OESA-2026-2253 libvncserver security update

libvncserver is a set of programs using the RFB Remote Frame Buffer protocol. They are designed to "export" a frame buffer via net: you set up a server and can connect to it via VNC viewers. If the server supports WebSockets which LibVNCServer does, you can also connect using an in-browser VNC...

OESA-2026-2252 libvncserver security update

libvncserver is a set of programs using the RFB Remote Frame Buffer protocol. They are designed to "export" a frame buffer via net: you set up a server and can connect to it via VNC viewers. If the server supports WebSockets which LibVNCServer does, you can also connect using an in-browser VNC...

OESA-2026-2200 mutt security update

Mutt is a small but very powerful text-based mail client for Unix operating systems. Security Fixes: mutt before version 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP authcram MD5 digest, which may lead to buffer handling issues.CVE-2026-43859 Mutt email client before version 2.3.2...

SUSE-SU-2026:1793-1 Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.60 fixes various security issues The following security issues were fixed: - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size bsc1258073. - CVE-2025-39977: futex: Prevent use-after-free during...

drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove()

...

CVE-2026-42183

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a...

EUVD-2026-28891

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a...

CVE-2026-42183

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a...

CVE-2026-42183 Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a...

CVE-2026-42183 Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a...

CVE-2026-42183

CVE-2026-42183 affects Argo Workflows (versions 4.0.0–4.0.4) where a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization() can cause a denial of service for SSO users when SSO_DELEGATE_RBAC_TO_NAMESPACE is true. The issue arises for claims matching a namespace-level RBAC rule b...

SUSE CVE-2025-38130

In the Linux kernel, the following vulnerability has been resolved: drm/connector: only call HDMI audio helper plugged cb if non-null On driver remove, sound/soc/codecs/hdmi-codec.c calls the pluggedcb with NULL as the callback function and codecdev, as seen in its hdmiremove function. The HDMI...

SUSE CVE-2025-71291

In the Linux kernel, the following vulnerability has been resolved: misc: bcmvk: Fix possible null-pointer dereferences in bcmvkread In the function bcmvkread, the pointer entry is checked, indicating that it can be NULL. If entry is NULL and rc is set to -EMSGSIZE, the following code may cause...

SUSE CVE-2025-71294

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix NULL pointer issue buffer funcs If SDMA block not enabled, bufferfuncs will not initialize, fix the null pointer issue if bufferfuncs not initialized...

SUSE CVE-2025-71295

In the Linux kernel, the following vulnerability has been resolved: fs/buffer: add alert in trytofreebuffers for folios without buffers trytofreebuffers can be called on folios with no buffers attached when filemapreleasefolio is invoked on a folio belonging to a mapping with ASRELEASEALWAYS set...

SUSE CVE-2026-43122

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Update cpuidle driver check in acpiprocessorstart Commit 7a8c994cbb2d "ACPI: processor: idle: Optimize ACPI idle driver registration" moved the ACPI idle driver registration to acpiprocessordriverinit and...

SUSE CVE-2026-43124

In the Linux kernel, the following vulnerability has been resolved: pstore: ramcore: fix incorrect success return when vmap fails In persistentramvmap, vmap may return NULL on failure. If offset is non-zero, adding offsetinpagestart causes the function to return a non-NULL pointer even though the...

SUSE CVE-2026-43131

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix null pointer dereference issue If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here...

SUSE CVE-2026-43168

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix reflink preserve cleanup issue commit c06c303832ec "ocfs2: fix xattr array entry countedby error" doesn't handle all cases and the cleanup job for preserved xattr entries still has bug: - the 'last' pointer should be...

SUSE CVE-2026-43272

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix possible dereference of uninitialized pointer There is a pointer headpage in rbmetavalidateevents which is not initialized at the beginning of a function. This pointer can be dereferenced if there is a failure...