CLSA-2025:1741342389
Update of alt-php
TuxCare License Agreement
0
* Universal build for Ubuntu/Debian
None
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* Universal build for Ubuntu/Debian
0
tuxcare-ubuntu20.04-els
els-define_1-1.0.3_amd64.deb
b3cef5e330f25b2daaf30eb5f41f67809642d9be
CLSA-2025:1742319076
Fix CVE(s): CVE-2023-44487
TuxCare License Agreement
0
* SECURITY UPDATE: The HTTP/2 protocol allows a denial of service
because request cancellation can reset many streams quickly
- debian/patches/CVE-2023-44487.patch: HTTP/2 - per-iteration
stream handling limit.
- CVE-2023-44487
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: The HTTP/2 protocol allows a denial of service
because request cancellation can reset many streams quickly
- debian/patches/CVE-2023-44487.patch: HTTP/2 - per-iteration
stream handling limit.
- CVE-2023-44487
0
tuxcare-ubuntu20.04-els
libnginx-mod-http-auth-pam_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
8864edd0f2ccd839fcd6394d4cf7cbf876dcce46
libnginx-mod-http-cache-purge_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
be5c9c80d5456f377a5d0706d625015fca089945
libnginx-mod-http-dav-ext_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
80cbb171d6440f3a2dcca0dc85fe827474ec94d7
libnginx-mod-http-echo_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
2b0ea235a801ed54bd62716387cbc5372e098776
libnginx-mod-http-fancyindex_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
700585dc14242c288196edd6a4905ffc3bf94f3b
libnginx-mod-http-geoip_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
3e210f7d19fbd05258cdd0b13de4fbf3aa3d006d
libnginx-mod-http-geoip2_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
ee28f3ce76b4db72cfa1174a2608036ff22d0e82
libnginx-mod-http-headers-more-filter_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
056ccab052a9ea4cfe7b6880052cf59f980dfe21
libnginx-mod-http-image-filter_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
ce169485b75dfe34580bccd15ccd4164dac21f7d
libnginx-mod-http-lua_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
47310721fb1338f660f3a73d737575466864c69d
libnginx-mod-http-ndk_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
685350cb705adaa69839689e194c2b8857093e12
libnginx-mod-http-perl_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
58ccd201d26841d5fc61b6ad13c38ff91413da18
libnginx-mod-http-subs-filter_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
b0d4aab90505e02284ba55df8b855892a20be063
libnginx-mod-http-uploadprogress_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
65508cbbef8a025693cbd55d0123a61ab97d83cd
libnginx-mod-http-upstream-fair_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
91916a4dbed808823e9df6ca7058984291358c93
libnginx-mod-http-xslt-filter_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
75389f156f12ead186408b058e67980d33bfee3a
libnginx-mod-mail_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
f87f82f5bf33dcdd4abb708bf6713a06c4f8b596
libnginx-mod-nchan_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
694619f0411cda961ef552a96b6e5f819095d844
libnginx-mod-rtmp_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
5b0980cebac93b6606cb56be1353e7d51409bfcf
libnginx-mod-stream_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
1f77188ffea7b971744598b3ff0b2df27ab9ab52
nginx_1.18.0-0ubuntu1.7+tuxcare.els1_all.deb
8b36fc1d70b6526c2c5ecca930fda7a5f404a80e
nginx-common_1.18.0-0ubuntu1.7+tuxcare.els1_all.deb
f78477c6ad47856109f78db1094a0c24cab494ad
nginx-core_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
d3169336da024ebb0b57808987f9b44c9186dd85
nginx-doc_1.18.0-0ubuntu1.7+tuxcare.els1_all.deb
7c8f9c0eaf228da9e493e1a1ae4a5008b03ff53c
nginx-extras_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
3dd370a980f0bf873007dfd60197a1207dea26bc
nginx-full_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
a99251b73ae099beeeb66d0fc9c4891a25bc2fde
nginx-light_1.18.0-0ubuntu1.7+tuxcare.els1_amd64.deb
ae96e651b62e8d37292e1caaaf58e843ce1c1b82
CLSA-2025:1742737069
Fix CVE(s): CVE-2025-24813
TuxCare License Agreement
0
* SECURITY UPDATE: path Equivalence Vulnerability
- debian/patches/CVE-2025-24813.patch: enhance lifecycle of temporary files
used by partial PUT to delete temporary file right after finishing request
processing
- CVE-2025-24813
Critical
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: path Equivalence Vulnerability
- debian/patches/CVE-2025-24813.patch: enhance lifecycle of temporary files
used by partial PUT to delete temporary file right after finishing request
processing
- CVE-2025-24813
0
tuxcare-ubuntu20.04-els
libtomcat9-embed-java_9.0.31-1ubuntu0.8+tuxcare.els1_all.deb
73181b8392f2bcbfa9b7a827625c7b72616c745c
libtomcat9-java_9.0.31-1ubuntu0.8+tuxcare.els1_all.deb
85d8c3c88c427617c98b39487334e6095fd36bbc
tomcat9_9.0.31-1ubuntu0.8+tuxcare.els1_all.deb
7b140a921606fb9079d99aeef11b0332b427882e
tomcat9-admin_9.0.31-1ubuntu0.8+tuxcare.els1_all.deb
b1ef54f3e24b5a203693792c38feadc6fe8a9e96
tomcat9-common_9.0.31-1ubuntu0.8+tuxcare.els1_all.deb
562990f47c135cd30c0e219f2347c1b7e3845cca
tomcat9-docs_9.0.31-1ubuntu0.8+tuxcare.els1_all.deb
8a8083ff0afe080a167c55933fa856cd4256f015
tomcat9-examples_9.0.31-1ubuntu0.8+tuxcare.els1_all.deb
235dbfd189e150f19168297bd74f73b847c4786e
tomcat9-user_9.0.31-1ubuntu0.8+tuxcare.els1_all.deb
5a79334c6f41f194830c705ee5dde088099c0f07
CLSA-2025:1743164157
Fix CVE(s): CVE-2023-44487
TuxCare License Agreement
0
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2023-44487.patch: Improvements to HTTP/2 overhead protection
- CVE-2023-44487
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2023-44487.patch: Improvements to HTTP/2 overhead protection
- CVE-2023-44487
0
tuxcare-ubuntu20.04-els
libtomcat9-embed-java_9.0.31-1ubuntu0.8+tuxcare.els2_all.deb
d49aff69a2eebb0c43bc110625a6db9d73f9bc44
libtomcat9-java_9.0.31-1ubuntu0.8+tuxcare.els2_all.deb
6a0660dff2234b4a097f048ea7c5700ed9ecac63
tomcat9_9.0.31-1ubuntu0.8+tuxcare.els2_all.deb
ccde216c813628643675b9060600d7d7a888c2b0
tomcat9-admin_9.0.31-1ubuntu0.8+tuxcare.els2_all.deb
064c0cff6da5346a8f0d202181bd814a997ea1af
tomcat9-common_9.0.31-1ubuntu0.8+tuxcare.els2_all.deb
23af49288e52b5f6963f1fddecf6cb9f7e3cdccc
tomcat9-docs_9.0.31-1ubuntu0.8+tuxcare.els2_all.deb
1538cf4439d9649e616fa7f6dffcf2f1ddbc635b
tomcat9-examples_9.0.31-1ubuntu0.8+tuxcare.els2_all.deb
5032f6a8c106474956f61cd2bbb865642eb4a2b7
tomcat9-user_9.0.31-1ubuntu0.8+tuxcare.els2_all.deb
9c8a8123b7ecc8a5272109d90fb2b100db6fdee9
CLSA-2025:1746653948
Fix CVE(s): CVE-2025-32414, CVE-2025-32415
TuxCare License Agreement
0
* SECURITY UPDATE: OOB access in python API
- debian/patches/CVE-2025-32414-pre1.patch: fix SAX driver with
character streams in python/drv_libxml2.py.
- debian/patches/CVE-2025-32414-1.patch: read at most len/4 characters
in python/libxml.c.
- debian/patches/CVE-2025-32414-2.patch: add a test in
python/tests/Makefile.am, python/tests/unicode.py.
- CVE-2025-32414
* SECURITY UPDATE: heap under-read in xmlSchemaIDCFillNodeTables
- debian/patches/CVE-2025-32415.patch: fix heap buffer overflow in
xmlSchemaIDCFillNodeTables in xmlschemas.c.
- CVE-2025-32415
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: OOB access in python API
- debian/patches/CVE-2025-32414-pre1.patch: fix SAX driver with
character streams in python/drv_libxml2.py.
- debian/patches/CVE-2025-32414-1.patch: read at most len/4 characters
in python/libxml.c.
- debian/patches/CVE-2025-32414-2.patch: add a test in
python/tests/Makefile.am, python/tests/unicode.py.
- CVE-2025-32414
* SECURITY UPDATE: heap under-read in xmlSchemaIDCFillNodeTables
- debian/patches/CVE-2025-32415.patch: fix heap buffer overflow in
xmlSchemaIDCFillNodeTables in xmlschemas.c.
- CVE-2025-32415
0
tuxcare-ubuntu20.04-els
libxml2_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els1_amd64.deb
a52ec983705a01bee361c536b3974698f908cf9f
libxml2-dev_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els1_amd64.deb
0249461c3b3bc2bdd3ae8a3d624ea01cc4456517
libxml2-doc_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els1_all.deb
79c8a30838c7301b13aa8563bf37d20a8ab6605b
libxml2-utils_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els1_amd64.deb
92045f92de1a4a14e7119e0e31ce757498a4ba1d
python-libxml2_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els1_amd64.deb
2fa47a9523b8f881fc1c729239bc5959a6380e98
python3-libxml2_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els1_amd64.deb
911494123f7e3a7621b27c070973a102313cdab4
CLSA-2025:1748014371
Update of alt-php
TuxCare License Agreement
0
* New microcode update packages from upstream up to 2025-04-10:
- Addition AMD CPU microcode for processor family 0x19:
cpuid:0x00A70FC0(ver:0x0A70C005), cpuid:0x00A70F52(ver:0x0A705206),
cpuid:0x00A00F82(ver:0x0A00820C), cpuid:0x00A40F41(ver:0x0A404107),
cpuid:0x00A70F80(ver:0x0A708007), cpuid:0x00A20F10(ver:0x0A20102D),
cpuid:0x00A70F41(ver:0x0A704107), cpuid:0x00A60F12(ver:0x0A601209),
cpuid:0x00A10F81(ver:0x0A108108), cpuid:0x00A50F00(ver:0x0A500011),
cpuid:0x00A20F12(ver:0x0A201210);
- Addition AMD CPU microcode for processor family 0x17:
cpuid:0x00870F10(ver:0x08701034), cpuid:0x00860F01(ver:0x0860010D),
cpuid:0x00860F81(ver:0x08608108);
- Update AMD CPU microcode for processor family 0x17:
cpuid:0x008A0F00(ver:0x08A0000A);
None
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* New microcode update packages from upstream up to 2025-04-10:
- Addition AMD CPU microcode for processor family 0x19:
cpuid:0x00A70FC0(ver:0x0A70C005), cpuid:0x00A70F52(ver:0x0A705206),
cpuid:0x00A00F82(ver:0x0A00820C), cpuid:0x00A40F41(ver:0x0A404107),
cpuid:0x00A70F80(ver:0x0A708007), cpuid:0x00A20F10(ver:0x0A20102D),
cpuid:0x00A70F41(ver:0x0A704107), cpuid:0x00A60F12(ver:0x0A601209),
cpuid:0x00A10F81(ver:0x0A108108), cpuid:0x00A50F00(ver:0x0A500011),
cpuid:0x00A20F12(ver:0x0A201210);
- Addition AMD CPU microcode for processor family 0x17:
cpuid:0x00870F10(ver:0x08701034), cpuid:0x00860F01(ver:0x0860010D),
cpuid:0x00860F81(ver:0x08608108);
- Update AMD CPU microcode for processor family 0x17:
cpuid:0x008A0F00(ver:0x08A0000A);
0
tuxcare-ubuntu20.04-els
amd64-microcode_3.20250410.1ubuntu1.3+tuxcare.els1_amd64.deb
ad03e959352c4d2261c24c0dc14fe1f329c38887
CLSA-2025:1752082236
Update of alt-php
TuxCare License Agreement
0
* Update ca-certificates database to 20250416:
- mozilla\{certdata.h,nssckbi.h}: Update Mozilla certificate
authority bundle of the version 2.74.
- The following certificates were updated:
# Certificate "Entrust.net Premium 2048 Secure Server CA"
# Certificate "Entrust Root Certification Authority"
# Certificate "AffirmTrust Commercial"
# Certificate "AffirmTrust Networking"
# Certificate "AffirmTrust Premium"
# Certificate "AffirmTrust Premium ECC"
# Certificate "Entrust Root Certification Authority - G2"
# Certificate "Entrust Root Certification Authority - EC1"
# Certificate "GLOBALTRUST 2020"
# Certificate "certSIGN ROOT CA"
# Certificate "ACCVRAIZ1"
# Certificate "OISTE WISeKey Global Root GC CA"
# Certificate "Entrust Root Certification Authority - G4"
# Certificate "Security Communication ECC RootCA1"
# Certificate "BJCA Global Root CA1"
# Certificate "BJCA Global Root CA2"
- The following certificates were added:
# Certificate "Telekom Security TLS ECC Root 2020"
# Certificate "Telekom Security TLS RSA Root 2023"
# Certificate "FIRMAPROFESIONAL CA ROOT-A WEB"
# Certificate "TWCA CYBER Root CA"
# Certificate "SecureSign Root CA12"
# Certificate "SecureSign Root CA14"
# Certificate "SecureSign Root CA15"
# Certificate "D-TRUST BR Root CA 2 2023"
# Certificate "D-TRUST EV Root CA 2 2023"
- The following certificates were removed:
# Certificate "Security Communication Root CA"
None
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* Update ca-certificates database to 20250416:
- mozilla\{certdata.h,nssckbi.h}: Update Mozilla certificate
authority bundle of the version 2.74.
- The following certificates were updated:
# Certificate "Entrust.net Premium 2048 Secure Server CA"
# Certificate "Entrust Root Certification Authority"
# Certificate "AffirmTrust Commercial"
# Certificate "AffirmTrust Networking"
# Certificate "AffirmTrust Premium"
# Certificate "AffirmTrust Premium ECC"
# Certificate "Entrust Root Certification Authority - G2"
# Certificate "Entrust Root Certification Authority - EC1"
# Certificate "GLOBALTRUST 2020"
# Certificate "certSIGN ROOT CA"
# Certificate "ACCVRAIZ1"
# Certificate "OISTE WISeKey Global Root GC CA"
# Certificate "Entrust Root Certification Authority - G4"
# Certificate "Security Communication ECC RootCA1"
# Certificate "BJCA Global Root CA1"
# Certificate "BJCA Global Root CA2"
- The following certificates were added:
# Certificate "Telekom Security TLS ECC Root 2020"
# Certificate "Telekom Security TLS RSA Root 2023"
# Certificate "FIRMAPROFESIONAL CA ROOT-A WEB"
# Certificate "TWCA CYBER Root CA"
# Certificate "SecureSign Root CA12"
# Certificate "SecureSign Root CA14"
# Certificate "SecureSign Root CA15"
# Certificate "D-TRUST BR Root CA 2 2023"
# Certificate "D-TRUST EV Root CA 2 2023"
- The following certificates were removed:
# Certificate "Security Communication Root CA"
0
tuxcare-ubuntu20.04-els
ca-certificates_20250416~20.04.1+tuxcare.els1_all.deb
2805706f0895d4251d456df32c912b2fa9fec664
CLSA-2025:1752087582
Fix CVE(s): CVE-2025-31651
TuxCare License Agreement
0
* SECURITY UPDATE: Improper Neutralization of Escape, Meta, or Control
Sequences vulnerability
- debian/patches/CVE-2025-31651.patch: Enforces rewrite rules to preventing
bypass of security constraints in specific configurations
- CVE-2025-31651
Critical
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: Improper Neutralization of Escape, Meta, or Control
Sequences vulnerability
- debian/patches/CVE-2025-31651.patch: Enforces rewrite rules to preventing
bypass of security constraints in specific configurations
- CVE-2025-31651
0
tuxcare-ubuntu20.04-els
libtomcat9-embed-java_9.0.31-1ubuntu0.9+tuxcare.els1_all.deb
79556a79f830222fbca3753c830209dd0cf4effa
libtomcat9-java_9.0.31-1ubuntu0.9+tuxcare.els1_all.deb
f2b1455a083b8ae1b834814475a0a94a3157bb7f
tomcat9_9.0.31-1ubuntu0.9+tuxcare.els1_all.deb
1fdfdda4e3bda4b84119c2f723cbf7893238de23
tomcat9-admin_9.0.31-1ubuntu0.9+tuxcare.els1_all.deb
f0d6b9b15c1a71a365ef3f200661984bc001a30f
tomcat9-common_9.0.31-1ubuntu0.9+tuxcare.els1_all.deb
6d2616a5bec2efdd125e485a87850052d95baa04
tomcat9-docs_9.0.31-1ubuntu0.9+tuxcare.els1_all.deb
8f67b6dcf507b8eed7a7aece3a7fe1fe0a9bf51e
tomcat9-examples_9.0.31-1ubuntu0.9+tuxcare.els1_all.deb
b1ff54f0451ab785eac866e7441b98dbc04e0fb2
tomcat9-user_9.0.31-1ubuntu0.9+tuxcare.els1_all.deb
b1cc6f7f784e30530519ef6fe956e2b22040694c
CLSA-2025:1753085842
Fix of 10 CVEs
TuxCare License Agreement
0
* CVE-url: https://ubuntu.com/security/CVE-2024-46787
- userfaultfd: fix checks for huge PMDs
* CVE-url: https://ubuntu.com/security/CVE-2025-37798
- sch_htb: make htb_qlen_notify() idempotent
- sch_drr: make drr_qlen_notify() idempotent
- sch_hfsc: make hfsc_qlen_notify() idempotent
- sch_qfq: make qfq_qlen_notify() idempotent
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
* CVE-url: https://ubuntu.com/security/CVE-2025-37803
- udmabuf: fix a buf size overflow issue during udmabuf creation
* CVE-url: https://ubuntu.com/security/CVE-2025-37785
- ext4: optimize __ext4_check_dir_entry()
- ext4: fix OOB read when checking dotdot dir
* CVE-url: https://ubuntu.com/security/CVE-2025-22038
- ksmbd: validate zero num_subauth before sub_auth is accessed
* CVE-url: https://ubuntu.com/security/CVE-2025-21927
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
* CVE-url: https://ubuntu.com/security/CVE-2025-21969
- Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd
* CVE-url: https://ubuntu.com/security/CVE-2025-21855
- ibmvnic: Don't reference skb after sending to VIOS
* CVE-url: https://ubuntu.com/security/CVE-2025-21780
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
* CVE-url: https://ubuntu.com/security/CVE-2023-0386
- ovl: fail on invalid uid/gid mapping at copy up
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* CVE-url: https://ubuntu.com/security/CVE-2024-46787
- userfaultfd: fix checks for huge PMDs
* CVE-url: https://ubuntu.com/security/CVE-2025-37798
- sch_htb: make htb_qlen_notify() idempotent
- sch_drr: make drr_qlen_notify() idempotent
- sch_hfsc: make hfsc_qlen_notify() idempotent
- sch_qfq: make qfq_qlen_notify() idempotent
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
* CVE-url: https://ubuntu.com/security/CVE-2025-37803
- udmabuf: fix a buf size overflow issue during udmabuf creation
* CVE-url: https://ubuntu.com/security/CVE-2025-37785
- ext4: optimize __ext4_check_dir_entry()
- ext4: fix OOB read when checking dotdot dir
* CVE-url: https://ubuntu.com/security/CVE-2025-22038
- ksmbd: validate zero num_subauth before sub_auth is accessed
* CVE-url: https://ubuntu.com/security/CVE-2025-21927
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
* CVE-url: https://ubuntu.com/security/CVE-2025-21969
- Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd
* CVE-url: https://ubuntu.com/security/CVE-2025-21855
- ibmvnic: Don't reference skb after sending to VIOS
* CVE-url: https://ubuntu.com/security/CVE-2025-21780
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
* CVE-url: https://ubuntu.com/security/CVE-2023-0386
- ovl: fail on invalid uid/gid mapping at copy up
0
tuxcare-ubuntu20.04-els
linux-buildinfo-5.4.0-220-tuxcare.els2-generic_5.4.0-220.240_amd64.deb
4536ecbf549406ec3ecea2f6fab4d00beee988c2
linux-buildinfo-5.4.0-220-tuxcare.els2-lowlatency_5.4.0-220.240_amd64.deb
364afb15844d4690226403bbe64ecd38a65a38b2
linux-cloud-tools-5.4.0-220-tuxcare.els2_5.4.0-220.240_amd64.deb
ada4e90eb6de6af5f1e36111412781ad54a4a65b
linux-cloud-tools-5.4.0-220-tuxcare.els2-generic_5.4.0-220.240_amd64.deb
044d12e7239bbe680b5a4ce504352213e5fb25bd
linux-cloud-tools-5.4.0-220-tuxcare.els2-lowlatency_5.4.0-220.240_amd64.deb
bcb1d2cc7ffedaf26c9f170a4e9e3791c11d055b
linux-cloud-tools-common_5.4.0-220.240_all.deb
1af89962f5ca3f1aa9385f9fde0f2d88328066dd
linux-doc_5.4.0-220.240_all.deb
e8268a07d7d6b6432fbc5f8ac975a3b1991f9465
linux-headers-5.4.0-220-tuxcare.els2_5.4.0-220.240_all.deb
1902d0e993cc07e21660c8429f65934ce2422dd8
linux-headers-5.4.0-220-tuxcare.els2-generic_5.4.0-220.240_amd64.deb
aae66888a33565e4f5f946a70f6f7ca9ef0ee815
linux-headers-5.4.0-220-tuxcare.els2-lowlatency_5.4.0-220.240_amd64.deb
63cb7f048b6590ffb7d22b57ba24e5dd4a0be895
linux-image-unsigned-5.4.0-220-tuxcare.els2-generic_5.4.0-220.240_amd64.deb
9febd29ed1df488e643f438ffc9fe0a7dc3b94f4
linux-image-unsigned-5.4.0-220-tuxcare.els2-lowlatency_5.4.0-220.240_amd64.deb
7d0c6de2eea39719ed9022d961fc75c9a29212d1
linux-libc-dev_5.4.0-220.240_amd64.deb
3bc097282fcd86fec2e553ab5b2f95213f1c2112
linux-modules-5.4.0-220-tuxcare.els2-generic_5.4.0-220.240_amd64.deb
b235416509cf8b896f2419c70689dc131ec77fb4
linux-modules-5.4.0-220-tuxcare.els2-lowlatency_5.4.0-220.240_amd64.deb
b086ab3bfa74f89298f8a9f203744d2fcc056f29
linux-modules-extra-5.4.0-220-tuxcare.els2-generic_5.4.0-220.240_amd64.deb
e9f4ecb36c18bccbac897501f76a3a591c4ebfbd
linux-source-5.4.0_5.4.0-220.240_all.deb
38c69e1350dc197db4d7159084cd8159648e139f
linux-tools-5.4.0-220-tuxcare.els2_5.4.0-220.240_amd64.deb
ecdc39abedcfc903322b74b8d1b596e1b3477651
linux-tools-5.4.0-220-tuxcare.els2-generic_5.4.0-220.240_amd64.deb
b8b675a5b5c05c6d1f0bb25fd63837075e27b534
linux-tools-5.4.0-220-tuxcare.els2-lowlatency_5.4.0-220.240_amd64.deb
747ece05f1a612790dbff28cd5046d3ba8e9d9f3
linux-tools-common_5.4.0-220.240_all.deb
a8f816aaefc02b53dbc11136604d6f5fb54d5134
linux-tools-host_5.4.0-220.240_all.deb
dd0fd6e177ca1d95a7de96edd77dc415d9ab6112
CLSA-2025:1753086336
Update of alt-php
TuxCare License Agreement
0
* Bump ABI 5.4.0-220
None
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* Bump ABI 5.4.0-220
0
tuxcare-ubuntu20.04-els
linux-cloud-tools-generic_5.4.0.220.240_amd64.deb
a46ae2e9b0b3668f44a260b99a72a7572b59ce32
linux-cloud-tools-lowlatency_5.4.0.220.240_amd64.deb
b4b10cce177c27aabe3370ade7fef7c026dadbba
linux-generic_5.4.0.220.240_amd64.deb
d5a411c59fe5964abf00aaccfc84ca53626e3d20
linux-headers-generic_5.4.0.220.240_amd64.deb
43150ef88095494580b11d2b6456f0a5ab7ff832
linux-headers-lowlatency_5.4.0.220.240_amd64.deb
d7651213591711d3f4bebcb31d0aced22239c5a4
linux-image-generic_5.4.0.220.240_amd64.deb
6329e3af0fc0777166e3269a50909163bc2a9dc0
linux-image-lowlatency_5.4.0.220.240_amd64.deb
f73b1cb75b8a5e1b5c3bf8064b540f6c18a26534
linux-lowlatency_5.4.0.220.240_amd64.deb
ac9f16a4148636369a95bba1f6fe264d6bee7878
linux-tools-generic_5.4.0.220.240_amd64.deb
e8b1f9cb303adcce847e0887bc0aa09676643e29
linux-tools-lowlatency_5.4.0.220.240_amd64.deb
bced2d9ec6b0f4fb397db9c39d4dda464562210d
CLSA-2025:1753298604
Fix CVE(s): CVE-2025-49794, CVE-2025-49796
TuxCare License Agreement
0
* SECURITY UPDATE: memory vulnerabilities in schematron
- debian/patches/CVE-2025-49794_CVE-2025-49796.patch: fix memory safety
issues in xmlSchematronReportOutput when parsing XPath elements and
memory corruption issue triggered by processing sch:name elements
in input XML file
- CVE-2025-49794
- CVE-2025-49796
Critical
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: memory vulnerabilities in schematron
- debian/patches/CVE-2025-49794_CVE-2025-49796.patch: fix memory safety
issues in xmlSchematronReportOutput when parsing XPath elements and
memory corruption issue triggered by processing sch:name elements
in input XML file
- CVE-2025-49794
- CVE-2025-49796
0
tuxcare-ubuntu20.04-els
libxml2_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els2_amd64.deb
5709629e8a3a03e6d558167ec5d27b383ddf6472
libxml2-dev_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els2_amd64.deb
6b141ad0d8e68f39206c66883a6e3d57568ec35f
libxml2-doc_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els2_all.deb
53f6b94d59d9e68e2f11c2925339c44f94c238a6
libxml2-utils_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els2_amd64.deb
e99987c1c31782af2d68ca3cfae8ec82e4a15ad3
python-libxml2_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els2_amd64.deb
7aaaf1bdb521db9f675bb44a071e22c6480c120f
python3-libxml2_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els2_amd64.deb
a1975cd981f9d5260536ca2f93a9de26fd1e5afa
CLSA-2025:1753799090
Fix CVE(s): CVE-2025-32462
TuxCare License Agreement
0
* SECURITY UPDATE: restrict users from executing commands on unintended
machines
- debian/patches/CVE-2025-32462.patch: restricts --host usage to sudo -l only, preventing
bypass of host-based sudoers rules and avoiding unintended local privilege escalation
- CVE-2025-32462
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: restrict users from executing commands on unintended
machines
- debian/patches/CVE-2025-32462.patch: restricts --host usage to sudo -l only, preventing
bypass of host-based sudoers rules and avoiding unintended local privilege escalation
- CVE-2025-32462
0
tuxcare-ubuntu20.04-els
sudo_1.8.31-1ubuntu1.5+tuxcare.els1_amd64.deb
8924ae9f9011f8abe82b1c4e6e3a433aaaa14efd
sudo-ldap_1.8.31-1ubuntu1.5+tuxcare.els1_amd64.deb
a978619fd34abce94d3f325b285c03872f03c11e
CLSA-2025:1754382679
Update of alt-php
TuxCare License Agreement
0
* Update ca-certificates database to 20250418:
- mozilla\{certdata.h,nssckbi.h}: Update Mozilla certificate
authority bundle of the version 2.74.
- The following certificates were updated:
# Certificate "Entrust.net Premium 2048 Secure Server CA"
# Certificate "Entrust Root Certification Authority"
# Certificate "AffirmTrust Commercial"
# Certificate "AffirmTrust Networking"
# Certificate "AffirmTrust Premium"
# Certificate "AffirmTrust Premium ECC"
# Certificate "Entrust Root Certification Authority - G2"
# Certificate "Entrust Root Certification Authority - EC1"
# Certificate "GLOBALTRUST 2020"
# Certificate "certSIGN ROOT CA"
# Certificate "ACCVRAIZ1"
# Certificate "Entrust Root Certification Authority - G4"
# Certificate "Security Communication ECC RootCA1"
# Certificate "BJCA Global Root CA1"
# Certificate "BJCA Global Root CA2"
- The following certificates were added:
# Certificate "FIRMAPROFESIONAL CA ROOT-A WEB"
# Certificate "TWCA CYBER Root CA"
# Certificate "TWCA Global Root CA G2"
# Certificate "SecureSign Root CA12"
# Certificate "SecureSign Root CA14"
# Certificate "SecureSign Root CA15"
# Certificate "D-TRUST BR Root CA 2 2023"
# Certificate "D-TRUST EV Root CA 2 2023"
None
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* Update ca-certificates database to 20250418:
- mozilla\{certdata.h,nssckbi.h}: Update Mozilla certificate
authority bundle of the version 2.74.
