curl: no_proxy IDN mismatch: Unicode hostnames bypass proxy exclusion list

Summary Unicode IDN hostnames in noproxy are never converted to punycode before comparison, so they never match the request hostname which curl has already converted to punycode. A user who types noproxy="bücher.de" and requests http://bücher.de/ expects the proxy to be bypassed. Instead curl...

[slackware-security] infozip

New infozip packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/infozip-6.0-i586-8slack15.0.txz: Rebuilt. This update fixes security issues: Improper handling of Unicode strings can lead to a null...

CLSA-2026-1775210556 ghostscript: Fix of 4 CVEs

CVE-2025-27830: fix potential buffer overflow with DollarBlend in font serialization - CVE-2025-27831: prevent Unicode decoding overrun in txtwrite/docxwrite devices - CVE-2025-27835: fix confusion between bytes and shorts in glyph to Unicode conversion - CVE-2025-27836: fix potential print...

CVE-2026-34831

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the...

DEBIAN-CVE-2026-34831

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the...

CVE-2026-34831 Rack: Content-Length mismatch in Rack::Files error responses

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the...

EUVD-2026-18168

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters...

CVE-2026-29144

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters...

CLSA-2026-1775120182 ghostscript: Fix of 4 CVEs

CVE-2025-27830: fix potential buffer overflow with DollarBlend in font serialization - CVE-2025-27831: prevent Unicode decoding overrun in txtwrite/docxwrite devices - CVE-2025-27835: fix confusion between bytes and shorts in glyph to Unicode conversion - CVE-2025-27836: fix potential print...

CVE-2026-29144

SEPPmail Secure Email Gateway vulnerability CVE-2026-29144 affects versions prior to 15.0.3. An attacker can bypass subject sanitization and forge security tags using Unicode lookalike characters. The documents do not provide exploitation details, affected product scope beyond the stated version ...

CVE-2026-29144 Unicode Subject Tags

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters...

CVE-2026-29144 Unicode Subject Tags

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters...

CVE-2026-29144

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters...

SEPPmail Secure Email Gateway 安全漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.3 contained security vulnerabilities. These vulnerabilities allowed attackers to use Unicode-like characters to bypass topic cleanin...

PT-2026-29707

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters...

Security update for perl-XML-Parser

This update for perl-XML-Parser fixes the following issues: CVE-2006-10002: heap buffer overflow in parsestream when processing UTF-8 input streams bsc1259901. CVE-2006-10003: off-by-one heap buffer overflow in stserialstack bsc1259902. Patch Instructions: To install this SUSE update use the SUSE...

Fedora 43 : cpp-httplib (2026-e76feaf213)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e76feaf213 advisory. Update to 0.38.0 rhbz2447261 - Filename sanitization for path traversal prevention Added sanitizefilename to prevent path traversal attacks via malicious...

Fedora 44 : cpp-httplib (2026-03599f0b32)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-03599f0b32 advisory. Update to 0.38.0 rhbz2447261 - Filename sanitization for path traversal prevention Added sanitizefilename to prevent path traversal attacks via malicious...

USN-8128-1: CryptX vulnerabilities

It was discovered that CryptX did not verify authentication tags while performing GCM and ChaCha20-Poly1305 decryption. An attacker could possibly use this issue to cause CryptX to accept modified ciphertext, leading to data integrity violations or authentication bypass. This issue only affected...

USN-8128-1 libcryptx-perl vulnerabilities

It was discovered that CryptX did not verify authentication tags while performing GCM and ChaCha20-Poly1305 decryption. An attacker could possibly use this issue to cause CryptX to accept modified ciphertext, leading to data integrity violations or authentication bypass. This issue only affected...