ALSA-2025:19409 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ipv6: sr: Fix MAC comparison to be constant-time CVE-2025-39702 kernel: fs: fix UAF/GPF bug in nilfsmdtdestroy CVE-2022-50367 kernel: crypto: xts - Handle EBUSY correctly CVE-2023-53494 F...

Google Go 安全漏洞

Google Go is a static strongly-typed, compiled, concatenated, and garbage-collected programming language from Google, Inc USA. A security vulnerability exists in Google Go that stems from the Parse function not properly validating the IPv6 address format within square brackets in the URL host...

RLSA-2025:18318 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush CVE-2025-38351 kernel: sunrpc: fix client side handling of tls alerts CVE-2025-38571 kernel: eventpoll: Fix semi-unbound...

RockyLinux 10 : kernel (RLSA-2025:18318)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:18318 advisory. kernel: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush CVE-2025-38351 kernel: sunrpc: fix client side handling of tls alerts...

kernel: ipv6: mcast: Delay put pmc->idev in mld_del_delrec()

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Delay put pmc-idev in mlddeldelrec pmc-idev is still used in ip6mcclearsrc, so as mldcleardelrec does, the reference should be put after ip6mcclearsrc return...

CVE-2025-55092

CVE-2025-55092 affects Eclipse Foundation NetX Duo prior to 6.4.4, a networking stack for Eclipse ThreadX. The issue is a potential out-of-bounds read in the IPv4 handling path: in the function _nx_ipv4_option_process(), triggered when processing an IPv4 packet with the timestamp option. The Red ...

EUVD-2025-33397

A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on SRX4700 devices allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. When forwarding-options sampling is enabled, receipt of any traffic destined to the...

CVE-2025-60004 Junos OS and Junos OS Evolved: Specific BGP EVPN update message causes rpd crash

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-Of-Service DoS. When an affected system receives a specific BGP EVPN updat...

CVE-2025-59967

CVE-2025-59967 describes a NULL Pointer Dereference in Juniper Networks Junos OS Evolved, specifically the evo-pfemand daemon used on ACX7024/7024X/7100-32C/7100-48L/7348/7509. The issue allows an unauthenticated adjacent attacker to trigger a crash/restart of evo-pfemand by receiving certain val...

PT-2025-41406

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved versions 23.2R2-EVO through 23.2R2-S4-EVO Juniper Networks Junos OS Evolved versions 23.4R1-EVO through 23.4R2-EVO Description A NULL Pointer Dereference issue exists in the PFE management daemon evo-pfemand o...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-391262)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-391262 advisory. In the Linux kernel, the following vulnerability has been resolved: gtp: pull network headers in gtpdevxmit syzbot/KMSAN reported use of uninit-value in getdevxmit 1...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414516)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414516 advisory. In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/outputcore.c has an information leak because of certain use of a hash table which, although bi...

RLSA-2025:7466 Moderate: delve and golang security update

Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you're using a debugger, things aren't going your way. With that in mind, Delve should stay out ...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to a missing NULL byte termination after strncpy call. An attacker can cause a crash and disrupt application availability by triggering an out-of-bounds read if API functions of OpenSSL HTTP client are used while...

CVE-2025-9232

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash...

OpenSSL 3.5.0 < 3.5.4 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.5.4. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.5.4 advisory. - Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm...

PT-2025-39988

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0.16 through 3.5.0 EDK II affected versions not specified Description An issue has been identified in OpenSSL where an application using the HTTP client API functions may trigger an out-of-bounds read if the no proxy...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling CVE-2022-50053 In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobjectput is safe for module type kobjects CVE-2025-37995 In the Linux kernel,...

SUSE CVE-2025-39852

In the Linux kernel, the following vulnerability has been resolved: net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 When tcpaocopyallmatching fails in tcpv6synrecvsock it just exits the function. This ends up causing a memory-leak: unreferenced object 0xffff0000281a8200 size...

Linux Distros Unpatched Vulnerability : CVE-2023-53342

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix handling IPv4 routes with nhid Fix handling IPv4 routes...