[slackware-security] net-tools

New net-tools packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/net-tools-201811030eebece-i586-4slack15.0.txz: Rebuilt. This update fixes a security issue: interface.c: Stack-based Buffer Overfl...

Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...

Fedora 43 : postfix (2026-e9fc21d7e2)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e9fc21d7e2 advisory. This is an update fixing CVE-2026-43964. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

SUSE-SU-2026:2200-1 Security update for the Linux Kernel (Live Patch 22 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.95 fixes various security issues The following security issues were fixed: - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. - CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit bsc1265224. ...

Nerdbank.MessagePack has Inefficient CPU Computation

Impact Applications that call OptionalConverters.WithExpandoObjectConverter and deserialize untrusted data are open to a vulnerability by which an attacker can exploit a On² algorithm to burn an inordinate amount of CPU effort by adding a great many properties to an ExpandoObject, whose Add metho...

Important: kernel-livepatch-5.10.251-248.983

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel-livepatch-5.10.251-248.983 Issue Correction: Please ensure you have live patching enabled. Run yum update...

PT-2026-43466

Name of the Vulnerable Software and Affected Versions XWiki versions prior to 18.0.0RC1 XWiki versions prior to 17.10.13 XWiki versions prior to 17.4.9 XWiki versions prior to 16.10.17 Description An insufficient patch allows for the discovery of password hashes one bit at a time by using modifie...

Advisory ROSA-SA-2026-3269

software: angie 1.11.5 AXIS: ROSA-CHROME unaffected versions = angie-1.11.5-1 affected versions angie-1.11.5-1 CVE-ID: CVE-2026-42945 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A heap buffer overflow vulnerability in the ngxhttprewritemodule NGINX Plus and NGINX Open Source module allows an...

SUSE SLES15 Security Update : kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:1873-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1873-1 advisory. This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.203 fixes one security issue The following security issue was fixed: - CVE-2026-4328...

Important: kernel-livepatch-5.10.253-251.1014

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages:...

Oracle Linux 8 : libsoup (ELSA-2026-14087)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-14087 advisory. - Backport patch for CVE-2026-5119 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...

Oracle Linux 9 : libsoup (ELSA-2026-13978)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-13978 advisory. 2.72.0-12.6 - Backport patch for CVE-2026-5119 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note tha...

SUSE-SU-2026:21562-1 Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI bsc1252048. - CVE-2025-71066: net/sched: ets: Always remove class from active list before...

Important: kernel-livepatch-6.12.80-105.147

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of the algifaead module by running the following commands: echo "install algifaead /bin/fals...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: HWS, fixed the issue where complex rule rehash operations failed. Moving rules from one matcher to another should not fail. However, if it does fail due to various reasons, the error handling mechanism should allow t...

Astra Linux – Vulnerability in Flatpak

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app that used persistent directories could access and write files outside of its usual access rights, which constituted an attack on integrity and...

OESA-2026-2164 opencryptoki security update

openCryptoki is an implementation of the PKCS 11 API that allows interfacing to devices that hold cryptographic information and perform cryptographic functions. openCryptoki provides application portability by isolating the application from the details of the cryptographic device. Isolating the...

CLSA-2026-1777556512 Fix CVE(s): CVE-2026-35385

SECURITY UPDATE: setuid/setgid bits preserved on scp downloads without -p - debian/patches/CVE-2026-35385.patch: in legacy -O mode, OR 07000 into the saved umask in sink in scp.c so that setuid/setgid/sticky bits are stripped from received files when -p is not specified. - CVE-2026-35385...

CLSA-2026-1777548617 Fix CVE(s): CVE-2026-4519, CVE-2026-4786

SECURITY UPDATE: webbrowser.open accepts URLs with leading dashes - debian/patches/CVE-2026-4519-CVE-2026-4786.patch: reject URLs whose lstrip starts with '-' in Lib/webbrowser.py; also fix bypass via %action substitution in UnixBrowser.open. - CVE-2026-4519 - CVE-2026-4786...

Fedora 44 : dokuwiki (2026-e1f1cff72a)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e1f1cff72a advisory. Add a patch for CVE-2026-26477 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...