Astra Linux - уязвимость в tar

The vulnerability of the extractfile function in the GNU Tar archive viewer is related to reading data beyond the buffer’s allowed limits. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

Astra Linux - уязвимость в binutils

A issue was discovered in cp-demangle.c within GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplusdemangletype function making recursive calls to itself in certain scenarios involving many ‘P’ characters...

Astra Linux - уязвимость в binutils

The readelf.c file in GNU Binutils 2.32 contains an integer overflow vulnerability that allows attackers to trigger a write access violation in the byteputlittleendian function in elfcomm.c through an ELF file, as demonstrated by readelf...

Astra Linux - уязвимость в gmp

The GNU Multiple Precision Arithmetic Arithmetic Library GMP version up to 6.2.1 has an integer overflow issue in the mpz/inpraw.c file, which can lead to a buffer overflow due to malicious input. This results in a segmentation fault on 32-bit platforms...

Astra Linux - уязвимость в emacs

A vulnerability was discovered in GNU Emacs through version 28.2. The htmlfontify.el script has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir parameters come from external inputs, and these parameters are not escaped properly. If a...

Astra Linux - уязвимость в libtar

An attacker who submits a crafted tar file with a size of 0 in the header struct may be able to trigger a call to malloc0 for a variable named gnulonglink, resulting in an out-of-bounds read...

Astra Linux - уязвимость в binutils

A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in the GNU Binutils through version 2.31. There is an integer overflow and an infinite loop caused by the ISCONTAINEDBYLMA macro in elf.c...

Astra Linux - уязвимость в binutils

The getcount function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service malloc calls with an integer overflow result or potentially have unspecified other impacts through a crafted string, as demonstrated by c++filt...

Astra Linux - уязвимость в binutils

A issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in dcounttemplatesscopes in cp-demangle.c after multiple recursive calls...

glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

A flaw was found in glibc the GNU C Library. When an application uses the gethostbyaddr or gethostbyaddrr functions with a nsswitch.conf configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS Domain Name System response. This crafted response can caus...

glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

A flaw was found in the GNU C library glibc. When applications use the gethostbyaddr or gethostbyaddrr functions with a nsswitch.conf configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to application...

Moderate: Red Hat Security Advisory: glibc security update

An update for glibc is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

GNU Binutils objdump bucomm.c display_info memory leak

...

ALSA-2026:19061 Moderate: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

Security update for glibc (important)

openSUSE security update: security update for glibc ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20764-1 Rating: important References: bsc1261206 bsc1262464 bsc1262465 Cross-References: CVE-2026-4046 CVE-2026-5450 CVE-2026-5928 CVSS scores:...

ALPINE-CVE-2026-42009

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security DTLS packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This...

CVE-2026-8696

CVE-2026-8696 affects radare2 6.1.5, specifically the GDB client core's gdbr_pids_list() function. The vulnerability is a use-after-free that can be triggered by malformed thread information responses, where qsThreadInfo fails after qfThreadInfo allocates RDebugPid structures. This leads to a dou...

CVE-2026-8696 radare2 6.1.5 Use-After-Free via gdbr_pids_list()

radare2 6.1.5 contains a use-after-free vulnerability in the gdbrpidslist function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability ...

CVE-2026-8696 radare2 6.1.5 Use-After-Free via gdbr_pids_list()

radare2 6.1.5 contains a use-after-free vulnerability in the gdbrpidslist function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability ...

CVE-2026-8696

radare2 6.1.5 contains a use-after-free vulnerability in the gdbrpidslist function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability ...