Astra Linux - уязвимость в gst-plugins-good1.0

DOS: Potential heap overwrite during MKV demuxing using LZO decompression. Integer overflow in the Matroskademux element within the LZO decompression function can cause a segfault, or potentially a heap overwrite, depending on the libc and operating system. Depending on the libc used and the...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression buffer overrun Unlike the decompression code, the compression code in LZO never checked for output overruns. It instead assumes that the caller always provides enough buffer space, disregarding the...

[SECURITY] Fedora 42 Update: openvpn-2.6.20-1.fc42

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

[SECURITY] Fedora 44 Update: openvpn-2.7.3-1.fc44

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255594. CVE-2023-54142: gtp: Fix use-after-free in gtpencapdestroy bsc1256095...

ROS-20260205-73-0028

A vulnerability in the crypto, lzo modules of the Linux kernel is related to buffer copying without input data validation. Exploitation of the vulnerability may allow an attacker to violate data integrity and also cause a denial of service...

CVE-2026-23044 PM: hibernate: Fix crash when freeing invalid crypto compressor

In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fix crash when freeing invalid crypto compressor When cryptoallocacomp fails, it returns an ERRPTR value, not NULL. The cleanup code in savecompressedimage and loadcompressedimage unconditionally calls...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-50282: chardev: fix error handling in cdevdeviceadd bsc1249739. CVE-2022-50630: mm: hugetlb: fix UAF in hugetlbhandleuserfault bsc1254785. CVE-2022-50700: wifi:...

CLSA-2026-1770028764 kernel: Fix of 14 CVEs

efivarfs: Fix slab-out-of-bounds in efivarfsdcompare CVE-2025-39817 - scsi: ses: Fix possible descptr out-of-bounds accesses CVE-2023-53675 - ipv6: Fix out-of-bounds access in ipv6findtlv CVE-2023-53705 - libceph: fix potential use-after-free in havemonandosdmap CVE-2025-68285 - scsi: lpfc: Fix...

SUSE-SU-2026:0350-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50282: chardev: fix error handling in cdevdeviceadd bsc1249739. - CVE-2022-50630: mm: hugetlb: fix UAF in hugetlbhandleuserfault bsc1254785. - CVE-2022-50700:...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38068)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38068 advisory. - In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression buffer...

CLSA-2026-1768110920 kernel: Fix of 16 CVEs

crypto: lzo - Fix compression buffer overrun CVE-2025-38068 - wifi: brcmfmac: fix use-after-free when rescheduling brcmfbtcoexinfo work CVE-2025-39863 - NFSD: Protect against send buffer overflow in NFSv2 READ CVE-2022-43945 - tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. CVE-2025-40186 - can:...

MiracleLinux 9 : gstreamer1-plugins-good-1.18.4-6.el9 (AXSA:2023-5649:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5649:01 advisory. gstreamer-plugins-good: Potential heap overwrite in gstmatroskademuxaddwvpkheader CVE-2022-1920 gstreamer-plugins-good: Heap-based buffer overflow i...

CLSA-2026-1768663754 kernel: Fix of 38 CVEs

ALSA: usb-audio: Fix out-of-bounds read in sndusbgetaudioformatuac3 CVE-2025-38249 - drm/i915/gt: Fix timeline left held on VMA alloc error CVE-2025-38389 - md/raid1: Fix stack memory use after return in raid1reshape CVE-2025-38445 - atm: clip: Fix infinite recursive call of clippush...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000620)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000620 advisory. Multiple integer overflows in the lzo1xdecompresssafe function in lib/lzo/lzo1xdecompresssafe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001895)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001895 advisory. Multiple integer overflows in the lzo1xdecompresssafe function in lib/lzo/lzo1xdecompresssafe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow...

MiracleLinux 7 : grub2-2.02-0.87.14.0.5.el7.AXS7 (AXSA:2025-10973:08)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10973:08 advisory. CVE-2014-4607: minilzo: Update to minilzo-2.08 to fix integer overflow CVEs: CVE-2014-4607 Integer overflow in the LZO algorithm variant in Oberhumer liblzo...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use of Uninitialized Resource (CVE-2024-49900)

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of newea in eabuffer syzbot reports that lzo1x1docompress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x1docompress+0x19f9/0x2510...

EUVD-2019-2454

Malware in sbrugna...

EUVD-2017-17787

Malware in sbrugna...