CLSA-2026-1777368104 Fix CVE(s): CVE-2023-39810

SECURITY UPDATE: directory traversal in cpio extraction - debian/patches/CVE-2023-39810.patch: add FEATUREPATHTRAVERSALPROTECTION config option, call stripunsafeprefix in dataextractall.c to prevent path traversal via ../ in archive filenames. Covers cpio, ar, rpm. - Enable...

CLSA-2026-1773161124 Fix CVE(s): CVE-2021-22876, CVE-2025-15079

SECURITY UPDATE: acceptance of hosts not listed in specified knownhosts file during SSH-based transfers - debian/patches/CVE-2025-15079.patch: Set both knownhosts options to same file and fix surprises caused by libssh exposing separate KNOWNHOSTS and GLOBALKNOWNHOSTS options. - CVE-2025-15079...

CVE-2023-54251 net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX.

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: Limit TCATAPRIOATTRSCHEDCYCLETIME to INTMAX. syzkaller found zero division error 0 in divs64rem called from getcycletimeelapsed, where sched-cycletime is the divisor. We have tests in parsetaprioschedule so tha...

Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues: Update to version 20250416.02 bsc1244304, bsc1244503 defaultSleeper: tolerate 10% difference to reduce test flakiness Add output of some packagemanagers to the testdata from version 20250416.01 Refactor OS Info package from version...

CLSA-2023-1691084775 libssh: Fix of 2 CVEs

CVE-2023-2283: fix the authentication check - CVE-2023-1667: refactor the algorithm guessing to avoid NULL dereference - improve tests...