Updated haproxy packages fix bugs

Haproxy has two major, a few medium and a few minor bugs fixed in the last upstream version 2.8.18 of branch 2.8. Fixed major bugs list: - quic: use ncbmbuf for CRYPTO handling - stream: Force channel analysis on successful synchronous send Fixed medium bugs list: - dns: bind the nameserver...

Security Bulletin: Multiple Vulnerabilities in IBM Operator for Apache Flink

Summary Multiple vulnerabilities were addressed in IBM Operator for Apache Flink version 1.4.5 Vulnerability Details CVEID:CVE-2021-39194 DESCRIPTION: kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide...

EUVD-2018-4359

Malware in sbrugna...

UBUNTU-CVE-2025-24970

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead...

ALPINE-CVE-2024-0727

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates...

UBUNTU-CVE-2024-0727

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates...

SUSE-SU-2021:0298-1 Security update for openvswitch

This update for openvswitch fixes the following issues: - openvswitch was updated to 2.5.11 - CVE-2020-27827: Fixed a memory leak when parsing lldp packets bsc1181345 - datapath: Clear the L4 portion of the key for 'later' fragments - datapath: Properly set L4 keys on 'later' IP fragments -...

CVE-2018-12385

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally...

USN-3340-1 apache2 vulnerabilities

Emmanuel Dreyfus discovered that third-party modules using the apgetbasicauthpw function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new apgetbasicauthcomponents function for use by third-party modules. CVE-2017-3167 Vasileios...