curl: libssh SFTP initialization ignores CURLOPT_TIMEOUT, hangs indefinitely

Hi all, The libssh backend in lib/vssh/libssh.c ignores CURLOPTTIMEOUT / --max-time during SFTP subsystem negotiation. A server that completes SSH authentication and then stalls before answering the SSHFXPINIT packet will pin the curl process indefinitely — no timeout fires, no error is returned,...

CVE-2026-43245

In the Linux kernel, the following vulnerability has been resolved: ntfs: -dcompare must not block ... so don't use getname there. Switch it and ntfsdhash, while we are at it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash almost certainly can do with smaller allocations, but let ntfs folks deal wit...

PT-2026-37585

In the Linux kernel, the following vulnerability has been resolved: ntfs: -d compare must not block ... so don't use getname there. Switch it and ntfs d hash, while we are at it to kmallocPATH MAX, GFP NOWAIT. Yes, ntfs d hash almost certainly can do with smaller allocations, but let ntfs folks...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: 9p/transfd: always use ONONBLOCK read/write syzbot is reporting hung task at p9fdclose 1, for p9muxpollstop from p9conndestroy from p9fdclose is failing to interrupt already started kernelread from p9fdread from p9readwork and/or...

UBUNTU-CVE-2026-23050

In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix a deadlock when returning a delegation during open Ben Coddington reports seeing a hang in the following stack trace: 0 ffffd0b50e1774e0 schedule at ffffffff9ca05415 1 ffffd0b50e177548 schedule at ffffffff9ca05717 2...

EUVD-2026-5496

In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix a deadlock when returning a delegation during open Ben Coddington reports seeing a hang in the following stack trace: 0 ffffd0b50e1774e0 schedule at ffffffff9ca05415 1 ffffd0b50e177548 schedule at ffffffff9ca05717 2...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993166)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993166 advisory. In the Linux kernel, the following vulnerability has been resolved: 9p/transfd: always use ONONBLOCK read/write syzbot is reporting hung task at p9fdclose 1, for...

CVE-2025-68286

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check NULL before accessing WHAT IGT kmscursorlegacy's long-nonblocking-modeset-vs-cursor-atomic fails with NULL pointer dereference. This can be reproduced with both an eDP panel and a DP monitors connected. BUG...

AZL-72622 CVE-2025-68286 affecting package kernel for versions less than 6.6.119.3-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check NULL before accessing WHAT IGT kmscursorlegacy's long-nonblocking-modeset-vs-cursor-atomic fails with NULL pointer dereference. This can be reproduced with both an eDP panel and a DP monitors connected. BUG...

CVE-2025-68286 drm/amd/display: Check NULL before accessing

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check NULL before accessing WHAT IGT kmscursorlegacy's long-nonblocking-modeset-vs-cursor-atomic fails with NULL pointer dereference. This can be reproduced with both an eDP panel and a DP monitors connected. BUG...

CVE-2023-53860

In the Linux kernel, the following vulnerability has been resolved: dm: don't attempt to queue IO under RCU protection dm looks up the table for IO based on the request type, with an assumption that if the request is marked REQNOWAIT, it's fine to attempt to submit that IO while under RCU read lo...

EUVD-2025-120338

Malicious code in xanadu-deneb-non-blocking-atlas npm...

MAL-2025-149853 Malicious code in zenith-iota-sedna-non-blocking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e0951cf7f9333702afff9bb26db65d093a3a169d26b74598e2e501bcd246b7d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bootes-toml-non-blocking-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32250d5fdfe61a98e4d4cee9e2c18bd20f478a645751fa2a65929da0c6646063 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-124065

Malicious code in optimize-css-assets-webpack-plugin-achernar-non-blocking-mensa npm...

EUVD-2025-123820

Malicious code in perseus-ora-non-blocking-altair npm...

MAL-2025-141526 Malicious code in delphinus-non-blocking-mysql-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf1d58c5a5d0d5e690108078ebedab4b4ccd7530c04b5a21e5335aaa9bcbc593 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

[SECURITY] Fedora 41 Update: squid-6.14-1.fc41

Squid is a high-performance proxy caching server for Web clients, supporting FTP and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups...

Malicious code in antares-non-blocking-inflation-html-webpack-plugin (npm)

The package antares-non-blocking-inflation-html-webpack-plugin was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2022-49767

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 9p/transfd: always use ONONBLOCK read/write syzbot is reporting hung task at p9fdclose 1, for p9muxpollstop from p9conndestroy from p9fdclose is failing to...