27 matches found
ExifReader is vulnerable to denial of service via unbounded decompression of image metadata
Impact Versions of ExifReader from 4.20.0 through 4.38.1 do not bound the size of decompressed metadata blocks. When a caller invokes the asynchronous API e.g. ExifReader.loadfile or ExifReader.loadbuffer, async: true on an attacker-supplied image, a small compressed chunk in the file can expand ...
PT-2026-42698
Summary When an application using Pydantic AI opts a URL into force download='allow-local' which disables the default block on private/internal IPs, the cloud-metadata blocklist could be bypassed by encoding the metadata IP in an IPv6 transition form IPv4-mapped IPv6, 6to4, or NAT64. Dual-stack a...
CVE-2026-32836
drlibs drflac.h version 0.13.3 and earlier fixed in commits fefced4, 4f5a4cd, and 663239a contain an uncontrolled memory allocation vulnerability in drflacreadanddecodemetadata that allows attackers to trigger excessive memory allocation by supplying crafted PICTURE metadata blocks. Attackers can...
Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005565 fixes several issues. The following security issues were fixed: CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1232637...
SUSE-SU-2025:0084-1 Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-150600105 fixes several issues. The following security issues were fixed: - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. - CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. -...
SUSE SLES15 Security Update : kernel RT (Live Patch 0 for SLE 15 SP6) (SUSE-SU-2024:4129-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4129-1 advisory. This update for the Linux Kernel 6.4.0-1506008 fixes several issues. The following security issues were fixed: - CVE-2024-36904: tcp: Use...
SUSE SLES15 Security Update : kernel RT (Live Patch 14 for SLE 15 SP5) (SUSE-SU-2024:4125-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4125-1 advisory. This update for the Linux Kernel 5.14.21-1505001352 fixes several issues. The following security issues were fixed: - CVE-2021-47517: Fix panic...
SUSE-SU-2024:4227-1 Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005539 fixes several issues. The following security issues were fixed: - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. - CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. - CVE-2024-43861: Fix...
SUSE-SU-2024:4219-1 Security update for the Linux Kernel (Live Patch 58 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122222 fixes several issues. The following security issues were fixed: - CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks bsc1229273. - CVE-2024-41059: hfsplus: fix...
SUSE-SU-2024:4217-1 Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-15060021 fixes several issues. The following security issues were fixed: - CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. - CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. - CVE-2024-35949: btrfs: make sure that WRITT...
SUSE-SU-2024:4216-1 Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005559 fixes several issues. The following security issues were fixed: - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. - CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. - CVE-2024-43861: Fix...
SUSE-SU-2024:4206-1 Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005544 fixes several issues. The following security issues were fixed: - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. - CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. - CVE-2024-43861: Fix...
Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-150600105 fixes several issues. The following security issues were fixed: CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks bsc1229273. CVE-2023-52752: smb: client: fix...
SUSE-SU-2024:4139-1 Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-150600105 fixes several issues. The following security issues were fixed: - CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks bsc1229273. - CVE-2023-52752: smb: client...
Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-1506008 fixes several issues. The following security issues were fixed: CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. CVE-2024-35949: btrfs: make sure that WRITTEN is s...
SUSE-SU-2024:4128-1 Security update for the Linux Kernel RT (Live Patch 17 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505001361 fixes several issues. The following security issues were fixed: - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. - CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. - CVE-2021-47598: schcake: do n...
SUSE-SU-2024:4127-1 Security update for the Linux Kernel RT (Live Patch 16 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505001358 fixes several issues. The following security issues were fixed: - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. - CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. - CVE-2024-43861: Fix...
SUSE CVE-2024-35949
In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfscheckleaf if we had the check integrity code enabled, which meant that we could only run the extended leaf checks if we had WRITTEN set on...
CVE-2024-35949
A flaw was found in the btrfs module in the Linux kernel. In some conditions, a corrupted file system can trigger out-of-bounds access and cause a general protection fault, resulting in a denial of service...
CVE-2024-35949
In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfscheckleaf if we had the check integrity code enabled, which meant that we could only run the extended leaf checks if we had WRITTEN set on...