- The following certificates were updated:
# Certificate "Entrust.net Premium 2048 Secure Server CA"
# Certificate "Entrust Root Certification Authority"
# Certificate "AffirmTrust Commercial"
# Certificate "AffirmTrust Networking"
# Certificate "AffirmTrust Premium"
# Certificate "AffirmTrust Premium ECC"
# Certificate "Entrust Root Certification Authority - G2"
# Certificate "Entrust Root Certification Authority - EC1"
# Certificate "GLOBALTRUST 2020"
# Certificate "certSIGN ROOT CA"
# Certificate "ACCVRAIZ1"
# Certificate "Entrust Root Certification Authority - G4"
# Certificate "Security Communication ECC RootCA1"
# Certificate "BJCA Global Root CA1"
# Certificate "BJCA Global Root CA2"
- The following certificates were added:
# Certificate "FIRMAPROFESIONAL CA ROOT-A WEB"
# Certificate "TWCA CYBER Root CA"
# Certificate "TWCA Global Root CA G2"
# Certificate "SecureSign Root CA12"
# Certificate "SecureSign Root CA14"
# Certificate "SecureSign Root CA15"
# Certificate "D-TRUST BR Root CA 2 2023"
# Certificate "D-TRUST EV Root CA 2 2023"
0
tuxcare-ubuntu20.04-els
libnss3_3.98-0ubuntu0.20.04.2+tuxcare.els1_amd64.deb
9ce5a5ad8fe97768565f192be8c6901ebf91a0ac
libnss3-dev_3.98-0ubuntu0.20.04.2+tuxcare.els1_amd64.deb
8ca66a38a9d1d24bf4030de36e292c3ab6afa994
libnss3-tools_3.98-0ubuntu0.20.04.2+tuxcare.els1_amd64.deb
5a321a917148bcbb0103c7af02d8428223911e09
CLSA-2025:1754410992
Fix CVE(s): CVE-2025-6965
TuxCare License Agreement
0
* SECURITY UPDATE: excessive aggregate terms potentially leading to memory
corruption
- debian/patches/CVE-2025-6965.patch: fix a potential memory corruption if the number
of aggregate terms in a query exceeds the maximum number of columns
- CVE-2025-6965
Critical
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: excessive aggregate terms potentially leading to memory
corruption
- debian/patches/CVE-2025-6965.patch: fix a potential memory corruption if the number
of aggregate terms in a query exceeds the maximum number of columns
- CVE-2025-6965
0
tuxcare-ubuntu20.04-els
lemon_3.31.1-4ubuntu0.7+tuxcare.els1_amd64.deb
836e8d71c81b41ab5d4a3582278dc46d76c1494f
libsqlite3-0_3.31.1-4ubuntu0.7+tuxcare.els1_amd64.deb
ea67f7655876c8831498e0557700bc21273585b0
libsqlite3-dev_3.31.1-4ubuntu0.7+tuxcare.els1_amd64.deb
8dfa3c95f311b8d91b152cb2132083eb884986ba
libsqlite3-tcl_3.31.1-4ubuntu0.7+tuxcare.els1_amd64.deb
33c42a628a90792669ae8697649ae7c1f102a1e1
sqlite3_3.31.1-4ubuntu0.7+tuxcare.els1_amd64.deb
aafd31bb87ca46e1e8caf6992965a11303bc2475
sqlite3-doc_3.31.1-4ubuntu0.7+tuxcare.els1_all.deb
98a3a51165d23b687600cf1af805da36cd8f9679
CLSA-2025:1754411479
Fix CVE(s): CVE-2025-48384
TuxCare License Agreement
0
* SECURITY UPDATE: security vulnerability
- debian/patches/CVE-2025-48384.patch: quote values containing CR character
in config to prevent unintended stripping of CR
- CVE-2025-48384
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: security vulnerability
- debian/patches/CVE-2025-48384.patch: quote values containing CR character
in config to prevent unintended stripping of CR
- CVE-2025-48384
0
tuxcare-ubuntu20.04-els
git_2.25.1-1ubuntu3.14+tuxcare.els1_amd64.deb
4c977ebbf5833c1fec205a3f0e728681d261a006
git-all_2.25.1-1ubuntu3.14+tuxcare.els1_all.deb
2ed1e540647fe195bd43c29ab6cefc323dc50e11
git-cvs_2.25.1-1ubuntu3.14+tuxcare.els1_all.deb
85329b6ee147569e25b02e9866ef2fd25c279357
git-daemon-run_2.25.1-1ubuntu3.14+tuxcare.els1_all.deb
77357b161cf3aefeee4217769212b5456ca01502
git-daemon-sysvinit_2.25.1-1ubuntu3.14+tuxcare.els1_all.deb
3a424e00886c784baeaf158986172eac6f4b5493
git-doc_2.25.1-1ubuntu3.14+tuxcare.els1_all.deb
19c41211eb978cf88080fc1d7dcd805fac955d26
git-el_2.25.1-1ubuntu3.14+tuxcare.els1_all.deb
c5149a9014c663621d7c9495899aa7a81bc9a463
git-email_2.25.1-1ubuntu3.14+tuxcare.els1_all.deb
8e4a6bf9ecbcc07ca72a2f17bcb07625b1b122b6
git-gui_2.25.1-1ubuntu3.14+tuxcare.els1_all.deb
8247d9d3982079e86febdb4590611e327fce5199
git-man_2.25.1-1ubuntu3.14+tuxcare.els1_all.deb
719b778834833b1d7f4dc1e0b451a104d33fc55a
git-mediawiki_2.25.1-1ubuntu3.14+tuxcare.els1_all.deb
986a478d6e1ebe4687a50536e9ea0d31061d31f0
git-svn_2.25.1-1ubuntu3.14+tuxcare.els1_all.deb
95afdfadc5fbf242d6e315c6722afdbf02e0235c
gitk_2.25.1-1ubuntu3.14+tuxcare.els1_all.deb
bea2de6fabe88d764af73ce6df519ac02e8e83c8
gitweb_2.25.1-1ubuntu3.14+tuxcare.els1_all.deb
9075609922ba04375ab2e061e760dfdd759acfa7
CLSA-2025:1757409349
Fix CVE(s): CVE-2025-53014
TuxCare License Agreement
0
* SECURITY UPDATE: heap buffer overflow in InterpretImageFilename function
- debian/patches/CVE-2025-53014.patch: fix out of bounds read of a single
byte in image file interpretation
- CVE-2025-53014
Critical
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: heap buffer overflow in InterpretImageFilename function
- debian/patches/CVE-2025-53014.patch: fix out of bounds read of a single
byte in image file interpretation
- CVE-2025-53014
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_amd64.deb
51f40f4398654ecc19d01af9b2974ef122ccd630
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_all.deb
4810601b70742a06f89f613241d74952ee3a07cc
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_all.deb
5375114fe4605959be926fc720c35811a7cf9301
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_amd64.deb
cf2874efc2b3aa012ccc6f2c549fbb39b1ad02cb
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_amd64.deb
aabbe305c1a426f79e9d20406700ca58135aa232
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_all.deb
ed2ead96670bbb4423b6d9522d72f4b4c506a623
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_all.deb
be2ec4800a0ba557b7c7ace571dcb36ce98c2122
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_all.deb
6e806b195ad5929c6ed4814912516b5dc47ffcec
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_amd64.deb
e575c0634568e46fde83fcbb21db52bb996c9d31
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_amd64.deb
6266de7d8634b429c39cf98a3d25d9046ef26886
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_all.deb
e9a64ec4c2c36053f9129b01457d514690d8d23b
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_amd64.deb
b96a7d01cfbc68268765e2c4a0c3cbfe794fb5f9
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_amd64.deb
142753317af196bd55ca0ab02b7ab18dfb856974
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_amd64.deb
97b6a08b67ec6fdb1f6449ed8b4683728b362128
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_amd64.deb
ae6a222d744054da603494a2eef028a544baf798
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_all.deb
764ef92de641a39092b327b5b86ab1d5fff73cca
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_amd64.deb
646738757c1543c5780548b061e8a6065463513a
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_all.deb
1f665151b010860ae25770ef0230ee883f9bac2c
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_amd64.deb
96a588e6e1f41f4580ffc1d4bc2e7a22ae1e6506
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_amd64.deb
1e64aec67f22647f20c7a2b9c588bf0ca41707c1
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_amd64.deb
f835d9141a59761b8782abd866d3c09016d9f1a1
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_amd64.deb
20eeb8a511eb91dcf12c3c2d208e102bae7a3632
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_amd64.deb
a32d984c41ef33c53bb4bc12c4935b0fd530d8ba
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_amd64.deb
3ab54787e47077004145ee01a5addcaea04a0d31
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_all.deb
ba9ec48392db6e06c84731f6cf1c5a26384171c6
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_all.deb
75d16b43fdd300df7f7c144b175d639ede0e8957
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_amd64.deb
9c456bd9151325d760efbd83876053fe69792617
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_amd64.deb
8885cafe604300e99f38fe82c47568c03248b138
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_amd64.deb
20a6d4df451ee15d13f0ec8e34325c0e19990252
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_amd64.deb
752c7dc6b990bda797337d73d57e81e4f5316477
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_all.deb
5bff423d8b687885313005efe764411d7cbd0ca2
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els1_all.deb
5c5ed17f26ef2bcf9936fad2aef6d4e6966fd29e
CLSA-2025:1757499160
Fix CVE(s): CVE-2025-5318
TuxCare License Agreement
0
* SECURITY UPDATE: out-of-bounds read in sftp_handle function
- debian/patches/CVE-2025-5318.patch: fix possible buffer overrun issue by
changing comparison operator in sftp_handle function
- CVE-2025-5318
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: out-of-bounds read in sftp_handle function
- debian/patches/CVE-2025-5318.patch: fix possible buffer overrun issue by
changing comparison operator in sftp_handle function
- CVE-2025-5318
0
tuxcare-ubuntu20.04-els
libssh-4_0.9.3-2ubuntu2.5+tuxcare.els1_amd64.deb
15a4a255440b7d3890bc07a25da09b8f7933442e
libssh-dev_0.9.3-2ubuntu2.5+tuxcare.els1_amd64.deb
9e1de4482db976eea1976165a6a60d73c6d03133
libssh-doc_0.9.3-2ubuntu2.5+tuxcare.els1_all.deb
c26738e391f235d7df748fa2a3cf8999f82d0b43
libssh-gcrypt-4_0.9.3-2ubuntu2.5+tuxcare.els1_amd64.deb
ce6e6461126156a8f6e681749ec0da5502dc3294
libssh-gcrypt-dev_0.9.3-2ubuntu2.5+tuxcare.els1_amd64.deb
775882e340e08c23b07e0eb1539ff36ed2ed905b
CLSA-2025:1757522880
Fix CVE(s): CVE-2025-6021
TuxCare License Agreement
0
* SECURITY UPDATE: stack-based buffer overflow vulnerability in xmlBuildQName
function
- debian/patches/CVE-2025-6021.patch: fix integer overflow in xmlBuildQName
causing memory safety issue
- CVE-2025-6021
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: stack-based buffer overflow vulnerability in xmlBuildQName
function
- debian/patches/CVE-2025-6021.patch: fix integer overflow in xmlBuildQName
causing memory safety issue
- CVE-2025-6021
0
tuxcare-ubuntu20.04-els
libxml2_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els3_amd64.deb
1f21056a4d5478d26e63b7fce9c505d4e1513d19
libxml2-dev_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els3_amd64.deb
443dc95017be3748e670750eb65762d2deeff3fb
libxml2-doc_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els3_all.deb
6d48030e2c436423c2fd3d61a2745eb15dc712b6
libxml2-utils_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els3_amd64.deb
3108bda76b453221b6b3552a6ce680b85eb9cbcd
python-libxml2_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els3_amd64.deb
7fe2728cc6575c1443db48499790a7a69c91eff6
python3-libxml2_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els3_amd64.deb
7f6d8ec1e388bd53202a61e6e8d48e18e7960ef8
CLSA-2025:1758020272
Update of alt-php
TuxCare License Agreement
0
* Bump ABI 5.4.0-221
None
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* Bump ABI 5.4.0-221
0
tuxcare-ubuntu20.04-els
linux-cloud-tools-generic_5.4.0.221.241_amd64.deb
034b9e995a6e686db70a84e435bf22f83a0719d9
linux-cloud-tools-lowlatency_5.4.0.221.241_amd64.deb
8d44dabb0043c0584841168bfd0d5bcf2549050b
linux-generic_5.4.0.221.241_amd64.deb
9df2e7b161fb214cdb5ccd85c75ae81085f5e271
linux-headers-generic_5.4.0.221.241_amd64.deb
3deedef7d86c2dfb0f298054e0abbb991fcd335a
linux-headers-lowlatency_5.4.0.221.241_amd64.deb
9685d34a62befc95a47f601edfe7c594b5de83da
linux-image-generic_5.4.0.221.241_amd64.deb
4f651f4a7b4c7d659dc51c1253f6e81a60de8296
linux-image-lowlatency_5.4.0.221.241_amd64.deb
fa840d87b9783a430892c9a6bf3d193ae051373b
linux-lowlatency_5.4.0.221.241_amd64.deb
782b8c3d91d7a31276d765e623421cd478b64e02
linux-tools-generic_5.4.0.221.241_amd64.deb
30a4ee8b13fafcfd3dab4fd785d97e8751720453
linux-tools-lowlatency_5.4.0.221.241_amd64.deb
4c4f558829cb7ad50e5caa239dd113c68bc7e4ae
CLSA-2025:1758019011
Fix of 17 CVEs
TuxCare License Agreement
0
* CVE-2024-50047 fix. // CVE-url: https://ubuntu.com/security/CVE-2025-38488
- smb: client: fix use-after-free in crypt_message when using async crypto
* CVE-url: https://ubuntu.com/security/CVE-2024-57996 // CVE-url:
https://ubuntu.com/security/CVE-2025-37752
- net_sched: sch_sfq: move the limit validation
* CVE-url: https://ubuntu.com/security/CVE-2023-52975
- scsi: iscsi: Move pool freeing
- scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress
* CVE-url: https://ubuntu.com/security/CVE-2023-52757
- smb: client: fix potential deadlock when releasing mids
* CVE-url: https://ubuntu.com/security/CVE-2025-38083
- net_sched: prio: fix a race in prio_tune()
* CVE-url: https://ubuntu.com/security/CVE-2024-49950
- Bluetooth: L2CAP: Fix uaf in l2cap_connect
- Bluetooth: hci_core: Fix calling mgmt_device_connected
* CVE-url: https://ubuntu.com/security/CVE-2024-50073
- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux
* CVE-url: https://ubuntu.com/security/CVE-2025-37797
- net_sched: hfsc: Fix a UAF vulnerability in class handling
* CVE-url: https://ubuntu.com/security/CVE-2024-38541
- of: module: add buffer overflow check in of_modalias()
* CVE-url: https://ubuntu.com/security/CVE-2025-37997
- netfilter: ipset: fix region locking in hash types
* CVE-url: https://ubuntu.com/security/CVE-2024-53051
- drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability
* CVE-url: https://ubuntu.com/security/CVE-2025-37890
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc
- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
* CVE-url: https://ubuntu.com/security/CVE-2025-37782
- hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
* CVE-url: https://ubuntu.com/security/CVE-2024-53185
- smb: client: fix NULL ptr deref in crypto_aead_setkey()
* CVE-url: https://ubuntu.com/security/CVE-2024-50047
- smb: client: fix UAF in async decryption
* CVE-url: https://ubuntu.com/security/CVE-2024-56662
- acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl
* Miscellaneous upstream changes
- Revert "UBUNTU: SAUCE: fs: hfs/hfsplus: add key_len boundary check to
hfs_bnode_read_key"
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* CVE-2024-50047 fix. // CVE-url: https://ubuntu.com/security/CVE-2025-38488
- smb: client: fix use-after-free in crypt_message when using async crypto
* CVE-url: https://ubuntu.com/security/CVE-2024-57996 // CVE-url:
https://ubuntu.com/security/CVE-2025-37752
- net_sched: sch_sfq: move the limit validation
* CVE-url: https://ubuntu.com/security/CVE-2023-52975
- scsi: iscsi: Move pool freeing
- scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress
* CVE-url: https://ubuntu.com/security/CVE-2023-52757
- smb: client: fix potential deadlock when releasing mids
* CVE-url: https://ubuntu.com/security/CVE-2025-38083
- net_sched: prio: fix a race in prio_tune()
* CVE-url: https://ubuntu.com/security/CVE-2024-49950
- Bluetooth: L2CAP: Fix uaf in l2cap_connect
- Bluetooth: hci_core: Fix calling mgmt_device_connected
* CVE-url: https://ubuntu.com/security/CVE-2024-50073
- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux
* CVE-url: https://ubuntu.com/security/CVE-2025-37797
- net_sched: hfsc: Fix a UAF vulnerability in class handling
* CVE-url: https://ubuntu.com/security/CVE-2024-38541
- of: module: add buffer overflow check in of_modalias()
* CVE-url: https://ubuntu.com/security/CVE-2025-37997
- netfilter: ipset: fix region locking in hash types
* CVE-url: https://ubuntu.com/security/CVE-2024-53051
- drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability
* CVE-url: https://ubuntu.com/security/CVE-2025-37890
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc
- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
* CVE-url: https://ubuntu.com/security/CVE-2025-37782
- hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
* CVE-url: https://ubuntu.com/security/CVE-2024-53185
- smb: client: fix NULL ptr deref in crypto_aead_setkey()
* CVE-url: https://ubuntu.com/security/CVE-2024-50047
- smb: client: fix UAF in async decryption
* CVE-url: https://ubuntu.com/security/CVE-2024-56662
- acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl
* Miscellaneous upstream changes
- Revert "UBUNTU: SAUCE: fs: hfs/hfsplus: add key_len boundary check to
hfs_bnode_read_key"
0
tuxcare-ubuntu20.04-els
linux-buildinfo-5.4.0-221-tuxcare.els3-generic_5.4.0-221.241_amd64.deb
95436bf7139a52c1a3b55ff29726f047cb2c2a14
linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency_5.4.0-221.241_amd64.deb
b1837318aa7ee9555adf914796f049d28275a26f
linux-cloud-tools-5.4.0-221-tuxcare.els3_5.4.0-221.241_amd64.deb
c7246c5fcb904650c1ac3888598efb10c2624f28
linux-cloud-tools-5.4.0-221-tuxcare.els3-generic_5.4.0-221.241_amd64.deb
34c4325abd920f0b799f99d90386a08661d18418
linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency_5.4.0-221.241_amd64.deb
5c58f5c0dde1afdc5f6c372eccd2ffadb759e032
linux-cloud-tools-common_5.4.0-221.241_all.deb
824f698a130571a34d375b3de0cb311f3f70f36a
linux-doc_5.4.0-221.241_all.deb
aa7b5a7a1fb7b1d38ec190e2488205f38eaa8a0c
linux-headers-5.4.0-221-tuxcare.els3_5.4.0-221.241_all.deb
0f7822afb73e5b96b6149e6839d10508797418bf
linux-headers-5.4.0-221-tuxcare.els3-generic_5.4.0-221.241_amd64.deb
3c55dd5cbf655643d74e56d102bdeb4b2c2a1dab
linux-headers-5.4.0-221-tuxcare.els3-lowlatency_5.4.0-221.241_amd64.deb
25e6ab272e5899ee78221af66fb330e2c4da4c12
linux-image-unsigned-5.4.0-221-tuxcare.els3-generic_5.4.0-221.241_amd64.deb
12e3be0a594ef88a7770be2cda4af7427b7e41c4
linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency_5.4.0-221.241_amd64.deb
34f9857d558dae90ca07edc0af369f76011c5670
linux-libc-dev_5.4.0-221.241_amd64.deb
b3a4eeb9736d670c04dfe7cc56bfc899c96cd1a2
linux-modules-5.4.0-221-tuxcare.els3-generic_5.4.0-221.241_amd64.deb
cf30a7b5536982c1786e6143025f967f28768b42
linux-modules-5.4.0-221-tuxcare.els3-lowlatency_5.4.0-221.241_amd64.deb
57eeda0451ae062247cb72cdeb3d2d803e36ef9f
linux-modules-extra-5.4.0-221-tuxcare.els3-generic_5.4.0-221.241_amd64.deb
1084ff4df04981f499c3fbcb4d5eaad7650739a4
linux-source-5.4.0_5.4.0-221.241_all.deb
c0a96aea3d2e1d4ac099c45a4f2e99d5bffa87cb
linux-tools-5.4.0-221-tuxcare.els3_5.4.0-221.241_amd64.deb
641d0d478079cc6a80e645e3b16524a6aa4bfb5d
linux-tools-5.4.0-221-tuxcare.els3-generic_5.4.0-221.241_amd64.deb
3752b53407803b3938c057a2c3c218249a49a1ef
linux-tools-5.4.0-221-tuxcare.els3-lowlatency_5.4.0-221.241_amd64.deb
f661e5b011e2906f9f0fead40cdd8297753fb9f4
linux-tools-common_5.4.0-221.241_all.deb
39bb0d82b09c9401a9a75dad5672d6335e3eeeb6
linux-tools-host_5.4.0-221.241_all.deb
35874680b939914e5786035265694490507b6d3f
CLSA-2025:1758228035
Fix CVE(s): CVE-2025-7425
TuxCare License Agreement
0
* SECURITY UPDATE: memory corruption in attribute type handling
- debian/patches/CVE-2025-7425.patch: guard against atype corruption
to ensure proper ID cleanup and prevent heap-use-after-free
- CVE-2025-7425
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: memory corruption in attribute type handling
- debian/patches/CVE-2025-7425.patch: guard against atype corruption
to ensure proper ID cleanup and prevent heap-use-after-free
- CVE-2025-7425
0
tuxcare-ubuntu20.04-els
libxml2_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els4_amd64.deb
3781dea005c678b31cec6f4dc0b58c88e3b9f1be
libxml2-dev_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els4_amd64.deb
5fba3c50ca3cfd54678f7f76a785b3c8f3ccd089
libxml2-doc_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els4_all.deb
fe8cac9c8532c45d6e7c4598747afaf34066bb5b
libxml2-utils_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els4_amd64.deb
6b6b28aaac045e22311dc1a97d52e74e2650bdef
python-libxml2_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els4_amd64.deb
fd8894c5f3f760912ec1f449041f64e479270761
python3-libxml2_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els4_amd64.deb
38beeaea7f8a3dbeb74d54cc65bf48ea3175e8d6
CLSA-2025:1758635329
Fix CVE(s): CVE-2025-57807
TuxCare License Agreement
0
* SECURITY UPDATE: heap out-of-bounds write in BlobStream (WriteBlob)
- debian/patches/CVE-2025-57807.patch: enforce extent ≥ offset + length
when forward-seeking before writes in MagickCore/blob.c
- CVE-2025-57807
Critical
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: heap out-of-bounds write in BlobStream (WriteBlob)
- debian/patches/CVE-2025-57807.patch: enforce extent ≥ offset + length
when forward-seeking before writes in MagickCore/blob.c
- CVE-2025-57807
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_amd64.deb
9961bb780a1511585725e3161783b0b6025d1571
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_all.deb
0e88b8034f1ca308742224fae798cc0049174bb7
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_all.deb
95bb955660f517fd4ce7a732b6de63add517544b
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_amd64.deb
0a30affd0e390713b2f3c3aa32c0f4f3b25cdbb3
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_amd64.deb
05ef80ad4b8891a87b9f77fab9f9f8f3f5cfc861
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_all.deb
5244c0a14227b78e0a4c1f3e25c5b3f3cf9544f4
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_all.deb
3140cd8bd2837c4ed5d2de6e1fdbcd688feac494
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_all.deb
466458f71cc39c0cc2aa3f4c57c88c412d64533c
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_amd64.deb
792ee3da64cc2df4e776387b9ae31fabdf78e27c
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_amd64.deb
e044f0c6ecf3ebfa80ac6016b1efb94561b27b7e
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_all.deb
f64d5637ac340f16f136a090eea86d468ff85ae0
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_amd64.deb
3045bdead56b4ab37fcaa9ac7f72e89eea470347
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_amd64.deb
cd3133f40ac03c3f5bc68884e976cab5ccfc44d1
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_amd64.deb
afecc4cbacfeecf43949225198d5e03500f8c479
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_amd64.deb
ec55f7f77be2fe8365ba9ef3a1df972fb15f746a
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_all.deb
b154896e3dab696a6af773ab49eba524fe0d9803
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_amd64.deb
f6078e1817fc66b1fa20528dcb971ee6bbe2d8aa
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_all.deb
5a60cfde784bbf8b5dc310ad6257e94a5e3a817a
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_amd64.deb
981a5f6f447702e6ed453ecb4075c1aa5f4fcbb6
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_amd64.deb
654618de13f1480f7bf72998bcab840004ad6718
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_amd64.deb
3ddd35d0994288fbbaad7fdec81ddc477d37836d
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_amd64.deb
6b6a1f4a15b94910176b67b7c453ddfd17597795
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_amd64.deb
4f224aac874f31a15db8c1cc71155b55092b8b34
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_amd64.deb
8ab0a11d2b78e1a05f53f87a52807f27edc45327
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_all.deb
9e35d7ab1a031195f42833308913708de26ee15c
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_all.deb
c9546a786e0f753bba5e70d9c62c06a77950a5d5
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_amd64.deb
15c61c847c7c950507b04e77dde82ecbacd25ac3
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_amd64.deb
b5a637e93674e3cd87eb1ecdc6d737bce4defe81
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_amd64.deb
53046ed3ec4dd5ae27ca90142d0ce4fe6f3af847
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_amd64.deb
abb2880e7c8a4d66cfa54d3c5262cc795fe00b06
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_all.deb
e52ebb54cfe2702ae30a6d688a65598fc77f1cf2
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els3_all.deb
529f1b963da5b3186c7386400cd0b36b558251d4
CLSA-2025:1758289909
Fix CVE(s): CVE-2025-1735, CVE-2025-1736
TuxCare License Agreement
0
* SECURITY UPDATE: Inadequate validation in pgsql and pdo_pgsql functions
- debian/patches/CVE-2025-1735.patch: add error checks for escape function
in pgsql and pdo_pgsql extensions to prevent potential security issues
- CVE-2025-1735
* SECURITY UPDATE: Insufficient HTTP header validation
- debian/patches/CVE-2025-1736.patch: updates the http user header check
for crlf in ext/standard/http_fopen_wrapper.c
- CVE-2025-1736
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: Inadequate validation in pgsql and pdo_pgsql functions
- debian/patches/CVE-2025-1735.patch: add error checks for escape function
in pgsql and pdo_pgsql extensions to prevent potential security issues
- CVE-2025-1735
* SECURITY UPDATE: Insufficient HTTP header validation
- debian/patches/CVE-2025-1736.patch: updates the http user header check
for crlf in ext/standard/http_fopen_wrapper.c
- CVE-2025-1736
0
tuxcare-ubuntu20.04-els
libapache2-mod-php7.4_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
1e4c6348d9c1b38797631210439a90810e9c9bf9
libphp7.4-embed_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
e5f9a107970a4b85446066e1b77ef14413b1203b
php7.4_7.4.3-4ubuntu2.29+tuxcare.els1_all.deb
37b6da4d00484250a0a2b2eb2bab509a3b60fe83
php7.4-bcmath_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
aa01f6a1bc9fe05cf975f74f5c02d2b1acaf4d03
php7.4-bz2_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
c4edb1c231427dd497143b4d9db4c6e4d59c4156
php7.4-cgi_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
0fc23939477d6e932cbe7bae15c2a0d0584ac738
php7.4-cli_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
268843a53e3d21c049965bc97bd99e79aeefa06e
php7.4-common_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
9f9b9929570bf0217d7f43cf7cf541e37cfd6a39
php7.4-curl_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
b425d79f0e7747b72cb5d416bcd28b65380629f1
php7.4-dba_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
0e05d3f2686529994be6fa6f4f09562c199a4371
php7.4-dev_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
2580754d82236d60bed83c6c112308397c6527ae
php7.4-enchant_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
583aa984cecc7f34126543751471a01c78562a97
php7.4-fpm_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
84090a1b6b724d17ea0fc4f783c0e1991d457f6f
php7.4-gd_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
fd3b5e053c2031ed2acc7c66877fdcbf0be904b5
php7.4-gmp_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
b643213f201ea719aa163e0a0ec60ec8b1e29871
php7.4-imap_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
e166fbf04bbeea4f455b6ceea6c2ded2df9e8f06
php7.4-interbase_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
5de97dec0878be96f5618d19982ca51cb2b23343
php7.4-intl_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
430f124591fda12eaad1130b8d88a6af5d050fc7
php7.4-json_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
b99857503de4a740baac64402c3002e5651c122a
php7.4-ldap_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
5032ec9eb5f76f486829078ac11e578a471307e9
php7.4-mbstring_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
d96c5014c04f9f19c6e0fd68408f6576c63c549c
php7.4-mysql_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
2978c5f8ccf8fe96f180a510b20bf01c5346a0d5
php7.4-odbc_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
db1ce2b37256d3a0b2dd4005f9642aed530c6aee
php7.4-opcache_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
1f63c782397a73e85421ee48dbaf3549f3b44417
php7.4-pgsql_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
d0578b2ef4e1801d73bb27a11e93ca7395b74ffb
php7.4-phpdbg_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
7d13d71e814e95c86b411251be46f5d7cf0f9875
php7.4-pspell_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
9ff58f5a7518a92070dd578ce35b2cd4746751d0
php7.4-readline_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
b53948656e5ba29b72f5260f1735d736aa47e830
php7.4-snmp_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
92306b65fd25d1dd2e38553b5dec611e6fadbf2e
php7.4-soap_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
8e33e2d88c31239312026e25e8bbe624db979663
php7.4-sqlite3_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
d32febfa48da668454eb50c398d3d5c2dd89f236
php7.4-sybase_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
0a7a03912700f54308438f79b4ae868e2c643d99
php7.4-tidy_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
4d45f347a38159d50ebf964c92ee4e63bd84a945
php7.4-xml_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
ff4151877809189169fea147bd374b6508fa4b92
php7.4-xmlrpc_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
a20e1d38660686343d7338677a012c5d5ed6068e
php7.4-xsl_7.4.3-4ubuntu2.29+tuxcare.els1_all.deb
6bcbb68ae8660d98bdae0c2dc1424f5cbcbed2c4
php7.4-zip_7.4.3-4ubuntu2.29+tuxcare.els1_amd64.deb
e7b8b189fc7f104612024e9568ce78ca5b04a909
CLSA-2025:1759331689
Fix CVE(s): CVE-2025-55154
TuxCare License Agreement
0
* SECURITY UPDATE: unsafe magnified size calculations leading to memory
corruption
- debian/patches/CVE-2025-55154.patch: Fix integer overflow in PNG image
magnification causing memory corruption
- CVE-2025-55154
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: unsafe magnified size calculations leading to memory
corruption
- debian/patches/CVE-2025-55154.patch: Fix integer overflow in PNG image
magnification causing memory corruption
- CVE-2025-55154
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_amd64.deb
996dc671a2dda4123e5b0a11e9cf21fa50ee955f
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_all.deb
aff05b1a48b5b0132913151e3561f29e0d639cc2
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_all.deb
81ad9d04bb58f3b1a5ce32cfabdf9cfcce7c4298
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_amd64.deb
0d769136f0e74dcb1123468fc3f7e4756ef4e3a1
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_amd64.deb
f0171789bf9cc7e58a6243f26bd9b79868e2507b
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_all.deb
700d5ad24cf916d18bebfd39e96d8be05ceec887
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_all.deb
a1e641b1252025f510de03339dd2b43d32acd322
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_all.deb
8b3ae921769df2c9975d466bd294ee0703ff89bc
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_amd64.deb
fe22adb3c162c15594e613cd235a4792e667183f
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_amd64.deb
b8f10d4df40b0381f1ca25e32c2c70fcae35c4fd
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_all.deb
a0b6517d9643a98c3a280ecdebe24f0812361796
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_amd64.deb
3a1580b357e2b533a3e55bc9472ce617e28a61d2
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_amd64.deb
0308fe6a0772e9e67e25b0ccd912730d31be9469
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_amd64.deb
0b91502bfc1ab1447081e31e9b5019b558d76f55
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_amd64.deb
aae509e4e069339fa9901fe2c58cf77bd00ae6c4
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_all.deb
6f7f27f757c8f43be124ac1eeb18e0150500bf7b
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_amd64.deb
f78e349b4490d381cb8bd3f5ec7ae0fc7f264356
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_all.deb
002fdd5018eb2d0694077e50cef451d1f8acb742
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_amd64.deb
10941f6d78571eaa61bd0a70f0da0584b8b997a0
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_amd64.deb
9fbfd7b2abfe8f45b6eb935b61755641afd551e8
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_amd64.deb
78aed68dd7ec20d66728834899c8df0179ef554c
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_amd64.deb
8be114aac87adac4d53929590b97df8fdea8e94e
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_amd64.deb
f2cd783ab94c90030b714d44b6f3f1ba098362e9
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_amd64.deb
20167fd936e48e0a123bd5b496d740c466ed3067
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_all.deb
62f53ea98c447ee5cfca73857c9a7780502ecd38
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_all.deb
24e51a35b7312385f5e9c787947df07c17174281
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_amd64.deb
5ef061f3f78d0097d7a44872e01d0190ba0d687f
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_amd64.deb
e2d02d758c8cbe8b5bb49d5a6bf334b42a321520
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_amd64.deb
805372ff19752f5370b6d787c05461ba457aed9e
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_amd64.deb
daae6223aa3dfdfc9dfa0673a2735e170ce3f116
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_all.deb
f878c1b537ce876309a4d98f2a36fc03f9e1dacf
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els4_all.deb
8a167159484b1d34d5fad38f0e695a91f51a9bbc
CLSA-2025:1759782399
Fix CVE(s): CVE-2025-5372
TuxCare License Agreement
0
* SECURITY UPDATE: improper return value handling in key derivation function
- debian/patches/CVE-2025-5372.patch: reformat ssh_kdf() to fix formatting
issue with EVP_KDF_ctrl calls
- debian/patches/CVE-2025-5372-1.patch: simplify error checking and handling
of return codes in ssh_kdf
- CVE-2025-5372
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: improper return value handling in key derivation function
- debian/patches/CVE-2025-5372.patch: reformat ssh_kdf() to fix formatting
issue with EVP_KDF_ctrl calls
- debian/patches/CVE-2025-5372-1.patch: simplify error checking and handling
of return codes in ssh_kdf
- CVE-2025-5372
0
tuxcare-ubuntu20.04-els
libssh-4_0.9.3-2ubuntu2.5+tuxcare.els2_amd64.deb
736e99056592f9ced27524ff5ed39586e4e9c849
libssh-dev_0.9.3-2ubuntu2.5+tuxcare.els2_amd64.deb
99c30a4ddb8843eb90050bc7d2c494a319e642a1
libssh-doc_0.9.3-2ubuntu2.5+tuxcare.els2_all.deb
5207e8f9fbba706bea6ce7bc52daf2c2c6fdcc9c
libssh-gcrypt-4_0.9.3-2ubuntu2.5+tuxcare.els2_amd64.deb
f776fbe535e0e1f6b14af271485686fc1e69df66
libssh-gcrypt-dev_0.9.3-2ubuntu2.5+tuxcare.els2_amd64.deb
b722ccd1c624792243eff35023a823939278fb41
CLSA-2025:1759782690
Fix CVE(s): CVE-2025-55298
TuxCare License Agreement
0
* SECURITY UPDATE: format string bug vulnerability in InterpretImageFilename
function
- debian/patches/CVE-2025-55298.patch: Fix PercentNInvalidOperation
and IsValidFormatSpecifier to handle invalid arguments in
InterpretImageFilename
- CVE-2025-55298
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: format string bug vulnerability in InterpretImageFilename
function
- debian/patches/CVE-2025-55298.patch: Fix PercentNInvalidOperation
and IsValidFormatSpecifier to handle invalid arguments in
InterpretImageFilename
- CVE-2025-55298
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_amd64.deb
8e594afc4e6f389782cb62015086ec715830dbeb
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_all.deb
b6d52fc8e59a30c2ed06ba0b45ed07ee41bebd3d
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_all.deb
6e44a55e9eca6d5c167ab191969d27101429b78a
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_amd64.deb
a2199d2a4ab1b76d4d384edfa9387d87e7913212
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_amd64.deb
25d83ce6dd7fefd8fc7c17d51ccc568400b81068
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_all.deb
6e9f5431f6efc121b2cdb524e7584989dc1a062c
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_all.deb
ec0e192eca5730754b5f3680527f5002dae8b897
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_all.deb
7dc8fbfd136ac92e17ddd5ac31b7cddbc202264f
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_amd64.deb
84c1e00652a3c46c72bbb6b0ec41d57ae62a670e
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_amd64.deb
b047e1bcc4e75df7952a1039e5b720c64e1d50a2
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_all.deb
3fcfd922dd2309e5d2bcd04c5af336fd627aa374
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_amd64.deb
b475bd581cca704af69c736bd828744f4eb2165c
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_amd64.deb
1b7ed03016ed34b8ea2a828e6a413c453283e2a9
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_amd64.deb
5015e9d95bf11f657ba6d3a2770e87f7a3a92dc9
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_amd64.deb
1755d3dae23d02941d11c233fc04df47e34408f9
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_all.deb
e26f5d4e5fcd5074d17eca9564fc692439c51bba
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_amd64.deb
3744390d5e3db90f7f29fc5b9433f075bdeecee3
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_all.deb
71cf86f8203c049f03a814b578f12a71e46d9824
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_amd64.deb
9f8b8e833dd90c3476cbd1bfb8c98b428447e3f5
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_amd64.deb
ee8194d61671d417304e6cdf1de207aef006695b
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_amd64.deb
fdc3daf037645d017730798ff6d8c3705736ba51
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_amd64.deb
6e62b3825c3ccb34b2064ceaad706784bdee798f
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_amd64.deb
04c85c74cc833fab60fd6fde66ab9610b0b87cc8
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_amd64.deb
e57a5581f5e110f4a4f69e2d2cdb907e9f2aedbe
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_all.deb
d7df59d9adc07d142aa3029be207c9ae0ead95b9
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_all.deb
78dd60018cd5bce707f1e082f0aed43be9d5db63
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_amd64.deb
5d25a737483bdab6068d6658d74a0764820bf098
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_amd64.deb
250332dfa0b08b19d2f28adbc50d9e00ab4e5f19
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_amd64.deb
5891139490f3abb1ebdc8f0ff6d857bbf12eed9d
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_amd64.deb
cd2c2eabb315f3ff0d97ad5e417475af1460d8fd
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_all.deb
8cf1fc666166c1808ce556156b7a30c14fcd46e6
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els5_all.deb
3fdd9d75db56aecbd3d3d70424a8d0a79d0bd0fd
CLSA-2025:1759856402
Fix CVE(s): CVE-2025-57803
TuxCare License Agreement
0
* SECURITY UPDATE: integer Overflow in BMP Encoder
- debian/patches/CVE-2025-57803.patch: Fix buffer overflow issue in BMP
decoder caused by insufficient memory allocation
- CVE-2025-57803
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: integer Overflow in BMP Encoder
- debian/patches/CVE-2025-57803.patch: Fix buffer overflow issue in BMP
decoder caused by insufficient memory allocation
- CVE-2025-57803
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_amd64.deb
e27efbea9f5d410861cd5b3bad439c9042dd6998
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_all.deb
2dfda4b86faa316027be899d46a465130fcc50c5
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_all.deb
bd1c1a49c977204c374718dbf958ea793b8d04a2
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_amd64.deb
0411ef365dbd8c254f24368ee3523227d32b1424
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_amd64.deb
f1375a61ac413cd310247c67315cabd6e9f1708d
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_all.deb
c1b9e2defaed066c982a2a210a3b537a86e0f460
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_all.deb
adb3b1a1a3f2fe533154300332ca77087bf45f37
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_all.deb
52968fba82eaef2bc647b3c3d9dc3cf4900d940a
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_amd64.deb
095596294d655ae2d2af12378c05fd321d6f73e0
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_amd64.deb
cbdfedeed26321fb1eadb8247434fb92835804c0
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_all.deb
d8821dd81de766a5247d3b4e21019cfffac3e1a5
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_amd64.deb
