GHSA-GCHP-Q4R4-X4FF tar-rs incorrectly ignores PAX size headers if header size is nonzero

Summary As part of CVE-2025-62518 the astral-tokio-tar project was changed to correctly honor PAX size headers in the case where it was different from the base header. However, it was missed at the time that this project the original Rust tar crate had a conditional logic that skipped the PAX siz...

CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

CVE-2026-32953

Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets USS to be silently ignored, producing the same Compound Device Identifier CDI—and thus the same key...

CVE-2026-32953

Tillitis TKey Client (Go module tkeyclient) versions

tar-rs incorrectly ignores PAX size headers if header size is nonzero

Versions 0.4.44 and below of tar-rs have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518astral-cve, the astral-tokio-tar project was changed to correctly honor PAX size headers in the case where it was different from the...

Incorrect Implementation of Authentication Algorithm

Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm due to an error in the protocol implementation when handling the User Supplied Secret USS digest in the LoadApp function. An attacker can cause the Compound Device Identifier CDI to b...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38126)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38126 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: stmmac: make sure that ptprate is n...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVCINVALIDENTITYID According to UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each unit and terminal within the video function is assigned a uniqu...

SUSE CVE-2023-54167

In the Linux kernel, the following vulnerability has been resolved: m68k: mm: Move initrd phystovirt handling after paginginit When booting with an initial ramdisk on platforms where physical memory does not start at address zero e.g. on Amiga: initrd: 0ef0602c - 0f800000 Zone ranges: DMA mem...

CVE-2023-54167

In the Linux kernel, the following vulnerability has been resolved: m68k: mm: Move initrd phystovirt handling after paginginit When booting with an initial ramdisk on platforms where physical memory does not start at address zero e.g. on Amiga: initrd: 0ef0602c - 0f800000 Zone ranges: DMA mem...

UBUNTU-CVE-2023-54167

In the Linux kernel, the following vulnerability has been resolved: m68k: mm: Move initrd phystovirt handling after paginginit When booting with an initial ramdisk on platforms where physical memory does not start at address zero e.g. on Amiga: initrd: 0ef0602c - 0f800000 Zone ranges: DMA mem...

PT-2025-53996

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of initial ramdisks initrd on m68k platforms where physical memory does not start at address zero, such as on Amiga systems...

CVE-2025-68355

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exclusive map memory leak When exclproghash is 0 and exclproghashsize is non-zero, the map also needs to be freed. Otherwise, the map memory will not be reclaimed, just like the memory leak problem reported by syzbot 1...

JLSEC-2025-230 Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigg...

Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtlsasn1storenameddata can trigger conflicting data with val.p of NULL but val.len greater than zero...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989044)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989044 advisory. In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free race condition for maps It is possible that in between calling...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988764)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988764 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug in extents parsing when ehentries == 0 and ehdepth 0 When walking through an inode...

SUSE CVE-2025-40016

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVCINVALIDENTITYID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...

JLSEC-2025-50 Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations...

Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for configurations with a nonzero XMLCONTEXTBYTES...

EUVD-2022-55314

Malicious code in bioql PyPI...

CVE-2023-53251

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: fix NULL pointer dereference in iwlpcieirqrxmsixhandler rxq can be NULL only when transpcie-rxq is NULL and entry-entry is zero. For the case when entry-entry is not equal to 0, rxq won't be NULL even if...