Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo...

Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb

...

freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

A null pointer dereference has been discovered in FreeRDP. A NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0...

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like Ya...

SUSE CVE-2026-6844

A flaw was found in the readelf utility of the binutils package. A local attacker could exploit two Denial of Service DoS vulnerabilities by providing a specially crafted Executable and Linkable Format ELF file. One vulnerability, a resource exhaustion CWE-400, can lead to an out-of-memory...

SUSE CVE-2026-31436

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llistabortdesc At the end of this function, d is the traversal cursor of flist, but the code completes found instead. This can lead to issues such as NULL pointer...

SUSE CVE-2026-31437

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix NULL pointer dereference in netfsunbufferedwrite on retry When a write subrequest is marked NETFSSREQNEEDRETRY, the retry path in netfsunbufferedwrite unconditionally calls stream-preparewrite without checking if it is...

SUSE CVE-2026-31457

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts-nr in repeatcallfn damonsysfsrepeatcallfn calls damonsysfsupdtunedintervals, damonsysfsupdschemesstats, and damonsysfsupdschemeseffectivequotas without checking contexts-nr. If nrcontexts is set to ...

SUSE CVE-2026-31458

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts-nr before accessing contextsarr0 Multiple sysfs command paths dereference contextsarr0 without first verifying that kdamond-contexts-nr == 1. A user can set nrcontexts to 0 via sysfs while DAMON is...

SUSE CVE-2026-31481

In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registration can fail before the trigger-data cleanup kthread exists. Deferring those frees until late init is fine, but the post-boot fallback mus...

SUSE CVE-2026-31510

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref on l2capsockreadycb Before using sk pointer, check if it is null. Fix the following: KASAN: null-ptr-deref in range 0x0000000000000260-0x0000000000000267 CPU: 0 UID: 0 PID: 5985 Comm:...

SUSE CVE-2026-33262

An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default...

SUSE CVE-2026-33600

An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service...

SUSE CVE-2026-33601

If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service...

Oracle Linux 10 : wireshark (ELSA-2026-9666)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-9666 advisory. - Resolves: RHEL-152921 - CVE-2026-3203 Buffer Over-read - Resolves: RHEL-152912 - CVE-2026-3201 Improperly Controlled Sequential Memory Allocation -...

Linux Distros Unpatched Vulnerability : CVE-2026-33262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are...

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2026:1550-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1550-1 advisory. - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc126167...

Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-014300)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014300 advisory. In the Linux kernel, the following vulnerability has been resolved: drm: mxsfb: Fix NULL pointer dereference mxsfb should not ever dereference the NULL pointer which...

Linux Distros Unpatched Vulnerability : CVE-2026-33600

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of...

CVE-2026-31510

A flaw was found in the Linux kernel's Bluetooth L2CAP Logical Link Control and Adaptation Protocol module. This vulnerability, a null pointer dereference, occurs in the l2capsockreadycb function because it fails to validate if a pointer is null before attempting to use it. An attacker within...