PT-2026-38485

The NSEC3 closest-encloser proof validation in hickory-proto's 0.25.0-alpha.3 ... 0.25.2 and hickory-net's 0.26.0-alpha.1 .. 0.26.0 DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of th...

NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

The NSEC3 closest-encloser proof validation in hickory-proto's DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of the SOA owner, terminating only when the current candidate equals the S...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 kernel was updated to fix various security issues The following security issues were fixed: CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue bsc1255163. CVE-2023-53827: Bluetooth: L2CAP: Fix use-after-free in...

CLSA-2025-1760983231 Fix of 25 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-41069 - ASoC: topology: Fix references to freed memory - ASoC: topology: Do not assign fields that are already set - ASoC: topology: Clean up route loading Bionic update: upstream stable patchset 2021-06-11 LP: 1931740 // CVE- url:...

RHEL 9 : kernel-rt (RHSA-2025:14094)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14094 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

CLSA-2025-1754037187 Fix of 7 CVEs

CVE-url: https://ubuntu.com/security/CVE-2021-47352 - virtio-net: Add validation for used length CVE-url: https://ubuntu.com/security/CVE-2024-46771 - can: bcm: Remove proc entry when dev is unregistered. Bionic update: upstream stable patchset 2023-01-20 LP: 2003596 // CVE- url:...

CVE-2025-38413

In the Linux kernel, the following vulnerability has been resolved: virtio-net: xsk: rx: fix the frame's length check When calling buftoxdp, the len argument is the frame data's length without virtio header's length vi-hdrlen. We check that len with xskpoolgetrxframesize + vi-hdrlen to ensure the...

SUSE-SU-2025:02076-1 Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-150600105 fixes several issues. The following security issues were fixed: - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inetcreate bsc1235231. - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing...

November 12, 2024-KB5046266 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016

November 12, 2024-KB5046266 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016 Revised December 6, 2024: Update to adjust the improvements from the security improvements section to the quality and reliability improvements section. Release Date: November...

Oracle Linux 7 : kernel (ELSA-2024-5259)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-5259 advisory. 3.10.0-1160.119.1.0.3.el7.OL7 - net: fix dstnegativeadvice race Eric Dumazet Orabug: 36947298 3.10.0-1160.119.1.0.2.el7.OL7 - md/raid5: fix oops during...

SUSE CVE-2024-43817

In the Linux kernel, the following vulnerability has been resolved: net: missing check virtio Two missing check in virtionethdrtoskb allowed syzbot to crash kernels again 1. After the skbsegment function the buffer may become non-linear nrfrags != 0, but since the SKBTXSHAREDFRAG flag is not set...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-075)

The version of kernel installed on the remote host is prior to 5.4.278-191.377. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2024-075 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fix dstnegativeadvice race CVE-2024-36971...

CVE-2024-36971 net: fix __dst_negative_advice() race

In the Linux kernel, the following vulnerability has been resolved: net: fix dstnegativeadvice race dstnegativeadvice does not enforce proper RCU rules when sk-dstcache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk-skdstcache, then call dstreleaseolddst. Note...

Unbreakable Enterprise kernel security update

5.4.17-2102.201.3uek - locking/qrwlock: Fix ordering in queuedwritelockslowpath Ali Saidi Orabug: 32805544 5.4.17-2102.201.2uek - md/bitmap: wait for external bitmap writes to complete during tear down Sudhakar Panneerselvam Orabug: 32764237 - ocfs2: fix deadlock between setattr and dioendiowrite...

Unbreakable Enterprise kernel security update

4.14.35-1844.1.3 - net: rds: fix rdsibsysctlmaxrecvallocation error Zhu Yanjun Orabug: 29003422 - nfs: dont dirty kernel pages read by direct-io Dave Kleikamp Orabug: 29122062 - KVM: X86: Fix scan ioapic use-before-initialization Wanpeng Li Orabug: 29026132 CVE-2018-19407 - hugetlb: take PMD...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.3 kernel was updated to 4.4.155 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13093: Prevent NULL pointer dereference and panic in lookupslow on a NULL inode-iops pointer when doing pathwalks on a corrupted xfs image. This occure...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3514)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3514 advisory. - vfio/pci: Fix integer overflows, bitmask check Vlad Tsyrklevich Orabug: 25164094 CVE-2016-9083 CVE-2016-9084 - Don't feed anything but regular...

OracleVM 3.3 : Unbreakable / etc (OVMSA-2016-0180)

The remote OracleVM system is missing necessary patches to address critical security updates : - x86/iopl/64: properly context-switch IOPL on Xen PV Andy Lutomirski Orabug: 25269176 CVE-2016-3157 CVE-2016-3157 - net: Fix use after free in the recvmmsg exit path Arnaldo Carvalho de Melo Orabug:...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0179)

The remote OracleVM system is missing necessary patches to address critical security updates : - net: Fix use after free in the recvmmsg exit path Arnaldo Carvalho de Melo Orabug: 25298601 CVE-2016-7117 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were...

kernel security and bug fix update

kernel - 2.6.18-416.0.0.0.1 - netfront fix ring buffer index go back led vif stop orabug 18272251 - net fix tcptrimhead James Li orabug 14512145, 19219078 - ocfs2: dlm: fix recovery hung Junxiao Bi orabug 13956772 - i386: fix MTRR code Zhenzhong Duan orabug 15862649 - oprofile x86, mm: Add...