Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fixed the memory leak related to ‘conf-biosplit’. In the error path of raid10run, ‘conf’ needs to be freed. However, ‘conf-biosplit’ is not freed, resulting in a memory leak. Since there are three places where ‘conf’ c...

drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4

...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: regulator: raa215300: Fix resource leak in case of error The clkregisterclkdev allocates memory by calling vclkdevalloc and this memory is not freed in the error path. Similarly, resources allocated by clkregisterfixedrate are no...

PT-2026-37129

Name of the Vulnerable Software and Affected Versions zebrad versions prior to 4.3.1 zebra-script versions prior to 5.0.2 Description Following a refactoring of the verification process for transparent transactions, Zebra failed to validate a consensus rule restricting the possible values of...

nfs-utils security update

2.8.3-0.0.1.el101.3 - remove multiple warnings when upgrading nfs-utils with gssproxy 2.8.3-3 - Add requires for selinux-policy RHEL-127092 2.8.3-2 - mountd: Minor refactor of getrootfh RHEL-127092 - mountd: Separate lookup of the exported directory and the mount path RHEL-127092 - support: Add a...

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.20.0: CVE-2026-22036: Updated undici to 6.23.0 bsc1256848 CVE-2025-59465: Add TLSSocket default error handler bsc1256573 CVE-2025-55132: Disable futimes when permission model is enabled bsc1256571 CVE-2025-55130: Require full read...

CVE-2023-25568

Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...

Unbreakable Enterprise kernel security update

5.15.0-315.196.5.1 - netfilter: nftables: reject duplicate device on updates Pablo Neira Ayuso Orabug: 38744086 CVE-2025-38678 - Reapply 'cpuidle: menu: Avoid discarding useful information' Harshvardhan Jha Orabug: 38744084 - rtc: expose RTCFEATUREUPDATEINTERRUPT Alexandre Belloni Orabug: 3874408...

dmaengine: idxd: Refactor remove call with idxd_cleanup() helper

...

EUVD-2025-179142

Malicious code in encode-rain-refactor-execute-pi npm...

MAL-2025-189122 Malicious code in refactor-signal-float-code-char (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63bd76bf641eda520b1b2a0dbe0a1b53f6b4fc54d58d3d0fd0530f99af1f492b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189117 Malicious code in refactor-cat-epsilon-interface-monitor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936aecd5ce3be34ebc0072e78c7c6dce28d37fa9462635513930d07f7ba9df73 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176214

Malicious code in static-refactor-grep-yaml-emulate npm...

EUVD-2025-176756

Malicious code in refactor-file-sed-class-wind npm...

EUVD-2025-177884

Malicious code in meta-fire-validate-refactor-cache npm...

EUVD-2025-179699

Malicious code in cluster-protected-resolve-cloud-refactor npm...

EUVD-2025-179115

Malicious code in enum-parse-protected-kernel-refactor npm...

EUVD-2025-180262

Malicious code in async-proxy-dog-refactor-nu npm...

EUVD-2025-176373

Malicious code in simulate-refactor-java-route-beta npm...

EUVD-2025-176757

Malicious code in refactor-cron-yaml-dog-debug npm...