Fedora 42 : rust-rpm-sequoia / rust-sequoia-chameleon-gnupg / rust-sequoia-git / etc (2026-8df732be8a)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-8df732be8a advisory. Update sequoia-openpgp to version 2.3.0. This includes three security relevant fixes assigned CVE-2026-42783, CVE-2026-42784, and CVE-not-...

Fedora 45 : rust-podman-sequoia / rust-rpm-sequoia / etc (2026-5272623baf)

The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-5272623baf advisory. Update sequoia-openpgp to version 2.3.0. This includes three security relevant fixes assigned CVE-2026-42783, CVE-2026-42784, and CVE-not-...

SUSE SLES15 Security Update : buildah (SUSE-SU-2026:1491-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1491-1 advisory. This update for buildah rebuilds it against the current go 1.25 security release. Tenable has extracted the preceding description block...

Fedora 44 : asciinema / atuin / bustle / envision / glycin / greetd / helix / etc (2026-1b11ddff94)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-1b11ddff94 advisory. - Update the time crate to version 0.3.47. - Update the time-macros crate to version 0.2.27. - Update the time-core crate to version 0.1.8. - Update the...

GHSA-X9P2-77V6-6VHF FrankenPHP has delayed propagation of security fixes in upstream base images

Delayed propagation of security fixes in upstream base images Summary Vulnerability in base Docker images PHP, Go, and Alpine not automatically propagating to FrankenPHP images. FrankenPHP's container images were previously built only when specific version tags were updated or when manual trigger...

SUSE-SU-2026:0326-1 Security update for helm

This update for helm rebuilds it against the current GO security release...

Oracle Linux 8 : container-tools:ol8 (ELSA-2026-0753)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0753 advisory. - fixes 'CVE-2025-47913 container-tools:rhel8/buildah: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS rhel-8.10.z' - rebuild...

vsftpd security update

3.0.3-36.3 - Rebuild to test with proper configuration - Related: RHEL-134160 3.0.3-36.2 - Rebuild to test with proper configuration - Related: RHEL-134160 3.0.3-36.1 - Fix CVE-2025-14242 - Resolves: RHEL-134160...

Oracle Linux 8 : mariadb:10.5 (ELSA-2025-19572)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-19572 advisory. galera 26.4.22-1 - Rebase to 26.4.22 Judy 1.0.5-18 - Remove README.Fedora; no longer needed since 1.0.5 version - Resolves: 1638717 1.0.5-17 - ldconfi...

CVE-2025-58189

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

CVE-2025-58187

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains...

CVE-2025-58188

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...

CVE-2025-58186

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

SUSE-SU-2025:3825-1 Recommended update 5.0.5.1 for Multi-Linux Manager Server

This update fixes the following issues: server-attestation-image: - CVE-2025-53192: Do not use apache-commons-ognl but its successor ognl bsc1248252 - Image rebuilt to the newest version and updated build dependencies server-hub-xmlrpc-api-image, server-image, server-migration-14-16-image: - Imag...

CVE-2025-47910

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...

Fedora 44 : rust-matchers / rust-tracing-subscriber (2025-75e3e58200)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-75e3e58200 advisory. - Update the tracing-subscriber crate to version 0.3.20. - Update the matchers crate to version 0.2.0. This update also includes a fix for CVE-2025-58160...

Fedora 41 : rust-slab (2025-92719fd556)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-92719fd556 advisory. Update to version 0.4.11. This version includes a fix for CVE-2025-55159, but there are zero packages in Fedora or EPEL that use the affected API, so no...

python-zipp security update

3.20.1-2 - Make package buildable for epel=9 3.20.1-1 - Update to 3.20.1 rhbz2307990 3.20.0-1 - Update to 3.20.0 rhbz2304028 3.19.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora41MassRebuild 3.19.2-2 - Rebuilt for Python 3.13 3.19.2-1 - Update to 3.19.2 rhbz2290429 3.19.1-1 - Update to...

SUSE SLES15 : Security update 5.0.5 for Multi-Linux Manager Proxy (SUSE-SU-2025:02478-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:02478-1 advisory. proxy-helm: - Version 5.0.15: Image rebuilt to the newest version with updated dependencies proxy-httpd-image: - Version 5.0.13: Add redirect of API...

apache-commons-beanutils security update

1.8.3-15.0.1 - Add SuppressPropertiesBeanIntrospector.SUPPRESSDECLARINGCLASS Orabug: 38176946CVE-2025-48734 1.8.3-15 - Fix CVE-2014-0114 - Fix CVE-2019-10086 1.8.3-14 - Mass rebuild 2013-12-27 1.8.3-13 - Add BuildRequires on apache-commons-parent = 26-7 - Remove BuildRequires on...