f3e927ecdd0cb4ec0cdbca472ef626f3fb1350d9
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_amd64.deb
d039e00b882fe2348300ea3ecd8628c1c2c0898d
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_amd64.deb
ef95a13e558b4110ba55c6f3e7d7619f08ff102c
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_amd64.deb
8f5a9e4adf58ad93d366c84db7f19b2004da4ffd
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_all.deb
8e1be35d04b79b6c5ecc71cfefcebdf06330d07c
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_amd64.deb
8f7fe2c5bc94cf287c9106085bc3a07663879895
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_all.deb
d4e79efdc0f767c4463cba8d98c4a655993c7fb7
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_amd64.deb
909803f80528f5b45363476019de991551946b93
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_amd64.deb
0f056f0ee10986401a5e91aaf36781d58e8754b8
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_amd64.deb
43a29a288ff30c895a5d13c3b4f54b0d8bbe5244
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_amd64.deb
e9de6a29d64fc913ed17466aa0a545e96e5d24ea
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_amd64.deb
e456ae7377e60ebe90914d2b0d7bfc6f91db9386
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_amd64.deb
1ba6e904fceca48c49f9d3bd77e76f339778f881
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_all.deb
67e3614d68750f3c54989db74f7a862313fa5520
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_all.deb
91681500657a49255cc1e51f072eeb998aef8ac9
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_amd64.deb
3607fcf6c058e079ace7b5daae3e56fa308905f3
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_amd64.deb
b6be432f6ce2b7822d39012f37e8b0bd40862895
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_amd64.deb
094087fbdf2013363dc99d04e1bb0c963e82f35c
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_amd64.deb
e071d6bd4674c4050aebbfa561f2ece2190494c4
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_all.deb
278f0ec05fdee5b0d355e2e8e6eff2d4b5f5fa45
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els6_all.deb
02556a3587a1306cfe5f92462cb4bf2fc175c84a
CLSA-2025:1760019285
Fix CVE(s): CVE-2025-55212
TuxCare License Agreement
0
* SECURITY UPDATE: crash triggered by passing a colon to montage -geometry
- debian/patches/CVE-2025-55212.patch: Fix invalid height and width checks
in ThumbnailImage using MagickSafeReciprocal
- CVE-2025-55212
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: crash triggered by passing a colon to montage -geometry
- debian/patches/CVE-2025-55212.patch: Fix invalid height and width checks
in ThumbnailImage using MagickSafeReciprocal
- CVE-2025-55212
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_amd64.deb
39448e1482099ed59113684f1aee09df96b45fb3
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_all.deb
a16d92f89b8dabce077ecc2254b081cbc48e01c9
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_all.deb
5560b8a588f58366b46c8c87d89f1efb480fb5f1
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_amd64.deb
f86a8ffc08cf6fefd3e307fd0e9efa798836da8b
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_amd64.deb
b2dbe255e62df267904e202e91b71ef7e72d14cb
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_all.deb
43bc74edc7283f1176cd0d2aeb087e732fd34158
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_all.deb
a836f66b222d616849046c8a63b2b4f2b3eb5899
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_all.deb
a3ba0ff0020e7e317f5db9d5d5e1115e56ecdc2d
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_amd64.deb
7184cdd99435eeab77c220bfd9a1979b871efb6b
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_amd64.deb
919693af819fb83dcbb5f82012f86447b70cd89c
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_all.deb
35fef88f723015e02059d4e414ee84630ee42b9b
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_amd64.deb
10f959f0d1147e4f1b4709116a63f3b8bf6b913f
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_amd64.deb
2e4664468863532478803b47a78fa6411b09e706
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_amd64.deb
a23ffa5969b627982fbcc399757a0b7f7291944b
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_amd64.deb
adeaa70f7b3458a7a0fa1a07523b45e7334b18aa
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_all.deb
0ad6a91a188386cfdc0cfffb3702f574868f1426
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_amd64.deb
0708cb34b789d9bedc350525bd819ccc4daba61c
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_all.deb
b788896ecdb6484ab596195887c905c11a83f0f9
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_amd64.deb
14e82aa4879841e4d4c63c5b60be55a095b7f589
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_amd64.deb
c03bacbf29d73c9b1e3c4009dfc96edd832b0a4b
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_amd64.deb
4e1eae7c1a77605bd2a1557290249ee6b2eba3a8
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_amd64.deb
a74955c7e8e18a5817cd78112acd40bb536fa238
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_amd64.deb
04dc4aa8ccd94399f08dc6e9a6e949d8386435e0
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_amd64.deb
a60932bc04ff07aa2ab0990a009c5c7ced1a1b50
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_all.deb
b9a120bdc2cd51dcd90e8edd8575e0f764fa3424
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_all.deb
e9e06c93150d5d000bbd86d9ed768827cdee27f8
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_amd64.deb
e94384579922fd5ed6f0a7bad771f8460750f29e
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_amd64.deb
13e060465b0cbcb625a7747095d80f7c3e6fce70
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_amd64.deb
66c44489aa8ac158991125352319e58589ed2668
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_amd64.deb
eacd0d87b108359e92ef5dc8f795071e3d37ccb7
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_all.deb
1e8c0ebee1b9ebb01f3e82795d800a59a28c76b9
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els8_all.deb
06d9d610983fa7e4e82ada53d40dac680fd237ba
CLSA-2025:1760020311
Fix CVE(s): CVE-2025-9714
TuxCare License Agreement
0
* SECURITY UPDATE: uncontrolled recursion leading to stack overflow via
crafted XPath expressions
- debian/patches/CVE-2025-9714.patch: Make XPath depth check work with
recursive invocations to prevent stack overflows
- CVE-2025-9714
Moderate
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: uncontrolled recursion leading to stack overflow via
crafted XPath expressions
- debian/patches/CVE-2025-9714.patch: Make XPath depth check work with
recursive invocations to prevent stack overflows
- CVE-2025-9714
0
tuxcare-ubuntu20.04-els
libxml2_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els5_amd64.deb
f07a232b97b40fd06e064b60e18f2aa83edf19f7
libxml2-dev_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els5_amd64.deb
520e774bf867451207358e5e020a7ad85b03edeb
libxml2-doc_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els5_all.deb
4001b61eca35bff4cbf91a8cf798d2d2e850b192
libxml2-utils_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els5_amd64.deb
7510a5feec9e7b575785657e919f7bb8728593ff
python-libxml2_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els5_amd64.deb
a804e6ae81c024af9dc80a4107336884837d15fe
python3-libxml2_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els5_amd64.deb
f531573072cc7c37cfb6acceccb6572b7479545a
CLSA-2025:1760645131
Fix of 11 CVEs
TuxCare License Agreement
0
* CVE-url: https://ubuntu.com/security/CVE-2022-43945
- NFSD: Protect against send buffer overflow in NFSv3 READ
* CVE-url: https://ubuntu.com/security/CVE-2025-21796
- nfsd: clear acl_access/acl_default after releasing them
* CVE-url: https://ubuntu.com/security/CVE-2022-48827
- NFSD: Fix the behavior of READ near OFFSET_MAX
* CVE-url: https://ubuntu.com/security/CVE-2025-38477
- net/sched: sch_qfq: Fix race condition on qfq_aggregate
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in
qfq_delete_class
* CVE-url: https://ubuntu.com/security/CVE-2025-38618
- vsock: Do not allow binding to VMADDR_PORT_ANY
* CVE-url: https://ubuntu.com/security/CVE-2025-38617
- net/packet: fix a race in packet_set_ring() and packet_notifier()
* CVE-url: https://ubuntu.com/security/CVE-2021-47391
- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests
* CVE-url: https://ubuntu.com/security/CVE-2024-41069
- ASoC: topology: Fix references to freed memory
- ASoC: topology: Do not assign fields that are already set
- ASoC: topology: Clean up route loading
* CVE-url: https://ubuntu.com/security/CVE-2024-56616
- drm/dp_mst: Fix MST sideband message body length check
* CVE-url: https://ubuntu.com/security/CVE-2024-35932
- drm/vc4: don't check if plane->state->fb == state->fb
* CVE-url: https://ubuntu.com/security/CVE-2025-38350
- net/sched: Always pass notifications when child class becomes empty
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* CVE-url: https://ubuntu.com/security/CVE-2022-43945
- NFSD: Protect against send buffer overflow in NFSv3 READ
* CVE-url: https://ubuntu.com/security/CVE-2025-21796
- nfsd: clear acl_access/acl_default after releasing them
* CVE-url: https://ubuntu.com/security/CVE-2022-48827
- NFSD: Fix the behavior of READ near OFFSET_MAX
* CVE-url: https://ubuntu.com/security/CVE-2025-38477
- net/sched: sch_qfq: Fix race condition on qfq_aggregate
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in
qfq_delete_class
* CVE-url: https://ubuntu.com/security/CVE-2025-38618
- vsock: Do not allow binding to VMADDR_PORT_ANY
* CVE-url: https://ubuntu.com/security/CVE-2025-38617
- net/packet: fix a race in packet_set_ring() and packet_notifier()
* CVE-url: https://ubuntu.com/security/CVE-2021-47391
- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests
* CVE-url: https://ubuntu.com/security/CVE-2024-41069
- ASoC: topology: Fix references to freed memory
- ASoC: topology: Do not assign fields that are already set
- ASoC: topology: Clean up route loading
* CVE-url: https://ubuntu.com/security/CVE-2024-56616
- drm/dp_mst: Fix MST sideband message body length check
* CVE-url: https://ubuntu.com/security/CVE-2024-35932
- drm/vc4: don't check if plane->state->fb == state->fb
* CVE-url: https://ubuntu.com/security/CVE-2025-38350
- net/sched: Always pass notifications when child class becomes empty
0
tuxcare-ubuntu20.04-els
linux-buildinfo-5.4.0-222-tuxcare.els4-generic_5.4.0-222.242_amd64.deb
72992c49ca301f2c148692a95dd3b3472ddd1428
linux-buildinfo-5.4.0-222-tuxcare.els4-lowlatency_5.4.0-222.242_amd64.deb
789d474773da89dde4fa19c0fe1a28fd9e436c24
linux-cloud-tools-5.4.0-222-tuxcare.els4_5.4.0-222.242_amd64.deb
d3b64a8267b44588fa22af54a0cec3e39e516eec
linux-cloud-tools-5.4.0-222-tuxcare.els4-generic_5.4.0-222.242_amd64.deb
1cec430083955ee6d4a00830c753950292fe6d2a
linux-cloud-tools-5.4.0-222-tuxcare.els4-lowlatency_5.4.0-222.242_amd64.deb
298614b8bd057dabcd660d03548aaafbfbf4e5dd
linux-cloud-tools-common_5.4.0-222.242_all.deb
7c7a00f9bc4f360fd756ab27a868aa128364ae67
linux-cloud-tools-generic_5.4.0.222.242_amd64.deb
98d3b5511d727835f97c80715dc868f0d2b6cf07
linux-cloud-tools-lowlatency_5.4.0.222.242_amd64.deb
471d3184f663996bc76c3530d195200464fc2ea2
linux-doc_5.4.0-222.242_all.deb
1eba1b23814dd6bb6a1187ceaa08f9d5452b4d4f
linux-generic_5.4.0.222.242_amd64.deb
8a07edd29569864b8c83b3c4b1e59e265cbb6db7
linux-headers-5.4.0-222-tuxcare.els4_5.4.0-222.242_all.deb
32aa6c0e6fbe4d143e32a88ec49c4a77ee606802
linux-headers-5.4.0-222-tuxcare.els4-generic_5.4.0-222.242_amd64.deb
0c127b9d1f3dff950f60efe4994ff6091caa800d
linux-headers-5.4.0-222-tuxcare.els4-lowlatency_5.4.0-222.242_amd64.deb
661e389490d1e50a7ba79ab43ca3d93cd32d064d
linux-headers-generic_5.4.0.222.242_amd64.deb
538515cddec28613ecaf045e87f84682175476bd
linux-headers-lowlatency_5.4.0.222.242_amd64.deb
9547691b22e0816f8097923cb7d0de072b92b07e
linux-image-generic_5.4.0.222.242_amd64.deb
e653c988d22ab433606c08a716639bf7b0b1f81a
linux-image-lowlatency_5.4.0.222.242_amd64.deb
98051fa42b9b27506c207a6bb63ce46b133f4054
linux-image-unsigned-5.4.0-222-tuxcare.els4-generic_5.4.0-222.242_amd64.deb
42fe6fe9c6ea060e0c5655c3b5f7f3ef4b97a53d
linux-image-unsigned-5.4.0-222-tuxcare.els4-lowlatency_5.4.0-222.242_amd64.deb
681da3077de5acf47b3079b3ae8736c85521246a
linux-libc-dev_5.4.0-222.242_amd64.deb
3c423ed914b92b9bbbd5ced9b9f6ce32d1000157
linux-lowlatency_5.4.0.222.242_amd64.deb
9087949531ec1b8312f63a0861703f4f235c0d03
linux-modules-5.4.0-222-tuxcare.els4-generic_5.4.0-222.242_amd64.deb
5b8469c026b527648643ea7ef9ea214c6ae5b5b5
linux-modules-5.4.0-222-tuxcare.els4-lowlatency_5.4.0-222.242_amd64.deb
8d88f17ba428ae41040056824916b243804c39ca
linux-modules-extra-5.4.0-222-tuxcare.els4-generic_5.4.0-222.242_amd64.deb
2447eebd219c7e4ffebbf71f4654e63f58199522
linux-source-5.4.0_5.4.0-222.242_all.deb
fba8a3f11f6e5d69eddee50c63bde7d75ed1b222
linux-tools-5.4.0-222-tuxcare.els4_5.4.0-222.242_amd64.deb
5ebae1444530c698f1e1f548fdb0b9847be3cc33
linux-tools-5.4.0-222-tuxcare.els4-generic_5.4.0-222.242_amd64.deb
22629f11f79ad2d6ca0fb0885a326e8730c79d77
linux-tools-5.4.0-222-tuxcare.els4-lowlatency_5.4.0-222.242_amd64.deb
7c7223c9f59a42e0b03b61f184f1869c97db9265
linux-tools-common_5.4.0-222.242_all.deb
b4542ea47f056c2e00eb447894c4add6b5454464
linux-tools-generic_5.4.0.222.242_amd64.deb
6be9f9283df11f2bac9b3fb83915483f565ca387
linux-tools-host_5.4.0-222.242_all.deb
b9b1fd08d623c6ba4f1336953bafb8d8be81baa1
linux-tools-lowlatency_5.4.0.222.242_amd64.deb
1de1e38d7088ef919a3c24c71c0238e5bc76859d
CLSA-2025:1760648945
Update of alt-php
TuxCare License Agreement
0
* Bump ABI 5.4.0-222
None
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* Bump ABI 5.4.0-222
0
tuxcare-ubuntu20.04-els
linux-cloud-tools-generic_5.4.0.222.242_amd64.deb
98d3b5511d727835f97c80715dc868f0d2b6cf07
linux-cloud-tools-lowlatency_5.4.0.222.242_amd64.deb
471d3184f663996bc76c3530d195200464fc2ea2
linux-generic_5.4.0.222.242_amd64.deb
8a07edd29569864b8c83b3c4b1e59e265cbb6db7
linux-headers-generic_5.4.0.222.242_amd64.deb
538515cddec28613ecaf045e87f84682175476bd
linux-headers-lowlatency_5.4.0.222.242_amd64.deb
9547691b22e0816f8097923cb7d0de072b92b07e
linux-image-generic_5.4.0.222.242_amd64.deb
e653c988d22ab433606c08a716639bf7b0b1f81a
linux-image-lowlatency_5.4.0.222.242_amd64.deb
98051fa42b9b27506c207a6bb63ce46b133f4054
linux-lowlatency_5.4.0.222.242_amd64.deb
9087949531ec1b8312f63a0861703f4f235c0d03
linux-tools-generic_5.4.0.222.242_amd64.deb
6be9f9283df11f2bac9b3fb83915483f565ca387
linux-tools-lowlatency_5.4.0.222.242_amd64.deb
1de1e38d7088ef919a3c24c71c0238e5bc76859d
CLSA-2025:1763124681
Fix CVE(s): CVE-2025-62168
TuxCare License Agreement
0
* SECURITY UPDATE: information disclosure vulnerability in error handling
- debian/patches/CVE-2025-62168.patch: Fix HttpRequest::pack function to
handle sensitive data by including a parameter for masking sensitive
information
- CVE-2025-62168
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: information disclosure vulnerability in error handling
- debian/patches/CVE-2025-62168.patch: Fix HttpRequest::pack function to
handle sensitive data by including a parameter for masking sensitive
information
- CVE-2025-62168
0
tuxcare-ubuntu20.04-els
squid_4.10-1ubuntu1.13+tuxcare.els1_amd64.deb
84a707564ea5e2b31ff0a92f1cd4d6594e008717
squid-cgi_4.10-1ubuntu1.13+tuxcare.els1_amd64.deb
10c56d0abb55f01bca1da8e459db3c94fe519a49
squid-common_4.10-1ubuntu1.13+tuxcare.els1_all.deb
02092231d383082d3e1976a5233cda7750bbfaad
squid-purge_4.10-1ubuntu1.13+tuxcare.els1_amd64.deb
55471a110c2bef021cc90b216e6e51e1fce3629a
squidclient_4.10-1ubuntu1.13+tuxcare.els1_amd64.deb
e828de9a2cfb7e74b46551d484e683af92577cdb
CLSA-2025:1763989962
Fix of 8 CVEs
TuxCare License Agreement
0
* CVE-url: https://ubuntu.com/security/CVE-2025-38352
- posix-cpu-timers: fix race between handle_posix_cpu_timers() and
posix_cpu_timer_del()
* CVE-url: https://ubuntu.com/security/CVE-2022-25265
- x86/elf: Add table to document READ_IMPLIES_EXEC
- x86/elf: Split READ_IMPLIES_EXEC from executable PT_GNU_STACK
- x86/elf: Disable automatic READ_IMPLIES_EXEC on 64-bit
* CVE-url: https://ubuntu.com/security/CVE-2022-49170
- f2fs: fix to do sanity check on curseg->alloc_type
* CVE-url: https://ubuntu.com/security/CVE-2021-47479
- staging: rtl8712: fix use-after-free in rtl8712_dl_fw
* CVE-url: https://ubuntu.com/security/CVE-2022-49519
- ath10k: skip ath10k_halt during suspend for driver state RESTARTING
* CVE-url: https://ubuntu.com/security/CVE-2024-46713
- perf/aux: Fix AUX buffer serialization
* CVE-url: https://ubuntu.com/security/CVE-2024-36914
- drm/amd/display: Skip on writeback when it's not applicable
* CVE-url: https://ubuntu.com/security/CVE-2024-36880
- Bluetooth: qca: add missing firmware sanity checks
* Miscellaneous upstream changes
- net: openvswitch: fix nested key length validation in the set() action
- isofs: Prevent the use of too small fid
- ext4: ignore xattrs past end
- net: ppp: Add bound checking for skb data on ppp_sync_txmung
- media: venus: hfi: add check to handle incorrect queue size
- media: venus: hfi_parser: add check to avoid out of bound access
- sctp: detect and prevent references to a freed transport in sendmsg
- ext4: improve xattr consistency checking and error reporting
- ext4: introduce ITAIL helper
- ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()
- ibmvnic: create send_control_ip_offload
- ibmvnic: Use strscpy() instead of strncpy()
- ibmvnic: Use kernel helpers for hex dumps
- wifi: at76c50x: fix use after free access in at76_disconnect
- wifi: cfg80211: fix use-after-free in cmp_bss()
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* CVE-url: https://ubuntu.com/security/CVE-2025-38352
- posix-cpu-timers: fix race between handle_posix_cpu_timers() and
posix_cpu_timer_del()
* CVE-url: https://ubuntu.com/security/CVE-2022-25265
- x86/elf: Add table to document READ_IMPLIES_EXEC
- x86/elf: Split READ_IMPLIES_EXEC from executable PT_GNU_STACK
- x86/elf: Disable automatic READ_IMPLIES_EXEC on 64-bit
* CVE-url: https://ubuntu.com/security/CVE-2022-49170
- f2fs: fix to do sanity check on curseg->alloc_type
* CVE-url: https://ubuntu.com/security/CVE-2021-47479
- staging: rtl8712: fix use-after-free in rtl8712_dl_fw
* CVE-url: https://ubuntu.com/security/CVE-2022-49519
- ath10k: skip ath10k_halt during suspend for driver state RESTARTING
* CVE-url: https://ubuntu.com/security/CVE-2024-46713
- perf/aux: Fix AUX buffer serialization
* CVE-url: https://ubuntu.com/security/CVE-2024-36914
- drm/amd/display: Skip on writeback when it's not applicable
* CVE-url: https://ubuntu.com/security/CVE-2024-36880
- Bluetooth: qca: add missing firmware sanity checks
* Miscellaneous upstream changes
- net: openvswitch: fix nested key length validation in the set() action
- isofs: Prevent the use of too small fid
- ext4: ignore xattrs past end
- net: ppp: Add bound checking for skb data on ppp_sync_txmung
- media: venus: hfi: add check to handle incorrect queue size
- media: venus: hfi_parser: add check to avoid out of bound access
- sctp: detect and prevent references to a freed transport in sendmsg
- ext4: improve xattr consistency checking and error reporting
- ext4: introduce ITAIL helper
- ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()
- ibmvnic: create send_control_ip_offload
- ibmvnic: Use strscpy() instead of strncpy()
- ibmvnic: Use kernel helpers for hex dumps
- wifi: at76c50x: fix use after free access in at76_disconnect
- wifi: cfg80211: fix use-after-free in cmp_bss()
0
tuxcare-ubuntu20.04-els
linux-buildinfo-5.4.0-223-tuxcare.els5-generic_5.4.0-223.243_amd64.deb
7d894f0f1f7d65db633221edecbd9c785b26cbb2
linux-buildinfo-5.4.0-223-tuxcare.els5-lowlatency_5.4.0-223.243_amd64.deb
badff33b4d502e53d02d6122c430bb3a06a0852a
linux-cloud-tools-5.4.0-223-tuxcare.els5_5.4.0-223.243_amd64.deb
cfc0d1b3b1c786360f8008eb520e718b4f722f28
linux-cloud-tools-5.4.0-223-tuxcare.els5-generic_5.4.0-223.243_amd64.deb
981a82f78a2bcccd0eaae23227036f01300b47b8
linux-cloud-tools-5.4.0-223-tuxcare.els5-lowlatency_5.4.0-223.243_amd64.deb
b0e7f62e0c4cda317678040d729efe53f6636812
linux-cloud-tools-common_5.4.0-223.243_all.deb
165f86825d6a016b622e0e86302294082314b7df
linux-doc_5.4.0-223.243_all.deb
7d29c4c960bca4b6cb534544430f72252aeec970
linux-headers-5.4.0-223-tuxcare.els5_5.4.0-223.243_all.deb
33d99e03c32bf1bbd10c0f323373c4f95309b6a2
linux-headers-5.4.0-223-tuxcare.els5-generic_5.4.0-223.243_amd64.deb
48ebd72b8f1149d02357d897b343a708eb602a35
linux-headers-5.4.0-223-tuxcare.els5-lowlatency_5.4.0-223.243_amd64.deb
ebd2938c0b6089892dd8d18629c8499cc463991c
linux-image-unsigned-5.4.0-223-tuxcare.els5-generic_5.4.0-223.243_amd64.deb
f704ec8e7766a6074b92246d597b838a2855527e
linux-image-unsigned-5.4.0-223-tuxcare.els5-lowlatency_5.4.0-223.243_amd64.deb
aaae7c9b6b2c352f29fe9f23b3e0c0df5b848865
linux-libc-dev_5.4.0-223.243_amd64.deb
bac3a6365243deea858934c5ffddc02976e645d9
linux-modules-5.4.0-223-tuxcare.els5-generic_5.4.0-223.243_amd64.deb
8e8d3a8eec082ef791f3452d336d9d21164bddef
linux-modules-5.4.0-223-tuxcare.els5-lowlatency_5.4.0-223.243_amd64.deb
dce2227ff3582c6929db119235bc18d0121ca156
linux-modules-extra-5.4.0-223-tuxcare.els5-generic_5.4.0-223.243_amd64.deb
13a0e4211c128b93aa785b296a2b7151d6a10de8
linux-source-5.4.0_5.4.0-223.243_all.deb
ae42ef35ea74f77b8404d7df706ee7ff29acf7d2
linux-tools-5.4.0-223-tuxcare.els5_5.4.0-223.243_amd64.deb
c58f66fd7a7a41f4860ff8c072618250c1763458
linux-tools-5.4.0-223-tuxcare.els5-generic_5.4.0-223.243_amd64.deb
fb39009c83640c2080447b55693844ee3c0c6bb8
linux-tools-5.4.0-223-tuxcare.els5-lowlatency_5.4.0-223.243_amd64.deb
a7b764ddf03b7d623f9b92600362e9a32cf65107
linux-tools-common_5.4.0-223.243_all.deb
2d5433f8dc92f35248ae9ee39626b864558d85a1
linux-tools-host_5.4.0-223.243_all.deb
6c03efb1e2b6b4955a25c55f4f5d3e4e1967e33a
CLSA-2025:1764324579
Fix CVE(s): CVE-2025-62171
TuxCare License Agreement
0
* SECURITY UPDATE: integer overflow vulnerability in BMP decoder on 32-bit
systems
- debian/patches/CVE-2025-62171.patch: add extra check to resolve issue on
32-bit systems
- CVE-2025-62171
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: integer overflow vulnerability in BMP decoder on 32-bit
systems
- debian/patches/CVE-2025-62171.patch: add extra check to resolve issue on
32-bit systems
- CVE-2025-62171
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_amd64.deb
f3de884576276d8aab9728227ef5d266075a8afb
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_all.deb
79f4617b0e18b2786049276aad7e6ade1f2afc9c
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_all.deb
50ce0bec8a57506d09809f29e6e53125a6b361d9
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_amd64.deb
61db351f113733bb8baa3edb9e57e88a084b3cf0
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_amd64.deb
96974bd5c618e41de76fb6c51db342c413ab232b
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_all.deb
beb06a61f03d643b65919a0e1bbe998b45005614
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_all.deb
f79d65e6ad9f47cfc7e05eb0883475d528dda692
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_all.deb
bda4a745acc28ad3fa5720d1146ec3b9e269124d
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_amd64.deb
ec31b2f6baf818728d14327c4c3fa4974ccebf5e
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_amd64.deb
0d3f729ee064502b8a18ad81c4ddc3941fce3405
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_all.deb
51f3f121fcfbb59a5f2b236a3ae2e93b3b42f233
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_amd64.deb
586a35aacf573132a052dc9908edd83d9feb9e25
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_amd64.deb
87b431d437958bd27d0584d602e5ee2d70b628c9
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_amd64.deb
e61ed8695e9ad7d0f8d0c76415d5967dab54d24b
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_amd64.deb
4864e634d6ed92ad632d6f006bd198cc3bcf15d5
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_all.deb
7b5d1736a033ba49f6a1fea0048624a500b1a753
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_amd64.deb
5868665c5cedadaf0b659f55e7b41a7f41e82b9f
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_all.deb
3e5061d67bb060b9e39b7471b3a83f69e3c49301
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_amd64.deb
554448df85405b07c6d1ce8ca0f75cd049452fda
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_amd64.deb
f3705c7c4138b88f382537695becc2e9508efc17
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_amd64.deb
592b70cbce20ad17fb23102e25a38e70e12ae2ee
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_amd64.deb
611bc6d9f13c3cc3adf5d209f820d47f0c5e96d3
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_amd64.deb
eeead87dcd1ef381e4f28a7e0831b5d3069b7fae
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_amd64.deb
5c8f2005aa89f645fe49f51c1a5f4cec5db7f4b1
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_all.deb
09ac5f0c4960f697d1e8d730da1bad86afd0c1bf
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_all.deb
d8c58b4ee86694699a82eb54b68f0d5e0452250e
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_amd64.deb
6fffc8828772f0e5b827bfe84588d49dff54ae8e
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_amd64.deb
5957a75f3c5c7f556aa1df6e3d46d986d7a7d6f4
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_amd64.deb
7b1504e5a67f13bf86e002adc0ebd8ebe4fbac94
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_amd64.deb
7304d1f5205f493568044188059824337fef97a4
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_all.deb
73070b23cc78cf5fbf67288c4b86d27672af60d3
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els9_all.deb
2a1e1b5ec1e4f1aafa0e9b2d588d32d0df205b23
CLSA-2025:1766412859
Fix CVE(s): CVE-2025-11840
TuxCare License Agreement
0
* SECURITY UPDATE: out-of-bounds read via vfinfo function in ldmisc.c
(CVE-16357)
- debian/patches/CVE-2025-11840.patch: Prevent a NULL name for reloc howto
at ld misc.c:527 to avoid a SEGV
- CVE-2025-11840
Moderate
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: out-of-bounds read via vfinfo function in ldmisc.c
(CVE-16357)
- debian/patches/CVE-2025-11840.patch: Prevent a NULL name for reloc howto
at ld misc.c:527 to avoid a SEGV
- CVE-2025-11840
0
tuxcare-ubuntu20.04-els
binutils_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
54906d24fd8b4d394abd5dcfb7032fa68df024ff
binutils-aarch64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
b7b3d6c3efb1493771a65a005bbce1b4b95d0563
binutils-alpha-linux-gnu_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
0396d45ba51b8e7c1557e4833261211cc38c9b2e
binutils-arm-linux-gnueabi_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
067157d2051c819abd1b4e466f17a6587723543c
binutils-arm-linux-gnueabihf_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
37fbc248d0b839c3d5097f617db6e08e0b6caab6
binutils-common_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
5e0bbbfc322a4bf5ccf49d6013a255c2ff09e7bc
binutils-dev_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
ea58e7184f1fcd5ad8dc213922e8cee0e0fc3809
binutils-doc_2.34-6ubuntu1.11+tuxcare.els1_all.deb
fab932bcd44190c73721ad9538ca2a351b2c828a
binutils-for-build_2.34-6ubuntu1.11+tuxcare.els1_all.deb
6ce62575ac48521ac0a89600be91012346f9bf3d
binutils-for-host_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
990fb336a511e378927350151b0a26ab081fd6f4
binutils-hppa-linux-gnu_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
ade920486694a9e57b3564e73858e58f878e6bc4
binutils-hppa64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
915f9c44a5a323d2b9f895baa042efe8268fabb7
binutils-i686-gnu_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
0a26cacad02a6653c96df593c74fe671ea5a6c27
binutils-i686-kfreebsd-gnu_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
7c1489f96bf16df22a43224942ee415ad9fb90cd
binutils-i686-linux-gnu_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
ce25dc4f5cf6a2d762338eb720b61f6914de3a09
binutils-ia64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
feccdbc49400fbfda255f2943e4df5ac6fc92a4b
binutils-m68k-linux-gnu_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
839c529b67b10718fb878e525a78d807a0f9f404
binutils-multiarch_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
6f4baf9353ece3ad6d9d220c1935143b48f4e33b
binutils-multiarch-dev_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
a6638b78f1dfe1b6c165916e0a8d72f54111ea5d
binutils-powerpc-linux-gnu_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
a71e22ff388f97269d32c44bad7cf58f5c2e8b80
binutils-powerpc64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
286554db6c0159b8a75411b46eb2587f7237cf79
binutils-powerpc64le-linux-gnu_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
7100838b4ceb1a532668159b72a90c0c2bb04ab2
binutils-riscv64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
3871aa6c2800b4c94cdec11eac2826988dbd316f
binutils-s390x-linux-gnu_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
71d805e739934669efa077c66523ef2805ffcce9
binutils-sh4-linux-gnu_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
91b6108a4b4a22088a6dc6270498207f69a13c82
binutils-source_2.34-6ubuntu1.11+tuxcare.els1_all.deb
3db39157b551355b67bd2adb71b9c90f93f38783
binutils-sparc64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
a09c5beac7d18b2a49ff46d8520a3d7f3ae8ad66
binutils-x86-64-kfreebsd-gnu_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
c74bdf94294c834767eae6f7acff89c674aaffc3
binutils-x86-64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
16cbc7b575a448288d8a40fc894833b28680d004
binutils-x86-64-linux-gnux32_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
7d43c35307f6e228929d40b658e82e50866e51a5
libbinutils_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
e14df17c8c441093fc0dcf4f20c7289d7aea5321
libctf-nobfd0_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
fd72317a553c1917990407ce31c93a04b59d8f02
libctf0_2.34-6ubuntu1.11+tuxcare.els1_amd64.deb
29353507b5d51d9bda1d928446801d0c358765f5
CLSA-2025:1766599216
Fix CVE(s): CVE-2025-14178
TuxCare License Agreement
0
* SECURITY UPDATE: Heap buffer overflow in array_merge()
- debian/patches/CVE-2025-14178.patch: add validation to check
if total element count exceeds HT_MAX_SIZE before allocation.
- CVE-2025-14178
Low
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: Heap buffer overflow in array_merge()
- debian/patches/CVE-2025-14178.patch: add validation to check
if total element count exceeds HT_MAX_SIZE before allocation.
- CVE-2025-14178
0
tuxcare-ubuntu20.04-els
libapache2-mod-php7.4_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
2ecae0c169ffdaaea725e469a1917000f9a2adde
libphp7.4-embed_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
a6facbe8829b9516621259aa3e1641bbb5c7118f
php7.4_7.4.3-4ubuntu2.29+tuxcare.els2_all.deb
1fcb9eed31ff4a8efbf828874ad6b9dac0461b13
php7.4-bcmath_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
3b14f4adac62c84952af89b34c2a6e1b526c7411
php7.4-bz2_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
2130c71cf75408ebfc072b93aaf28b542bea2e19
php7.4-cgi_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
fe0c91a39526fd22f5141df417389d819e550033
php7.4-cli_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
f506d0cd2e81e8aff7693403a243bcbb71de706d
php7.4-common_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
843476cde57e22a6440fc8d7449015f85835d255
php7.4-curl_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
5246f41c9f12fc66abc836a4c8edd4f28f70c7ff
php7.4-dba_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
73b65552a91fba05d2b0dee4f50bd279fbdcc862
php7.4-dev_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
8fc1e53160534593f2d6f1d88c1b3655dc789a57
php7.4-enchant_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
5b62001bcce54d78649dabdd372c090b38af2ccd
php7.4-fpm_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
648798916f2b1b3be60182dcdf7ae66193b215a3
php7.4-gd_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
05a9e389ba37b2e1dbbfa6aebde6e9805699ffa0
php7.4-gmp_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
d4ce3c77a1f83b292dd16f681054fcf6fd6278b1
php7.4-imap_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
a1a75b5ff56b1a2c1d212760bf9474c792df7204
php7.4-interbase_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
0b8511e369abc845557f2b6fcf7047486fce6319
php7.4-intl_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
d714799c4331e296f9f34c9a7c27aa4ff19b7a9b
php7.4-json_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
3dcf94ce1bc161637ee1b287dec8f686aa2e57ef
php7.4-ldap_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
72c7925efc5e5811fcdfdac7d1bb6e00161b7df8
php7.4-mbstring_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
61a48db78330dd0ec810df404fcd4cc077300932
php7.4-mysql_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
9d8a89f6f0a96ef5d49a3e695a59d731907fba05
php7.4-odbc_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
7e8d4567747f9806d8b5d7ccd742cb2632f283a2
php7.4-opcache_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
b08adabaa2d923a9a8c4bf5b12e18e9cae39f851
php7.4-pgsql_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
0aba5455b1e1b0e46dc4dc85dd83138fc0dcf1fa
php7.4-phpdbg_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
22f80ae7c64101d93dc8ce7bd9895539d4c8d2d5
php7.4-pspell_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
70dd6f7ece1bf5e33f7c0f0aacda8d5280b14f8a
php7.4-readline_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
ba5d211a4463007f6adf74ce6b4113cab3fa2968
php7.4-snmp_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
c326e90e8b5f45280ef3426f1654c724e325235a
php7.4-soap_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
261f661ca9d777e0badf1b10e69de5da3253814a
php7.4-sqlite3_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
fc5ed7d8d33f944f4b3cd35f83ae32780d6d1f23
php7.4-sybase_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
e0f18ae6b4dc7122b6c85c54fa5e49187d513e21
php7.4-tidy_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
59be4909b311d7ae3f963a769e46d4ba1d113dc8
php7.4-xml_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
5780d2f514defe27df1330d6f7b69e24ca2629a3
php7.4-xmlrpc_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
9117012ceae4885a921eeff72458bcebd39cd4c4
php7.4-xsl_7.4.3-4ubuntu2.29+tuxcare.els2_all.deb
526d8e0662319285d88b57d08a0958f414d83be2
php7.4-zip_7.4.3-4ubuntu2.29+tuxcare.els2_amd64.deb
3cc8d9de24fb6b15bade17f567e977d749b388da
CLSA-2025:1767028936
Fix CVE(s): CVE-2025-11839
TuxCare License Agreement
0
* SECURITY UPDATE: crash in objdump when processing malformed debug data
- debian/patches/CVE-2025-11839.patch: remove abort() call in DGB
debug-format printing code to avoid uncontrolled program termination
when handling crafted input files
- CVE-2025-11839
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: crash in objdump when processing malformed debug data
- debian/patches/CVE-2025-11839.patch: remove abort() call in DGB
debug-format printing code to avoid uncontrolled program termination
when handling crafted input files
- CVE-2025-11839
0
tuxcare-ubuntu20.04-els
binutils_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
1940689e2272a0820f2a16cfd319536710ffb327
binutils-aarch64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
313649d21471a9172a6233c7b801af1667f612e0
binutils-alpha-linux-gnu_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
724ddbd989cb5ccb8d4fe3d3e5e8ba57cbfee73d
binutils-arm-linux-gnueabi_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
8315a42c74fbd2dfda5c083cf379242d54660c89
binutils-arm-linux-gnueabihf_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
462e66031846eea0bace08c985ab3be33b8b638e
binutils-common_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
e95eefb795cf0dd645320829d4d3ce54145c00c5
binutils-dev_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
cba0111ffefac65f90e58ca1440c58807a1632bf
binutils-doc_2.34-6ubuntu1.11+tuxcare.els3_all.deb
540913345b37d31cc9a7edeb026fead1a15b990c
binutils-for-build_2.34-6ubuntu1.11+tuxcare.els3_all.deb
1759be5ac43d77bc910382b2ab2ef045036c80fc
binutils-for-host_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
04f6673db7d189efe850b4ad938fd3b9a33bca6f
binutils-hppa-linux-gnu_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
2cf8840d3d33c1c1d04a7ec7172e38c10ae34775
binutils-hppa64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
b0a5303ef92183bb88643b7810ad4261d3465af2
binutils-i686-gnu_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
5f780baef5e06f4e295236786de9568665d963e9
binutils-i686-kfreebsd-gnu_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
f34683245ba3c79f2419c7fd2594663ac3c1dc57
binutils-i686-linux-gnu_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
63e706a40114dde1f1919fae39e079fd5d8c47cf
binutils-ia64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
002398650d8ed20c432b3ceb4368ba3139cdf023
binutils-m68k-linux-gnu_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
9768a0fa90406af9039b53082ab59bfc59b17919
binutils-multiarch_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
c8667566eb3f0358d778aff4565d1abdc7c7a45a
binutils-multiarch-dev_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
1c135dea058b780dce20db5cced33527408bd45b
binutils-powerpc-linux-gnu_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
dcfe41101c732fbc0e7837099c42ac678636bbfb
binutils-powerpc64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
06314fc8f3c7da262e6a52a0a067569e6117501d
binutils-powerpc64le-linux-gnu_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
4088944e35960433cd79c1f06aa515b570494f67
binutils-riscv64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
824c4a3ed945fafe4ba0bbbd73d44b2d61d9f847
binutils-s390x-linux-gnu_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
e7a9aa7a9d4eaef2f5acdc35cdef9168b5d51edc
binutils-sh4-linux-gnu_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
a4984376b9608dd15751a1ac9692f2ab47db06ec
binutils-source_2.34-6ubuntu1.11+tuxcare.els3_all.deb
897bdcfb36ae51948fe28bc937672d4a566191ad
binutils-sparc64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
e088b84797b32debb8496a36ad0f0ca305777178
binutils-x86-64-kfreebsd-gnu_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
04d60e5be2eda28e8f433096e1640140ec000fa6
binutils-x86-64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
9365bcc860479c9df04a9a002d49b412ffe71a42
binutils-x86-64-linux-gnux32_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
9f399ae517e7adfd5f3d2410228e607c49c836e6
libbinutils_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
db3f5d64c35a275d0d3d4284fe12597b51ff0ceb
libctf-nobfd0_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
f11bf83563d833c81edc1570269c011780ffe83e
libctf0_2.34-6ubuntu1.11+tuxcare.els3_amd64.deb
054c46ee6d5b05f7e7811653990f9e834d0b2aff
CLSA-2026:1767626618
Fix CVE(s): CVE-2025-11083
TuxCare License Agreement
0
* SECURITY UPDATE: Heap-based buffer overflow in elf_swap_shdr function
- debian/patches/CVE-2025-11083.patch: Don't swap in nor match corrupt
section header in linker input to avoid linker crash. Changed
elf_swap_shdr_in to return bfd_boolean and reject corrupt section
headers in linker input files.
