CVE-2026-39829

CVE-2026-39829 affects golang.org/x/crypto/ssh. The vulnerability arises because the RSA/DSA public key parsers did not enforce size limits on key parameters, allowing crafted keys with oversized modulus or DSA parameters to cause prolonged CPU use during signature verification. Affected behavior...

GO-2026-5018 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

java-1.8.0-openjdk: Fix of 5 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u482-b08. That fixes following CVEs: - CVE-2025-53057: Security: enforce proper access control in certificate handling to prevent data tampering - CVE-2025-53066: JAXP: restrict data access in Path Factory processing to prevent information...

SUSE SLES16 Security Update : openvpn (SUSE-SU-2026:20196-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:20196-1 advisory. - CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS bsc1254486. Tenable has extracted the...

openSUSE Security Advisory (SUSE-SU-2025:3754-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for python-starlette

This update for python-starlette fixes the following issues: CVE-2025-54121: Correctly parse multi-part form with large files to avoid DoS. bsc1246855 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE SLES15 Security Update : python311 (SUSE-SU-2025:02049-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02049-1 advisory. python311 was updated from version 3.11.10 to 3.11.13: - Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling...

SUSE-SU-2025:02048-1 Security update for python312

This update for python312 fixes the following issues: python312 was updated from version 3.12.9 to 3.12.11: - Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273 CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517:...

[SECURITY] Fedora 41 Update: dnsdist-1.9.9-1.fc41

dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life is to route traffic to the best server, delivering top performance to legitimate users while shunting or blocking abusive traffic...

MGASA-2024-0245 Updated python-idna packages fix security vulnerability

mingw-python-idna: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode...

SUSE-SU-2024:1099-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2024-2494: Add a check for negative array lengths before allocation to prevent potential DoS. bsc1221815 - CVE-2024-2496: Fixed NULL pointer dereference in udevConnectListAllInterfaces bsc1221468. - CVE-2024-1441: Fix off-by-one error in...

SUSE-SU-2024:0975-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26600: Fixed NULL pointer dereference for SRP bsc1220340. - CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed bsc1220863 -...

SUSE: Security Advisory (SUSE-SU-2023:3888-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:3888-1 Security update for Golang Prometheus

This update for Golang Prometheus fixes the following issues: golang-github-prometheus-alertmanager: - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. bsc1213880 There are ...

SUSE-SU-2023:3263-1 Security update for go1.19

This update for go1.19 fixes the following issues: - Update to go v1.19.12 released 2023-08-01 bsc1200441 - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. bsc1213880...

SUSE-SU-2023:3181-1 Security update for go1.20

This update for go1.20 fixes the following issues: - Update to go v1.20.7 released 2023-08-01 bsc1206346 - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. bsc1213880...

OPENSUSE-SU-2023:0077-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2023-24580: Prevent DOS in file uploads. boo1208082 update to 1.11.15 CVE-2018-14574: Fixed Open redirect possibility in CommonMiddleware boo1102680 Fixed WKBWriter.write and writehex for empty polygons on GEOS 3.6.1+ Fixed a...

Security update for python-Django (moderate)

openSUSE Security Update: Security update for python-Django Announcement ID: openSUSE-SU-2023:0075-1 Rating: moderate References: 1208082 Cross-References: CVE-2023-24580 CVSS scores: CVE-2023-24580 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-24580 SUSE: 7.5...

PSF-2022-4 Prevent DoS by large str-int conversions

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

OPENSUSE-SU-2022:0333-1 Security update for xen

This update for xen fixes the following issues: - CVE-2022-23033: Fixed guestphysmapremovepage not removing the p2m mappings. XSA-393 bsc1194576 - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. XSA-394 bsc1194581 - CVE-2022-23035: Fixed insufficient cleanup of...