MGASA-2026-0191 Updated libxmp packages fix security vulnerabilities

CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbisdeinit CVE-2023-45680: Null pointer dereference in vorbisdeinit CVE-2023-45681: Out of bounds heap buffer write CVE-2023-45676: Multi-byte write heap buffer overflow in startdecoder CVE-2023-45677: Heap buffer out of bounds...

Updated libxmp packages fix security vulnerabilities

CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbisdeinit CVE-2023-45680: Null pointer dereference in vorbisdeinit CVE-2023-45681: Out of bounds heap buffer write CVE-2023-45676: Multi-byte write heap buffer overflow in startdecoder CVE-2023-45677: Heap buffer out of bounds...

CVE-2026-26240 File Station 5

A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later...

EUVD-2026-35983

A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later...

CVE-2026-26240

CVE-2026-26240 is a bufferoverflow in File Station 5. The vulnerability could allow a remote attacker to modify memory or crash processes. Public metrics show a high impact on integrity and availability with network attack vector and no user interaction required. The issue has been addressed in F...

EUVD-2026-35981

A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later...

CVE-2026-26241 File Station 5

A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later...

CVE-2026-26241

CVE-2026-26241 affects File Station 5; a buffered overflow in a component of File Station 5. Exploitation could crash or modify memory, with impact described as high on integrity and availability (per CVSS data). A fix is available in File Station 5 5.5.6.5243 and later. Public details across con...

CVE-2026-26241 File Station 5

A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later...

CVE-2026-26239

A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5208 and later...

EUVD-2026-35979

A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5208 and later...

CVE-2026-26239 File Station 5

A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5208 and later...

CVE-2026-27671

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high...

SUSE CVE-2026-11611

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...

SUSE CVE-2026-11669

Out of bounds read in Media in Google Chrome on ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-11678

Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-11696

Uninitialized Use in Video in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-46317

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nestedmmus array behind mmulock kvm-arch.nestedmmus is walked under kvm-mmulock, including from the MMU notifier path kvmunmapgfnrange - kvmnesteds2unmap, which can run at any time. kvmvcpuinitnested...

SUSE CVE-2026-46320

In the Linux kernel, the following vulnerability has been resolved: tap: free page on error paths in tapgetuserxdp tapgetuserxdp rejects a frame shorter than ETHHLEN with -EINVAL, and returns -ENOMEM when buildskb fails. Both paths jump to the err label without freeing the page that...

SUSE CVE-2026-46321

In the Linux kernel, the following vulnerability has been resolved: tun: free page on short-frame rejection in tunxdpone tunxdpone returns -EINVAL on a frame shorter than ETHHLEN without freeing the page that vhostnetbuildxdp allocated for it. tunsendmsg discards that -EINVAL and still returns...