CLSA-2026-1779289334 Update of kernel

New FIPS build to incorporate els0..els8 patches plus cve references...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: A memory leak has been fixed in the error path of qla2x00processels. The commit number is 8c0eb596baa5 “SCSI qla2xxx: Fix a memory leak in an error path of qla2x00processels”. The intended changes were to modify th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fixed the link-down processing to address the issue of NULL pointer dereferencing. If a FC link-down transition occurs while PLOGIs are outstanding for fabric-known addresses, outstanding ABTS requests may lead to NUL...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: The issue of double-free of the fcport has been completely fixed. In the function qla24xxelsdcmdiocb, sp-free is set to qla2x00elsdcmdspfree. When an error occurs, this function is called by qla2x00sprelease. Durin...

CLSA-2026-1778254382 buildah: Fix of CVE-2026-25679

rebuild on tuxcare9.6esu with newer golang version 1.25.7-1.el96.tuxcare.els2 to fix the following CVE: - CVE-2026-25679: fix insufficient validation of host/authority component in url.Parse - split golang BuildRequires by .el96 so each ELS platform pulls its own fixed golang version el96 -...

CVE-2026-43414

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Completely fix fcport double free In qla24xxelsdcmdiocb sp-free is set to qla2x00elsdcmdspfree. When an error happens, this function is called by qla2x00sprelease, when krefput releases the first and the last...

CVE-2026-43414

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Completely fix fcport double free In qla24xxelsdcmdiocb sp-free is set to qla2x00elsdcmdspfree. When an error happens, this function is called by qla2x00sprelease, when krefput releases the first and the last...

CVE-2026-43414

CVE-2026-43414 affects the Linux kernel SCSI driver qla2xxx (fcport handling). The issue is a double-free of a Fibre Channel port object in qla24xx_els_dcmd_iocb() via qla2x00_els_dcmd_sp_free() after kref_put(), leading to potential memory corruption and system instability or DoS as described by...

CVE-2026-43414 scsi: qla2xxx: Completely fix fcport double free

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Completely fix fcport double free In qla24xxelsdcmdiocb sp-free is set to qla2x00elsdcmdspfree. When an error happens, this function is called by qla2x00sprelease, when krefput releases the first and the last...

CLSA-2026-1777471237 less: Fix of 2 CVEs

Extend ELS coverage to rhel7els, oraclelinux7els and cloudlinux7els. - CVE-2022-48624 and CVE-2024-32487 were already fixed in 458-10.tuxcare.els1; this release reships those fixes to the additional platforms...

CLSA-2026-1777470383 less: Fix of 2 CVEs

Extend ELS coverage to rhel7els, oraclelinux7els and cloudlinux7els. - CVE-2022-48624 and CVE-2024-32487 were already fixed in 458-10.tuxcare.els1; this release reships those fixes to the additional platforms...

CLSA-2026-1777366733 python3: Fix of CVE-2026-1299

CVE-2026-1299: reject newline injection in email module's BytesGenerator when serializing headers - Skip test.testxmletree.XMLPullParserTest.testsimplexml during RPM build; unrelated expat-2.1.0-15.0.7.tuxcare.els1 regression breaks XMLPullParser chunked-feed semantics in TuxCare ELS el7 build...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007611)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007611 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down...

SUSE CVE-2023-54054

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

EUVD-2023-60272

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix buffer overrun Klocwork warning: Buffer Overflow - Array Index Out of Bounds Driver uses fcelsflogi to calculate size of buffer. The actual buffer is nested inside of fcelsflogi which is smaller. Replace...

CVE-2023-54054

CVE-2023-54054 pertains to the Linux kernel SCSI qla2xxx driver, where a buffer overrun occurred in the handling of fc_els_flogi, leading to an incorrect buffer size calculation. Multiple connected sources (OSV entries for Debian, Ubuntu, and general OSV) report that the vulnerability has been re...

CVE-2023-54054

...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989305)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989305 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix a memory leak in an error path of qla2x00processels Commit 8c0eb596baa5 SCSI...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986758)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986758 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix a memory leak in an error path of qla2x00processels Commit 8c0eb596baa5 SCSI...

EUVD-2022-54505

Malicious code in bioql PyPI...