CLSA-2026-1778933151 Fix CVE(s): CVE-2025-11082, CVE-2025-5244, CVE-2025-5245

SECURITY UPDATE: memory corruption in ld via fuzzed object - debian/patches/CVE-2025-5244.patch: check for empty groups in elfgcsweep to prevent NULL pointer dereference - CVE-2025-5244 SECURITY UPDATE: SEGV in objdump function debugtypesamep - debian/patches/CVE-2025-5245.patch: handle NULL...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via improper validation of OIDC token claims after processing through CEL expressions. An attacker can gain unauthorized operator-level read access and perform actions such as suspend, resume, or reconcile by...

BIT-LIBPYTHON-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference due to the elfgcsweep function in the bfd/elflink.c file. An attacker can cause memory corruption and program crash by manipulating empty groups. This is only exploitable if the attacker has local access...

SUSE CVE-2023-6507

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...