- CVE-2025-11083
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: Heap-based buffer overflow in elf_swap_shdr function
- debian/patches/CVE-2025-11083.patch: Don't swap in nor match corrupt
section header in linker input to avoid linker crash. Changed
elf_swap_shdr_in to return bfd_boolean and reject corrupt section
headers in linker input files.
- CVE-2025-11083
0
tuxcare-ubuntu20.04-els
binutils_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
26d55ae3380b1596a3f6189af1f01641ab3d2fb2
binutils-aarch64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
2377ae0be071d6ffc6e746fe6ed6a5c1923d17af
binutils-alpha-linux-gnu_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
62382aad1bf7c0e4ae08332871dacf6875e0c0ed
binutils-arm-linux-gnueabi_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
1448197ed9e5433a3e95a2d34aac34b1d12dde04
binutils-arm-linux-gnueabihf_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
834011b9c0722a83cf60c399ff0b8952ea0fe0d4
binutils-common_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
f3ed994cdcf952413d3da8a7e738e76255d59106
binutils-dev_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
618809b4e3488eaf7961bdab60f05955f1b0a4a4
binutils-doc_2.34-6ubuntu1.11+tuxcare.els4_all.deb
0d2e3976833ad34a0f366582fab194b2d9f6536e
binutils-for-build_2.34-6ubuntu1.11+tuxcare.els4_all.deb
548ca91e8345e8626a131db3b45a93bf028d3b04
binutils-for-host_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
f1d0d2073c6d85ac03b76afc179585cd60c1dd86
binutils-hppa-linux-gnu_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
17f689ebea071a550a5ac38a24a67361a745dafd
binutils-hppa64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
46ac7d327f491886a7d213263adb32ee8233af43
binutils-i686-gnu_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
592d8ff9fe551b339a7476d7a3012e6e5474d4c6
binutils-i686-kfreebsd-gnu_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
e5ecca4fd7f86d1b448690ec18221a38d055fcc7
binutils-i686-linux-gnu_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
88415912be488b593b6379cb3cf6e09953c57c87
binutils-ia64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
b7f5117fdef3331017615f1d812a9475e2707624
binutils-m68k-linux-gnu_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
8ec74e623667b6dcb41310ba40e9cd74d36e1f9c
binutils-multiarch_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
da771af8178504c846bc5319ebd41f786dda1584
binutils-multiarch-dev_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
53b09f39a52540f774ede41a3a73a00a49680174
binutils-powerpc-linux-gnu_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
e0c39eb9f77141953bb72ed4e09747ad92610cf7
binutils-powerpc64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
4b4c863a30d6e23ae519e5c3b1cfb5a85d1a1b07
binutils-powerpc64le-linux-gnu_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
8a83b7da51726dbf53c0c58b8856dccd6de098ba
binutils-riscv64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
17464ad712ba07e1bd58e18b25045db70b4f7376
binutils-s390x-linux-gnu_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
8975443cb2ceed41413d470c7b8e6074456de251
binutils-sh4-linux-gnu_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
31d9cc24e2d1df88718cde5481f9cc3bc0da80e1
binutils-source_2.34-6ubuntu1.11+tuxcare.els4_all.deb
7299860ef9f7ac4e96f4e2cb6b4a67a5ad70e91b
binutils-sparc64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
cac7342f476a5b19f7573a7a8ce804544a4e4b9c
binutils-x86-64-kfreebsd-gnu_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
a10c1c639a65fbd82037768a4f3496e33cdbfc1f
binutils-x86-64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
c1b90203c9e687164e2f3ce762425e57f5d36110
binutils-x86-64-linux-gnux32_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
56167056fb06b02ccce05d7d0eca46e46fb1e1dc
libbinutils_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
24538bb258ea5ffbbbde316c6281045538747f65
libctf-nobfd0_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
6621e3cd8af27fecae2d0c92b30a0c00f1d6107d
libctf0_2.34-6ubuntu1.11+tuxcare.els4_amd64.deb
ddf8611a095467d922925a03bb30b3b75ee4a7e3
CLSA-2026:1768989383
Fix CVE(s): CVE-2025-68973
TuxCare License Agreement
0
* SECURITY UPDATE: Possible memory corruption in the armor parser
- debian/patches/CVE-2025-68973.patch: fix faulty double increment
- CVE-2025-68973
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: Possible memory corruption in the armor parser
- debian/patches/CVE-2025-68973.patch: fix faulty double increment
- CVE-2025-68973
0
tuxcare-ubuntu20.04-els
dirmngr_2.2.19-3ubuntu2.5+tuxcare.els1_amd64.deb
f2d924e001e4a7cd2c177e9884c071932ff8815d
gnupg_2.2.19-3ubuntu2.5+tuxcare.els1_all.deb
f68a3f0587c56a003b5a94f84f6231a9a680b608
gnupg-agent_2.2.19-3ubuntu2.5+tuxcare.els1_all.deb
1d8cdeddc6999cdb6b588c80cca90f04c59073b1
gnupg-l10n_2.2.19-3ubuntu2.5+tuxcare.els1_all.deb
cb3bdeee3109100300e624a63b5a19e9bc2de8dc
gnupg-utils_2.2.19-3ubuntu2.5+tuxcare.els1_amd64.deb
7be1e5087cb78bf0f8d78f04a37e7ada3da8ca0d
gnupg2_2.2.19-3ubuntu2.5+tuxcare.els1_all.deb
927fda0175f26298c416a5b7f14a592cb13e8c8f
gpg_2.2.19-3ubuntu2.5+tuxcare.els1_amd64.deb
d533bdbb8d05368b7a53a6fcbe42b8c21ab9db43
gpg-agent_2.2.19-3ubuntu2.5+tuxcare.els1_amd64.deb
57bd374d22b0d33c8d3748b2efec652e5216001a
gpg-wks-client_2.2.19-3ubuntu2.5+tuxcare.els1_amd64.deb
e09be7e672e23167d90c2a41d38a6b9aaefd1601
gpg-wks-server_2.2.19-3ubuntu2.5+tuxcare.els1_amd64.deb
ce5a9aa41c8300d6aca591d80cf12b8ea964f549
gpgconf_2.2.19-3ubuntu2.5+tuxcare.els1_amd64.deb
111fd05e35c4a453dfc790f28169a4735b41cc9a
gpgsm_2.2.19-3ubuntu2.5+tuxcare.els1_amd64.deb
7377ca869a7ccfa8dea5559ff89584a168c41530
gpgv_2.2.19-3ubuntu2.5+tuxcare.els1_amd64.deb
38ba6f70559ca40d13559ce3de3604fd7bab49b7
gpgv-static_2.2.19-3ubuntu2.5+tuxcare.els1_amd64.deb
9427466a05fbb3150dd782304a9f9a75ac8b03cb
gpgv-win32_2.2.19-3ubuntu2.5+tuxcare.els1_all.deb
5fcad3928538e00d1399d90dbf4d22fd0f0310f3
gpgv2_2.2.19-3ubuntu2.5+tuxcare.els1_all.deb
2da485a05d4040ee6d15ecac5297f5fc1638c631
scdaemon_2.2.19-3ubuntu2.5+tuxcare.els1_amd64.deb
cfa4a3c2bc5a89937b62c5ec193b10df133948a9
CLSA-2026:1769506462
Fix CVE(s): CVE-2025-8225
TuxCare License Agreement
0
* SECURITY UPDATE: debug_information memory leak in process_debug_info
- debian/patches/CVE-2025-8225.patch: prevent memory leak by checking
alloc_num_debug_info_entries instead of num_debug_info_entries to
determine whether debug_information has been allocated
- CVE-2025-8225
Low
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: debug_information memory leak in process_debug_info
- debian/patches/CVE-2025-8225.patch: prevent memory leak by checking
alloc_num_debug_info_entries instead of num_debug_info_entries to
determine whether debug_information has been allocated
- CVE-2025-8225
0
tuxcare-ubuntu20.04-els
binutils_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
a975de25ff5275d6d955cf05dbf3ef1304ae2066
binutils-aarch64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
d894297886271c95b4c8ba4216b82932660bf369
binutils-alpha-linux-gnu_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
855673d833b37fe03a9baf78cd6bd2ec9aa9e075
binutils-arm-linux-gnueabi_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
ac9e3b2ab67dc03a579a52f8cba3742dc1ddf728
binutils-arm-linux-gnueabihf_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
6cdeb63febcf88f1f64577d83a98707336023aa1
binutils-common_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
6337adf66c2665dc7f22ed5d8ca2e649d9d1b367
binutils-dev_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
50a6793995c9bc82374253326596d516e121ad3d
binutils-doc_2.34-6ubuntu1.11+tuxcare.els5_all.deb
c07fd5690f28b267bcc2af69da1a39d6da1193cb
binutils-for-build_2.34-6ubuntu1.11+tuxcare.els5_all.deb
9b8df58b5db118c4fa8f293713829f2a0e13522c
binutils-for-host_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
4a3895b7dd40f41f480e38a4ba1537fbaa72ba9e
binutils-hppa-linux-gnu_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
38334a5c9ba26f845768dccf56b0431b4c2fbf90
binutils-hppa64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
17a9aa90c573c6776522ae89e6e651589d301697
binutils-i686-gnu_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
a2a65e4d14196a4e01cd21ad011e8b0e77e6f101
binutils-i686-kfreebsd-gnu_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
90d4995149aa8af3efdd63fbf7297640ccd4d9ac
binutils-i686-linux-gnu_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
5d8ec84aa9236dfdc5f0998664365cd017306b5c
binutils-ia64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
87f741dea31219eb5c054d8e17c6ae16b2351c35
binutils-m68k-linux-gnu_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
d2eabaadf904dc6c8ee6c3aa512b8888db5c60c3
binutils-multiarch_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
9b1ee52714e293ab82a42dcbb0476c3e91b01ce5
binutils-multiarch-dev_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
3c5ea54811449349820fe44362293e2022b4fd75
binutils-powerpc-linux-gnu_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
8c70c82dfd4c1585ee4f3e2f27fdbbdd5217fc2d
binutils-powerpc64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
5b8f135602174f11447a549e01c22de3f1113ac2
binutils-powerpc64le-linux-gnu_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
adf5b3672893194f8918099b14a75421b670d5ba
binutils-riscv64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
078c49021b070729453545f728b5cd8949276c2c
binutils-s390x-linux-gnu_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
7980118c4a6831b6ec076ef8f3b57e2f081a1a22
binutils-sh4-linux-gnu_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
7063b7ba6bdda96650e6836bd58f6f5989082ee3
binutils-source_2.34-6ubuntu1.11+tuxcare.els5_all.deb
b786b438725c526177c2b86547708b94500676ee
binutils-sparc64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
ed0414b2150be609833970fb918612a9c1497b95
binutils-x86-64-kfreebsd-gnu_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
2af0219b5eb71267fad9701a5bc5aa69bd69c167
binutils-x86-64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
b0e15b0a0fedc1f55351b898696437a9de4443dd
binutils-x86-64-linux-gnux32_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
6b8da220e10f0126a37e628107fbdfa29fa7aae1
libbinutils_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
3d705e7fa33f5454d7e604786f8d29bda44ebb30
libctf-nobfd0_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
1c96544242a4399c3e994be384de638d7518b216
libctf0_2.34-6ubuntu1.11+tuxcare.els5_amd64.deb
c492ff298738394378595efb94e79b3e47dafba6
CLSA-2026:1769597819
Fix CVE(s): CVE-2025-58436
TuxCare License Agreement
0
* SECURITY UPDATE: cupsd DoS via slow client connections
- debian/patches/CVE-2025-58436.patch: implement non-blocking I/O and
connection timeouts to prevent slow clients from blocking cupsd.
- CVE-2025-58436
Moderate
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: cupsd DoS via slow client connections
- debian/patches/CVE-2025-58436.patch: implement non-blocking I/O and
connection timeouts to prevent slow clients from blocking cupsd.
- CVE-2025-58436
0
tuxcare-ubuntu20.04-els
cups_2.3.1-9ubuntu1.9+tuxcare.els1_amd64.deb
dc47a6b8e47d84fb7ba263e5e3cc5b1fa0f8c61a
cups-bsd_2.3.1-9ubuntu1.9+tuxcare.els1_amd64.deb
ccc004c3134c0c14b211858d50005d145f31bd94
cups-client_2.3.1-9ubuntu1.9+tuxcare.els1_amd64.deb
2b24afaaf0c0bcd1e0176d4390aea3b69a663492
cups-common_2.3.1-9ubuntu1.9+tuxcare.els1_all.deb
ede30e619ec20aeeb97014a6840b4aa2a38c5b4d
cups-core-drivers_2.3.1-9ubuntu1.9+tuxcare.els1_amd64.deb
0ec2a8bb627eeaedbf067e673ba15eb6f5081f88
cups-daemon_2.3.1-9ubuntu1.9+tuxcare.els1_amd64.deb
48a3c8e46a88dfd2749781cef2dbb6e07302c5c2
cups-ipp-utils_2.3.1-9ubuntu1.9+tuxcare.els1_amd64.deb
cc5c37f7578c1976dbfd4baff4711652564eefde
cups-ppdc_2.3.1-9ubuntu1.9+tuxcare.els1_amd64.deb
ec8ee8b969008042970f22cb457afaa39e8b63f8
cups-server-common_2.3.1-9ubuntu1.9+tuxcare.els1_all.deb
a2a6d69b7e5b5d6b2f4a48c5e66b01f51b304d7b
libcups2_2.3.1-9ubuntu1.9+tuxcare.els1_amd64.deb
e60ec64fc47c563a09142be1d3cc37ed395fdc9f
libcups2-dev_2.3.1-9ubuntu1.9+tuxcare.els1_amd64.deb
29f47acf8cb79c3b5c85b8ded9762a19cd271f34
libcupsimage2_2.3.1-9ubuntu1.9+tuxcare.els1_amd64.deb
9bffa57220fa3dd13a9c4aa47b70d17ca792c074
libcupsimage2-dev_2.3.1-9ubuntu1.9+tuxcare.els1_amd64.deb
421ad6d39f46fe4dbdc8c87312c324cf6600ce2b
CLSA-2026:1770216981
Update of alt-php
TuxCare License Agreement
0
* New microcode update packages from upstream up to 2025-11-11:
- New microcodes:
sig 0x000a06e1, pf_mask 0x97, 2025-06-27, rev 0x1000273, size 1635328
- Updated microcodes:
sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev 0xd000410, size 309248
sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev 0x10002e0, size 301056
sig 0x000806f4, pf_mask 0x10, 2025-05-29, rev 0x2c000410, size 625664
sig 0x000806f4, pf_mask 0x87, 2025-05-29, rev 0x2b000650, size 593920
sig 0x000806f5, pf_mask 0x10, 2025-05-29, rev 0x2c000410, size 625664
sig 0x000806f5, pf_mask 0x87, 2025-05-29, rev 0x2b000650, size 593920
sig 0x000806f6, pf_mask 0x10, 2025-05-29, rev 0x2c000410, size 625664
sig 0x000806f6, pf_mask 0x87, 2025-05-29, rev 0x2b000650, size 593920
sig 0x000806f7, pf_mask 0x87, 2025-05-29, rev 0x2b000650, size 593920
sig 0x000806f8, pf_mask 0x10, 2025-05-29, rev 0x2c000410, size 625664
sig 0x000806f8, pf_mask 0x87, 2025-05-29, rev 0x2b000650, size 593920
sig 0x00090672, pf_mask 0x07, 2025-10-12, rev 0x003d, size 226304
sig 0x00090675, pf_mask 0x07, 2025-10-12, rev 0x003d, size 226304
sig 0x000906a3, pf_mask 0x80, 2025-10-12, rev 0x043a, size 224256
sig 0x000906a4, pf_mask 0x40, 2025-06-13, rev 0x000b, size 119808
sig 0x000906a4, pf_mask 0x80, 2025-10-12, rev 0x043a, size 224256
sig 0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288
sig 0x000a06d1, pf_mask 0x20, 2025-08-29, rev 0xa000124, size 1642496
sig 0x000a06d1, pf_mask 0x95, 2025-07-23, rev 0x10003f0, size 1670144
sig 0x000a06f3, pf_mask 0x01, 2025-07-30, rev 0x3000382, size 1534976
sig 0x000b0671, pf_mask 0x32, 2025-10-08, rev 0x0132, size 219136
sig 0x000b0674, pf_mask 0x32, 2025-10-08, rev 0x0132, size 219136
sig 0x000b06a2, pf_mask 0xe0, 2025-10-08, rev 0x6133, size 224256
sig 0x000b06a3, pf_mask 0xe0, 2025-10-08, rev 0x6133, size 224256
sig 0x000b06a8, pf_mask 0xe0, 2025-10-08, rev 0x6133, size 224256
sig 0x000b06d1, pf_mask 0x80, 2025-08-28, rev 0x0125, size 80896
sig 0x000b06e0, pf_mask 0x19, 2025-05-16, rev 0x001e, size 139264
sig 0x000b06f2, pf_mask 0x07, 2025-10-12, rev 0x003d, size 226304
sig 0x000b06f5, pf_mask 0x07, 2025-10-12, rev 0x003d, size 226304
sig 0x000b06f6, pf_mask 0x07, 2025-10-12, rev 0x003d, size 226304
sig 0x000b06f7, pf_mask 0x07, 2025-10-12, rev 0x003d, size 226304
sig 0x000c0652, pf_mask 0x82, 2025-06-30, rev 0x011a, size 90112
sig 0x000c0662, pf_mask 0x82, 2025-06-30, rev 0x011a, size 90112
sig 0x000c0664, pf_mask 0x82, 2025-06-30, rev 0x011a, size 90112
sig 0x000c06a2, pf_mask 0x82, 2025-06-30, rev 0x011a, size 90112
sig 0x000c06f1, pf_mask 0x87, 2025-05-29, rev 0x210002c0, size 564224
sig 0x000c06f2, pf_mask 0x87, 2025-05-29, rev 0x210002c0, size 564224
None
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* New microcode update packages from upstream up to 2025-11-11:
- New microcodes:
sig 0x000a06e1, pf_mask 0x97, 2025-06-27, rev 0x1000273, size 1635328
- Updated microcodes:
sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev 0xd000410, size 309248
sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev 0x10002e0, size 301056
sig 0x000806f4, pf_mask 0x10, 2025-05-29, rev 0x2c000410, size 625664
sig 0x000806f4, pf_mask 0x87, 2025-05-29, rev 0x2b000650, size 593920
sig 0x000806f5, pf_mask 0x10, 2025-05-29, rev 0x2c000410, size 625664
sig 0x000806f5, pf_mask 0x87, 2025-05-29, rev 0x2b000650, size 593920
sig 0x000806f6, pf_mask 0x10, 2025-05-29, rev 0x2c000410, size 625664
sig 0x000806f6, pf_mask 0x87, 2025-05-29, rev 0x2b000650, size 593920
sig 0x000806f7, pf_mask 0x87, 2025-05-29, rev 0x2b000650, size 593920
sig 0x000806f8, pf_mask 0x10, 2025-05-29, rev 0x2c000410, size 625664
sig 0x000806f8, pf_mask 0x87, 2025-05-29, rev 0x2b000650, size 593920
sig 0x00090672, pf_mask 0x07, 2025-10-12, rev 0x003d, size 226304
sig 0x00090675, pf_mask 0x07, 2025-10-12, rev 0x003d, size 226304
sig 0x000906a3, pf_mask 0x80, 2025-10-12, rev 0x043a, size 224256
sig 0x000906a4, pf_mask 0x40, 2025-06-13, rev 0x000b, size 119808
sig 0x000906a4, pf_mask 0x80, 2025-10-12, rev 0x043a, size 224256
sig 0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288
sig 0x000a06d1, pf_mask 0x20, 2025-08-29, rev 0xa000124, size 1642496
sig 0x000a06d1, pf_mask 0x95, 2025-07-23, rev 0x10003f0, size 1670144
sig 0x000a06f3, pf_mask 0x01, 2025-07-30, rev 0x3000382, size 1534976
sig 0x000b0671, pf_mask 0x32, 2025-10-08, rev 0x0132, size 219136
sig 0x000b0674, pf_mask 0x32, 2025-10-08, rev 0x0132, size 219136
sig 0x000b06a2, pf_mask 0xe0, 2025-10-08, rev 0x6133, size 224256
sig 0x000b06a3, pf_mask 0xe0, 2025-10-08, rev 0x6133, size 224256
sig 0x000b06a8, pf_mask 0xe0, 2025-10-08, rev 0x6133, size 224256
sig 0x000b06d1, pf_mask 0x80, 2025-08-28, rev 0x0125, size 80896
sig 0x000b06e0, pf_mask 0x19, 2025-05-16, rev 0x001e, size 139264
sig 0x000b06f2, pf_mask 0x07, 2025-10-12, rev 0x003d, size 226304
sig 0x000b06f5, pf_mask 0x07, 2025-10-12, rev 0x003d, size 226304
sig 0x000b06f6, pf_mask 0x07, 2025-10-12, rev 0x003d, size 226304
sig 0x000b06f7, pf_mask 0x07, 2025-10-12, rev 0x003d, size 226304
sig 0x000c0652, pf_mask 0x82, 2025-06-30, rev 0x011a, size 90112
sig 0x000c0662, pf_mask 0x82, 2025-06-30, rev 0x011a, size 90112
sig 0x000c0664, pf_mask 0x82, 2025-06-30, rev 0x011a, size 90112
sig 0x000c06a2, pf_mask 0x82, 2025-06-30, rev 0x011a, size 90112
sig 0x000c06f1, pf_mask 0x87, 2025-05-29, rev 0x210002c0, size 564224
sig 0x000c06f2, pf_mask 0x87, 2025-05-29, rev 0x210002c0, size 564224
0
tuxcare-ubuntu20.04-els
intel-microcode_3.20251111.0ubuntu0.20.04.1+tuxcare.els1_amd64.deb
c81a086ca450393851c519314a86792133e64985
CLSA-2026:1770395482
Fix CVE(s): CVE-2026-24515
TuxCare License Agreement
0
* SECURITY UPDATE: XML_ExternalEntityParserCreate does not copy unknown
encoding handler user data
- debian/patches/CVE-2026-24515.patch: Fix a null pointer dereference
in the XML parser caused by the failure to copy user data for
unknown encoding handlers
- CVE-2026-24515
Critical
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: XML_ExternalEntityParserCreate does not copy unknown
encoding handler user data
- debian/patches/CVE-2026-24515.patch: Fix a null pointer dereference
in the XML parser caused by the failure to copy user data for
unknown encoding handlers
- CVE-2026-24515
0
tuxcare-ubuntu20.04-els
expat_2.2.9-1ubuntu0.8+tuxcare.els1_amd64.deb
deedc3130d43abd9084aca8f1134b587db8b42e7
libexpat1_2.2.9-1ubuntu0.8+tuxcare.els1_amd64.deb
3a72e911da6be8f5a01e332499b70bf788d103c5
libexpat1-dev_2.2.9-1ubuntu0.8+tuxcare.els1_amd64.deb
af3c0b50dfde0b992a87cfbd5593fcaf72029d9e
CLSA-2026:1770741856
Fix CVE(s): CVE-2026-0861
TuxCare License Agreement
0
* SECURITY UPDATE: reinstate alignment overflow
- debian/patches/CVE-2026-0861.patch: Fix alignment overflow check
regression in _int_memalign caused by the PTRDIFF_MAX size cap change
- CVE-2026-0861
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: reinstate alignment overflow
- debian/patches/CVE-2026-0861.patch: Fix alignment overflow check
regression in _int_memalign caused by the PTRDIFF_MAX size cap change
- CVE-2026-0861
0
tuxcare-ubuntu20.04-els
glibc-doc_2.31-0ubuntu9.18+tuxcare.els1_all.deb
e042914f8b962724ff13bdce273078e328d1d47e
glibc-source_2.31-0ubuntu9.18+tuxcare.els1_all.deb
8fb246d97e7b2607c4b8a2e5fcfba232badaf323
libc-bin_2.31-0ubuntu9.18+tuxcare.els1_amd64.deb
95588944939d77d207963207fd9726633eeccde3
libc-dev-bin_2.31-0ubuntu9.18+tuxcare.els1_amd64.deb
7682fe9e3a59061841dab7e29d26a47438681e43
libc6_2.31-0ubuntu9.18+tuxcare.els1_amd64.deb
fd9d1b8f718a0ee34f2963d40f248d2da3488107
libc6-dev_2.31-0ubuntu9.18+tuxcare.els1_amd64.deb
b6db31c71743b51a4c7ed7e30e09aca6fcf63e60
libc6-dev-i386_2.31-0ubuntu9.18+tuxcare.els1_amd64.deb
bbb150bc5417032f986283341826968e152221ad
libc6-dev-x32_2.31-0ubuntu9.18+tuxcare.els1_amd64.deb
3cdfa6edd598fe3a7ef1c588e2e3b741d15a1d1e
libc6-i386_2.31-0ubuntu9.18+tuxcare.els1_amd64.deb
2d9994c95e724dd2ad92727933b46d4a9b734bc1
libc6-pic_2.31-0ubuntu9.18+tuxcare.els1_amd64.deb
f63b768869a19d279529d1b50ad43d50bf597fef
libc6-prof_2.31-0ubuntu9.18+tuxcare.els1_amd64.deb
6fae2d16dcb6725e11de7fa1eaa10d52e5de3c5d
libc6-x32_2.31-0ubuntu9.18+tuxcare.els1_amd64.deb
199c16efbb9beaeb9250cc283b753d69a01b546c
locales_2.31-0ubuntu9.18+tuxcare.els1_all.deb
f33c3d0006c5e027e7065386ea4978e5fb04f1a6
locales-all_2.31-0ubuntu9.18+tuxcare.els1_amd64.deb
52d2ed47ea0720eebcb02923f693b44fd6f80e46
nscd_2.31-0ubuntu9.18+tuxcare.els1_amd64.deb
a1640d2abf6ffe9260db9a88e9726d5a245eca2a
CLSA-2026:1770804736
Fix CVE(s): CVE-2025-69421
TuxCare License Agreement
0
* SECURITY UPDATE: A NULL pointer dereference can trigger a crash which
leads to Denial of Service for an application processing PKCS#12 files
- debian/patches/CVE-2025-69421.patch: fix NULL pointer dereference
in PKCS12_item_decrypt_d2i by adding NULL check for oct parameter
- CVE-2025-69421
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: A NULL pointer dereference can trigger a crash which
leads to Denial of Service for an application processing PKCS#12 files
- debian/patches/CVE-2025-69421.patch: fix NULL pointer dereference
in PKCS12_item_decrypt_d2i by adding NULL check for oct parameter
- CVE-2025-69421
0
tuxcare-ubuntu20.04-els
libssl-dev_1.1.1f-1ubuntu2.24+tuxcare.els2_amd64.deb
e762b8f3bc3770e690fe8492b94d2a85ba69783c
libssl-doc_1.1.1f-1ubuntu2.24+tuxcare.els2_all.deb
4cb4b2be4616853024c023f6baf658d7e61cfd29
libssl1.1_1.1.1f-1ubuntu2.24+tuxcare.els2_amd64.deb
4fe83ecdac08d2a1d38f08f3dabdb1befdc14148
openssl_1.1.1f-1ubuntu2.24+tuxcare.els2_amd64.deb
b17cdf093850b12977456ab4fef2013af27fb931
CLSA-2026:1770909956
Fix CVE(s): CVE-2026-23876
TuxCare License Agreement
0
* SECURITY UPDATE: out of bounds write vulnerability in XBM decoder
- debian/patches/CVE-2026-23876.patch: add overflow checks to prevent
out of bounds write in coders/xbm.c
- CVE-2026-23876
Critical
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: out of bounds write vulnerability in XBM decoder
- debian/patches/CVE-2026-23876.patch: add overflow checks to prevent
out of bounds write in coders/xbm.c
- CVE-2026-23876
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_amd64.deb
1feec0cb8a22342224249a0284f22da3781a96e6
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_all.deb
286c86788a1c77d1d98ecaab0816b0107be68ed0
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_all.deb
ea352f4aa00bf4d753f64cf566eae9937b279ea3
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_amd64.deb
cca4fd12dc25bb968afffb85f60513bc3f768bdc
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_amd64.deb
95eb5b49472587c5b49926cbe347400076313742
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_all.deb
4217b51685f70d9b58528f7ba7213ebd1e9cf8f8
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_all.deb
749a339ff3297337a08eb3f9a900575b3bb83599
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_all.deb
97a90dbcdf65b557c15774f06f3bad3374924be9
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_amd64.deb
c76859dd76340c583085aeeed7e49f5ec2e5cab8
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_amd64.deb
7e3a33a9bab94ce426267627a344b36aba7e6ffd
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_all.deb
ed5ded4d61572dd6469ca26b3a40b08b384e432c
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_amd64.deb
617e0d04b80da06a6f1a8caaa8c4be56b09ee24a
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_amd64.deb
3481cdf254052fa5f865eb4376e041057c5bd964
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_amd64.deb
8d187aca142367d555015a1164913b21d25ab8eb
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_amd64.deb
2b9593b5a4e31f424203f2081ad62ae08f50f77c
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_all.deb
92e3816845b5c12fe272ea49e30929963673afc2
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_amd64.deb
5df820c3a0ba962f824a1fea3324ae832a0f5a94
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_all.deb
602aba1a73259aea8675ca95565b445ecd2edef5
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_amd64.deb
f96012a1c5cbdd9549cdc4da6b8c495a746d7052
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_amd64.deb
8841ac7f6b1b118809babdd7567e3f7c42213307
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_amd64.deb
b3301708567cb564876bd161bb82775ecbec4c29
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_amd64.deb
211388f015c0477f85bcc812603444a5669b1246
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_amd64.deb
ce972eee51f3baa84cca61c7e65d349225be17e3
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_amd64.deb
23ca25a33b3c7b16e468511b5ef9d62137011edd
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_all.deb
708717269563b409a039f851f38cae892727ea60
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_all.deb
d30a9cc0067d89a358c9f0c927d6effb41df5d24
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_amd64.deb
1b9da8be50cf2f1c6ae510d391c339981237a001
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_amd64.deb
360cffa9ef1d0faa4e338e58b8cca3fd16458c0e
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_amd64.deb
1393e098ffe14708ecfab88074fe3c2d1a558872
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_amd64.deb
fc56b9f8dbb25b4180880f89785fa768a87e23db
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_all.deb
70a48aafb4189fda8afd99c4e52150d10cea49b0
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els10_all.deb
e44b272f7c1b5bc882ea564a93741233b53f56a6
CLSA-2026:1771004705
Fix CVE(s): CVE-2025-68168, CVE-2025-69204
TuxCare License Agreement
0
* SECURITY UPDATE: stack overflow via deeply nested MSL/SVG elements
- debian/patches/CVE-2025-68168.patch: add recursion depth checking in
MSLStartElement and SVGStartElement to prevent stack exhaustion
- CVE-2025-68168
* SECURITY UPDATE: integer overflow in SVG PathPrimitive processing
- debian/patches/CVE-2025-69204.patch: add overflow checks for
number_attributes calculation in WriteSVGImage PathPrimitive case
- CVE-2025-69204
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: stack overflow via deeply nested MSL/SVG elements
- debian/patches/CVE-2025-68168.patch: add recursion depth checking in
MSLStartElement and SVGStartElement to prevent stack exhaustion
- CVE-2025-68168
* SECURITY UPDATE: integer overflow in SVG PathPrimitive processing
- debian/patches/CVE-2025-69204.patch: add overflow checks for
number_attributes calculation in WriteSVGImage PathPrimitive case
- CVE-2025-69204
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_amd64.deb
c628e64e282264b971911e20d209d7969a30ba51
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_all.deb
44def38a72a40aef104cb85f8c87972830081567
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_all.deb
d024705111230c0d10e0e60e6a5059ab208a7f25
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_amd64.deb
a7396665f2f89b0e55abd22bc1af29f0baf087a1
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_amd64.deb
c8a226cf1c0ccee6257c68306b0d66154cca9e8e
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_all.deb
6d7830e5708f6920b4004dc9dbbed3941a2d8342
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_all.deb
0104e0cc6bd0e1148d3770c5c2b04f094749d29c
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_all.deb
cb02c6f41b4d2cb1cb25f7788b0b2c9c2b54feb9
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_amd64.deb
870e1cceb01d1d62ae8900cfb152e9527fe03b73
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_amd64.deb
994002cf7b615203d23cc1fce9ef8717443d523c
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_all.deb
b26b491c325b973b8cd553c5daa3f426727634a4
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_amd64.deb
acf45890ac0178a5a7a0c0a91389521de97a0049
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_amd64.deb
3e417f913266a6775b38d85630efa45bef021764
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_amd64.deb
3be55f86763695e347b242bdf334ba3b4e998526
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_amd64.deb
48656cc89d8dd2d4b12d8f69e33d1a7dbd8781f2
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_all.deb
334bf8e9e8253b882be53c95844b2690542d7384
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_amd64.deb
f3ca52cb4adc8255e0f1406b8ba9840b3e43410f
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_all.deb
491191a26fec2886cfd33fbbef809c15ba0a6a54
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_amd64.deb
28be66b3b1359b86c9f5719df22c1817f51c9158
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_amd64.deb
be9aeb74076d9fca900b3cea660f162e160e19c1
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_amd64.deb
1040dd43e6ef44ae523a73620aa53fe79a9388bd
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_amd64.deb
790f68b2cb29acf77705a773c14e1c145c0c2865
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_amd64.deb
bbbddcb0440af9b8d83acd34b6439288583af23a
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_amd64.deb
fe074ee5f54f0b40ed9af14c5fb081e230cf346d
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_all.deb
1403ec600411e5e2d75d859bb67e1ebd2db5b1d2
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_all.deb
ededdf85f0b119f299bfceebefa03e7482cbf9a7
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_amd64.deb
ca83d527b4603c10ecbb669573853b73229a1f28
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_amd64.deb
ad12adb48004306258c12f2442d2f1e35422f254
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_amd64.deb
25f02fea1ad0c4242ba176fbd4a3ba18f92bf46b
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_amd64.deb
182e58685b04f1de95bad9017601bda0e3eed4b3
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_all.deb
0bc6800c3cdc54477b2c8a70e61e37a6d5d77b6b
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els11_all.deb
673dfebdb50e3c534226672ab8bc5f36e42c4711
CLSA-2026:1771329952
Fix CVE(s): CVE-2025-13601
TuxCare License Agreement
0
* SECURITY UPDATE: Heap-based buffer overflow
- debian/patches/CVE-2025-13601.patch: Fix heap-based buffer overflow by
correcting buffer size calculation in g_escape_uri_string()
- CVE-2025-13601
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: Heap-based buffer overflow
- debian/patches/CVE-2025-13601.patch: Fix heap-based buffer overflow by
correcting buffer size calculation in g_escape_uri_string()
- CVE-2025-13601
0
tuxcare-ubuntu20.04-els
libglib2.0-0_2.64.6-1~ubuntu20.04.9+tuxcare.els1_amd64.deb
9b6333f6bd74d95e15592fe8608f6ddbce5e45ef
libglib2.0-bin_2.64.6-1~ubuntu20.04.9+tuxcare.els1_amd64.deb
83ca24a8bfbd03d5165ddec132a06e3fae9a1204
libglib2.0-data_2.64.6-1~ubuntu20.04.9+tuxcare.els1_all.deb
f8f78124a9d47e0f3904d4926883931fde65f7c1
libglib2.0-dev_2.64.6-1~ubuntu20.04.9+tuxcare.els1_amd64.deb
3ce29e7dc69f4bd88e0cad95cb7520f9ee0eabd9
libglib2.0-dev-bin_2.64.6-1~ubuntu20.04.9+tuxcare.els1_amd64.deb
2ca6ae5b7667591fa7c0ead35ecc0e17b2b777ba
libglib2.0-doc_2.64.6-1~ubuntu20.04.9+tuxcare.els1_all.deb
866e062f97eb79cadb363bd62f404b74ff85446c
libglib2.0-tests_2.64.6-1~ubuntu20.04.9+tuxcare.els1_amd64.deb
083b595c869093c48d5a9ebf31dda4e9b00805b5
CLSA-2026:1771412648
Update of alt-php
TuxCare License Agreement
0
* Update ca-certificates database to 20260210:
- mozilla\{certdata.h,nssckbi.h}: Update Mozilla certificate
authority bundle of the version 2.82.
