GNU C Library 安全漏洞

The GNU C Library is an open-source, free C programming language library published by the GNU community under the LGPL license. Versions of the GNU C Library 2.34 to 2.43 contain security vulnerabilities. These vulnerabilities arise from the gethostbyaddr or gethostbyaddrr functions potentially...

Linux Distros Unpatched Vulnerability : CVE-2026-4437

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2....

SUSE SLES12 Security Update : krb5-appl (SUSE-SU-2026:0930-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0930-1 advisory. This update for krb5-appl fixes the following issue: - CVE-2026-32746: Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd LINEMODE bsc1259691...

CVE-2026-3580 Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V

In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.58 packages and security update

Red Hat OpenShift Container Platform release 4.16.58 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

glibc security update

2.28-251.0.4.31 - Forward port of Oracle patches Reviewed-by: Jose E. Marchesi Oracle history: February-24-2026 Cupertino Miranda - 2.28-251.0.4.27 - Fixed orabug 38834066 stpcpy MTE support Reviewed-by: Jose E. Marchesi December-8-2025 Cupertino Miranda - 2.28-251.0.3.27 - Forward port of Oracle...

Exploit for Argument Injection in Gnu Inetutils

CVE-2026-24061 - telnetd auth bypass o co chodzi argument...

Exploit for Argument Injection in Gnu Inetutils

CVE-2026...

CLSA-2026-1773827924 glibc: Fix of CVE-2025-15281

CVE-2025-15281: fix process crash in wordexp when attempting to reuse and append to previous expansion results due to uninitialized memory access...

glibc: glibc: Information disclosure via zero-valued network query

A flaw was found in glibc, the GNU C Library. When an application calls the getnetbyaddr or getnetbyaddrr functions to resolve a network address, and the system's nsswitch.conf file is configured to use a DNS Domain Name System backend for network lookups, a query for a zero-valued network can le...

Insufficient validation of PAX extensions during extraction

In versions 0.5.6 and earlier of astral-tokio-tar, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser differential, for example by silently skipping a malform...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

EulerOS Virtualization 2.12.0 : gnupg2 (EulerOS-SA-2026-1484)

According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an...

EulerOS Virtualization 2.12.0 : ncurses (EulerOS-SA-2026-1502)

According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the...

EulerOS Virtualization 2.12.1 : binutils (EulerOS-SA-2026-1418)

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copysecti...

EulerOS Virtualization 2.12.0 : binutils (EulerOS-SA-2026-1475)

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copysecti...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glibc (UTSA-2026-006239)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006239 advisory. The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a...

Moderate: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

EUVD-2026-12154

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...