[SECURITY] [DLA 4551-1] mbedtls security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4551-1 [email protected] https://www.debian.org/lts/security/ Andrej Shadura April 27, 2026 https://wiki.debian.org/LTS -...

Debian dla-4551 : libmbedcrypto3 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4551 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4551-1 [email protected]...

CVE-2026-6993 go-kratos http.DefaultServeMux Fallback server.go NewServer confused deputy

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...

EUVD-2026-25669

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...

CVE-2026-6993 go-kratos http.DefaultServeMux Fallback server.go NewServer confused deputy

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the NewServer function in the HTTP server, specifically within the http.DefaultServeMux Fallback Handler. An attacker can access sensitive information by sending crafted HTTP requests that trigger the unintend...

RHEL 10 / 8 / 9 : java-21-openjdk (RHSA-2026:9689)

The remote Redhat Enterprise Linux 10 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9689 advisory. The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security...

ALSA-2026:9689 Important: java-21-openjdk security update

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux CVE-2026-22016 JDK:...

uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...

EUVD-2026-24552

An improper authorization vulnerability in scoped user-to-server ghu token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013484)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013484 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - fix the aead software fallback for engine Due to the subreq pointer misus...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013746)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013746 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013817)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013817 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dlink: handle copythresh allocation failure The driver did not handle failure of...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013498)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013498 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: Avoid overwriting the copies of clcsock callback functions The callback functions of...

CVE-2026-5845

An improper authorization vulnerability in scoped user-to-server ghu token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that...

CVE-2026-5845 Improper authorization fallback allows scoped user-to-server token installation escape in GitHub Enterprise Server

An improper authorization vulnerability in scoped user-to-server ghu token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that...

CVE-2026-5845 Improper authorization fallback allows scoped user-to-server token installation escape in GitHub Enterprise Server

An improper authorization vulnerability in scoped user-to-server ghu token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that...

CVE-2026-5845

An improper authorization vulnerability in scoped user-to-server ghu token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that...

CVE-2026-5845

Summary: CVE-2026-5845 affects GitHub Enterprise Server versions prior to 3.21, due to an improper authorization fallback in scoped user-to-server (ghu_) token handling. An authenticated attacker could access private repositories outside the intended installation scope, potentially including writ...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010753)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010753 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: Transitional solution for clcsock race issue We encountered a crash in smcsetsockopt and...