SUSE-SU-2026:2009-1 Security update for haveged

This update for haveged fixes the following issue - CVE-2026-41054: missing exit out of permission check could lead to root exploit bsc1264086. Changes for haveged: - Improvements on the linux kernel random subsystem have made move forward to socket communication within private network - Fix 'sto...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cloud-init (SUSE-SU-2026:1980-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1980-1 advisory. - Update to version 25.1.3 bsc1245403, CVE-2024-11584, CVE-2024-6174 - Update to version 25.1.1...

Security update for cloud-init

This update for cloud-init fixes the following issues: Update to version 25.1.3 bsc1245403, CVE-2024-11584, CVE-2024-6174 Update to version 25.1.1 bsc1239715, jscPED-8680, bsc1228414, bsc1237764 Make sure a directory exists, if not create it, before writing in that location bsc1236720 rsyslog...

SUSE-SU-2026:1980-1 Security update for cloud-init

This update for cloud-init fixes the following issues: - Update to version 25.1.3 bsc1245403, CVE-2024-11584, CVE-2024-6174 - Update to version 25.1.1 bsc1239715, jscPED-8680, bsc1228414, bsc1237764 - Make sure a directory exists, if not create it, before writing in that location bsc1236720 -...

CLSA-2026-1779098063 cloud-init: Fix of CVE-2024-11584

CVE-2024-11584: fix systemd socket unit permission vulnerability to prevent unprivileged user from triggering hotplug-hook commands...

OSV-2026-744 Heap-double-free in _dwarf_destruct_elf_nlaccess

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513032442 Crash type: Heap-double-free Crash state: dwarfdestructelfnlaccess dwarfelfnlsetup dwarfinitpathdla...

CVE-2026-43337

A flaw was found in the Linux kernel's drm/amd/display component. This flaw occurs because the dcn401inithw function does not properly validate a callback pointer updatebwboundingbox before use. This can lead to a NULL pointer dereference, potentially causing a system crash or denial of service...

SUSE-SU-2026:21796-1 Security update for openexr

This update for openexr fixes the following issues - CVE-2026-41142: integer overflow in ImageChannel: resize can lead to a heap out-of-bounds write via OpenEXRUtil public API bsc1264356. - CVE-2026-42216: missing checks in IDManifest: init can lead to out-of-bounds read during prefix expansion...

CVE-2026-41935

Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispatch cycle where Base::init repeatedly invokes permission on error handlers, causing infinite recursion until PHP memory limits are exhausted. Attackers can send sustained requests to forbidden admin...

SUSE-SU-2026:21793-1 Security update for alloy

This update for alloy fixes the following issues Security issues: - CVE-2026-4427: github.com/jackc/pgproto3/v2: improper validation of field length allows a malicious PostgreSQL server to crash a client application via a DataRow message bsc1259919. - CVE-2026-25934: github.com/go-git/go-git/v5:...

curl: libssh SFTP initialization ignores CURLOPT_TIMEOUT, hangs indefinitely

Hi all, The libssh backend in lib/vssh/libssh.c ignores CURLOPTTIMEOUT / --max-time during SFTP subsystem negotiation. A server that completes SSH authentication and then stalls before answering the SSHFXPINIT packet will pin the curl process indefinitely — no timeout fires, no error is returned,...

AMD AIM-T Manageability Service 代码问题漏洞

AMD AIM-T Manageability Service is an industrial-grade remote device management service provided by American semiconductor company AMD. It supports operations and maintenance of edge computing nodes. There are code vulnerabilities in AMD AIM-T Manageability Service. These vulnerabilities stem fro...

PT-2026-40943

Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispatch cycle where Base::init repeatedly invokes permission on error handlers, causing infinite recursion until PHP memory limits are exhausted. Attackers can send sustained requests to forbidden admin...

Malicious Package

Overview github.com/BufferZoneCorp/go-stdlog is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a cluster o...

Malicious Package

Overview github.com/BufferZoneCorp/config-loader is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a clust...

SUSE CVE-2026-43337

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference in dcn401inithw dcn401inithw assumes that updatebwboundingbox is valid when entering the update path. However, the existing condition: !fams2enable && updatebwboundingbox || freqchang...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the acp3x5682init function not checking the return value of clkget. This could lead to a...

CVE-2025-29338

CVE-2025-29338 affects the NXP moal.ko Wi‑Fi kernel driver (driver version 5.1.7.10) across firmware builds from v17.92.1.p149.43 to v17.92.1.p149.157. The root cause is a stack‑based buffer overflow in the parsing path: woal_setup_module_param allocates a fixed stack buffer and parse_cfg_get_lin...

PT-2026-40630

Name of the Vulnerable Software and Affected Versions NXP moal.ko versions prior to 5.1.7.10 Description A stack buffer overflow exists in the wireless kernel module. The issue occurs within the woal init module param function via the mod para parameter. Recommendations Update to version 5.1.7.10...

SUSE CVE-2026-43328

In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: fix double free in cpufreqdbsgovernorinit error path When kobjectinitandadd fails, cpufreqdbsgovernorinit calls kobjectput&dbsdata-attrset.kobj. The kobject release callback cpufreqdbsdatarelease calls...