RLSA-2026:19568 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit CVE-2025-39766 kernel: scsi: qla2xxx: Fix improper freeing of purex item CVE-2025-68741 kernel: libceph: make decodepool...

CVE-2026-29122 `/bin/date` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE

International Data Casting IDC SFX2100 satellite receiver comes with the /bin/date utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

CVE-2026-29122

IDC SFX2100 ships with /bin/date with setuid, enabling local user to perform privileged reads as root. The vulnerability arises from a setuid binary in the local filesystem, allowing bypass of normal permissions and exposure of sensitive files (e.g., /etc/shadow). Impact is described as high conf...

OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read

Summary The Control UI static file handler previously validated asset paths lexically and then served files with APIs that follow symbolic links. A symlink placed under the Control UI root could cause out-of-root file reads. Affected Packages / Versions - Package: openclaw npm - Latest published...

CVE-2025-58431

CVE-2025-58431 affects ZimaOS (fork of CasaOS) prior to version 1.4.2. The /v2_1/files/file/download API endpoint allows unauthorized local users with localhost access to read local files, with reads executed as ROOT. Multiple sources (Red Hat, CVE records, CVE lists, and vulnerability databases)...

CVE-2025-58431 ZimaOS reads arbitrary files using localhost calls to File API Download

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v21/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are performed AS ROOT...

Linux Distros Unpatched Vulnerability : CVE-2014-7975

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The doumount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAPSYSADMIN capability for doremountsb calls that change the root...

Xxe

Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity XXE processing to achieve read access as root on the remote filesystem. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201...

Kernel: fs: umount denial of service

The doumount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAPSYSADMIN capability for doremountsb calls that change the root filesystem to read-only, which allows local users to cause a denial of service loss of writability by making certain unshare system calls...