- The following certificates were updated:
# Certificate "ePKI Root Certification Authority"
- The following certificates were added:
# Certificate "TrustAsia TLS ECC Root CA"
# Certificate "TrustAsia TLS RSA Root CA"
# Certificate "SwissSign RSA TLS Root CA 2022 - 1"
# Certificate "OISTE Server Root ECC G1"
# Certificate " OISTE Server Root RSA G1"
- The following certificates were removed:
# Certificate "Baltimore CyberTrust Root"
None
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* Update ca-certificates database to 20260210:
- mozilla\{certdata.h,nssckbi.h}: Update Mozilla certificate
authority bundle of the version 2.82.
- The following certificates were updated:
# Certificate "ePKI Root Certification Authority"
- The following certificates were added:
# Certificate "TrustAsia TLS ECC Root CA"
# Certificate "TrustAsia TLS RSA Root CA"
# Certificate "SwissSign RSA TLS Root CA 2022 - 1"
# Certificate "OISTE Server Root ECC G1"
# Certificate " OISTE Server Root RSA G1"
- The following certificates were removed:
# Certificate "Baltimore CyberTrust Root"
0
tuxcare-ubuntu20.04-els
ca-certificates_20260210~20.04.1+tuxcare.els1_all.deb
b6e73238d0f0d43ff778d3cda27d443308b50460
CLSA-2026:1771857296
Fix CVE(s): CVE-2025-14087
TuxCare License Agreement
0
* SECURITY UPDATE: Buffer underflow in GVariant parser leads to heap
corruption
- debian/patches/CVE-2025-14087.patch: Fix integer overflows in GVariant
text format parser when processing input longer than INT_MAX, and fix
integer overflow in escape_byte_string() for byte strings with many
invalid characters
- CVE-2025-14087
Critical
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: Buffer underflow in GVariant parser leads to heap
corruption
- debian/patches/CVE-2025-14087.patch: Fix integer overflows in GVariant
text format parser when processing input longer than INT_MAX, and fix
integer overflow in escape_byte_string() for byte strings with many
invalid characters
- CVE-2025-14087
0
tuxcare-ubuntu20.04-els
libglib2.0-0_2.64.6-1~ubuntu20.04.9+tuxcare.els2_amd64.deb
20b6438aaef8502ffe2f5c141f21872b1671fe3a
libglib2.0-bin_2.64.6-1~ubuntu20.04.9+tuxcare.els2_amd64.deb
f5d066ec441df8c1d795da14a578180289b129fb
libglib2.0-data_2.64.6-1~ubuntu20.04.9+tuxcare.els2_all.deb
cdd4e7eb9b42bca144c32e34e0ed9be8f2841e5c
libglib2.0-dev_2.64.6-1~ubuntu20.04.9+tuxcare.els2_amd64.deb
b67fdb953ac35f1c82138cd7a3715e26e1200ebc
libglib2.0-dev-bin_2.64.6-1~ubuntu20.04.9+tuxcare.els2_amd64.deb
2f3376d315557115a62f0048aa0308cf818d8d8c
libglib2.0-doc_2.64.6-1~ubuntu20.04.9+tuxcare.els2_all.deb
01b1c766451cf1ab774146382fee032d715413a2
libglib2.0-tests_2.64.6-1~ubuntu20.04.9+tuxcare.els2_amd64.deb
e62cdbab130de9596636bd3b5b3151c3c35a5d21
CLSA-2026:1772113038
Fix of 12 CVEs
TuxCare License Agreement
0
* OpenJDK 8u482 release, build 8.
Release notes:
https://mail.openjdk.org/pipermail/jdk8u-dev/2026-January/020959.html
- Security fixes (8u482):
+ CVE-2026-21945: Prevent DoS via repeated crash or hang in sandbox security
+ CVE-2026-21932: Fix integrity issue in sandboxed handling of untrusted input
+ CVE-2026-21933: Prevent unauthorized data access or modification via networking APIs
+ CVE-2026-21925: Fix RMI flaw allowing unauthorized data read or modification
- Previously fixed:
* 8u472:
- CVE-2025-53066: Prevent DoS or data exposure from untrusted input handling
- CVE-2025-53057: Fix validation flaw affecting sandboxed networking/security logic
- CVE-2025-61748: Prevent resource-consumption denial-of-service via crafted input
* 8u462:
- CVE-2025-30749: Fix security flaw enabling unauthorized actions or data exposure
- CVE-2025-30754: Correct validation weakness affecting sandboxed execution integrity
- CVE-2025-30761: Prevent unintended data access or via insufficient checks
- CVE-2025-50106: Fix parsing weakness leading to potential denial-of-service
- CVE-2025-50059: Fix improper HTTP header handling to prevent unintended requests
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* OpenJDK 8u482 release, build 8.
Release notes:
https://mail.openjdk.org/pipermail/jdk8u-dev/2026-January/020959.html
- Security fixes (8u482):
+ CVE-2026-21945: Prevent DoS via repeated crash or hang in sandbox security
+ CVE-2026-21932: Fix integrity issue in sandboxed handling of untrusted input
+ CVE-2026-21933: Prevent unauthorized data access or modification via networking APIs
+ CVE-2026-21925: Fix RMI flaw allowing unauthorized data read or modification
- Previously fixed:
* 8u472:
- CVE-2025-53066: Prevent DoS or data exposure from untrusted input handling
- CVE-2025-53057: Fix validation flaw affecting sandboxed networking/security logic
- CVE-2025-61748: Prevent resource-consumption denial-of-service via crafted input
* 8u462:
- CVE-2025-30749: Fix security flaw enabling unauthorized actions or data exposure
- CVE-2025-30754: Correct validation weakness affecting sandboxed execution integrity
- CVE-2025-30761: Prevent unintended data access or via insufficient checks
- CVE-2025-50106: Fix parsing weakness leading to potential denial-of-service
- CVE-2025-50059: Fix improper HTTP header handling to prevent unintended requests
0
tuxcare-ubuntu20.04-els
openjdk-8-demo_8u482-ga~us1-0ubuntu1~20.04+tuxcare.els1_amd64.deb
7aae06afaa607c150530fa12e3727fbcb301f3b0
openjdk-8-doc_8u482-ga~us1-0ubuntu1~20.04+tuxcare.els1_all.deb
2783e31964a10695656ac495fabb692bc64c7582
openjdk-8-jdk_8u482-ga~us1-0ubuntu1~20.04+tuxcare.els1_amd64.deb
25694f6a5617012f4128d6e1acb530de691bd0c7
openjdk-8-jdk-headless_8u482-ga~us1-0ubuntu1~20.04+tuxcare.els1_amd64.deb
18a5cfbde91e724a8401f9f9fef9c4387ccaf89b
openjdk-8-jre_8u482-ga~us1-0ubuntu1~20.04+tuxcare.els1_amd64.deb
d9fabec4a3944fff100339a5bee759648687d81c
openjdk-8-jre-headless_8u482-ga~us1-0ubuntu1~20.04+tuxcare.els1_amd64.deb
14af13cfe9efab8e4718b3dc4c452726e0a09423
openjdk-8-jre-zero_8u482-ga~us1-0ubuntu1~20.04+tuxcare.els1_amd64.deb
496dd229caec6a7adbfb4d0598d43fb7d536a4ef
openjdk-8-source_8u482-ga~us1-0ubuntu1~20.04+tuxcare.els1_all.deb
c4a524a1ca9ba64a3ad5abcb4e5e877dadf1e7c6
CLSA-2026:1772464109
Fix CVE(s): CVE-2026-25897, CVE-2026-26284
TuxCare License Agreement
0
* SECURITY UPDATE: security vulnerability (CVE-2026-25897)
- debian/patches/CVE-2026-25897.patch: prevent integer overflow
during pixel buffer size calculation by using checked multiplication and
validating rows addition; issue caused by unvalidated header values
allowing overflow and incorrect allocation size
- CVE-2026-25897
* SECURITY UPDATE: security vulnerability (CVE-2026-26284)
- debian/patches/CVE-2026-26284.patch: prevent out-of-bounds read
while searching PCD decode table by starting iteration at first valid
element; issue caused by loop beginning at index 0 and incrementing
pointer past the table end when no sequence matched
- CVE-2026-26284
Critical
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: security vulnerability (CVE-2026-25897)
- debian/patches/CVE-2026-25897.patch: prevent integer overflow
during pixel buffer size calculation by using checked multiplication and
validating rows addition; issue caused by unvalidated header values
allowing overflow and incorrect allocation size
- CVE-2026-25897
* SECURITY UPDATE: security vulnerability (CVE-2026-26284)
- debian/patches/CVE-2026-26284.patch: prevent out-of-bounds read
while searching PCD decode table by starting iteration at first valid
element; issue caused by loop beginning at index 0 and incrementing
pointer past the table end when no sequence matched
- CVE-2026-26284
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_amd64.deb
5c7e14195ec3b386283313463c82fa75fabd36b4
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_all.deb
4242375e813cb78c6b86702f00935ac80300030a
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_all.deb
0ceeb5e2fb5bb20b11b6df22903f470c84dd17e1
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_amd64.deb
7799f253901025d37942631150978ee559fc3d2a
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_amd64.deb
8aee74db14384b59b777553ed92a270a70ca24ab
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_all.deb
a8880c3d23e6077f478195551e9b59144e76efde
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_all.deb
1103319dd5864b34dfaa357d8ccee4bbaaf09392
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_all.deb
99d9b9fda7703b94e04e8bce70f848bc981c426c
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_amd64.deb
7dcd79481b26157e7197c3f31ebaa716d0bed66e
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_amd64.deb
a9dd505bd9bf2bf8ce79b8aa027a82111f27ec32
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_all.deb
69b92441255f72ab0eccf1c058387de0c84205ce
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_amd64.deb
310a567387e20f84884ec30a2d9374a8132f3973
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_amd64.deb
47796170f2af083cf4308d103d0b675724db844d
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_amd64.deb
461cabd1b603fb3dd749071a967142766e0a0b0f
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_amd64.deb
a0d22779f5294fabf35ae22f1b1c675bf7d2a176
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_all.deb
5a80c68c1a1a9179dbcd0646d4329e1c3539fb2b
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_amd64.deb
56cd03c515408c6bb4c5b4c8b4e1e9f760d5fcab
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_all.deb
0934edb9b3aea7de393cd3dde070e1828ce4491f
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_amd64.deb
ed605bc41470afd1b014b489a5dd2cfd070beafd
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_amd64.deb
c72640472947bd8ec2b2acb59a8d4c2f76d21258
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_amd64.deb
49ce93f8d6e83e98ba9ca75894a6076aaa7e1f90
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_amd64.deb
6ba7135f38363dad9b94483a59de4e7b22ac97ea
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_amd64.deb
ed5aadf8d5dc1037ccd3b01d0d6209ba3fc41a3c
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_amd64.deb
bf2562b8e28281bb2ab570c19b4674d192ab2e28
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_all.deb
04e1d34a5936d9781578f0a6c3e1ec351a3342b3
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_all.deb
360b287debbeb100dc86b8de7940bd2fcb73c319
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_amd64.deb
2af26dd1508b5114853d91d075caf33828a80b82
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_amd64.deb
ae1c11b4bf967fc51bdac27d275206deaa0df078
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_amd64.deb
b747e1174b092667a16f29f42d3e90c9034faea7
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_amd64.deb
3efa5dc180eb93499b5f5c1ff536eab98d1488ae
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_all.deb
a5f1b5f70e6903933fda80965b4439f9e1209759
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els12_all.deb
bfadcea3edea56bea84072f15706af3b71fea6e4
CLSA-2026:1772619215
Fix CVE(s): CVE-2026-25798, CVE-2026-25799, CVE-2026-26066
TuxCare License Agreement
0
* SECURITY UPDATE: integer overflow in pixel cache allocation
- debian/patches/CVE-2026-25798.patch: add CacheOverflowSanityCheckGetSize
to detect overflow in number_pixels*packet_size in OpenPixelCache
- CVE-2026-25798
* SECURITY UPDATE: infinite loop in IPTC metadata processing
- debian/patches/CVE-2026-26066.patch: fix infinite loop in formatIPTC by
reading next byte instead of resetting to zero
- CVE-2026-26066
* SECURITY UPDATE: division by zero in YUV sampling factor validation
- debian/patches/CVE-2026-25799.patch: fix sampling factor check in
ReadYUVImage and WriteYUVImage to reject invalid individual factors
- CVE-2026-25799
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: integer overflow in pixel cache allocation
- debian/patches/CVE-2026-25798.patch: add CacheOverflowSanityCheckGetSize
to detect overflow in number_pixels*packet_size in OpenPixelCache
- CVE-2026-25798
* SECURITY UPDATE: infinite loop in IPTC metadata processing
- debian/patches/CVE-2026-26066.patch: fix infinite loop in formatIPTC by
reading next byte instead of resetting to zero
- CVE-2026-26066
* SECURITY UPDATE: division by zero in YUV sampling factor validation
- debian/patches/CVE-2026-25799.patch: fix sampling factor check in
ReadYUVImage and WriteYUVImage to reject invalid individual factors
- CVE-2026-25799
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_amd64.deb
72d17ed53be087110162a7fcfefc7b9b15df1f53
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_all.deb
7b800c6838f8d0eb4c5bb50e2079c42e720fa192
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_all.deb
ed59649823a3ab8280874175bbe4d88a469aa694
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_amd64.deb
a89564b2ed4d2cfa34e9d9902994b58543e2957c
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_amd64.deb
1c74bf1db02c1391b788e09f1d8932a0dc899842
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_all.deb
93a6d6f0c1838a8ff186afd3ce1e6fe7c6880f20
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_all.deb
e7a0b3d15f21bd53b56ba454835bfb4ef892fb02
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_all.deb
362702f8b6be74fbb71fac42a8ff0380ff8202c9
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_amd64.deb
881ecf76ab573898ab0a9e7923a9977d03e9313d
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_amd64.deb
fddc21c6020b77ed72804c38d96f74043d57bd5c
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_all.deb
de74c6df318e79113ed5394f90c7dc2d5e9c65d3
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_amd64.deb
e305c774c64cd815976063c5a2ba7c01da84b1d0
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_amd64.deb
c609ff0498ebad592c3bbdad227ee59f7ef81547
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_amd64.deb
239bd747844df4a9269dfea8325122c7aaa2c814
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_amd64.deb
3396e954bcabe2c8bd7215218be620c5273f3f7e
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_all.deb
eda6f95acb6fd924351b0707f616010b8f00e7f0
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_amd64.deb
8dbbc9425528e988ef996d345fc4ff19601f558d
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_all.deb
2e37bd4b01778b7fc38101fcdc04bad5e9253d9a
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_amd64.deb
6a4c485c16cd776fd64ba2d80b12e23080b1bdfb
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_amd64.deb
8b52472b5f57a81158c1578336431b35f1b872e3
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_amd64.deb
0fbd2bde5d92763a124266b7cc32012ae0a18c3e
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_amd64.deb
87f055367f57503390f20fc55b4dafdca61821a0
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_amd64.deb
92f8f5176a6049ed5be68828b9577dbae87bc0aa
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_amd64.deb
132afaf34dcf09d6a03ee4670a282cf00d0aa562
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_all.deb
13e44237eb397120459f1158efdba9278e72698a
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_all.deb
250563132fafbe713232a94b267de313bf123867
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_amd64.deb
a2d9838c90b8d8cf5e488cc00ae75edc037a39a9
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_amd64.deb
01fb965d4a0f25b636eb640d15080335cf46867b
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_amd64.deb
e02a186cdc95cea56f20d99f44059316efda5c78
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_amd64.deb
ff70e3efdc8ca609c352ecf9314f4a3befc59ec8
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_all.deb
a36211b4dd476b3ced0541e8d374fe7db1dacee4
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els13_all.deb
4b3365e1a25da392d6c03d2539a95463a89f6258
CLSA-2026:1772810452
Fix CVE(s): CVE-2026-25796
TuxCare License Agreement
0
* SECURITY UPDATE: memory leak in ReadSTEGANOImage that can be exploited for
denial-of-service
- debian/patches/CVE-2026-25796.patch: free watermark object on three
early-return paths
- CVE-2026-25796
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: memory leak in ReadSTEGANOImage that can be exploited for
denial-of-service
- debian/patches/CVE-2026-25796.patch: free watermark object on three
early-return paths
- CVE-2026-25796
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_amd64.deb
a346b79da5cee6b2824f8c44de6564ffa5f56a1c
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_all.deb
d54202d733f474504ed26a60b5f5cf13c0ab16da
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_all.deb
6b5f2624044b7992313740651b72b96055944040
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_amd64.deb
0a3c0679e4f69d4a4844b795b54df0a7fddad827
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_amd64.deb
c472f02b067e86731019e2b47e00051326e50db6
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_all.deb
85751e18a2c14344724e048fb4562a80eee44b59
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_all.deb
839422f4f6f4188641199979cb7874d7d19a384b
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_all.deb
9c6d44ed93b3c8cf79cfd70169bf951d4a3aec81
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_amd64.deb
1c5166a41ea0b1303b854a74b9e129a3acc517ef
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_amd64.deb
330f4e12c3522681069b7f8bbb637c4f1d0ae7cf
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_all.deb
12338ce53ed1fd6fc45651929316b37d27ade9a4
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_amd64.deb
a525cc01c2e50ce912a8924410668e6e39528b67
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_amd64.deb
092b93906e862677617f7d39921e6fdd63991840
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_amd64.deb
895a6902fb64abe58bf42dd23ede10b7a16a8607
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_amd64.deb
fb0b21c41d593320bbfdcb13a243ce72b7704c29
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_all.deb
e098fa36b7be1271b147b085531b9a9cbb633c9a
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_amd64.deb
4e4e4c5c32aa19a43a81657f8f0562fd715bda7b
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_all.deb
41e049f711455d7ecc4646ab2bdf20a9c8526192
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_amd64.deb
e9fdafe6060814d04d5d526a4ff79358ed0c385a
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_amd64.deb
5e5b3289daeb952a35b49a0f77bd2c8971f2db64
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_amd64.deb
c3cc41aa2a9201610e2518aae0074051a86c7c3b
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_amd64.deb
a2e228bdf7cd979d813683897daa74fd8262cd04
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_amd64.deb
84fa8269b3c29732466a10c6b3608fa6b7e2a9c4
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_amd64.deb
81595b9dedfac4ed70664c80393d5304f5c18bed
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_all.deb
027d97c00cf7ec9ee76b2689f60a786663d28161
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_all.deb
96190ddbf00ea1fb33bee436b105dd495f45c242
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_amd64.deb
0eb6edd6c02a45bb50fecf3a15cdcfef7f94fb78
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_amd64.deb
927f4a00ddf271b9a2c44d2a815238daa9ff3b8a
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_amd64.deb
ee6616d5e05a95dde3e225c94c55a9f09eb3208d
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_amd64.deb
3c24e24fa8c2a206433598d6c7d4250f2f2799fa
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_all.deb
7ab1215d838e6b762b6cd71bdfafd5510842029a
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els14_all.deb
e9ada4dbae45c2217975d0e9d314de99cf54420f
CLSA-2026:1772815097
Fix of 72 CVEs
TuxCare License Agreement
0
* CVE-2025-38699
- scsi: bfa: Double-free fix {CVE-2025-38699}
* CVE-2025-38697
- jfs: upper bound check of tree index in dbAllocAG {CVE-2025-38697}
* CVE-2025-39823
- KVM: x86: use array_index_nospec with indices that come from guest
{CVE-2025-39823}
* CVE-2025-39689
- ftrace: Also allocate and copy hash for reading of filter files
{CVE-2025-39689}
* CVE-2025-39749
- rcu: Protect ->defer_qs_iw_pending from data race {CVE-2025-39749}
* CVE-2025-38728
- smb3: fix for slab out of bounds on mount to ksmbd {CVE-2025-38728}
* CVE-2025-38676
- iommu/amd: Avoid stack buffer overflow from kernel cmdline {CVE-2025-38676}
* CVE-2025-38574
- pptp: ensure minimal skb length in pptp_xmit() {CVE-2025-38574}
* CVE-2025-38572
- ipv6: reject malicious packets in ipv6_gso_segment() {CVE-2025-38572}
* CVE-2025-38685
- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit {CVE-2025-38685}
* CVE-2025-38563
- vm_ops: rename .split() callback to .may_split() {CVE-2025-38563}
- perf/core: Prevent VMA split of buffer mappings {CVE-2025-38563}
* CVE-2025-38702
- fbdev: fix potential buffer overflow in do_register_framebuffer()
{CVE-2025-38702}
* CVE-2025-39911
- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
{CVE-2025-39911}
* CVE-2025-39971
- i40e: fix idx validation in config queues msg {CVE-2025-39971}
* CVE-2025-40154
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping {CVE-2025-40154}
* CVE-2025-39973
- i40e: increase max descriptors for XL710 {CVE-2025-39973}
- i40e: add validation for ring_len param {CVE-2025-39973}
* CVE-2022-49026
- e100: Fix possible use after free in e100_xmit_prepare {CVE-2022-49026}
* CVE-2025-38724
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
{CVE-2025-38724}
* CVE-2025-39853
- i40e: Fix potential invalid access when MAC list is empty {CVE-2025-39853}
* CVE-2025-39860
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()
{CVE-2025-39860}
* CVE-2025-39891
- wifi: mwifiex: Initialize the chan_stats array to zero {CVE-2025-39891}
* CVE-2025-38530
- comedi: pcl812: Fix bit shift out of bounds {CVE-2025-38530}
* CVE-2025-38529
- comedi: aio_iiro_16: Fix bit shift out of bounds {CVE-2025-38529}
* CVE-2025-38497
- usb: gadget: configfs: Fix OOB read on empty string write {CVE-2025-38497}
* CVE-2025-38483
- comedi: das16m1: Fix bit shift out of bounds {CVE-2025-38483}
* CVE-2025-38482
- comedi: das6402: Fix bit shift out of bounds {CVE-2025-38482}
* CVE-2025-39702
- ipv6: sr: Fix MAC comparison to be constant-time {CVE-2025-39702}
* CVE-2025-39730
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() {CVE-2025-39730}
* CVE-2025-39841
- scsi: lpfc: Fix buffer free/clear order in deferred receive path
{CVE-2025-39841}
* CVE-2025-39817
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare {CVE-2025-39817}
* CVE-2025-38494
- HID: core: ensure the allocated report buffer can contain the reserved
report ID {CVE-2025-38494}
- HID: core: ensure __hid_request reserves the report ID as the first byte
{CVE-2025-38494}
- HID: core: do not bypass hid_hw_raw_request {CVE-2025-38494}
* CVE-2025-39757
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors {CVE-2025-39757}
* CVE-2025-38527
- smb: client: fix use-after-free in cifs_oplock_break {CVE-2025-38527}
* CVE-2023-52854
- padata: Fix refcnt handling in padata_free_shell() {CVE-2023-52854}
* CVE-2024-35867
- smb: client: fix potential UAF in cifs_stats_proc_show() {CVE-2024-35867}
* CVE-2024-50061
- i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master
Driver Due to Race Condition {CVE-2024-50061}
* CVE-2025-39965
- xfrm: Duplicate SPI Handling {CVE-2025-39965}
* CVE-2025-22107
- net: dsa: sja1105: fix kasan out-of-bounds warning in
sja1105_table_delete_entry() {CVE-2025-22107}
* CVE-2025-37928
- dm-bufio: don't schedule in atomic context {CVE-2025-37928}
* CVE-2025-37927
- iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
{CVE-2025-37927}
* CVE-2025-37915
- net_sched: drr: Fix double list add in class with netem as child qdisc
{CVE-2025-37915}
* CVE-2025-37913
- net_sched: qfq: Fix double list add in class with netem as child qdisc
{CVE-2025-37913}
* CVE-2025-37817
- mcb: fix a double free bug in chameleon_parse_gdd() {CVE-2025-37817}
* CVE-2025-38204
- jfs: fix array-index-out-of-bounds read in add_missing_indices
{CVE-2025-38204}
* CVE-2025-38323
- net: atm: add lec_mutex {CVE-2025-38323}
* CVE-2025-38346
- ftrace: Fix UAF when lookup kallsym after ftrace disabled {CVE-2025-38346}
* CVE-2025-38348
- wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
{CVE-2025-38348}
* CVE-2025-38415
- Squashfs: check return result of sb_min_blocksize {CVE-2025-38415}
* CVE-2025-38416
- NFC: nci: uart: Set tty->disc_data only in success path {CVE-2025-38416}
* CVE-2025-38428
- Input: ims-pcu - check record size in ims_pcu_flash_firmware()
{CVE-2025-38428}
* CVE-2025-38102
- VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify
{CVE-2025-38102}
* CVE-2025-38245
- atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
{CVE-2025-38245}
* CVE-2025-38249
- ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()
{CVE-2025-38249}
* CVE-2025-38377
- rose: fix dangling neighbour pointers in rose_rt_device_down()
{CVE-2025-38377}
* CVE-2025-38389
- drm/i915/gt: Fix timeline left held on VMA alloc error {CVE-2025-38389}
* CVE-2025-38395
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods
{CVE-2025-38395}
* CVE-2025-38401
- mtk-sd: Prevent memory corruption from DMA map failure {CVE-2025-38401}
* CVE-2025-38445
- md/raid1: Fix stack memory use after return in raid1_reshape
{CVE-2025-38445}
* CVE-2025-38459
- atm: clip: Fix infinite recursive call of clip_push(). {CVE-2025-38459}
* CVE-2025-39863
- wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work
{CVE-2025-39863}
* CVE-2025-38068
- crypto: lzo - Fix compression buffer overrun {CVE-2025-38068}
* CVE-2025-21726
- padata: avoid UAF for reorder_work {CVE-2025-21726}
* CVE-2025-39760
- usb: core: config: Prevent OOB read in SS endpoint companion parsing
{CVE-2025-39760}
* CVE-2022-49698
- netfilter: use get_random_u32 instead of prandom {CVE-2022-49698}
* CVE-2025-38198
- fbcon: Introduce wrapper for console->fb_info lookup {CVE-2025-38198}
- fbcon: Make sure modelist not set on unregistered console {CVE-2025-38198}
* CVE-2025-38422
- net: lan743x: Add support for 4 Tx queues {CVE-2025-38422}
- net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices
{CVE-2025-38422}
- net: lan743x: Add PCI11010 / PCI11414 device IDs {CVE-2025-38422}
* CVE-2025-38375
- virtio-net: ensure the received length does not exceed allocated size
{CVE-2025-38375}
* CVE-2025-39901
- i40e: remove read access to debugfs files {CVE-2025-39901}
* CVE-2025-39810
- bnxt_en: Fix memory corruption when FW resources change during ifdown
{CVE-2025-39810}
* CVE-2025-39905
- net: phylink: add lock for serializing concurrent pl->phydev writes with
resolver {CVE-2025-39905}
* CVE-2025-39993
- media: imon: reorganize serialization {CVE-2025-39993}
- media: rc: fix races with imon_disconnect() {CVE-2025-39993}
* CVE-2025-39883
- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison
memory {CVE-2025-39883}
* Miscellaneous upstream changes
- net: atm: fix /proc/net/atm/lec handling {CVE-2025-38323}
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* CVE-2025-38699
- scsi: bfa: Double-free fix {CVE-2025-38699}
* CVE-2025-38697
- jfs: upper bound check of tree index in dbAllocAG {CVE-2025-38697}
* CVE-2025-39823
- KVM: x86: use array_index_nospec with indices that come from guest
{CVE-2025-39823}
* CVE-2025-39689
- ftrace: Also allocate and copy hash for reading of filter files
{CVE-2025-39689}
* CVE-2025-39749
- rcu: Protect ->defer_qs_iw_pending from data race {CVE-2025-39749}
* CVE-2025-38728
- smb3: fix for slab out of bounds on mount to ksmbd {CVE-2025-38728}
* CVE-2025-38676
- iommu/amd: Avoid stack buffer overflow from kernel cmdline {CVE-2025-38676}
* CVE-2025-38574
- pptp: ensure minimal skb length in pptp_xmit() {CVE-2025-38574}
* CVE-2025-38572
- ipv6: reject malicious packets in ipv6_gso_segment() {CVE-2025-38572}
* CVE-2025-38685
- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit {CVE-2025-38685}
* CVE-2025-38563
- vm_ops: rename .split() callback to .may_split() {CVE-2025-38563}
- perf/core: Prevent VMA split of buffer mappings {CVE-2025-38563}
* CVE-2025-38702
- fbdev: fix potential buffer overflow in do_register_framebuffer()
{CVE-2025-38702}
* CVE-2025-39911
- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
{CVE-2025-39911}
* CVE-2025-39971
- i40e: fix idx validation in config queues msg {CVE-2025-39971}
* CVE-2025-40154
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping {CVE-2025-40154}
* CVE-2025-39973
- i40e: increase max descriptors for XL710 {CVE-2025-39973}
- i40e: add validation for ring_len param {CVE-2025-39973}
* CVE-2022-49026
- e100: Fix possible use after free in e100_xmit_prepare {CVE-2022-49026}
* CVE-2025-38724
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
{CVE-2025-38724}
* CVE-2025-39853
- i40e: Fix potential invalid access when MAC list is empty {CVE-2025-39853}
* CVE-2025-39860
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()
{CVE-2025-39860}
* CVE-2025-39891
- wifi: mwifiex: Initialize the chan_stats array to zero {CVE-2025-39891}
* CVE-2025-38530
- comedi: pcl812: Fix bit shift out of bounds {CVE-2025-38530}
* CVE-2025-38529
- comedi: aio_iiro_16: Fix bit shift out of bounds {CVE-2025-38529}
* CVE-2025-38497
- usb: gadget: configfs: Fix OOB read on empty string write {CVE-2025-38497}
* CVE-2025-38483
- comedi: das16m1: Fix bit shift out of bounds {CVE-2025-38483}
* CVE-2025-38482
- comedi: das6402: Fix bit shift out of bounds {CVE-2025-38482}
* CVE-2025-39702
- ipv6: sr: Fix MAC comparison to be constant-time {CVE-2025-39702}
* CVE-2025-39730
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() {CVE-2025-39730}
* CVE-2025-39841
- scsi: lpfc: Fix buffer free/clear order in deferred receive path
{CVE-2025-39841}
* CVE-2025-39817
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare {CVE-2025-39817}
* CVE-2025-38494
- HID: core: ensure the allocated report buffer can contain the reserved
report ID {CVE-2025-38494}
- HID: core: ensure __hid_request reserves the report ID as the first byte
{CVE-2025-38494}
- HID: core: do not bypass hid_hw_raw_request {CVE-2025-38494}
* CVE-2025-39757
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors {CVE-2025-39757}
* CVE-2025-38527
- smb: client: fix use-after-free in cifs_oplock_break {CVE-2025-38527}
* CVE-2023-52854
- padata: Fix refcnt handling in padata_free_shell() {CVE-2023-52854}
* CVE-2024-35867
- smb: client: fix potential UAF in cifs_stats_proc_show() {CVE-2024-35867}
* CVE-2024-50061
- i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master
Driver Due to Race Condition {CVE-2024-50061}
* CVE-2025-39965
- xfrm: Duplicate SPI Handling {CVE-2025-39965}
* CVE-2025-22107
- net: dsa: sja1105: fix kasan out-of-bounds warning in
sja1105_table_delete_entry() {CVE-2025-22107}
* CVE-2025-37928
- dm-bufio: don't schedule in atomic context {CVE-2025-37928}
* CVE-2025-37927
- iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
{CVE-2025-37927}
* CVE-2025-37915
- net_sched: drr: Fix double list add in class with netem as child qdisc
{CVE-2025-37915}
* CVE-2025-37913
- net_sched: qfq: Fix double list add in class with netem as child qdisc
{CVE-2025-37913}
* CVE-2025-37817
- mcb: fix a double free bug in chameleon_parse_gdd() {CVE-2025-37817}
* CVE-2025-38204
- jfs: fix array-index-out-of-bounds read in add_missing_indices
{CVE-2025-38204}
* CVE-2025-38323
- net: atm: add lec_mutex {CVE-2025-38323}
* CVE-2025-38346
- ftrace: Fix UAF when lookup kallsym after ftrace disabled {CVE-2025-38346}
* CVE-2025-38348
- wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
{CVE-2025-38348}
* CVE-2025-38415
- Squashfs: check return result of sb_min_blocksize {CVE-2025-38415}
* CVE-2025-38416
- NFC: nci: uart: Set tty->disc_data only in success path {CVE-2025-38416}
* CVE-2025-38428
- Input: ims-pcu - check record size in ims_pcu_flash_firmware()
{CVE-2025-38428}
* CVE-2025-38102
- VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify
{CVE-2025-38102}
* CVE-2025-38245
- atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
{CVE-2025-38245}
* CVE-2025-38249
- ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()
{CVE-2025-38249}
* CVE-2025-38377
- rose: fix dangling neighbour pointers in rose_rt_device_down()
{CVE-2025-38377}
* CVE-2025-38389
- drm/i915/gt: Fix timeline left held on VMA alloc error {CVE-2025-38389}
* CVE-2025-38395
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods
{CVE-2025-38395}
* CVE-2025-38401
- mtk-sd: Prevent memory corruption from DMA map failure {CVE-2025-38401}
* CVE-2025-38445
- md/raid1: Fix stack memory use after return in raid1_reshape
{CVE-2025-38445}
* CVE-2025-38459
- atm: clip: Fix infinite recursive call of clip_push(). {CVE-2025-38459}
* CVE-2025-39863
- wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work
{CVE-2025-39863}
* CVE-2025-38068
- crypto: lzo - Fix compression buffer overrun {CVE-2025-38068}
* CVE-2025-21726
- padata: avoid UAF for reorder_work {CVE-2025-21726}
* CVE-2025-39760
- usb: core: config: Prevent OOB read in SS endpoint companion parsing
{CVE-2025-39760}
* CVE-2022-49698
- netfilter: use get_random_u32 instead of prandom {CVE-2022-49698}
* CVE-2025-38198
- fbcon: Introduce wrapper for console->fb_info lookup {CVE-2025-38198}
- fbcon: Make sure modelist not set on unregistered console {CVE-2025-38198}
* CVE-2025-38422
- net: lan743x: Add support for 4 Tx queues {CVE-2025-38422}
- net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices
{CVE-2025-38422}
- net: lan743x: Add PCI11010 / PCI11414 device IDs {CVE-2025-38422}
* CVE-2025-38375
- virtio-net: ensure the received length does not exceed allocated size
{CVE-2025-38375}
* CVE-2025-39901
- i40e: remove read access to debugfs files {CVE-2025-39901}
* CVE-2025-39810
- bnxt_en: Fix memory corruption when FW resources change during ifdown
{CVE-2025-39810}
* CVE-2025-39905
- net: phylink: add lock for serializing concurrent pl->phydev writes with
resolver {CVE-2025-39905}
* CVE-2025-39993
- media: imon: reorganize serialization {CVE-2025-39993}
- media: rc: fix races with imon_disconnect() {CVE-2025-39993}
* CVE-2025-39883
- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison
memory {CVE-2025-39883}
* Miscellaneous upstream changes
- net: atm: fix /proc/net/atm/lec handling {CVE-2025-38323}
0
tuxcare-ubuntu20.04-els
linux-buildinfo-5.4.0-225-tuxcare.els7-generic_5.4.0-225.245_amd64.deb
52446849e96cb84f089883ea24afc60e8fdc9231
linux-buildinfo-5.4.0-225-tuxcare.els7-lowlatency_5.4.0-225.245_amd64.deb
5dcc895a78b57e6c595e385d50508746b626d7c3
linux-cloud-tools-5.4.0-225-tuxcare.els7_5.4.0-225.245_amd64.deb
21b0b2e2c56672bb3ea6628dd3b3b7d1cc7824f3
linux-cloud-tools-5.4.0-225-tuxcare.els7-generic_5.4.0-225.245_amd64.deb
eaac2c73a1bb562f86aeb9320a99774856da1713
linux-cloud-tools-5.4.0-225-tuxcare.els7-lowlatency_5.4.0-225.245_amd64.deb
7b5d3a08891918eb831dad3f662b8b0cf5b41b3c
linux-cloud-tools-common_5.4.0-225.245_all.deb
144048735337ce4cc321235ade87e078b08566b2
linux-doc_5.4.0-225.245_all.deb
47750920791ef44930f72f33d94adba9bc5cf422
linux-headers-5.4.0-225-tuxcare.els7_5.4.0-225.245_all.deb
da83fc609868948bde05c5ac1cb97bf3cc302566
linux-headers-5.4.0-225-tuxcare.els7-generic_5.4.0-225.245_amd64.deb
ed2f7197879838deecd3eeef0b56d8289b65cb86
linux-headers-5.4.0-225-tuxcare.els7-lowlatency_5.4.0-225.245_amd64.deb
82bc0f174f0ac3d767d11e3b5225547583f7e584
linux-image-unsigned-5.4.0-225-tuxcare.els7-generic_5.4.0-225.245_amd64.deb
746d28a48998fb3678ec50372d43d487ccd33e03
linux-image-unsigned-5.4.0-225-tuxcare.els7-lowlatency_5.4.0-225.245_amd64.deb
fe8800070518c5a8542a24751b32c0645f45e200
linux-libc-dev_5.4.0-225.245_amd64.deb
8cf87776a1ca03e856f03eac633476a78a21ff52
linux-modules-5.4.0-225-tuxcare.els7-generic_5.4.0-225.245_amd64.deb
4de9ff51409f291b0fcf978146f97bcd4dbe37eb
linux-modules-5.4.0-225-tuxcare.els7-lowlatency_5.4.0-225.245_amd64.deb
dd69bce95fb2a61a40aab616cc2f80b68531b6b9
linux-modules-extra-5.4.0-225-tuxcare.els7-generic_5.4.0-225.245_amd64.deb
fbd1fca63ab1e8aa2c0ad2dbb11bb023c81800f1
linux-source-5.4.0_5.4.0-225.245_all.deb
d437f1b2f02dbe607fc4fad97cbd059b17f35e92
linux-tools-5.4.0-225-tuxcare.els7_5.4.0-225.245_amd64.deb
533cfb0ac2285da60a001f99a33ba4969c72171b
linux-tools-5.4.0-225-tuxcare.els7-generic_5.4.0-225.245_amd64.deb
77bded36806a4790ab11ae7e77d032e34af7d7d6
linux-tools-5.4.0-225-tuxcare.els7-lowlatency_5.4.0-225.245_amd64.deb
8c015db2928cba7c93fd31cbd3ca60bf645aaf79
linux-tools-common_5.4.0-225.245_all.deb
9a8710bd5ee8a407d1083a0096e549045c486283
linux-tools-host_5.4.0-225.245_all.deb
5229dbe14c05a1e546fcfbfda1173a677d0d3c5c
CLSA-2026:1773316266
Fix CVE(s): CVE-2025-14524, CVE-2025-15079, CVE-2025-15224
TuxCare License Agreement
0
* SECURITY UPDATE: OAuth2 bearer token leak on cross-protocol redirect
- debian/patches/CVE-2025-14524.patch: do not use bearer when following
redirect unless allow_auth_to_other_hosts is set
- CVE-2025-14524
* SECURITY UPDATE: libssh global known_hosts override
- debian/patches/CVE-2025-15079-CVE-2025-15224.patch: set
SSH_OPTIONS_GLOBAL_KNOWNHOSTS to same path as SSH_OPTIONS_KNOWNHOSTS
- CVE-2025-15079
* SECURITY UPDATE: libssh key passphrase bypass without agent set
- debian/patches/CVE-2025-15079-CVE-2025-15224.patch: require private
key or CURLSSH_AUTH_AGENT for public key auth
- CVE-2025-15224
Low
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: OAuth2 bearer token leak on cross-protocol redirect
- debian/patches/CVE-2025-14524.patch: do not use bearer when following
redirect unless allow_auth_to_other_hosts is set
- CVE-2025-14524
* SECURITY UPDATE: libssh global known_hosts override
- debian/patches/CVE-2025-15079-CVE-2025-15224.patch: set
SSH_OPTIONS_GLOBAL_KNOWNHOSTS to same path as SSH_OPTIONS_KNOWNHOSTS
- CVE-2025-15079
* SECURITY UPDATE: libssh key passphrase bypass without agent set
- debian/patches/CVE-2025-15079-CVE-2025-15224.patch: require private
key or CURLSSH_AUTH_AGENT for public key auth
- CVE-2025-15224
0
tuxcare-ubuntu20.04-els
curl_7.68.0-1ubuntu2.25+tuxcare.els1_amd64.deb
d8d232071a914c1ada90cb9fbd90e6c9999f50de
libcurl3-gnutls_7.68.0-1ubuntu2.25+tuxcare.els1_amd64.deb
726e58c1b5861e8e8c27973b3c1dfe8dbac35932
libcurl3-nss_7.68.0-1ubuntu2.25+tuxcare.els1_amd64.deb
dcfff2c729f450d1eb10947638c8632cc6690424
libcurl4_7.68.0-1ubuntu2.25+tuxcare.els1_amd64.deb
f75554437bc49ea90f18a552feb37b212b2c3f4a
libcurl4-doc_7.68.0-1ubuntu2.25+tuxcare.els1_all.deb
5fe57d2f6b20b05d130df3db481233857fa511f9
libcurl4-gnutls-dev_7.68.0-1ubuntu2.25+tuxcare.els1_amd64.deb
ec6e4d9c7a9659e465256140d43dcc508810243d
libcurl4-nss-dev_7.68.0-1ubuntu2.25+tuxcare.els1_amd64.deb
4237a93276942a3c83cf9363f6f4188eb127f007
libcurl4-openssl-dev_7.68.0-1ubuntu2.25+tuxcare.els1_amd64.deb
0b4009a864907e24ea7413535e348009833ad6a1
CLSA-2026:1773411204
Update of alt-php
TuxCare License Agreement
0
* Move gpg key and repo installation from debian/install to postinst
* Add support for multiple deb platforms
None
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* Move gpg key and repo installation from debian/install to postinst
* Add support for multiple deb platforms
0
tuxcare-ubuntu20.04-els
els-os-release_1.0.0-2_amd64.deb
87a5f2d385ad1c22ab9c4c9ec9bfb61b1020de8e
CLSA-2026:1773412353
Fix CVE(s): CVE-2026-24481
TuxCare License Agreement
0
* SECURITY UPDATE: heap information disclosure in PSD channel decoder
- debian/patches/CVE-2026-24481.patch: initialize pixel buffer with
zeros in ReadPSDChannelZip to prevent heap memory leak
- CVE-2026-24481
Low
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: heap information disclosure in PSD channel decoder
- debian/patches/CVE-2026-24481.patch: initialize pixel buffer with
zeros in ReadPSDChannelZip to prevent heap memory leak
- CVE-2026-24481
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_amd64.deb
0b65219972f31eb58b1ba6c7adf3992b132c79cb
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_all.deb
6f95a0af61452c22e0389d128bb9f1bb077d8559
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_all.deb
0e6c49ddac801e424af928e3658cb0e9cbb7c6ef
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_amd64.deb
73506c7fd05606336a3058215ba911a012156320
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_amd64.deb
593bd0e3dc8cd06f04efa42cab3f43e5a524c226
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_all.deb
46545429dadd0b832a0d935a4d80a9cb8e538a92
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_all.deb
9637a23d78bd8f528ec37e89e7130b68a21661cd
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_all.deb
21dfb5d8fe26f6a8f3c900c09b3250ba1c11b38d
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_amd64.deb
bb340a68a1b3fdc67e57b8957338ca2687ef029f
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_amd64.deb
32711bfd3eb63ed27c3bb6f29635e0d56e7c4408
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_all.deb
0edd6a2423bbe8e681da33dd206e09562ecf1795
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_amd64.deb
aa22e044889ea7f98323ec4129f6a4f9775a224d
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_amd64.deb
b6e78c52d4d240a0ba1c78d52218e46ce3280027
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_amd64.deb
b3ec84c234c41404aa8d509b4e20879dd33b2fb5
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_amd64.deb
0914120d8ffc012e9e34a3ecb9e419aadaa9fbe2
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_all.deb
f582200ac95caf63b3c77e10fa1fedbf8af799b2
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_amd64.deb
d655c01a00ce04aff4f2ca45e7eac7915c8354c3
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_all.deb
5be0de80298f51825a0a159764acce2d185cb247
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_amd64.deb
ccba5b4c60fcc414aa961e3fe57125d5cc3c90bc
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_amd64.deb
0e152838ff5de4571d3fcc1d0aa5c33220536704
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_amd64.deb
588a303996b9feb6f2cf47eb166a35326d7b9d6f
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_amd64.deb
0458857914b2b2b342deeb7eba30ad95ea2e8511
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_amd64.deb
6c83428ef5a310d1e2cb681ad0f394b90bc397cb
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_amd64.deb
05e2372d6f0b773373aa8e17337ba70aea191afa
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_all.deb
68f7ff0390eb0c5a3bee988b26e0fc53b1b85b97
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_all.deb
ff331a9f6dff960707245da5acfae777d206b528
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_amd64.deb
ad9d450f410e5ecddacad8c709963ab875b763dd
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_amd64.deb
c4ea391582dd005af84af0a9c0092dd5f1677399
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_amd64.deb
6c8b42f287ef0bec87a8f1ccc3d6c939f478542a
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_amd64.deb
95988f0aabe258b658fd4d51b4e177f1af196d86
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_all.deb
76e6ba4670c1e65791ea710c4fad1772a5aaf93a
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els15_all.deb
cc6f329184b52d1f24756a9138f8ed206deb9f0f
CLSA-2026:1773667921
Fix CVE(s): CVE-2025-10230
TuxCare License Agreement
0
* SECURITY UPDATE: unauthenticated command injection via WINS hook in
source4 NBT server. The "wins hook" parameter passed unsanitized
NetBIOS names to a shell command, allowing arbitrary command execution
by remote clients.
- debian/patches/CVE-2025-10230.patch
- CVE-2025-10230
Critical
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: unauthenticated command injection via WINS hook in
source4 NBT server. The "wins hook" parameter passed unsanitized
NetBIOS names to a shell command, allowing arbitrary command execution
by remote clients.
- debian/patches/CVE-2025-10230.patch
- CVE-2025-10230
0
tuxcare-ubuntu20.04-els
ctdb_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els1_amd64.deb
b0f97dbf4390cabb267467e5414830dc06953d5d
libnss-winbind_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els1_amd64.deb
1d2d6f79714015e13ca824cb5031bce549c95721
libpam-winbind_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els1_amd64.deb
9253266ed0b3ddf2dfd79c9dad046cd6ace0c3a2
libsmbclient_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els1_amd64.deb
527d82c44602df10f490435c0c4e54411f9319a7
libsmbclient-dev_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els1_amd64.deb
e939324abf223e8d939ba0c34912f6b572ca0aad
libwbclient-dev_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els1_amd64.deb
d1df5b58538fece3db294f0f70c369ef018b6f1a
libwbclient0_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els1_amd64.deb
e36303feb758250c7868f053dedd52a353f65cc8
python3-samba_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els1_amd64.deb
6b944ffe3a867e077c8a41c5842f347554a50e57
registry-tools_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els1_amd64.deb
dafcd482d30026c50008955bf72ba46efc342c87
samba_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els1_amd64.deb
db33282779fdd5a2a3b6cad7b08c49eda7992b08
samba-common_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els1_all.deb
ab4e0c447bdf160fca48acf712a81748b0281995
samba-common-bin_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els1_amd64.deb
ddb6bef721b783032617c7bac74374ed1474e07c
samba-dev_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els1_amd64.deb
6a43c655543cc85a642c12643f3a104dcb532b7d
samba-dsdb-modules_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els1_amd64.deb
d8311a9d8e7f6829463e337a0c95ab87e8bbfa5c
samba-libs_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els1_amd64.deb
3fd5436b07c857ddbfb200470163e65d8cfddeac
samba-testsuite_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els1_amd64.deb
44e924303d5e0c4802cbce9bc60aac547215c1dc
samba-vfs-modules_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els1_amd64.deb
d96fdfc7b29a19a2c199d9951f8d923939b64cf5
smbclient_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els1_amd64.deb
b256e5976f41b5d440ceeadcaf010363df8e2f6c
winbind_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els1_amd64.deb
b555fa9d451852d4c04f0d7cef445b6a7987b9f1
CLSA-2026:1773682345
Fix CVE(s): CVE-2026-25795
TuxCare License Agreement
0
* SECURITY UPDATE: null pointer dereference and crash during image reading
- debian/patches/CVE-2026-25795.patch: Fix NULL pointer dereference by
reordering DestroyImageInfo after copy of filename; cause: Free read_info
before access of read_info->filename
- CVE-2026-25795
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: null pointer dereference and crash during image reading
- debian/patches/CVE-2026-25795.patch: Fix NULL pointer dereference by
reordering DestroyImageInfo after copy of filename; cause: Free read_info
before access of read_info->filename
- CVE-2026-25795
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_amd64.deb
537d3bd47933eba699e59c98c1b20da8a310cff3
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_all.deb
92e60c38c158b2408074d0113cca3b935ef24d9d
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_all.deb
300374d945221761d4feb05f60feffea72481597
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_amd64.deb
46fa3909ab3e00f1501226157f8822f4791bf628
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_amd64.deb
c3daffd65a772ef916926316f70757bf8c6c664f
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_all.deb
5e23529ddb35ca91b224aa6b29d8d4e611e42718
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_all.deb
ee12069cd09e97bf7dbb93936f028e0efbd9ea22
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_all.deb
303698748f4fb9cb57462f88ac52694f818e9dfd
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_amd64.deb
c5c15e2d1e9769d2fa1b2ae69f633864ab1bdf01
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_amd64.deb
2c2c5b2733e5d1de3e27d47668c960aa48b1785e
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_all.deb
646167b2766a577b8be54203d350461ad6940473
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_amd64.deb
a73defcef70c77dcf7ca0d9b2d19cb01478533b7
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_amd64.deb
b27168ab97efed2cebd78b502da7df34c78d0afa
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_amd64.deb
fad471df19ed08b14209673c653a9177d47259fb
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_amd64.deb
ee1449d8df361ca065b3ded9abbe1e0e788ef436
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_all.deb
461036664f6b4d321693600b3d628082c3e35112
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_amd64.deb
94143f8cf25c17c603a525d00a4a3f848131b282
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_all.deb
33b1d40088473fe8a0a484eb166a87fbd6490271
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_amd64.deb
ce6338ea737c143f832a602954f984cdda1bb53f
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_amd64.deb
b90124715ca166d4af1639ebceb74355a8623cf9
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_amd64.deb
71a7df7f245337c6a8ddf91a82535694bf8264d7
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_amd64.deb
1b67fcdf85689492eb7bfbd1ac1b80a8716dc527
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_amd64.deb
85770f49e2cde68414d7f8924e18cf3b02d26854
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_amd64.deb
4ea003fab2978558736a2d7de864f8c4c76a7688
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_all.deb
c92ccd34ffb5dec4c1378061e8d06ee3ed3654fe
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_all.deb
8ea95e89fadf8bb3ca1f6f5dc09bd508fcf8850d
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_amd64.deb
8182ca2f08bb0031ddccb75176602d711fc7abcf
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_amd64.deb
722b9f17b698b25394cb7d3fd1aa889cc24b1a29
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_amd64.deb
7529eedfc173f78395fecbad570e01917756c9fa
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_amd64.deb
c883ac1b91eb00e5780b2c2c7120ed59b0ce12a8
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_all.deb
f5f25b6898116fba58015b26ecf032afd2c35a37
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els16_all.deb
69a12b7fd116f0bb01cd172e9f0e099d164c94d9
CLSA-2026:1773683404
Update of alt-php
TuxCare License Agreement
0
* New microcode update packages from upstream up to 2026-02-21:
- Addition AMD CPU microcode for processor family 0x1a:
cpuid:0x00B00F21(ver:0x0B002161), cpuid:0x00B00F81(ver:0x0B008121),
cpuid:0x00B10F10(ver:0x0B101058), cpuid:0x00B20F40(ver:0x0B204037),
cpuid:0x00B40F40(ver:0x0B404035), cpuid:0x00B40F41(ver:0x0B404108),
cpuid:0x00B60F00(ver:0x0B600037), cpuid:0x00B60F80(ver:0x0B608038),
cpuid:0x00B70F00(ver:0x0B700037);
- Update AMD CPU microcode for processor family 0x19:
cpuid:0x00A00F11(ver:0x0A0011DE), cpuid:0x00A00F12(ver:0x0A001247),
cpuid:0x00A00F82(ver:0x0A00820D), cpuid:0x00A10F11(ver:0x0A101158),
cpuid:0x00A10F12(ver:0x0A101253), cpuid:0x00A10F81(ver:0x0A108109),
cpuid:0x00A20F10(ver:0x0A20102E), cpuid:0x00A20F12(ver:0x0A201211),
cpuid:0x00A40F41(ver:0x0A404108), cpuid:0x00A50F00(ver:0x0A500012),
cpuid:0x00A60F12(ver:0x0A60120A), cpuid:0x00A70F41(ver:0x0A704108),
cpuid:0x00A70F52(ver:0x0A705208), cpuid:0x00A70F80(ver:0x0A708008),
cpuid:0x00A70FC0(ver:0x0A70C008), cpuid:0x00AA0F02(ver:0x0AA0021C);
None
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* New microcode update packages from upstream up to 2026-02-21:
- Addition AMD CPU microcode for processor family 0x1a:
cpuid:0x00B00F21(ver:0x0B002161), cpuid:0x00B00F81(ver:0x0B008121),
cpuid:0x00B10F10(ver:0x0B101058), cpuid:0x00B20F40(ver:0x0B204037),
cpuid:0x00B40F40(ver:0x0B404035), cpuid:0x00B40F41(ver:0x0B404108),
cpuid:0x00B60F00(ver:0x0B600037), cpuid:0x00B60F80(ver:0x0B608038),
cpuid:0x00B70F00(ver:0x0B700037);
- Update AMD CPU microcode for processor family 0x19:
cpuid:0x00A00F11(ver:0x0A0011DE), cpuid:0x00A00F12(ver:0x0A001247),
cpuid:0x00A00F82(ver:0x0A00820D), cpuid:0x00A10F11(ver:0x0A101158),
cpuid:0x00A10F12(ver:0x0A101253), cpuid:0x00A10F81(ver:0x0A108109),
cpuid:0x00A20F10(ver:0x0A20102E), cpuid:0x00A20F12(ver:0x0A201211),
cpuid:0x00A40F41(ver:0x0A404108), cpuid:0x00A50F00(ver:0x0A500012),
cpuid:0x00A60F12(ver:0x0A60120A), cpuid:0x00A70F41(ver:0x0A704108),
cpuid:0x00A70F52(ver:0x0A705208), cpuid:0x00A70F80(ver:0x0A708008),
cpuid:0x00A70FC0(ver:0x0A70C008), cpuid:0x00AA0F02(ver:0x0AA0021C);
0
tuxcare-ubuntu20.04-els
amd64-microcode_3.20260221.1ubuntu1.3+tuxcare.els1_amd64.deb
f4609da2998555276352d2d8536f5d68d244f750
CLSA-2026:1773768694
Fix CVE(s): CVE-2025-14847
TuxCare License Agreement
0
* SECURITY UPDATE: Unauthenticated heap memory disclosure via mismatched
zlib compressed protocol headers (MongoBleed)
- debian/patches/CVE-2025-14847.patch: Return actual decompressed size
instead of buffer size in ZlibMessageCompressor::decompressData
- CVE-2025-14847
Low
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: Unauthenticated heap memory disclosure via mismatched
zlib compressed protocol headers (MongoBleed)
- debian/patches/CVE-2025-14847.patch: Return actual decompressed size
instead of buffer size in ZlibMessageCompressor::decompressData
- CVE-2025-14847
0
tuxcare-ubuntu20.04-els
mongodb_3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+tuxcare.els1_amd64.deb
69bb435e1d8be9d53950716e8ab17e2dafe1de22
mongodb-clients_3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+tuxcare.els1_amd64.deb
e71f490e4d18bc44586d3833560db665b42c9e56
mongodb-server_3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+tuxcare.els1_all.deb
251f8d81b00822281338ec13eb0c85d12c7ac513
mongodb-server-core_3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+tuxcare.els1_amd64.deb
d23b2c92eaa0cae35bff3948457254ecf296c95e
CLSA-2026:1773768935
Fix CVE(s): CVE-2026-25968, CVE-2026-25986, CVE-2026-25987
TuxCare License Agreement
0
* SECURITY UPDATE: stack buffer overflow in MSL opacity attribute parser
- debian/patches/CVE-2026-25968.patch: replace fixed-size stack buffer
with heap-allocated string and add length check
- CVE-2026-25968
* SECURITY UPDATE: heap buffer overflow write in YUV 4:2:2 image processing
- debian/patches/CVE-2026-25986.patch: fix off-by-one in pixel-pair loop
bound in ReadYUVImage and WriteYUVImage
- CVE-2026-25986
* SECURITY UPDATE: heap buffer over-read in MAP image decoder
- debian/patches/CVE-2026-25987.patch: validate colormap size against
depth before buffer allocation
- CVE-2026-25987
Critical
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: stack buffer overflow in MSL opacity attribute parser
- debian/patches/CVE-2026-25968.patch: replace fixed-size stack buffer
with heap-allocated string and add length check
- CVE-2026-25968
* SECURITY UPDATE: heap buffer overflow write in YUV 4:2:2 image processing
- debian/patches/CVE-2026-25986.patch: fix off-by-one in pixel-pair loop
bound in ReadYUVImage and WriteYUVImage
- CVE-2026-25986
* SECURITY UPDATE: heap buffer over-read in MAP image decoder
- debian/patches/CVE-2026-25987.patch: validate colormap size against
depth before buffer allocation
- CVE-2026-25987
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_amd64.deb
1075fa98f865ae34c4b18a8a8c4e7ddbc3f55a76
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_all.deb
bbfdafde23d74e1c46b4160adfa59fc42770955c
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_all.deb
2ab51504d3eefb9fbcf1945f59b97acb5f31cb63
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_amd64.deb
543f9dcf1b47ad551ec1ffe31b87b36745c08653
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_amd64.deb
78f931b4abe04f1eb1bce0b209210c20b81e45b1
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_all.deb
418659eecefd02140e8d6bb79da27538cf05760d
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_all.deb
35489f1dbd0237fa4e37307629d5441923ed0bc0
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_all.deb
1ed281bb47f1b83c714e8bded6e399a05f7dd3d6
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_amd64.deb
f654e7620d613cd212107cbf29fc4ffd4106ae57
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_amd64.deb
44b300c673f5f91bd87f79cac83bb52178630377
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_all.deb
a83974162d162285975fe71f831d51ad9727c961
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_amd64.deb
12d55b94c129be17ce9f51758af5ddd65acd94f0
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_amd64.deb
09539c93e6aeeb8817374ced58757888e536be8e
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_amd64.deb
cdb83bf8dff73eb91d9dde10caf1d76471dfb9f7
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_amd64.deb
bbddd869492a9ca4fa119974b31a82c6a79d8c00
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_all.deb
5ba43efc7123c5c82fcdc0257e99a223a5baf2c2
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_amd64.deb
1b7e225e194b3510d50ddd988b5343255da17065
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_all.deb
5f2dfad425f8d0801c32e7bfe412bd566d095295
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_amd64.deb
ff107f5c70220c838ff8c4c967510db322518d8a
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_amd64.deb
74836fc17e642206a72a572c7bb2a04c35a9ce0d
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_amd64.deb
179c461d72fe46012e9ddd975d7e97c4548ca850
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_amd64.deb
fe83b1d9403547e7533d7b73ee8a0aaa9b08a213
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_amd64.deb
a48166fec552773e2bd388969643b5eafad0eac0
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_amd64.deb
89abde159c803ff62109cf09d01bf78c6fcef30f
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_all.deb
51ecf269e441644d1c6a1582dcff4180e46a0730
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_all.deb
898af8a43301dcccaa372288c52d8341f760c625
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_amd64.deb
d58a22c30c9dbd0f4c0eb128b658d78e5181c74d
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_amd64.deb
3c307a6909e7c9ccb55a8885667385cee737d28b
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_amd64.deb
8bb9fe407dce890cef8e50e8994475a74825ba05
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_amd64.deb
5f757b1d1a6cbaf8a2da4b6bf806ed6818bfd873
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_all.deb
4272cdd0b9a7e66bda573c67719859e8da4f4918
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els17_all.deb
2ebb4adc385f74ec55f0adda91acca66ce75e50d
CLSA-2026:1773772035
Fix CVE(s): CVE-2025-23048
TuxCare License Agreement
0
* SECURITY UPDATE: SNI validation issue in mod_ssl
- debian/patches/CVE-2025-23048.patch: update SNI validation to
move the SSL compatibility check after strict SNI hostname
verification in modules/ssl/ssl_engine_kernel.c.
- CVE-2025-23048
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: SNI validation issue in mod_ssl
- debian/patches/CVE-2025-23048.patch: update SNI validation to
move the SSL compatibility check after strict SNI hostname
verification in modules/ssl/ssl_engine_kernel.c.
- CVE-2025-23048
0
tuxcare-ubuntu20.04-els
apache2_2.4.41-4ubuntu3.23+tuxcare.els1_amd64.deb
2e41da56128c88cdfabc79a4d37c02aa1b941252
apache2-bin_2.4.41-4ubuntu3.23+tuxcare.els1_amd64.deb
81c668c9f2886c79cebc1bd6d36b66204f8482c8
apache2-data_2.4.41-4ubuntu3.23+tuxcare.els1_all.deb
ccfbd74d234b69ab09711c430bd11e1e8054f4a0
apache2-dev_2.4.41-4ubuntu3.23+tuxcare.els1_amd64.deb
1abac993f226abb9d5d6841b533aad0572a30522
apache2-doc_2.4.41-4ubuntu3.23+tuxcare.els1_all.deb
15fbf0d46e782a23455b9a1877da5a97e214c848
apache2-ssl-dev_2.4.41-4ubuntu3.23+tuxcare.els1_amd64.deb
0780146d42e1765ebf41bf468e41aa134e5fff9a
apache2-suexec-custom_2.4.41-4ubuntu3.23+tuxcare.els1_amd64.deb
f47f1861619f28fb364e056f78fb3e7dc994e084
apache2-suexec-pristine_2.4.41-4ubuntu3.23+tuxcare.els1_amd64.deb
52762e773c980354d572ec1589330310f6a3d1e5
apache2-utils_2.4.41-4ubuntu3.23+tuxcare.els1_amd64.deb
20f530f58415a36d2c71a4989f601bc112e4739a
libapache2-mod-md_2.4.41-4ubuntu3.23+tuxcare.els1_amd64.deb
955b905e8a7c9a35906f0a9bfb648f7a67c2dfbb
libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.23+tuxcare.els1_amd64.deb
cab6c2fabf5acb553c5e54bcc10f604a142246f9
CLSA-2026:1773941493
Fix CVE(s): CVE-2025-66614
TuxCare License Agreement
0
* SECURITY UPDATE: Improper Input Validation vulnerability
- debian/patches/CVE-2025-66614.patch: Add protocol host name and SNI host
name matching with strictSNI attribute on the Connector. Covers NIO, NIO2,
and APR connectors.
- CVE-2025-66614
Critical
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: Improper Input Validation vulnerability
- debian/patches/CVE-2025-66614.patch: Add protocol host name and SNI host
name matching with strictSNI attribute on the Connector. Covers NIO, NIO2,
and APR connectors.
- CVE-2025-66614
0
tuxcare-ubuntu20.04-els
libtomcat9-embed-java_9.0.31-1ubuntu0.9+tuxcare.els2_all.deb
335f68c2ce914babcc2e526c178d124e8e2c3054
libtomcat9-java_9.0.31-1ubuntu0.9+tuxcare.els2_all.deb
f3730283c63fd748c3f215a1bbd2935694c8ae0c
tomcat9_9.0.31-1ubuntu0.9+tuxcare.els2_all.deb
4a13a8c72a05071d3ae79383c585ec80095aa277
tomcat9-admin_9.0.31-1ubuntu0.9+tuxcare.els2_all.deb
1621d4517ac6406b50b2641862bb096afb43f855
tomcat9-common_9.0.31-1ubuntu0.9+tuxcare.els2_all.deb
e99d50f5d302a78f398435a5bbd062572746f6e6
tomcat9-docs_9.0.31-1ubuntu0.9+tuxcare.els2_all.deb
5028f384a14822953c5f50cc2924f1e4f6624b6a
tomcat9-examples_9.0.31-1ubuntu0.9+tuxcare.els2_all.deb
a76841cfa649c11672d1c3e7df80fb7c809492f9
tomcat9-user_9.0.31-1ubuntu0.9+tuxcare.els2_all.deb
9857959a331273a686eebe72c767002d8676d0f6
CLSA-2026:1774007526
Fix CVE(s): CVE-2026-3731
TuxCare License Agreement
0
* SECURITY UPDATE: out-of-bounds read in sftp extension name handler
- debian/patches/CVE-2026-3731.patch: fix off-by-one bounds check
in sftp_extensions_get_name and sftp_extensions_get_data
- CVE-2026-3731
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: out-of-bounds read in sftp extension name handler
- debian/patches/CVE-2026-3731.patch: fix off-by-one bounds check
in sftp_extensions_get_name and sftp_extensions_get_data
- CVE-2026-3731
0
tuxcare-ubuntu20.04-els
libssh-4_0.9.3-2ubuntu2.5+tuxcare.els3_amd64.deb
814ce8ea0ed92934291aab0aabbe7190c485088b
libssh-dev_0.9.3-2ubuntu2.5+tuxcare.els3_amd64.deb
575f56c4d63dcca2ac8a3f96cd271bb05b26f13a
libssh-doc_0.9.3-2ubuntu2.5+tuxcare.els3_all.deb
75582f9d7d354b19b3f95daf220c644b740b4c30
libssh-gcrypt-4_0.9.3-2ubuntu2.5+tuxcare.els3_amd64.deb
292f53d40dd113420a698941906df06c4a070962
libssh-gcrypt-dev_0.9.3-2ubuntu2.5+tuxcare.els3_amd64.deb
7ed8fa0c0812f94d8662c82255bbc4548e068521
CLSA-2026:1774009875
Fix CVE(s): CVE-2026-25210
TuxCare License Agreement
0
* SECURITY UPDATE: integer overflow in doContent tag buffer reallocation.
- debian/patches/CVE-2026-25210.patch: add overflow check for tag
buffer reallocation
- CVE-2026-25210
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: integer overflow in doContent tag buffer reallocation.
