Amazon Linux 2 : kernel, --advisory ALAS2-2026-3165 (ALAS-2026-3165)

The version of kernel installed on the remote host is prior to 4.14.350-266.564. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3165 advisory. A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function...

CVE-2023-54291

In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vdusevdpasetvqaffinity callback can be called with NULL value as cpumask when deleting the vduse device. This patch resets virtqueue's IRQ affinity mask value to set all CPUs instead of...

CVE-2023-54265

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix an uninit variable access bug in ip6makeskb Syzbot reported a bug as following: ===================================================== BUG: KMSAN: uninit-value in archatomic64inc arch/x86/include/asm/atomic6464.h:88 inli...

Unbreakable Enterprise kernel security update

5.15.0-313.189.5.1 - afunix: Don't leave consecutive consumed OOB skbs. Kuniyuki Iwashima Orabug: 38528187 CVE-2025-38236 - fs: writeback: fix use-after-free in markinodedirty Jiufei Xue Orabug: 38528183 CVE-2025-39866 - rtnetlink: Fix L3 stats disable handling in rtnloffloadxstatsfill Vijayendra...

CVE-2022-50225

In the Linux kernel, the following vulnerability has been resolved: riscv:uprobe fix SRSPIE set/clear handling In riscv the process of uprobe going to clear spie before exec the origin insn,and set spie after that.But When access the page which origin insn has been placed a page fault may happen...

python-setuptools security update

0.9.8-7.0.1 - Fixes CVE-2024-6345 security issue Orabug: 37054994...

CVE-2024-41123

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, and . The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities...

CLSA-2024-1721658474 Fix of 66 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26810 - vfio/pci: Lock external INTx masking ops CVE-url: https://ubuntu.com/security/CVE-2024-38587 - speakup: Fix sizeof vs ARRAYSIZE bug CVE-url: https://ubuntu.com/security/CVE-2024-39493 - crypto: qat - Fix ADFDEVRESETSYNC memory leak CVE-url:...

qemu-kvm security update

8.2.0-11.el94.4 - Fixing CVE-2024-4467 - Resolves: RHEL-35610...

Updated x11-server, x11-server-xwayland & tigervnc packages fix security vulnerabilities

Heap buffer overread/data leakage in ProcXIGetSelectedEvents. CVE-2024-31080 Heap buffer overread/data leakage in ProcXIPassiveGrabDevice. CVE-2024-31081 User-after-free in ProcRenderAddGlyphs. CVE-2024-31083...

Moderate: librabbitmq security update

The librabbitmq packages provide an Advanced Message Queuing Protocol AMQP client library that allows you to communicate with AMQP servers using protocol version 0-9-1. Security Fixes: rabbitmq-c/librabbitmq: Insecure credentials submission CVE-2023-35789 For more details about the security issue...

libde256 -- multiple vulnerabilities

Libde265 developer reports: This release fixes the known CVEs below. Many of them are actually caused by the same underlying issues that manifest in different ways...

Updated wavpack packages fix a security vulnerability

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in packutils.c because of an integer overflow in a malloc argument CVE-2020-35738...

python36:3.6 security update

python36 3.6.8-2.0.1 - Rebuild with python containing fix for Orabug: 32551171CVE-2021-3177...

Updated glibc packages fix security vulnerability

Security fixes: - fix buffer overrun in EUC-KR conversion module bz 2497 CVE-2019-25013 - arm: CVE-2020-6096: Fix multiarch memcpy for negative length BZ 25620 - arm: CVE-2020-6096: fix memcpy and memmove for negative length BZ 25620 - iconv: Fix incorrect UCS4 inner loop bounds BZ 26923...

sysstat security update

11.7.3-5 - Rebuild 11.7.3-4 - Package onboarded to gating 11.7.3-3 - Fix memory corruption bug due to integer overflow 1790608...

Updated libetpan packages fix a security vulnerability

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

libcroco security update

0.6.12-4.1 - Fix CVE-2020-12825 Resolves: 1866484...

GnuTLS -- flaw in DTLS protocol implementation

The GnuTLS project reports: It was found that GnuTLS 3.6.3 introduced a regression in the DTLS protocol implementation. This caused the DTLS client to not contribute any randomness to the DTLS negotiation breaking the security guarantees of the DTLS protocol...

CVE-2019-1010069

moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txtadd. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae...