Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990333)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990333 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modifybitmap A system crash like this Failing address:...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989996)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989996 advisory. In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacyparseparam The usual LSM hook bail on fail scheme doesn't...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989403)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989403 advisory. In the Linux kernel, the following vulnerability has been resolved: ethernet: Fix error handling in xemacliteofprobe This node pointer is returned by ofparsephandle...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988730)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988730 advisory. In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacyparseparam The usual LSM hook bail on fail scheme doesn't...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988887)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988887 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990102)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990102 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix double free in siparsepowertable In function siparsepowertable, array...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989026)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989026 advisory. In the Linux kernel, the following vulnerability has been resolved: watchdog: ts4800wdt: Fix refcount leak in ts4800wdtprobe ofparsephandle returns a node pointer wi...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990006)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990006 advisory. In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Fix refcount leak in tidra7xbarrouteallocate ofparsephandle returns a node pointer...

MGASA-2025-0256 Updated golang packages fix security vulnerabilities

Insufficient validation of bracketed IPv6 hostnames in net/url. CVE-2025-47912 Unbounded allocation when parsing GNU sparse map in archive/tar. CVE-2025-58183 Parsing DER payload can cause memory exhaustion in encoding/asn1. CVE-2025-58185 Lack of limit when parsing cookies can cause memory...

Eval Injection

Overview litdb is an A literature database tool with GPT integration. Affected versions of this package are vulnerable to Eval Injection via the parseschemadsl function in the extract.py file, which unsafely uses the eval function. This allows an attacker to execute arbitrary Python code on the...

ksmbd: fix out-of-bounds in parse_sec_desc()

...

CLSA-2025-1761902260 Fix CVE(s): CVE-2024-45490

SECURITY UPDATE: Improper restriction of XML External Entity Reference - debian/patches/CVE-2024-45490.patch: Reject negative len for XMLParseBuffer - CVE-2024-45490...

CLSA-2025-1761847256 Fix CVE(s): CVE-2022-47673, CVE-2023-25584

SECURITY UPDATE: multiple vulnerabilities in vms-alpha.c parsemodule - debian/patches/CVE-2022-47673CVE-2023-25584-.patch: fix null pointer dereference in parsemodule by adding return value checking for bfdzalloc calls, fix potential out of bounds memory access in DST record parsing loop -...

CVE-2025-40099

In the Linux kernel, the following vulnerability has been resolved: cifs: parsedfsreferrals: prevent oob on malformed input Malicious SMB server can send invalid reply to FSCTLDFSGETREFERRALS - reply smaller than sizeofstruct getdfsreferralrsp - reply with number of referrals smaller than...

EUVD-2025-36739

The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

EUVD-2025-36735

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

CVE-2025-61725

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

AZL-69290 CVE-2025-61725 affecting package golang 1.26.0-1

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

CVE-2025-47912

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

AZL-78905 CVE-2025-47912 affecting package golang 1.25.7-1

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...