- debian/patches/CVE-2026-25210.patch: add overflow check for tag
buffer reallocation
- CVE-2026-25210
0
tuxcare-ubuntu20.04-els
expat_2.2.9-1ubuntu0.8+tuxcare.els2_amd64.deb
2d25ad9bc8880b4d746d420438f6a0a9c22c0181
libexpat1_2.2.9-1ubuntu0.8+tuxcare.els2_amd64.deb
6f707e20177f844c94b43580835aabd18deba21d
libexpat1-dev_2.2.9-1ubuntu0.8+tuxcare.els2_amd64.deb
b99345b164dd1b9b4339e2cd7f22685b472aada8
CLSA-2026:1774010101
Fix CVE(s): CVE-2026-25898, CVE-2026-25971, CVE-2026-25983
TuxCare License Agreement
0
* SECURITY UPDATE: out-of-bound read with negative pixel index in UIL and
XPM encoders
- debian/patches/CVE-2026-25898.patch: add bounds check on pixel index
value returned by GetPixelIndex before using as array subscript
- CVE-2026-25898
* SECURITY UPDATE: heap use-after-free in MSL repage and roll handlers
- debian/patches/CVE-2026-25983.patch: move null check before accessing
image properties in repage and roll element handlers
- CVE-2026-25983
* SECURITY UPDATE: stack overflow via infinite recursion in MSL write handler
- debian/patches/CVE-2026-25971.patch: check output format before calling
WriteImage to prevent recursive MSL processing
- CVE-2026-25971
Critical
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: out-of-bound read with negative pixel index in UIL and
XPM encoders
- debian/patches/CVE-2026-25898.patch: add bounds check on pixel index
value returned by GetPixelIndex before using as array subscript
- CVE-2026-25898
* SECURITY UPDATE: heap use-after-free in MSL repage and roll handlers
- debian/patches/CVE-2026-25983.patch: move null check before accessing
image properties in repage and roll element handlers
- CVE-2026-25983
* SECURITY UPDATE: stack overflow via infinite recursion in MSL write handler
- debian/patches/CVE-2026-25971.patch: check output format before calling
WriteImage to prevent recursive MSL processing
- CVE-2026-25971
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_amd64.deb
be35d3789fc6279a788d90d063688c9507020c0b
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_all.deb
a8b219c3f4f6f0bccaa56fc0871d0e253a01af8d
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_all.deb
bc1701c3e84348487533f1d8cb58c19f059c76ed
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_amd64.deb
2f3807e1ee58e4db9661a0e537960ba52e904631
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_amd64.deb
66810f4817ee7b46bc2caf6cbd0ab988162af37e
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_all.deb
509a98280da0faf6790647438120ae46f785d05e
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_all.deb
f1046a7da4496d2430fa7e8150f3846f034c2c18
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_all.deb
589f8bc8a1e1e22433363d762cc804d59c9d7187
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_amd64.deb
eb428a809511cd8cd029e7ee4599228b4061cedb
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_amd64.deb
8d18934c70b012dda26d273a2fb0f1d324d8daad
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_all.deb
b2bf7dbb75e2bd58e993fc32b98849da0fa3d6e2
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_amd64.deb
01b4dca6fd24470d5f0bf2951f65b801a8306521
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_amd64.deb
29273e8131c18868d9dc43287f398537ef26deeb
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_amd64.deb
b4ba0885516fe036579486f8d7133e80b949a47a
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_amd64.deb
e07104a481dfe7a5d8dedf0c226e2d85b483f2e2
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_all.deb
073e7e9f90530f498a0c1fee9c418710b58de3b0
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_amd64.deb
625adcb3a262f918cd0fce02539a86c7b3f9beeb
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_all.deb
db802c34f3f5d726ce860b8953c1c2ba90d969e6
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_amd64.deb
2e8df42cf7fb526efa9d749a11e9c7706949e7c3
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_amd64.deb
9136efc415aa333022e306deca16064e6fa14057
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_amd64.deb
0018fad8107245b2b248c62fc00aee449ffd2888
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_amd64.deb
c9b8c796dbdad00c81f5834f1fa1c3c1e2a5489a
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_amd64.deb
de6e3eb14ea2e30bc841a3173d8e785f7700a222
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_amd64.deb
78c6809da9c8c285fd6d2664be630bdcf86aafd4
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_all.deb
ed73a8e6ee5a127277c493b5b8901e220dcbb368
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_all.deb
40796ba55830fcfe0683a8ca693d94fe620032e0
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_amd64.deb
eb1a443c435ae6125dbefcc19baec8f222ab4e9e
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_amd64.deb
95f3d999d56ed2ba0a66adfe43c6066339f435a6
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_amd64.deb
0eb895aea55177dc89ee02cd0369f4f7e7e17d6a
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_amd64.deb
f67a5bb77fc406bd150c0675561f84d68289b7a2
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_all.deb
459cb1f1af468b4cb55ed0947abfbda7bbb679c0
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els18_all.deb
b27b7acec3a1253e4082df55b0c9732f0d4893c0
CLSA-2026:1774027236
Fix CVE(s): CVE-2026-27798
TuxCare License Agreement
0
* SECURITY UPDATE: heap buffer over-read with wavelet-denoise operator
- debian/patches/CVE-2026-27798.patch: use 4*columns instead of 3*columns
for resource and memory allocation in WaveletDenoiseImage to prevent
over-read when processing small-dimension images
- CVE-2026-27798
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: heap buffer over-read with wavelet-denoise operator
- debian/patches/CVE-2026-27798.patch: use 4*columns instead of 3*columns
for resource and memory allocation in WaveletDenoiseImage to prevent
over-read when processing small-dimension images
- CVE-2026-27798
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_amd64.deb
009d19b8ac8c7061aa1632a9b4594a31ac08dcfb
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_all.deb
bc94ff4374be1fe5e788ee3206c85a1ed7107bcc
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_all.deb
07b97fd44034b2d95c0041192892775164f06f95
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_amd64.deb
8d98bd7d06719b010f0da5685c269002e208461d
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_amd64.deb
7ab1315319d78adb51077178e5bcc71c64811840
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_all.deb
e60c0e52b659245423fd5e30c48e419b26290700
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_all.deb
fec95a36ba8deb4582fd590395920984e0474963
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_all.deb
3368dc3c3ad80414eff1bc3a3634ceb16ea35c4e
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_amd64.deb
7d91ed22651269712907692b9b65cdcefcae202c
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_amd64.deb
45f771404dbb0ad11b61b5a33bf8e5a7f408b288
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_all.deb
c997e3b90a5b155f4c93f81bcae24bb449d6bf5d
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_amd64.deb
befd6c2eae46b7c27af29ff9068a3dd7dcd64721
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_amd64.deb
fafcde53c69185d26120c70c9aaeab3be883ecf3
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_amd64.deb
83a11c0e161667d9384d0fe194117defbe67a68a
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_amd64.deb
bda6c1eafa2af3183c581f6cb4b339f5177b24d3
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_all.deb
f5729631522f66c56be32053f3c4f26de1699f2c
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_amd64.deb
e446c36a3b8e8120893f922e2075600317fdeffa
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_all.deb
aaa6a0dc3dd94d8c36875499fbd77d8908185691
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_amd64.deb
40b59be9e423dafc39dcb6803637171d5f36b121
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_amd64.deb
7b1277872cba674eee8074f83346606225019bf9
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_amd64.deb
c8f76aa9650805a13a1161225cd0d4b83e57e417
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_amd64.deb
ba1294693dbb8c4d0595d1e889ff632f23a8342e
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_amd64.deb
d5abb2b28a205a8a7e24b39c4f5e85ab6f4bbeea
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_amd64.deb
8e027568feba8a1b965a56cdcf8d3f687905a1f9
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_all.deb
c967f4fe8da276472f1db48f69674a98e3642d1d
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_all.deb
02a38e57848377a900cd28eb0e18cc32a293cb07
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_amd64.deb
4c4edabbda5301281c2ac19ab03000b7f3612be1
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_amd64.deb
aff94f6adeb346c1b50b075af79cfdc4b4b252e8
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_amd64.deb
55463bc6db9d391b0172de217fca8b1e9e3c8ce6
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_amd64.deb
0a5580a7c5b6de0fbdf565762c3277c4c8784ea0
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_all.deb
023722ce6d7d3f0cddd6cb57688dd2095a28ba85
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els19_all.deb
b49954db8816df6b13a5373ed4b6f1f8e5e0778c
CLSA-2026:1774027715
Fix CVE(s): CVE-2026-30883
TuxCare License Agreement
0
* SECURITY UPDATE: heap over-write in PNG raw profile writer
- debian/patches/CVE-2026-30883.patch: add overflow check for
allocated_length in Magick_png_write_raw_profile to prevent
integer overflow leading to heap over-write
- CVE-2026-30883
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: heap over-write in PNG raw profile writer
- debian/patches/CVE-2026-30883.patch: add overflow check for
allocated_length in Magick_png_write_raw_profile to prevent
integer overflow leading to heap over-write
- CVE-2026-30883
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_amd64.deb
e0754d17e7eaaf1bd35fe793b6dd6d6b7509e8c4
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_all.deb
34f9c8d973b412fe0b199b5140b75f595e3dae5a
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_all.deb
4584a1b57ed651a94f90a25f62d804f32cc888e7
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_amd64.deb
c0b9aee02c6d2e7655f47f4567b092477f6bee40
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_amd64.deb
1f14b97e2099bb8d4a1592ef782986040f5c486e
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_all.deb
dd4e35934c0947137346802ef8ac8b258f77fe56
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_all.deb
13f5a9028ceaac491f15f2206156d7aab217ce1a
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_all.deb
530b02ce3cd7ee3dcfe6abfeca1dda5a4e779f19
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_amd64.deb
29c5082297dcdc9d89814016eccc3c7dc509b64a
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_amd64.deb
1429dc161e5a8a050c398e1e2d3323f9a3adcc14
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_all.deb
54cdff78faee7d1fda3c8d85e8097c9450bbb853
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_amd64.deb
dd4aa5aeb9809261e1fe9053b40bb4587bedb960
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_amd64.deb
063de58191ed01b8f068229ee1225acc41b4d65a
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_amd64.deb
45cbcfd20b0f6e7112c3f255b4be7135adc9892c
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_amd64.deb
5f1492dd67d80a0ca785eebb4ba293b581cfcf17
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_all.deb
6b904126337bb662e9ee93272a8c525f2200b461
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_amd64.deb
197622456bae14adb23ba93a6642a712000e1e34
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_all.deb
52c6440e44110010c759c410210765d483a7d26b
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_amd64.deb
a80560bac887d8d7a802e19b0693f69514ce168e
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_amd64.deb
e9017f04d34ebf1435a29aa6c548107b71931d22
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_amd64.deb
45d46ea05c65d653332b25cbe0cb667e7cd26f42
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_amd64.deb
92252a263743e769364794a425828dcc0ea7b007
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_amd64.deb
ed0623356f5d0b66ede146fc42962d04473738ea
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_amd64.deb
c722bfa9c6ed20670e0fc3eae0e9851e6414c28a
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_all.deb
68eea38fe4b5f5cacd612cd8dc7b34b22e748df6
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_all.deb
c640d6371e59985c59f246c7e6259d60c1221cad
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_amd64.deb
7b8bd0cc5576b83d9bca90d855728d0afd6a60d3
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_amd64.deb
54221057f1d10d001e5287abe0176c3fb5fffbdd
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_amd64.deb
e49bf4bc09da54436cf1c5bb1008510d35a4d7df
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_amd64.deb
5767357db5e635b509d056e5b5e46c903c4dcbd7
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_all.deb
f98cfa6c258840b18f31779923389ee7764e62ea
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els20_all.deb
66d712ec99dee29d7665fa91106b21ef69331c83
CLSA-2026:1774279106
Update of alt-php
TuxCare License Agreement
0
* Update ca-certificates database to 20260303:
- mozilla\{certdata.h,nssckbi.h}: Update Mozilla certificate
authority bundle of the version 2.84.
- The following certificates were updated:
# Certificate "GlobalSign Root CA"
# Certificate "Entrust.net Premium 2048 Secure Server CA"
# Certificate "Comodo AAA Services root"
# Certificate "XRamp Global CA Root"
# Certificate "Go Daddy Class 2 CA"
# Certificate "Starfield Class 2 CA"
- The following certificates were added:
# Certificate "TrustAsia SMIME ECC Root CA"
# Certificate "TrustAsia SMIME RSA Root CA"
# Certificate "TrustAsia TLS ECC Root CA"
# Certificate "TrustAsia TLS RSA Root CA"
# Certificate "SwissSign RSA SMIME Root CA 2022 - 1"
# Certificate "SwissSign RSA TLS Root CA 2022 - 1"
# Certificate "OISTE Client Root ECC G1"
# Certificate "OISTE Client Root RSA G1"
# Certificate "OISTE Server Root ECC G1"
# Certificate "OISTE Server Root RSA G1"
# Certificate "e-Szigno TLS Root CA 2023"
- The following certificates were removed:
# Certificate "Baltimore CyberTrust Root"
None
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* Update ca-certificates database to 20260303:
- mozilla\{certdata.h,nssckbi.h}: Update Mozilla certificate
authority bundle of the version 2.84.
- The following certificates were updated:
# Certificate "GlobalSign Root CA"
# Certificate "Entrust.net Premium 2048 Secure Server CA"
# Certificate "Comodo AAA Services root"
# Certificate "XRamp Global CA Root"
# Certificate "Go Daddy Class 2 CA"
# Certificate "Starfield Class 2 CA"
- The following certificates were added:
# Certificate "TrustAsia SMIME ECC Root CA"
# Certificate "TrustAsia SMIME RSA Root CA"
# Certificate "TrustAsia TLS ECC Root CA"
# Certificate "TrustAsia TLS RSA Root CA"
# Certificate "SwissSign RSA SMIME Root CA 2022 - 1"
# Certificate "SwissSign RSA TLS Root CA 2022 - 1"
# Certificate "OISTE Client Root ECC G1"
# Certificate "OISTE Client Root RSA G1"
# Certificate "OISTE Server Root ECC G1"
# Certificate "OISTE Server Root RSA G1"
# Certificate "e-Szigno TLS Root CA 2023"
- The following certificates were removed:
# Certificate "Baltimore CyberTrust Root"
0
tuxcare-ubuntu20.04-els
libnss3_3.98-0ubuntu0.20.04.2+tuxcare.els2_amd64.deb
ee851c74bcd6e5f2d1857f4b588c96a419b0ad7e
libnss3-dev_3.98-0ubuntu0.20.04.2+tuxcare.els2_amd64.deb
292bdbd00ad2e77ed5dbee652acba2e3975a7aa0
libnss3-tools_3.98-0ubuntu0.20.04.2+tuxcare.els2_amd64.deb
dcec8012039cda8e99d3d465765f23e5523edad8
CLSA-2026:1774283672
Fix CVE(s): CVE-2026-25965
TuxCare License Agreement
0
* SECURITY UPDATE: local file disclosure through path traversal bypass of path
security policy
- debian/patches/CVE-2026-25965.patch: Resolve and canonicalize file paths
before policy pattern matching; prevent path traversal by fixing policy
checks that matched unnormalized paths (including symlinks and '../')
allowing bypass.
- CVE-2026-25965
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: local file disclosure through path traversal bypass of path
security policy
- debian/patches/CVE-2026-25965.patch: Resolve and canonicalize file paths
before policy pattern matching; prevent path traversal by fixing policy
checks that matched unnormalized paths (including symlinks and '../')
allowing bypass.
- CVE-2026-25965
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_amd64.deb
551534c6685f89edc6de62e3440efde6c7829fcb
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_all.deb
b65a7cbd0e707fcf45be50d6a8b061145dec9ea1
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_all.deb
8d314125697c354c25c69763e0345766127d9453
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_amd64.deb
bab77d50946bb8b207f5d1c9ac115f638c52a8b8
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_amd64.deb
62df5c069d745832068c0cc495814f71b1ec95cd
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_all.deb
826a87eff93e90891cebfab9c7738609e360b932
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_all.deb
7dae8c640af94ebcd902e0c668765b77890bb6ee
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_all.deb
3b05d560ef5ef690bc8ea5da9c744b4ceef03f17
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_amd64.deb
f17a9270f4b1beaa891b91427e346195bf70b9b7
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_amd64.deb
4aedc85038b4d512646ec6e87e7dd4dc16c22881
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_all.deb
2e84fd91371b505e23ebe59d5045d88db6c1c0dd
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_amd64.deb
2cb2f4f5028eb3e2575679f92436c2ac0f808b5d
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_amd64.deb
44ff0bacacb3e1cbb443eac1862e5ca17c3131da
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_amd64.deb
32b90e5ee7201d204a87ac1077a6d4fcff73e47a
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_amd64.deb
5fa6d1f85b4ef4679c4bb641963f6d304a2ad8d4
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_all.deb
2ade137224f79bdb2fb24abfd9033a42df11df3b
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_amd64.deb
9683ea9a411529c57d00c520b44bad74c35113c3
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_all.deb
53653aaaa404652c3532b7fc10ee4332cf74025e
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_amd64.deb
82c9b0ca7cafe4551ecc812451dc8c3d61c3822f
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_amd64.deb
a089505307dcddb57d9068954509d703dd007d0c
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_amd64.deb
88bd173ff9009fe59a8f54b86dc1df600881021f
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_amd64.deb
1171240a81903e293e674b7ef2f8dac8c807f80c
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_amd64.deb
01e47fdfe1e64b518700097257d98d4864096357
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_amd64.deb
0f8e8835ebfd2628abfb7852562a615b639b829c
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_all.deb
05782feac95122919211249107ae129189780126
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_all.deb
c70b4dd2d7386209862347542a74d05484256ef7
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_amd64.deb
46bcf4c011ebffd8f33a1ff2e203f9e518eba9b8
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_amd64.deb
6ced10e066ff1b97808b30b40af512eba6c41ef6
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_amd64.deb
366e665df0485d546f7b2bf15f1613002b7f6044
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_amd64.deb
815600c6d53f1ce0dc34dffcb92702bbee34dc54
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_all.deb
104d095fd8aff36b9b12485dee9d2b003fcb9367
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els21_all.deb
aa762028c58d048f9285b80b45226b96383d68e1
CLSA-2026:1774351941
Fix CVE(s): CVE-2026-23952, CVE-2026-25970, CVE-2026-25988
TuxCare License Agreement
0
* SECURITY UPDATE: NULL pointer dereference in MSL parser
- debian/patches/CVE-2026-23952.patch: add NULL check for image
before DeleteImageProperty in comment and label tag handlers
- CVE-2026-23952
* SECURITY UPDATE: memory leak in MSL parser
- debian/patches/CVE-2026-25988.patch: return stack index from
MSLPushImage to ensure correct image slot tracking
- CVE-2026-25988
* SECURITY UPDATE: signed integer overflow in SIXEL decoder
- debian/patches/CVE-2026-25970.patch: use ssize_t for position
and offset variables to prevent integer overflow in sixel_decode
- CVE-2026-25970
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: NULL pointer dereference in MSL parser
- debian/patches/CVE-2026-23952.patch: add NULL check for image
before DeleteImageProperty in comment and label tag handlers
- CVE-2026-23952
* SECURITY UPDATE: memory leak in MSL parser
- debian/patches/CVE-2026-25988.patch: return stack index from
MSLPushImage to ensure correct image slot tracking
- CVE-2026-25988
* SECURITY UPDATE: signed integer overflow in SIXEL decoder
- debian/patches/CVE-2026-25970.patch: use ssize_t for position
and offset variables to prevent integer overflow in sixel_decode
- CVE-2026-25970
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_amd64.deb
955d4a2964f9cb51497ffc5617a172edf089d35a
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_all.deb
5bbc6c5d7f3b1275d67a13623948f43861467a34
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_all.deb
9574e97503fa9b2c263317a2065222857b281fcd
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_amd64.deb
56d5ca8cd9e65ab528419c0919cb595437d3b941
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_amd64.deb
1f489911d30c2dec1f03f645bded240ba87b6bf1
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_all.deb
1162eb49f87cdc1be4472a180d753c352924020a
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_all.deb
db23d08fbabcb1b9f5601ac1f930b02b0a66ee44
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_all.deb
f071384cd240b1f487eb4802f793c99e64f2aa26
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_amd64.deb
fc045c3ce762ac4c1e00547b3294779c1d5f61e9
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_amd64.deb
e40663a054d88cf510294f6066b3585a7eca31aa
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_all.deb
fea5f57a22588724749f8e830499bc982107bd7c
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_amd64.deb
618f1c9bdde222a027e6f9350a8605acd2f52be7
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_amd64.deb
2d7bf49f9573866dc07fd178cab8e97ab514b2b1
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_amd64.deb
dc832d946b6bcd830802214986055017991d5d1c
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_amd64.deb
c3c0cda26154b032bd0a41f3389e6bfc214f7e0e
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_all.deb
5d7a12621b99f918bd8db794bbd3462723452f26
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_amd64.deb
1bf5481c2d4871670098728ebafd588a6bd98806
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_all.deb
bd115eaa4ffb8ee4f2603072c1e241f5e57d300d
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_amd64.deb
47e8035f2a8b0ef0c3804b2281735f25e6fc93c0
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_amd64.deb
7154adfeb51a5650e2c9e5e92a7b57bbe85f194b
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_amd64.deb
5d8811df2f9035c501f7dcef86e03ca363e65462
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_amd64.deb
6c0ac4a305d250beb2dac3f4e632aa06f9f7c860
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_amd64.deb
a0297d1e48fc820d5831d534a73745dc0caf56a4
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_amd64.deb
8947351ea81e7641078e31cf4605e96c224c6c1b
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_all.deb
75128d6d5b389b8ce685583ebacc48a6c6c64cb3
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_all.deb
0427d6f94db6405fe1e9dde8399ab78e966347f1
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_amd64.deb
be148473d3af6c8a8b1a47f33c16984a187247e8
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_amd64.deb
b239464555d4fb1c1373548a5f5749215a14ab66
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_amd64.deb
cb0c1cbe3f7f723e45106ecda3eca085ba0c9481
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_amd64.deb
85ef40bf0c88edf1c4dbf8adca3a3812df227efe
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_all.deb
640ece13f3b41d6f38eb50ab3c1b85a9a0dfb6e0
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els22_all.deb
b56b202f76f514a33bdd9e23b8e4245ff41d438b
CLSA-2026:1774366569
Fix CVE(s): CVE-2026-3497
TuxCare License Agreement
0
* SECURITY UPDATE: pre-auth crash via GSSAPI key exchange
- debian/patches/CVE-2026-3497.patch: replace sshpkt_disconnect() with
ssh_packet_disconnect() and initialize gss_buffer_desc variables in
kexgssc.c, kexgsss.c.
- CVE-2026-3497
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: pre-auth crash via GSSAPI key exchange
- debian/patches/CVE-2026-3497.patch: replace sshpkt_disconnect() with
ssh_packet_disconnect() and initialize gss_buffer_desc variables in
kexgssc.c, kexgsss.c.
- CVE-2026-3497
0
tuxcare-ubuntu20.04-els
openssh-client_8.2p1-4ubuntu0.13+tuxcare.els1_amd64.deb
47ff9a27962a8d039c869b5835e2384a5addbd7e
openssh-server_8.2p1-4ubuntu0.13+tuxcare.els1_amd64.deb
35bb8143de1f0c3320b58b7e7a6bf737bc6868d3
openssh-sftp-server_8.2p1-4ubuntu0.13+tuxcare.els1_amd64.deb
4bee23ec175e0405dfcdb7540532629425d3737f
openssh-tests_8.2p1-4ubuntu0.13+tuxcare.els1_amd64.deb
2c1b731de22209d29dc81b9c2206d147f6014ed7
ssh_8.2p1-4ubuntu0.13+tuxcare.els1_all.deb
13b398e75b159e775c5e70118c0ad45566a10d2e
ssh-askpass-gnome_8.2p1-4ubuntu0.13+tuxcare.els1_amd64.deb
86a176ceb6f84f8a7d2798caa422d9a1203fcb6b
CLSA-2026:1775224807
Fix of 95 CVEs
TuxCare License Agreement
0
* CVE-2025-39683
- tracing: Remove unneeded goto out logic {CVE-2025-39683}
- tracing: Limit access to parser->buffer when trace_get_user failed
{CVE-2025-39683}
* CVE-2025-38079
- crypto: algif_hash - fix double free in hash_accept {CVE-2025-38079}
* CVE-2025-38159
- wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds
{CVE-2025-38159}
* CVE-2025-38211
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
{CVE-2025-38211}
* CVE-2025-38024
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
{CVE-2025-38024}
* CVE-2025-38103
- HID: hyperv: Correctly access fields declared as __le16 {CVE-2025-38103}
- HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()
{CVE-2025-38103}
* CVE-2025-38157
- wifi: ath9k_htc: Abort software beacon handling if disabled
{CVE-2025-38157}
* CVE-2025-38230
- jfs: add sanity check for agwidth in dbMount {CVE-2025-38230}
- fs/jfs: consolidate sanity checking in dbMount {CVE-2025-38230}
- jfs: validate AG parameters in dbMount() to prevent crashes
{CVE-2025-38230}
* CVE-2025-39955
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().
{CVE-2025-39955}
* CVE-2025-38680
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()
{CVE-2025-38680}
* CVE-2025-38708
- drbd: add missing kref_get in handle_write_conflicts {CVE-2025-38708}
* CVE-2025-39759
- btrfs: qgroup: introduce quota mode {CVE-2025-39759}
- btrfs: qgroup: fix race between quota disable and quota rescan ioctl
{CVE-2025-39759}
* CVE-2025-38666
- net: appletalk: Fix use-after-free in AARP proxy probe {CVE-2025-38666}
* CVE-2025-40269
- ALSA: usb-audio: Improve frames size computation {CVE-2025-40269}
- ALSA: usb-audio: Replace s/frame/packet/ where appropriate
{CVE-2025-40269}
- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
{CVE-2025-40269}
* CVE-2025-40149
- net: netdevice: Add operation ndo_sk_get_lower_dev {CVE-2025-40149}
- net/tls: Device offload to use lowest netdevice in chain
{CVE-2025-40149}
- tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().
{CVE-2025-40149}
* CVE-2025-71089
- iommu: disable SVA when CONFIG_X86 is set {CVE-2025-71089}
* CVE-2026-23234
- f2fs: fix to avoid UAF in f2fs_write_end_io() {CVE-2026-23234}
* CVE-2026-23089
- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
{CVE-2026-23089}
* CVE-2026-23074
- net/sched: Enforce that teql can only be used as root qdisc
{CVE-2026-23074}
* CVE-2026-23061
- can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak
{CVE-2026-23061}
* CVE-2026-23060
- crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN
spec {CVE-2026-23060}
* CVE-2026-22997
- net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session
upon receiving the second rts {CVE-2026-22997}
* CVE-2026-22991
- libceph: make free_choose_arg_map() resilient to partial allocation
{CVE-2026-22991}
* CVE-2026-22990
- libceph: replace overzealous BUG_ON in osdmap_apply_incremental()
{CVE-2026-22990}
* CVE-2026-22978
- wifi: avoid kernel-infoleak from struct iw_point {CVE-2026-22978}
* CVE-2026-22977
- net: sock: fix hardened usercopy panic in sock_recv_errqueue
{CVE-2026-22977}
* CVE-2025-71154
- net: usb: rtl8150: fix memory leak on usb_submit_urb() failure
{CVE-2025-71154}
* CVE-2025-71085
- ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()
{CVE-2025-71085}
* CVE-2025-68734
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()
{CVE-2025-68734}
* CVE-2025-68349
- NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in
pnfs_mark_layout_stateid_invalid {CVE-2025-68349}
* CVE-2025-68340
- team: Move team device type change at the end of team_port_add
{CVE-2025-68340}
* CVE-2025-68325
- net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop
{CVE-2025-68325}
* CVE-2025-68287
- usb: dwc3: Fix race condition between concurrent dwc3_remove_requests()
call paths {CVE-2025-68287}
* CVE-2025-68285
- libceph: fix potential use-after-free in have_mon_and_osd_map()
{CVE-2025-68285}
* CVE-2025-68241
- ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe
{CVE-2025-68241}
* CVE-2025-68229
- scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show()
{CVE-2025-68229}
* CVE-2025-68220
- net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return
NULL on error {CVE-2025-68220}
* CVE-2025-68194
- media: imon: make send_packet() more robust {CVE-2025-68194}
* CVE-2025-68192
- net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup
{CVE-2025-68192}
* CVE-2025-68185
- nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode
dereferencing {CVE-2025-68185}
* CVE-2025-68168
- jfs: fix uninitialized waitqueue in transaction manager {CVE-2025-68168}
* CVE-2025-40363
- net: ipv6: fix field-spanning memcpy warning in AH output
{CVE-2025-40363}
* CVE-2025-40331
- sctp: Prevent TOCTOU out-of-bounds write {CVE-2025-40331}
* CVE-2025-40322
- fbdev: bitblit: bound-check glyph index in bit_putcs* {CVE-2025-40322}
* CVE-2025-40317
- regmap: slimbus: fix bus_context pointer in regmap init calls
{CVE-2025-40317}
* CVE-2025-40315
- usb: gadget: f_fs: Fix epfile null pointer access after ep enable.
{CVE-2025-40315}
* CVE-2025-40309
- Bluetooth: SCO: Fix UAF on sco_conn_free {CVE-2025-40309}
* CVE-2025-40308
- Bluetooth: bcsp: receive data only if registered {CVE-2025-40308}
* CVE-2025-40306
- orangefs: fix xattr related buffer overflow... {CVE-2025-40306}
* CVE-2025-40304
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds
{CVE-2025-40304}
* CVE-2025-40283
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF
{CVE-2025-40283}
* CVE-2025-40282
- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path
{CVE-2025-40282}
* CVE-2025-40277
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
{CVE-2025-40277}
* CVE-2025-40275
- ALSA: usb-audio: Fix NULL pointer dereference in
snd_usb_mixer_controls_badd {CVE-2025-40275}
* CVE-2025-40264
- be2net: pass wrb_params in case of OS2BMC {CVE-2025-40264}
* CVE-2025-40263
- Input: cros_ec_keyb - fix an invalid memory access {CVE-2025-40263}
* CVE-2025-40259
- scsi: sg: Do not sleep in atomic context {CVE-2025-40259}
* CVE-2025-40254
- net: openvswitch: remove never-working support for setting nsh fields
{CVE-2025-40254}
* CVE-2025-40248
- vsock: Ignore signal/timeout on connect() if already established
{CVE-2025-40248}
* CVE-2025-40211
- ACPI: video: Fix use-after-free in acpi_video_switch_brightness()
{CVE-2025-40211}
* CVE-2025-40106
- comedi: fix divide-by-zero in comedi_buf_munge() {CVE-2025-40106}
* CVE-2025-40087
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type
{CVE-2025-40087}
* CVE-2025-40055
- ocfs2: fix double free in user_cluster_connect() {CVE-2025-40055}
* CVE-2025-39945
- cnic: Fix use-after-free bugs in cnic_delete_task {CVE-2025-39945}
* CVE-2025-39738
- btrfs: do proper error handling in create_reloc_root {CVE-2025-39738}
- btrfs: do not allow relocation of partially dropped subvolumes
{CVE-2025-39738}
* CVE-2025-39685
- comedi: pcl726: Prevent invalid irq number {CVE-2025-39685}
* CVE-2024-46830
- KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
{CVE-2024-46830}
* CVE-2024-41014
- xfs: add bounds checking to xlog_recover_process_data {CVE-2024-41014}
* CVE-2025-39866
- fs: writeback: fix use-after-free in __mark_inode_dirty()
{CVE-2025-39866}
* CVE-2025-39686
- comedi: Fix some signed shift left operations {CVE-2025-39686}
- comedi: Make insn_rw_emulate_bits() do insn->n samples {CVE-2025-39686}
* CVE-2025-39766
- net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
{CVE-2025-39766}
* CVE-2025-39828
- net/atm: remove the atmdev_ops {get, set}sockopt methods
{CVE-2025-39828}
- atm: atmtcp: Free invalid length skb in atmtcp_c_send().
{CVE-2025-39828}
- atm: Revert atm_account_tx() if copy_from_iter_full() fails.
{CVE-2025-39828}
- atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().
{CVE-2025-39828}
* CVE-2022-49267
- mmc: core: Do not export MMC_NAME= and MODALIAS=mmc:block for SDIO cards
{CVE-2022-49267}
- mmc: core: Export device/vendor ids from Common CIS for SDIO cards
{CVE-2022-49267}
- mmc: sdio: Extend sdio_config_attr macro and use it also for modalias
{CVE-2022-49267}
- mmc: sdio: Export SDIO revision and info strings to userspace
{CVE-2022-49267}
- mmc: sdio: Parse CISTPL_VERS_1 major and minor revision numbers
{CVE-2022-49267}
- mmc: core: use sysfs_emit() instead of sprintf() {CVE-2022-49267}
* CVE-2025-39967
- fbcon: fix integer overflow in fbcon_do_set_font {CVE-2025-39967}
* CVE-2025-38108
- net_sched: red: fix a race in __red_change() {CVE-2025-38108}
* CVE-2025-38212
- ipc: fix to protect IPCS lookups using RCU {CVE-2025-38212}
* CVE-2025-38403
- vsock/vmci: Clear the vmci transport packet properly when initializing
it {CVE-2025-38403}
* CVE-2025-38464
- tipc: Fix use-after-free in tipc_conn_close(). {CVE-2025-38464}
* CVE-2025-38555
- usb: gadget : fix use-after-free in composite_dev_cleanup()
{CVE-2025-38555}
* CVE-2025-38652
- f2fs: fix to avoid out-of-boundary access in devs.path {CVE-2025-38652}
* CVE-2025-38677
- f2fs: fix to avoid out-of-boundary access in dnode page {CVE-2025-38677}
* CVE-2025-38713
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
{CVE-2025-38713}
* CVE-2025-38714
- hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() {CVE-2025-38714}
* CVE-2025-38715
- hfs: fix slab-out-of-bounds in hfs_bnode_read() {CVE-2025-38715}
* CVE-2025-38729
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too
{CVE-2025-38729}
* CVE-2025-39691
- fs/buffer: fix use-after-free when call bh_read() helper
{CVE-2025-39691}
* CVE-2025-39743
- jfs: truncate good inode pages when hard link is 0 {CVE-2025-39743}
* CVE-2025-39783
- PCI: endpoint: Fix configfs group list head handling {CVE-2025-39783}
* CVE-2025-39824
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation {CVE-2025-39824}
* CVE-2025-39839
- batman-adv: fix OOB read/write in network-coding decode {CVE-2025-39839}
* CVE-2025-39913
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to
allocate psock->cork. {CVE-2025-39913}
* CVE-2025-40240
- sctp: avoid NULL dereference when chunk data buffer is missing
{CVE-2025-40240}
* CVE-2025-38004
- can: bcm: add locking for bcm_op runtime updates {CVE-2025-38004}
* Miscellaneous upstream changes
- wifi: wilc1000: avoid buffer overflow in WID string configuration
{CVE-2025-39952}
- Revert "dm-bufio: don't schedule in atomic context {CVE-2025-37928}"
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* CVE-2025-39683
- tracing: Remove unneeded goto out logic {CVE-2025-39683}
- tracing: Limit access to parser->buffer when trace_get_user failed
{CVE-2025-39683}
* CVE-2025-38079
- crypto: algif_hash - fix double free in hash_accept {CVE-2025-38079}
* CVE-2025-38159
- wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds
{CVE-2025-38159}
* CVE-2025-38211
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
{CVE-2025-38211}
* CVE-2025-38024
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
{CVE-2025-38024}
* CVE-2025-38103
- HID: hyperv: Correctly access fields declared as __le16 {CVE-2025-38103}
- HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()
{CVE-2025-38103}
* CVE-2025-38157
- wifi: ath9k_htc: Abort software beacon handling if disabled
{CVE-2025-38157}
* CVE-2025-38230
- jfs: add sanity check for agwidth in dbMount {CVE-2025-38230}
- fs/jfs: consolidate sanity checking in dbMount {CVE-2025-38230}
- jfs: validate AG parameters in dbMount() to prevent crashes
{CVE-2025-38230}
* CVE-2025-39955
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().
{CVE-2025-39955}
* CVE-2025-38680
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()
{CVE-2025-38680}
* CVE-2025-38708
- drbd: add missing kref_get in handle_write_conflicts {CVE-2025-38708}
* CVE-2025-39759
- btrfs: qgroup: introduce quota mode {CVE-2025-39759}
- btrfs: qgroup: fix race between quota disable and quota rescan ioctl
{CVE-2025-39759}
* CVE-2025-38666
- net: appletalk: Fix use-after-free in AARP proxy probe {CVE-2025-38666}
* CVE-2025-40269
- ALSA: usb-audio: Improve frames size computation {CVE-2025-40269}
- ALSA: usb-audio: Replace s/frame/packet/ where appropriate
{CVE-2025-40269}
- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
{CVE-2025-40269}
* CVE-2025-40149
- net: netdevice: Add operation ndo_sk_get_lower_dev {CVE-2025-40149}
- net/tls: Device offload to use lowest netdevice in chain
{CVE-2025-40149}
- tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().
{CVE-2025-40149}
* CVE-2025-71089
- iommu: disable SVA when CONFIG_X86 is set {CVE-2025-71089}
* CVE-2026-23234
- f2fs: fix to avoid UAF in f2fs_write_end_io() {CVE-2026-23234}
* CVE-2026-23089
- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
{CVE-2026-23089}
* CVE-2026-23074
- net/sched: Enforce that teql can only be used as root qdisc
{CVE-2026-23074}
* CVE-2026-23061
- can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak
{CVE-2026-23061}
* CVE-2026-23060
- crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN
spec {CVE-2026-23060}
* CVE-2026-22997
- net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session
upon receiving the second rts {CVE-2026-22997}
* CVE-2026-22991
- libceph: make free_choose_arg_map() resilient to partial allocation
{CVE-2026-22991}
* CVE-2026-22990
- libceph: replace overzealous BUG_ON in osdmap_apply_incremental()
{CVE-2026-22990}
* CVE-2026-22978
- wifi: avoid kernel-infoleak from struct iw_point {CVE-2026-22978}
* CVE-2026-22977
- net: sock: fix hardened usercopy panic in sock_recv_errqueue
{CVE-2026-22977}
* CVE-2025-71154
- net: usb: rtl8150: fix memory leak on usb_submit_urb() failure
{CVE-2025-71154}
* CVE-2025-71085
- ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()
{CVE-2025-71085}
* CVE-2025-68734
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()
{CVE-2025-68734}
* CVE-2025-68349
- NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in
pnfs_mark_layout_stateid_invalid {CVE-2025-68349}
* CVE-2025-68340
- team: Move team device type change at the end of team_port_add
{CVE-2025-68340}
* CVE-2025-68325
- net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop
{CVE-2025-68325}
* CVE-2025-68287
- usb: dwc3: Fix race condition between concurrent dwc3_remove_requests()
call paths {CVE-2025-68287}
* CVE-2025-68285
- libceph: fix potential use-after-free in have_mon_and_osd_map()
{CVE-2025-68285}
* CVE-2025-68241
- ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe
{CVE-2025-68241}
* CVE-2025-68229
- scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show()
{CVE-2025-68229}
* CVE-2025-68220
- net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return
NULL on error {CVE-2025-68220}
* CVE-2025-68194
- media: imon: make send_packet() more robust {CVE-2025-68194}
* CVE-2025-68192
- net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup
{CVE-2025-68192}
* CVE-2025-68185
- nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode
dereferencing {CVE-2025-68185}
* CVE-2025-68168
- jfs: fix uninitialized waitqueue in transaction manager {CVE-2025-68168}
* CVE-2025-40363
- net: ipv6: fix field-spanning memcpy warning in AH output
{CVE-2025-40363}
* CVE-2025-40331
- sctp: Prevent TOCTOU out-of-bounds write {CVE-2025-40331}
* CVE-2025-40322
- fbdev: bitblit: bound-check glyph index in bit_putcs* {CVE-2025-40322}
* CVE-2025-40317
- regmap: slimbus: fix bus_context pointer in regmap init calls
{CVE-2025-40317}
* CVE-2025-40315
- usb: gadget: f_fs: Fix epfile null pointer access after ep enable.
