of Kaniko prior to 1.25.10 contained a path traversal vulnerability. This vulnerability stemmed from the lack of ensuring that the final path was within the target directory during the decompressi...

psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps

Summary A security review of the psdtools.compression module conducted against the fix/invalid-rle-compression branch, commits 7490ffa–2a006f5 identified the following pre-existing issues. The two findings introduced and fixed by those commits Cython buffer overflow, IndexError on lone repeat...

GHSA-24P2-J2JR-386W psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps

Summary A security review of the psdtools.compression module conducted against the fix/invalid-rle-compression branch, commits 7490ffa–2a006f5 identified the following pre-existing issues. The two findings introduced and fixed by those commits Cython buffer overflow, IndexError on lone repeat...

EUVD-2026-8781

psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps...

CVE-2026-26965

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap out-of-bounds write vulnerability in the planardecompressplanerle function. This vulnerability allows the server to write past the end of a temporary buffer, potentiall...

CLSA-2026-1772112014 openssl: Fix of CVE-2025-66199

CVE-2025-66199: validate uncompressed certificate length to prevent large pre-decompression allocation...

OPENSUSE-SU-2026:20271-1 Security update for python-urllib3_1

This update for python-urllib31 fixes the following issues: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API bsc1254867. - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain bsc1254866. -...

SUSE-SU-2026:20591-1 Security update for python-urllib3_1

This update for python-urllib31 fixes the following issues: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API bsc1254867. - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain bsc1254866. -...

Improper Handling of Highly Compressed Data (Data Amplification)

Overview psd-tools is a Python package for working with Adobe Photoshop PSD files as described in specification. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the compression module. An attacker can cause application crashes...

CVE-2026-27809 psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps

psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data e.g. a literal run that extends past the expected row size, decoderle raises ValueError which propagated all the way to the user, crashin...

CVE-2026-27809 psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps

psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data e.g. a literal run that extends past the expected row size, decoderle raises ValueError which propagated all the way to the user, crashin...

CVE-2026-27809 psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps

psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data e.g. a literal run that extends past the expected row size, decoderle raises ValueError which propagated all the way to the user, crashin...

USN-8065-1: Authlib vulnerabilities

Millie Solem discovered that Authlib did not properly restrict algorithm selection during JWT verification, allowing HMAC verification with asymmetric public keys when no algorithm was specified. A remote attacker could possibly use this issue to bypass signature verification and forge tokens,...

Security update for python-urllib3_1

This update for python-urllib31 fixes the following issues: CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API bsc1254867. CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain bsc1254866...

SUSE-SU-2026:0635-1 Security update for python-urllib3_1

This update for python-urllib31 fixes the following issues: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API bsc1254867. - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain bsc1254866. -...