Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011383)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011383 advisory. In the Linux kernel, the following vulnerability has been resolved: afunix: Fix garbage collector racing against connect Garbage collector does not take into accoun...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011111)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011111 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: iscsitcp: Fix null-ptr-deref while calling getpeername Fix a NULL pointer crash that...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013208)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013208 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Fix requestsock leak in sk lookup helpers A customer reported a requestsocket leak in a Cali...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007006)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007006 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix infinite recursion in fib6dumpdone. syzkaller reported infinite recursive calls of...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011071)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011071 advisory. In the Linux kernel, the following vulnerability has been resolved: l2tp: Avoid possible recursive deadlock in l2tptunnelregister When a file descriptor of pppol2tp...

PT-2026-34169

Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware component: C Oracle SSL API. Supported versions that are affected are 12.2.1.4.0 and 12.1.3.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011386)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011386 advisory. In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release while still in use iplocalout and other functions can pass...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013325)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013325 advisory. In the Linux kernel, the following vulnerability has been resolved: net: Fix load-tearing on sk-skstamp in sockrecvcmsgs. KCSAN found a data race in sockrecvcmsgs...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011000)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011000 advisory. In the Linux kernel, the following vulnerability has been resolved: net: rds: don't hold sock lock when cancelling work from rdstcpresetcallbacks syzbot is reporting...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011078)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011078 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix NULL-ptr-deref in rxeqpdocleanup when socket create failed There is a null-ptr-dere...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013224)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013224 advisory. In the Linux kernel, the following vulnerability has been resolved: pcmcia: rsrcnonstatic: Fix memory leak in nonstaticreleaseresourcedb When...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006965)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006965 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: reject unhashed sockets in bpfskassign The semantics for bpfskassign are as follows: sk =...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011009)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011009 advisory. In the Linux kernel, the following vulnerability has been resolved: net: stream: purge skerrorqueue in skstreamkillqueues Changheon Lee reported TCP socket leaks, wi...

API Security Testing and Vulnerability Assessment

APIs now carry more sensitive data than traditional web interfaces. Payment details, health records, authentication tokens, and customer databases all flow through API endpoints that attackers can probe without ever touching a browser. A single misconfigured endpoint can expose millions of record...

CVE-2026-6369

The CVE-2026-6369 entry concerns the canonical-livepatch snap client, affected before version 10.15.0. A local unprivileged user can exploit an improper access control by sending an unauthenticated request to the livepatchd.sock Unix domain socket to obtain a sensitive, root-level authentication ...

CVE-2026-6369

An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is...

CVE-2026-6369 Exposed Session Token in canonical-livepatch client snap

An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is...

CVE-2026-31429

In the Linux kernel, the following vulnerability has been resolved: net: skb: fix cross-cache free of KFENCE-allocated skb head SKBSMALLHEADCACHESIZE is intentionally set to a non-power-of-2 value e.g. 704 on x8664 to avoid collisions with generic kmalloc bucket sizes. This ensures that...

Canonical Livepatch 安全漏洞

Canonical Livepatch is a system component developed by Canonical OpenSource that manages kernel hotfix updates and patches. Versions of Canonical Livepatch prior to 10.15.0 contained security vulnerabilities. These vulnerabilities were caused by improper access control, allowing local...

PT-2026-33770

An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is...