PT-2026-37052

Name of the Vulnerable Software and Affected Versions apko versions 0.14.8 through 1.2.4 Description A crafted .apk file can install a TypeSymlink tar entry with a target pointing outside the build root. Subsequent directory-creation or file-write entries in the same or later archive can traverse...

Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: blk-mq: Ensure that the active queue usage is retained for biointegrityprep. The function blkintegrityunregister may be called if the queue usage counter is not retained for a bio with integrity prepared. This could lead to a...

Astra Linux – Vulnerability in Netty

The Snappy frame decoder function does not limit the chunk length, which can lead to excessive memory usage. In addition, it may also buffer reserved skipable chunks until the entire chunk is received, which can also result in excessive memory usage. This vulnerability can be exploited by providi...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Networks: DSA: Avoid suspicious RCU usage for synced VLAN-aware MAC addresses When using the felix driver the only one that supports UC filtering and MC filtering as a DSA master for a randomly selected DSA switch, the following...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: regulator: stm32-pwr: fix ofiomap leak Suggestions: - In the file drivers/regulator/stm32-pwr.c at line 166, the function stm32pwrregulatorprobe generates a warning: “The ‘base’ from ofiomap is not released.” This issue occurs wh...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed overlapping copies within dmlcoremodeprogramming REASON &modelib-mp.Watermark and &locals-Watermark are the same address. Using memcpy may lead to unexpected behavior. SOLUTION memmove should be used instea...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: kunit/fortify: Fixed incorrect usage of kvalloc/vfree. The kv family of functions were accidentally freed with vfree instead of using kvfree. Please use kvfree instead...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: rds: Do not hold the sock lock when canceling work from rdstcpresetcallbacks. The syzbot is reporting a lockdep warning at rdstcpresetcallbacks 1. The related commit is ac3615e7f3cffe2a “RDS: TCP: Reduce code duplication in...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: The issue was fixed in the concurrently setting of insnemulation sysctls. The emulationprochandler function changes table-data for procdointvecminmax. However, it may cause an OOPs error if called concurrently with itself:...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: HID: wacom: It is necessary to use ktimet instead of int when dealing with timestamps. Code that interacts with timestamps needs to use the ktimet type returned by functions like ktimeget. The int type does not provide enough spa...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: tracing/eprobes: Do not allow eprobes to use $stack, or % for regs While working with event probes eprobes, I tried to see what would happen if I attempted to retrieve the instruction pointer %rip knowing that event probes do not...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM – Use kzalloc for SEV ioctl interfaces to prevent kernel data leaks. For some SEV ioctl interfaces, the length parameter passed may be less than or equal to SEVFWBLOBMAXSIZE, but larger than the data returned by the PSP...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ICMP: Prevent possible NULL dereferencing from icmpbuildprobe. The first issue involves a double call to indevgetrcu; the second call might return NULL. if indevgetrcudev && indevgetrcudev-ifalist The second issue involves...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: The severity of the WARN message has been reduced to be sent via devdbg in the callback. The warning is triggered due to a known race condition, which is documented in the code above. This issue is now properly...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/9p: use a dedicated spinlock for transfd Shamelessly copying the explanation from Tetsuo Handa's suggested patch1 slightly reworded: syzbot is reporting inconsistent lock state in p9reqput2, for p9tagremove from p9reqput from...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fixed the cleanup flow for mlx5eprivinit. When mlx5eprivinit fails, the cleanup flow calls mlx5eselqcleanup, which in turn calls mlx5eselqapply. This ensures that priv-statelock is held using lockdepisheld. The statelo...

Astra Linux – Vulnerability in Git

Git is a distributed revision control system. Versions of Git prior to 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 were vulnerable to privilege escalation on all platforms. A careless user could still be affected by the issue reported in CVE-2022-24765, for example, when...

CVE-2026-7700 langflow-ai langflow LambdaFilterComponent lambda_filter.p eval code injection

A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llmoperations/lambdafilter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from...

Exploit for Missing Authentication for Critical Function in Cpanel

POCCVE-2026-41940 Quick start bash python3 pocCVE-202...