SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rust1.92 (SUSE-SU-2026:1337-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1337-1 advisory. - CVE-2026-31812: Denial of service via crafted QUIC initial packet bsc1259623. Tenable has extracted the...

Security update for rust1.92

This update for rust1.92 fixes the following issues: CVE-2026-31812: Denial of service via crafted QUIC initial packet bsc1259623. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

SUSE CVE-2026-31812

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed...

EUVD-2026-10908

Quinn affected by unauthenticated remote DoS via panic in QUIC transport parameter parsing...

Quinn affected by unauthenticated remote DoS via panic in QUIC transport parameter parsing

Summary A remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quictransportparameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap, so...

CVE-2026-31812 Quinn affected by unauthenticated remote DoS via panic in QUIC transport parameter parsing

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed...

CVE-2026-26081

crash via INITIAL packet for the NEWTOKEN format...

UBUNTU-CVE-2026-26081

crash via INITIAL packet for the NEWTOKEN format...

kernel: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path

In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Don't pass actlen in usbbulkmsg error path syzbot reported that actlen in kalmiasendinitpacket is uninitialized when passing it to the first usbbulkmsg error path. Jiri Pirko noted that it's pointless to pass it ...

QUIC Service Detection

Nessus was able to detect that the remote service supports QUIC by sending a QUIC initial packet and receiving QUIC handshake messages in reply. TRUSTED...