Fedora 43 : insight (2026-0106837085)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0106837085 advisory. New upstream snapshot. Fixes CVEs 2025-11494, 2025-11495, 2026-2341, 2026-3441, 2026-3442. Fixes CVEs 2025-69644, 2025-69645, 2025-69646. Fixes FTBF...

SUSE-SU-2026:0605-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in xmlCatalogXMLResolveURI. bsc1256807, bsc1256811 - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to...

[SECURITY] [DLA 4400-1] rear security update

Debian LTS Advisory DLA-4400-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert December 10, 2025 https://wiki.debian.org/LTS Package : rear Version : 2.6+dfsg-1+deb11u1 CVE ID : CVE-2024-23301 Debian Bug : 1060747 It has been discovered that Relax-and-Recover aka...

SUSE CVE-2025-40184

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix debug checking for np-guests using huge mappings When running with transparent huge pages and CONFIGNVHEEL2DEBUG then the debug checking in asserthostsharedguest fails on the launch of an np-guest. This WARNON...

EUVD-2025-150390

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix debug checking for np-guests using huge mappings When running with transparent huge pages and CONFIGNVHEEL2DEBUG then the debug checking in asserthostsharedguest fails on the launch of an np-guest. This WARNON...

DEBIAN-CVE-2025-40184

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix debug checking for np-guests using huge mappings When running with transparent huge pages and CONFIGNVHEEL2DEBUG then the debug checking in asserthostsharedguest fails on the launch of an np-guest. This WARNON...

CVE-2025-40184

The CVE-2025-40184 entry documents a Linux kernel KVM/arm64 vulnerability: when using transparent huge pages with NVHE EL2 debug, the debug check in assert_host_shared_guest() may trigger a WARN_ON leading to a host panic. The issue arises because __pkvm_host_relax_perms_guest() assumes a single-...

CVE-2025-40184

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix debug checking for np-guests using huge mappings When running with transparent huge pages and CONFIGNVHEEL2DEBUG then the debug checking in asserthostsharedguest fails on the launch of an np-guest. This WARNON...

EUVD-2020-25297

Malware in sbrugna...

EUVD-2024-20820

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-23301

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows local attackers to gain access to system secrets...

TencentOS Server 3: rear (TSSA-2024:0111)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0111 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Alibaba Cloud Linux 3 : 0219: rear (ALINUX3-SA-2024:0219)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0219 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-23301: Relax-and-Recover aka ReaR through...

Unbreakable Enterprise kernel security update

5.15.0-210.163.7 - crypto: qat - specify firmware files for 402xx Giovanni Cabiddu Orabug: 37030280 5.15.0-210.163.6 - Revert 'Fix userfaultfdapi to return EINVAL as expected' Vijayendra Suman Orabug: 37004422 5.15.0-210.163.5 - Revert 'bpf: Allow reads from uninit stack' Vijayendra Suman Orabug:...

CVE-2024-36484

In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. Christoph reported the following splat: WARNING: CPU: 1 PID: 772 at net/ipv4/afinet.c:761 inetaccept+0x1f4/0x4a0 Modules linked in: CPU: 1 PID: 772 Comm: syz-executor510 Not tainted...

CVE-2024-36484 net: relax socket state check at accept time.

In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. Christoph reported the following splat: WARNING: CPU: 1 PID: 772 at net/ipv4/afinet.c:761 inetaccept+0x1f4/0x4a0 Modules linked in: CPU: 1 PID: 772 Comm: syz-executor510 Not tainted...

RLSA-2024:1719 Moderate: rear security update

Relax-and-Recover is a recovery and system migration utility. The utility produces a bootable image and restores from backup using this image. It allows to restore to different hardware and can therefore be also used as a migration utility. Security Fixes: rear: creates a world-readable initrd...

Rocky Linux 8 : rear (RLSA-2024:1719)

The remote Rocky Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2024:1719 advisory. - Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows local attackers to gain access to system secrets...

Updated rear packages fix security vulnerability

Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. CVE-2024-23301...

MGASA-2024-0131 Updated rear packages fix security vulnerability

Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. CVE-2024-23301...