Astra Linux - уязвимость в unbound

Before version 1.9.5, Unbound allowed an out-of-bounds write operation through a compressed name in rdatacopy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, an ongoing Unbound installation cannot be remotely or locally exploited...

CVE-2026-6238

A flaw was found in glibc GNU C Library. The deprecated functions nsprintrrf, nsprintrr, and fpnquery do not properly validate the length of RDATA Resource Record Data in a DNS Domain Name System response when processing specific record types like LOC, CERT, TKEY, or TSIG. A remote attacker could...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NULL in smb2newreadreq This happens when called from SMB2read while using rdma and reaching the rdmareadwritethreshold...

EUVD-2026-26071

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a targ...

CVE-2026-6238 Buffer overread in ns_printrrf with corrupted RDATA field

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a targ...

PT-2026-35750

The deprecated functions ns printrrf, ns printrr and fp nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a...

CLSA-2025-1743675732 avahi: Fix of 8 CVEs

CVE-2021-3468: handle termination event on avahi Unix socket to prevent infinite loop - CVE-2023-1981: prevent avahi daemon crash by emitting an error if the requested D-Bus service is not found - CVE-2021-3502: fix avahi-daemon crashing from NULL pointer assertions - CVE-2023-38469: reject...

bind: Fix of CVE-2024-11187

CVE-2024-11187: Limit the additional processing for large RDATA sets...

CLSA-2025-1740823970 bind: Fix of CVE-2024-11187

CVE-2024-11187: Limit the additional processing for large RDATA sets...

[slackware-security] bind

New bind packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/bind-9.18.33-i586-1slack15.0.txz: Upgraded. This update fixes security issues: DNS-over-HTTPs flooding fixes. Limit the additional...

Reachable assertion in avahi_rdata_parse

...

SUSE CVE-2024-46686

In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NULL in smb2newreadreq This happens when called from SMB2read while using rdma and reaching the rdmareadwritethreshold...

DEBIAN-CVE-2024-46686

In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NULL in smb2newreadreq This happens when called from SMB2read while using rdma and reaching the rdmareadwritethreshold...

UBUNTU-CVE-2024-46686

In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NULL in smb2newreadreq This happens when called from SMB2read while using rdma and reaching the rdmareadwritethreshold...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to properly handle the case where rdata is null when creating a new read request...

CVE-2023-52741 cifs: Fix use-after-free in rdata->read_into_pages()

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix use-after-free in rdata-readintopages When the network status is unstable, use-after-free may occur when read data from the server. BUG: KASAN: use-after-free in readpagesfillpages+0x14c/0x7e0 Call Trace:...

EulerOS Virtualization 2.11.0 : avahi (EulerOS-SA-2024-1438)

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord. CVE-2023-38469 - A...

avahi: Reachable assertion in avahi_rdata_parse

A vulnerability was found in Avahi. A reachable assertion exists in the avahirdataparse function...

avahi: Reachable assertion in avahi_rdata_parse

A vulnerability was found in Avahi. A reachable assertion exists in the avahirdataparse function...

SUSE CVE-2023-38472

A vulnerability was found in Avahi. A reachable assertion exists in the avahirdataparse function...