golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

glibc security update

2.28-251.0.4.31 - Forward port of Oracle patches Reviewed-by: Jose E. Marchesi Oracle history: February-24-2026 Cupertino Miranda - 2.28-251.0.4.27 - Fixed orabug 38834066 stpcpy MTE support Reviewed-by: Jose E. Marchesi December-8-2025 Cupertino Miranda - 2.28-251.0.3.27 - Forward port of Oracle...

Exploit for Argument Injection in Gnu Inetutils

CVE-2026-24061 - telnetd auth bypass o co chodzi argument...

Exploit for Argument Injection in Gnu Inetutils

CVE-2026...

CLSA-2026-1773827924 glibc: Fix of CVE-2025-15281

CVE-2025-15281: fix process crash in wordexp when attempting to reuse and append to previous expansion results due to uninitialized memory access...

glibc: glibc: Information disclosure via zero-valued network query

A flaw was found in glibc, the GNU C Library. When an application calls the getnetbyaddr or getnetbyaddrr functions to resolve a network address, and the system's nsswitch.conf file is configured to use a DNS Domain Name System backend for network lookups, a query for a zero-valued network can le...

Insufficient validation of PAX extensions during extraction

In versions 0.5.6 and earlier of astral-tokio-tar, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser differential, for example by silently skipping a malform...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

EulerOS Virtualization 2.12.0 : gnupg2 (EulerOS-SA-2026-1484)

According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an...

EulerOS Virtualization 2.12.1 : binutils (EulerOS-SA-2026-1418)

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copysecti...

EulerOS Virtualization 2.12.0 : binutils (EulerOS-SA-2026-1475)

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copysecti...

EulerOS Virtualization 2.12.0 : ncurses (EulerOS-SA-2026-1502)

According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the...

Moderate: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glibc (UTSA-2026-006239)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006239 advisory. The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a...

EUVD-2026-12154

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...

Exploit for Argument Injection in Gnu Inetutils

CVE-2026-24061 — GNU InetUtils telnetd Authentication Bypass...

CVE-2026-3441

A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker can trigger this...

DEBIAN-CVE-2026-32772

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...

UBUNTU-CVE-2026-3442

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may...

UBUNTU-CVE-2026-3441

A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker can trigger this...