AZL-79030 CVE-2025-22870 affecting package golang 1.25.7-1

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

AZL-58455 CVE-2025-22870 affecting package keda for versions less than 2.14.1-7

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

AZL-58380 CVE-2025-22870 affecting package git-lfs for versions less than 3.5.1-5

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

Security update for go1.23

This update for go1.23 fixes the following issues: CVE-2025-22870: golang.org/x/net/proxy, golang.org/x/net/http/httpproxy: Fixed proxy bypass using IPv6 zone IDs bsc1238572 Other fixes: Updated go version to go1.23.7 bsc1229122: go71985 go71984 bsc1238572 security: fix CVE-2025-22870 net/http,...

django: potential denial-of-service vulnerability in IPv6 validation

A flaw was found in the Django framework. Lack of upper bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial of service attack. The undocumented and private functions cleanipv6address and isvalidipv6address were vulnerable, as was the...

SUSE CVE-2022-49576

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix data-races around sysctlfibmultipathhashfields. While reading sysctlfibmultipathhashfields, it can be changed concurrently. Thus, we need to add READONCE to its readers...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from rpl, seg6, and ioam6 lwtunnels not handling dst cache references correctly, which could lead to a memory lea...

CVE-2022-49153 wireguard: socket: free skb in send6 when ipv6 is disabled

In the Linux kernel, the following vulnerability has been resolved: wireguard: socket: free skb in send6 when ipv6 is disabled I got a memory leak report: unreferenced object 0xffff8881191fc040 size 232: comm "kworker/u17:0", pid 23193, jiffies 4295238848 age 3464.870s hex dump first 32 bytes: 00...

SUSE-SU-2025:20044-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 kernel was updated to receive various security bugfixes. This release includes the first live patch. The following security bugs were fixed: - CVE-2023-52489: mm/sparsemem: fix race in accessing memorysection-usage bsc1221326. - CVE-2023-52581: netfilter:...

Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005559 fixes several issues. The following security issues were fixed: CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefileswithdrawcookie bsc1229275. CVE-2024-36971: Fixed dstnegativeadvice race bsc1226324. CVE-2024-50264: vsock/virtio:...

GHSA-QCGG-J2X8-H9G8 Django has a potential denial-of-service vulnerability in IPv6 validation

An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...

CVE-2025-21599

A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver jtd of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service. Receipt of specifically malformed IPv6 packets, destined to the device, causes...

SUSE CVE-2024-56751

In the Linux kernel, the following vulnerability has been resolved: ipv6: release nexthop on device removal The CI is hitting some aperiodic hangup at device removal time in the pmtu.sh self-test: unregisternetdevice: waiting for vethA-R1 to become free. Usage count = 6 reftracker:...

DEBIAN-CVE-2024-56646

In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid possible NULL deref in modifyprefixroute syzbot found a NULL deref 1 in modifyprefixroute, caused by one fib6info without a fib6table pointer set. This can happen for net-ipv6.fib6nullentry 1 Oops: general protection...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow timeout for anonymous sets CVE-2023-52620 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix oob in ntfslistxattr CVE-2023-52640 In the Linux kernel, th...

OESA-2024-2519 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix invalid FIFO access with special register set When enabling access to the special register set, Receiver time-out and RHR interrupts can...

Security update for python3

This update for python3 fixes the following issues: CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses bsc1233307 Other fixes: - Remove -IVendor/ from python-config bsc1231795 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...

DEBIAN-CVE-2024-53139

In the Linux kernel, the following vulnerability has been resolved: sctp: fix possible UAF in sctpv6available A lockdep report 1 with CONFIGPROVERCULIST=y hints that sctpv6available is calling devgetbyindexrcu and ipv6chkaddr without holding rcu. 1 ============================= WARNING: suspiciou...

Security update for python

This update for python fixes the following issues: CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses bsc1233307 Other fixes: - Add ipaddress module from https://github.com/phihag/ipaddress - Remove -IVendor/ from python-config bsc1231795 - Stop using %%defattr, it seems...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a system crash when gsomaxsize/gsoipv4maxsize is configured too small...