{CVE-2025-40315}
* CVE-2025-40309
- Bluetooth: SCO: Fix UAF on sco_conn_free {CVE-2025-40309}
* CVE-2025-40308
- Bluetooth: bcsp: receive data only if registered {CVE-2025-40308}
* CVE-2025-40306
- orangefs: fix xattr related buffer overflow... {CVE-2025-40306}
* CVE-2025-40304
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds
{CVE-2025-40304}
* CVE-2025-40283
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF
{CVE-2025-40283}
* CVE-2025-40282
- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path
{CVE-2025-40282}
* CVE-2025-40277
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
{CVE-2025-40277}
* CVE-2025-40275
- ALSA: usb-audio: Fix NULL pointer dereference in
snd_usb_mixer_controls_badd {CVE-2025-40275}
* CVE-2025-40264
- be2net: pass wrb_params in case of OS2BMC {CVE-2025-40264}
* CVE-2025-40263
- Input: cros_ec_keyb - fix an invalid memory access {CVE-2025-40263}
* CVE-2025-40259
- scsi: sg: Do not sleep in atomic context {CVE-2025-40259}
* CVE-2025-40254
- net: openvswitch: remove never-working support for setting nsh fields
{CVE-2025-40254}
* CVE-2025-40248
- vsock: Ignore signal/timeout on connect() if already established
{CVE-2025-40248}
* CVE-2025-40211
- ACPI: video: Fix use-after-free in acpi_video_switch_brightness()
{CVE-2025-40211}
* CVE-2025-40106
- comedi: fix divide-by-zero in comedi_buf_munge() {CVE-2025-40106}
* CVE-2025-40087
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type
{CVE-2025-40087}
* CVE-2025-40055
- ocfs2: fix double free in user_cluster_connect() {CVE-2025-40055}
* CVE-2025-39945
- cnic: Fix use-after-free bugs in cnic_delete_task {CVE-2025-39945}
* CVE-2025-39738
- btrfs: do proper error handling in create_reloc_root {CVE-2025-39738}
- btrfs: do not allow relocation of partially dropped subvolumes
{CVE-2025-39738}
* CVE-2025-39685
- comedi: pcl726: Prevent invalid irq number {CVE-2025-39685}
* CVE-2024-46830
- KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
{CVE-2024-46830}
* CVE-2024-41014
- xfs: add bounds checking to xlog_recover_process_data {CVE-2024-41014}
* CVE-2025-39866
- fs: writeback: fix use-after-free in __mark_inode_dirty()
{CVE-2025-39866}
* CVE-2025-39686
- comedi: Fix some signed shift left operations {CVE-2025-39686}
- comedi: Make insn_rw_emulate_bits() do insn->n samples {CVE-2025-39686}
* CVE-2025-39766
- net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
{CVE-2025-39766}
* CVE-2025-39828
- net/atm: remove the atmdev_ops {get, set}sockopt methods
{CVE-2025-39828}
- atm: atmtcp: Free invalid length skb in atmtcp_c_send().
{CVE-2025-39828}
- atm: Revert atm_account_tx() if copy_from_iter_full() fails.
{CVE-2025-39828}
- atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().
{CVE-2025-39828}
* CVE-2022-49267
- mmc: core: Do not export MMC_NAME= and MODALIAS=mmc:block for SDIO cards
{CVE-2022-49267}
- mmc: core: Export device/vendor ids from Common CIS for SDIO cards
{CVE-2022-49267}
- mmc: sdio: Extend sdio_config_attr macro and use it also for modalias
{CVE-2022-49267}
- mmc: sdio: Export SDIO revision and info strings to userspace
{CVE-2022-49267}
- mmc: sdio: Parse CISTPL_VERS_1 major and minor revision numbers
{CVE-2022-49267}
- mmc: core: use sysfs_emit() instead of sprintf() {CVE-2022-49267}
* CVE-2025-39967
- fbcon: fix integer overflow in fbcon_do_set_font {CVE-2025-39967}
* CVE-2025-38108
- net_sched: red: fix a race in __red_change() {CVE-2025-38108}
* CVE-2025-38212
- ipc: fix to protect IPCS lookups using RCU {CVE-2025-38212}
* CVE-2025-38403
- vsock/vmci: Clear the vmci transport packet properly when initializing
it {CVE-2025-38403}
* CVE-2025-38464
- tipc: Fix use-after-free in tipc_conn_close(). {CVE-2025-38464}
* CVE-2025-38555
- usb: gadget : fix use-after-free in composite_dev_cleanup()
{CVE-2025-38555}
* CVE-2025-38652
- f2fs: fix to avoid out-of-boundary access in devs.path {CVE-2025-38652}
* CVE-2025-38677
- f2fs: fix to avoid out-of-boundary access in dnode page {CVE-2025-38677}
* CVE-2025-38713
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
{CVE-2025-38713}
* CVE-2025-38714
- hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() {CVE-2025-38714}
* CVE-2025-38715
- hfs: fix slab-out-of-bounds in hfs_bnode_read() {CVE-2025-38715}
* CVE-2025-38729
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too
{CVE-2025-38729}
* CVE-2025-39691
- fs/buffer: fix use-after-free when call bh_read() helper
{CVE-2025-39691}
* CVE-2025-39743
- jfs: truncate good inode pages when hard link is 0 {CVE-2025-39743}
* CVE-2025-39783
- PCI: endpoint: Fix configfs group list head handling {CVE-2025-39783}
* CVE-2025-39824
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation {CVE-2025-39824}
* CVE-2025-39839
- batman-adv: fix OOB read/write in network-coding decode {CVE-2025-39839}
* CVE-2025-39913
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to
allocate psock->cork. {CVE-2025-39913}
* CVE-2025-40240
- sctp: avoid NULL dereference when chunk data buffer is missing
{CVE-2025-40240}
* CVE-2025-38004
- can: bcm: add locking for bcm_op runtime updates {CVE-2025-38004}
* Miscellaneous upstream changes
- wifi: wilc1000: avoid buffer overflow in WID string configuration
{CVE-2025-39952}
- Revert "dm-bufio: don't schedule in atomic context {CVE-2025-37928}"
0
tuxcare-ubuntu20.04-els
linux-buildinfo-5.4.0-226-tuxcare.els8-generic_5.4.0-226.246_amd64.deb
fba69923821c76489265ecc6f8e4fe0750b0a949
linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency_5.4.0-226.246_amd64.deb
a8dc7b13a1534517b4b1a08359d7db6ae9946466
linux-cloud-tools-5.4.0-226-tuxcare.els8_5.4.0-226.246_amd64.deb
593f4e534630353b0067f9f1ae23984fc32c512d
linux-cloud-tools-5.4.0-226-tuxcare.els8-generic_5.4.0-226.246_amd64.deb
75a3a58427b60650a52083dea0ab9da5fe548cf4
linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency_5.4.0-226.246_amd64.deb
8c17f444028b8f8e4ec3cf927d5206ba6be7b8aa
linux-cloud-tools-common_5.4.0-226.246_all.deb
3fb6e12b4ce1a2c1ef919dad5a248d596dcc20fc
linux-doc_5.4.0-226.246_all.deb
f6be33387cfe4fffae0ad6a2519b543f9f70a57f
linux-headers-5.4.0-226-tuxcare.els8_5.4.0-226.246_all.deb
610f3cded12a6e202c9236c45eb7534bc0e61677
linux-headers-5.4.0-226-tuxcare.els8-generic_5.4.0-226.246_amd64.deb
0cb99d6f40dfa7e4513b452b9949129379b113c0
linux-headers-5.4.0-226-tuxcare.els8-lowlatency_5.4.0-226.246_amd64.deb
8487afb46b73b210a677f1697d4da4c71cb2ddb6
linux-image-unsigned-5.4.0-226-tuxcare.els8-generic_5.4.0-226.246_amd64.deb
2d1bb45cdaf879d9f5c6993650ce22cb59dd8265
linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency_5.4.0-226.246_amd64.deb
6fc8d60932b173ca96ceaaf5c181c4e3587231a2
linux-libc-dev_5.4.0-226.246_amd64.deb
39b8d88e41318a5a7e2953f5d9a9aaa9a3632566
linux-modules-5.4.0-226-tuxcare.els8-generic_5.4.0-226.246_amd64.deb
7f92105fef0d709641b7d2bc4e6289008b41abe3
linux-modules-5.4.0-226-tuxcare.els8-lowlatency_5.4.0-226.246_amd64.deb
0c99a4f284e253aee2440f54aaa200e4878673f8
linux-modules-extra-5.4.0-226-tuxcare.els8-generic_5.4.0-226.246_amd64.deb
1575afbff58c96cd6ff6cc1f750d312564b05785
linux-source-5.4.0_5.4.0-226.246_all.deb
ff891a9698764b67bbf52d0ea4cb40e54325ebf3
linux-tools-5.4.0-226-tuxcare.els8_5.4.0-226.246_amd64.deb
ad972f86f8aa789115769781cdc2dc47ef3b9d32
linux-tools-5.4.0-226-tuxcare.els8-generic_5.4.0-226.246_amd64.deb
3b6048b3bcc974a2240cf15322fdd33878e15902
linux-tools-5.4.0-226-tuxcare.els8-lowlatency_5.4.0-226.246_amd64.deb
69f1bfcf15df0e930eda90922a91e5960977560d
linux-tools-common_5.4.0-226.246_all.deb
2485e111021c2d9981103028b705075b2d3f8857
linux-tools-host_5.4.0-226.246_all.deb
270a201fd2d3793daae42cd791e8f1f883c14bb5
CLSA-2026:1775238894
Update of alt-php
TuxCare License Agreement
0
* Bump ABI 5.4.0-226
None
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* Bump ABI 5.4.0-226
0
tuxcare-ubuntu20.04-els
linux-cloud-tools-generic_5.4.0.226.246_amd64.deb
2d0942343106c8bd111724edf5aeee0cd7b8e348
linux-cloud-tools-lowlatency_5.4.0.226.246_amd64.deb
7b7610f3a3c5e7e9a5ea133ed74a117a27e140af
linux-generic_5.4.0.226.246_amd64.deb
c45afb397388069b75677b23927eccfce9b64390
linux-headers-generic_5.4.0.226.246_amd64.deb
145c71545200fb8682e15f10e1289a27446d8d63
linux-headers-lowlatency_5.4.0.226.246_amd64.deb
bbcda9bcbd3d3bd8c1d521752212f3baba28e23c
linux-image-generic_5.4.0.226.246_amd64.deb
c6d8bd6c53e28fbd2b1d38e09aad93f93ed9a152
linux-image-lowlatency_5.4.0.226.246_amd64.deb
bbfd3523c9910a626e2ec89470432afc91ba83fe
linux-lowlatency_5.4.0.226.246_amd64.deb
7e61aebb6d9bf0f0f485943b7764a71315ab5d81
linux-tools-generic_5.4.0.226.246_amd64.deb
11ff7194428f205f87615c385cf8582f5e92be11
linux-tools-lowlatency_5.4.0.226.246_amd64.deb
d347750a3aa331fb49a1523aa495d34851895cdd
CLSA-2026:1775651477
Fix CVE(s): CVE-2026-24484
TuxCare License Agreement
0
* SECURITY UPDATE: denial-of-service from multi-layer nested MVG-to-SVG
conversions
- debian/patches/CVE-2026-24484.patch: Add recursion-depth check and throw
VectorGraphicsNestedTooDeeply on reaching maximum; prevent crash from
unbounded nesting of graphic-context elements.
- debian/patches/CVE-2026-24484-1.patch: Set status to MagickFalse on
memory-allocation failure and on excessive recursion, stop further
parsing; cause: missing status reset allowed continued parsing and nested
vector-graphics recursion to exceed limits.
- CVE-2026-24484
Moderate
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: denial-of-service from multi-layer nested MVG-to-SVG
conversions
- debian/patches/CVE-2026-24484.patch: Add recursion-depth check and throw
VectorGraphicsNestedTooDeeply on reaching maximum; prevent crash from
unbounded nesting of graphic-context elements.
- debian/patches/CVE-2026-24484-1.patch: Set status to MagickFalse on
memory-allocation failure and on excessive recursion, stop further
parsing; cause: missing status reset allowed continued parsing and nested
vector-graphics recursion to exceed limits.
- CVE-2026-24484
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_amd64.deb
2953c66e261c5732672f4a2bf2147892386e77e0
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_all.deb
11fb893b3226b488b85cbc51668404088f52b6ad
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_all.deb
d9a5a11e260759528f7a0ca0cb08b459f7e4fbef
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_amd64.deb
bce3effed34e3c35ed4911ec76cccb3185fb38dd
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_amd64.deb
a3dfbc710dc5c02daae38eabac77a6928f3f8725
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_all.deb
5abc1d2e5a8c67fbfeb3bcce7fe6c6a7b3e42b77
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_all.deb
974980481c8e6f42f855b369c3066fb276067ba7
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_all.deb
236c9a1e2cdd90550ed303db24cf98750ad4dcf6
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_amd64.deb
13014d8d8ff78370931fe37da698f80ad6748852
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_amd64.deb
1855dfdb34a8f60858108a42c2b1a65c213147f4
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_all.deb
74e5899a96557a9d7e81e3e6db596169088d557c
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_amd64.deb
a5b740dd376f61398b8e0e6fe82d3528b11e2f3c
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_amd64.deb
f7c46bfa3dc8de82d76787db0665f1c18361afcd
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_amd64.deb
198412ee66de233d0d6e5e353d5624363bc5f740
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_amd64.deb
7f82b39ec9f225f3b8c41c0a41b96805bc7dcfee
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_all.deb
1fb233f8307c37e247c05b80a751410664d324e4
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_amd64.deb
65ff53c35a8582b369c95100f656fe1fdfc153b8
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_all.deb
2cfd76dfd9d62dcd394adb8da8856cc4022e38e7
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_amd64.deb
e7dbe7907a4601cf33518e8345a1d50dfb610cf4
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_amd64.deb
45ec4f0f5f00354869cee2c146989360ff3aed74
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_amd64.deb
b71c25624b5d7e8a9591bf4f0282ebb233954189
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_amd64.deb
7394f6ba88d9ec27f7b9236cc77aae5893b9a653
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_amd64.deb
06ca9c738eb0a049518d9c38f54e3fb0b4fea3ed
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_amd64.deb
ddfa99e44771b9d6f4b191614e30d5abdbce9b48
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_all.deb
2ec50b33b126652138a7b6a652e8dbb4e6cb1e40
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_all.deb
0dfaacadcb8df8f1ce1e618762e05114b9309e4e
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_amd64.deb
0589f616403481f264aa9509b18201877c3495a0
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_amd64.deb
8b206ac12abc5d8d16b7a075fc3c9f39d76bb893
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_amd64.deb
843a260253fb31fa80652a5c9e53c70e9439a961
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_amd64.deb
2f4898412e9cbf700fbae867408098c3ef3b826c
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_all.deb
3947a74b27d7a64d8e42dfd99dedb0396b5aba48
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els23_all.deb
2f81fd99964f41ed663bfadd397f2a615a5473c3
CLSA-2026:1775721957
Fix CVE(s): CVE-2025-11082, CVE-2025-5244, CVE-2025-5245
TuxCare License Agreement
0
* SECURITY UPDATE: segfault in debug_type_samep on crafted input
- debian/patches/CVE-2025-5245.patch: correct incomplete enum
test in debug_type_samep and remove dead code in
debug_write_type
- CVE-2025-5245
* SECURITY UPDATE: segfault in ld on fuzzed object with empty group
- debian/patches/CVE-2025-5244.patch: add NULL check for first
section in elf_gc_sweep to protect against empty group
- CVE-2025-5244
* SECURITY UPDATE: read beyond .eh_frame section size
- debian/patches/CVE-2025-11082.patch: use memchr instead of
strlen to avoid reading beyond .eh_frame section bounds in
_bfd_elf_parse_eh_frame
- CVE-2025-11082
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: segfault in debug_type_samep on crafted input
- debian/patches/CVE-2025-5245.patch: correct incomplete enum
test in debug_type_samep and remove dead code in
debug_write_type
- CVE-2025-5245
* SECURITY UPDATE: segfault in ld on fuzzed object with empty group
- debian/patches/CVE-2025-5244.patch: add NULL check for first
section in elf_gc_sweep to protect against empty group
- CVE-2025-5244
* SECURITY UPDATE: read beyond .eh_frame section size
- debian/patches/CVE-2025-11082.patch: use memchr instead of
strlen to avoid reading beyond .eh_frame section bounds in
_bfd_elf_parse_eh_frame
- CVE-2025-11082
0
tuxcare-ubuntu20.04-els
binutils_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
02907c3173effc3eadf45f534b7ae5789a926f04
binutils-aarch64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
dbdda35957d691a88b578e2c486303609cf3ba7b
binutils-alpha-linux-gnu_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
96c86b7b3b622d27f6a13a81c3e8ac701c74c1fa
binutils-arm-linux-gnueabi_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
4974e11a0d58c92475d946547425fda615141733
binutils-arm-linux-gnueabihf_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
b96cc5ee407df7c880a41f3064560a84dee49af6
binutils-common_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
20941d1c1fae43a6b3c56157c13a1cb8f15f3207
binutils-dev_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
f8d383de0a8f4bed7e37124359925290d99f162a
binutils-doc_2.34-6ubuntu1.11+tuxcare.els6_all.deb
97c1ed448845fb59dbe39c4d5dac94b8256ed477
binutils-for-build_2.34-6ubuntu1.11+tuxcare.els6_all.deb
2e1af95a41bd4ff6fcdeb5b65aa1d354b22a26d3
binutils-for-host_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
24f896a05db98fd0bd6cddcd0d2bc5ba224fd6df
binutils-hppa-linux-gnu_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
df2fa7c8a097cb9910cf9bbbaafe009f88914f2f
binutils-hppa64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
76f3b6b8c58e297ec5b06eeed941719ad2630880
binutils-i686-gnu_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
da2d13e9505cff6ee6001a72bce5a82dece72953
binutils-i686-kfreebsd-gnu_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
3a7c99d9fb68eda1c2cb26de822f85dad2927397
binutils-i686-linux-gnu_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
3c087fdb18aebf0b96619c7ee3dde6af7392e927
binutils-ia64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
3d78c18070a77d8a8d76ebe37cbe3566e6236e33
binutils-m68k-linux-gnu_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
c0c12ccbe7d3ab49c386dc3249c7b2f7befd332f
binutils-multiarch_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
877dd3528c64f32c13b340536fb0163a114f916c
binutils-multiarch-dev_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
9cefd2b88a936f0c525f5f879b9ddcfac4985d7d
binutils-powerpc-linux-gnu_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
da89796610beaca58e0cc5982a9ebe6edf3f0b0f
binutils-powerpc64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
501c19d2480c0500cca9f6eec103701ebffbcdb8
binutils-powerpc64le-linux-gnu_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
d054d482df387f5a361d226c34a83fadd42c0117
binutils-riscv64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
1e8912f7c59c113f2bcab827cc8b571c650f131c
binutils-s390x-linux-gnu_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
2db24dfaec02304426d15fd8da3835009d8c3ed4
binutils-sh4-linux-gnu_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
0ab2f728a1051b17b51248f3361b2089f7530c89
binutils-source_2.34-6ubuntu1.11+tuxcare.els6_all.deb
97a564cc0115c662216f73722a12f4539a64945f
binutils-sparc64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
c71fe806009d49f3a269d709811772059791b924
binutils-x86-64-kfreebsd-gnu_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
ffc3917a2a948364e0a8ff2b97702a003b825196
binutils-x86-64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
4ab005de059e67dfaf95c43015fa56cc42bc8812
binutils-x86-64-linux-gnux32_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
eed689a6a94b771608f4e7ca7e222a4cf04bd949
libbinutils_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
6de09bfe5c26431278f84d0a9a9b2d18761d542a
libctf-nobfd0_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
50569581926bacc278a11a99383aa3dd6d6ac9ed
libctf0_2.34-6ubuntu1.11+tuxcare.els6_amd64.deb
35998217f2e98cd9fb4954bf06157f9919e1ea9f
CLSA-2026:1775734284
Fix CVE(s): CVE-2026-32748, CVE-2026-33526
TuxCare License Agreement
0
* SECURITY UPDATE: denial of service via use-after-free in ICP
- debian/patches/CVE-2026-33526.patch: remove duplicate
rfc1738_escape call in icpGetRequest that invalidated the
previously escaped URL pointer
- CVE-2026-33526
* SECURITY UPDATE: denial of service via use-after-free in ICP
request handling
- debian/patches/CVE-2026-32748.patch: return HttpRequestPointer
and move icpAccessAllowed into icpGetRequest to fix HttpRequest
lifetime for ICP v3 queries
- CVE-2026-32748
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: denial of service via use-after-free in ICP
- debian/patches/CVE-2026-33526.patch: remove duplicate
rfc1738_escape call in icpGetRequest that invalidated the
previously escaped URL pointer
- CVE-2026-33526
* SECURITY UPDATE: denial of service via use-after-free in ICP
request handling
- debian/patches/CVE-2026-32748.patch: return HttpRequestPointer
and move icpAccessAllowed into icpGetRequest to fix HttpRequest
lifetime for ICP v3 queries
- CVE-2026-32748
0
tuxcare-ubuntu20.04-els
squid_4.10-1ubuntu1.13+tuxcare.els2_amd64.deb
4a9cf71f3318171baef7350d27d05de6a4933876
squid-cgi_4.10-1ubuntu1.13+tuxcare.els2_amd64.deb
0da8c8584cb9190ecf6e9e088df47f893f5d86fa
squid-common_4.10-1ubuntu1.13+tuxcare.els2_all.deb
fa55380dc1f1f7c56874e4c3208d0145fa0c2722
squid-purge_4.10-1ubuntu1.13+tuxcare.els2_amd64.deb
6399b28609c37d1b9a64096ceb6bcb2fdb4f99e8
squidclient_4.10-1ubuntu1.13+tuxcare.els2_amd64.deb
4f0a6a2dcb67b8184390c8a9a394f61a48e59784
CLSA-2026:1775831524
Fix of 8 CVEs
TuxCare License Agreement
0
* CVE-2024-56640
- net/smc: fix LGR and link use-after-free issue {CVE-2024-56640}
* CVE-2026-23209
- macvlan: fix error recovery in macvlan_common_newlink() {CVE-2026-23209}
* CVE-2026-23193
- scsi: target: iscsi: Fix use-after-free in
iscsit_dec_session_usage_count() {CVE-2026-23193}
* CVE-2026-23204
- net/sched: cls_u32: use skb_header_pointer_careful() {CVE-2026-23204}
* CVE-2025-38153
- net: usb: aqc111: fix error handling of usbnet read calls
{CVE-2025-38153}
* CVE-2024-53218
- f2fs: fix race in concurrent f2fs_stop_gc_thread {CVE-2024-53218}
* CVE-2025-38565
- perf/core: Exit early on perf_mmap() fail {CVE-2025-38565}
* CVE-2025-38051
- smb: client: Fix use-after-free in cifs_fill_dirent {CVE-2025-38051}
* Miscellaneous upstream changes
- PCI: endpoint: Fix configfs group removal on driver teardown
- net: usb: aqc111: debug info before sanitation
- net: add skb_header_pointer_careful() helper
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* CVE-2024-56640
- net/smc: fix LGR and link use-after-free issue {CVE-2024-56640}
* CVE-2026-23209
- macvlan: fix error recovery in macvlan_common_newlink() {CVE-2026-23209}
* CVE-2026-23193
- scsi: target: iscsi: Fix use-after-free in
iscsit_dec_session_usage_count() {CVE-2026-23193}
* CVE-2026-23204
- net/sched: cls_u32: use skb_header_pointer_careful() {CVE-2026-23204}
* CVE-2025-38153
- net: usb: aqc111: fix error handling of usbnet read calls
{CVE-2025-38153}
* CVE-2024-53218
- f2fs: fix race in concurrent f2fs_stop_gc_thread {CVE-2024-53218}
* CVE-2025-38565
- perf/core: Exit early on perf_mmap() fail {CVE-2025-38565}
* CVE-2025-38051
- smb: client: Fix use-after-free in cifs_fill_dirent {CVE-2025-38051}
* Miscellaneous upstream changes
- PCI: endpoint: Fix configfs group removal on driver teardown
- net: usb: aqc111: debug info before sanitation
- net: add skb_header_pointer_careful() helper
0
tuxcare-ubuntu20.04-els
linux-buildinfo-5.4.0-227-tuxcare.els9-generic_5.4.0-227.247_amd64.deb
9b60c4fc57984167ef987a03e84be493bfe6e233
linux-buildinfo-5.4.0-227-tuxcare.els9-lowlatency_5.4.0-227.247_amd64.deb
22ff4e7f0d16d411b3a01896dbcb426201508660
linux-cloud-tools-5.4.0-227-tuxcare.els9_5.4.0-227.247_amd64.deb
d95dc62891c115c3415224089db6e54d37a80e14
linux-cloud-tools-5.4.0-227-tuxcare.els9-generic_5.4.0-227.247_amd64.deb
296a0ec18b9e4446a88df50f4a4f3e95bc583bc1
linux-cloud-tools-5.4.0-227-tuxcare.els9-lowlatency_5.4.0-227.247_amd64.deb
3fbb6941ad75ae69220bf886782a40721eb46cbe
linux-cloud-tools-common_5.4.0-227.247_all.deb
d289d45e11fa00499ab1cb17ca8a4532ceb43f9b
linux-doc_5.4.0-227.247_all.deb
b570609ee21d29398922f42b51d5ee95a2a03dbe
linux-headers-5.4.0-227-tuxcare.els9_5.4.0-227.247_all.deb
1c8538fd5378b394dd82d5e09515f499d4a767e5
linux-headers-5.4.0-227-tuxcare.els9-generic_5.4.0-227.247_amd64.deb
d9ea9d77168564afe0d6b6158397078cbb08ed03
linux-headers-5.4.0-227-tuxcare.els9-lowlatency_5.4.0-227.247_amd64.deb
606f0f0f13fb2aa4df4a2166bb4bbd82325d022f
linux-image-unsigned-5.4.0-227-tuxcare.els9-generic_5.4.0-227.247_amd64.deb
98d80c513dfdd31ea72c74a4b2831e6c23dd1856
linux-image-unsigned-5.4.0-227-tuxcare.els9-lowlatency_5.4.0-227.247_amd64.deb
261cb0a7d5cfe83222cb5b94ef0f1132af23ec93
linux-libc-dev_5.4.0-227.247_amd64.deb
ecfd3e7173940f88585d664d5da9a0f4524dc6ff
linux-modules-5.4.0-227-tuxcare.els9-generic_5.4.0-227.247_amd64.deb
843a6a31a6aabcc9f56eabd5435d1142a8f91fa1
linux-modules-5.4.0-227-tuxcare.els9-lowlatency_5.4.0-227.247_amd64.deb
57eb1d17ee52eae8ae35bb9e9246d991cd84c5fc
linux-modules-extra-5.4.0-227-tuxcare.els9-generic_5.4.0-227.247_amd64.deb
8c9b2efe47116363f99a0e06980332299532615a
linux-source-5.4.0_5.4.0-227.247_all.deb
ac74820f6584cfc6cfa88e460a4b8eb678c68e3b
linux-tools-5.4.0-227-tuxcare.els9_5.4.0-227.247_amd64.deb
2fb936c998359dc790c701fb7bd6fa1462aef751
linux-tools-5.4.0-227-tuxcare.els9-generic_5.4.0-227.247_amd64.deb
9c8eb5753d088158b995664d8d8e35e229ff5035
linux-tools-5.4.0-227-tuxcare.els9-lowlatency_5.4.0-227.247_amd64.deb
c9f186c118554f4fada4c874b2e8899f5026cc78
linux-tools-common_5.4.0-227.247_all.deb
0dfeee613b63ae172a9fbb55642d2728ac343962
linux-tools-host_5.4.0-227.247_all.deb
617f0d727b59b9ce9a3176e077cfba5b893714a7
CLSA-2026:1776069613
Fix CVE(s): CVE-2026-3441, CVE-2026-3442
TuxCare License Agreement
0
* SECURITY UPDATE: buffer overflow in xcoff linker
- debian/patches/CVE-2026-3441_CVE-2026-3442.patch: properly
bounds check XTY_LD x_scnlen index in xcoff_link_add_symbols
- CVE-2026-3441
* SECURITY UPDATE: out-of-bounds read in xcoff linker
- debian/patches/CVE-2026-3441_CVE-2026-3442.patch: sanity check
r_symndx before using it to index sym hashes
- CVE-2026-3442
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: buffer overflow in xcoff linker
- debian/patches/CVE-2026-3441_CVE-2026-3442.patch: properly
bounds check XTY_LD x_scnlen index in xcoff_link_add_symbols
- CVE-2026-3441
* SECURITY UPDATE: out-of-bounds read in xcoff linker
- debian/patches/CVE-2026-3441_CVE-2026-3442.patch: sanity check
r_symndx before using it to index sym hashes
- CVE-2026-3442
0
tuxcare-ubuntu20.04-els
binutils_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
beab6f0de89b691b93ac8d39d8d0aba07ccc9eb4
binutils-aarch64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
b9c97dc11eb0219cbab056bb2e4b92e90b6539e6
binutils-alpha-linux-gnu_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
bb1a7d8fefc2d1f3d7743d0385e7fd095d1198bb
binutils-arm-linux-gnueabi_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
6d7b96ac567f3b3fe73ddc5efcf93413a3cd38e5
binutils-arm-linux-gnueabihf_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
09eb290fa5752a7553aaa0c75368279d8ef143ec
binutils-common_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
950113be6bd1729d47cff2dc01cbef0d5bd32877
binutils-dev_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
29e6485f331a97c0b8c61f32572d00ad3e6332cd
binutils-doc_2.34-6ubuntu1.11+tuxcare.els7_all.deb
e10df7d39e32884fbb2a93346e9c9f707fc43962
binutils-for-build_2.34-6ubuntu1.11+tuxcare.els7_all.deb
dc326d20e2c7b3b06183c1a3378f229281295009
binutils-for-host_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
69e6d7ef178c3e02df2545533be292cfad914ef0
binutils-hppa-linux-gnu_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
b4ee86856cb74ee431f3d9f9ac05f8a0c573eccc
binutils-hppa64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
5cfae997ca92db014ef4d002ee2765a328d12dcd
binutils-i686-gnu_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
6854a3c1cf0a64a03aa28685171821a233f64d16
binutils-i686-kfreebsd-gnu_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
5a2cbba89e381f5b65db1cb39c3e23ed09a9ddee
binutils-i686-linux-gnu_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
d6d88d23017283e9e1c9359eb7c2734f46d16cec
binutils-ia64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
5037d9304532e8773892000158d40b7b0a3ec4b3
binutils-m68k-linux-gnu_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
0fa8d4f7077c5161e69c01a883db85d259c3f01d
binutils-multiarch_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
d2068f3ac080430bef8b38479074082086021053
binutils-multiarch-dev_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
b7e6cc6a14317da404e5563edc02c75fde3f298b
binutils-powerpc-linux-gnu_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
f5e0edf78bcc199b2efa8330b87b73717d0eb081
binutils-powerpc64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
1533f4c78233e186e05448859f33049717ccd8d3
binutils-powerpc64le-linux-gnu_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
a7840cd549952e73634f97305cc9813cf284edd7
binutils-riscv64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
d908eb5f9378286a81988ed66a32b58ea94ffd92
binutils-s390x-linux-gnu_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
2ebb892948c6c773cc230d24f74407e4b859da6e
binutils-sh4-linux-gnu_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
ae864bf71d5c944eaab56f56de2b047db5eab916
binutils-source_2.34-6ubuntu1.11+tuxcare.els7_all.deb
ea4050f81329d1ffc9516129aedd2974c414ddae
binutils-sparc64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
965b520f0f1a742187d1f29735c3168f630659ef
binutils-x86-64-kfreebsd-gnu_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
92cf4137a9412e0d1386cbc87e98432efb51b652
binutils-x86-64-linux-gnu_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
0018bb4fa8498e694756ab9e99cc6adcb1088cc6
binutils-x86-64-linux-gnux32_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
88e342f2982750ca0928ef20dcbdfec6f102151a
libbinutils_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
a0e6db202838726d6c7f8f1a6000ec0f41571110
libctf-nobfd0_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
efad63be05d1452c84f3f81b6920244449b57038
libctf0_2.34-6ubuntu1.11+tuxcare.els7_amd64.deb
1a8fb8e27b0c0d3156e94d35543373c8f45fbd6c
CLSA-2026:1776262694
Fix CVE(s): CVE-2026-0968
TuxCare License Agreement
0
* SECURITY UPDATE: null pointer dereference and out-of-bounds read in
sftp_parse_longname when processing malformed SSH_FXP_NAME messages
- debian/patches/CVE-2026-0968.patch: add null check, input
validation, and end-of-string guards in sftp_parse_longname
- CVE-2026-0968
('Low', [])
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: null pointer dereference and out-of-bounds read in
sftp_parse_longname when processing malformed SSH_FXP_NAME messages
- debian/patches/CVE-2026-0968.patch: add null check, input
validation, and end-of-string guards in sftp_parse_longname
- CVE-2026-0968
0
tuxcare-ubuntu20.04-els
libssh-4_0.9.3-2ubuntu2.5+tuxcare.els4_amd64.deb
e1d7cfe98a5f34e94ee5ea6b1e6f3b45573a2cd7
libssh-dev_0.9.3-2ubuntu2.5+tuxcare.els4_amd64.deb
c273fe492238affc71c8a526c334d2d9209d6840
libssh-doc_0.9.3-2ubuntu2.5+tuxcare.els4_all.deb
e7c3f725d864573e0ec7f042d9ee3d07d7ee3247
libssh-gcrypt-4_0.9.3-2ubuntu2.5+tuxcare.els4_amd64.deb
10db60f15689c3b66b5a3dd291e263d15971ad5f
libssh-gcrypt-dev_0.9.3-2ubuntu2.5+tuxcare.els4_amd64.deb
a379f5237665a9a21f23d9f6adefd3ea1456d006
CLSA-2026:1776438719
Fix CVE(s): CVE-2026-32636
TuxCare License Agreement
0
* SECURITY UPDATE: heap buffer overflow in UTF-16 to UTF-8 conversion
- debian/patches/CVE-2026-32636.patch: allocate (*length+1) instead
of *length in ConvertUTF16ToUTF8() in magick/xml-tree.c to make
room for the null terminator.
- CVE-2026-32636
('Important', ['ELSCVE-88779'])
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: heap buffer overflow in UTF-16 to UTF-8 conversion
- debian/patches/CVE-2026-32636.patch: allocate (*length+1) instead
of *length in ConvertUTF16ToUTF8() in magick/xml-tree.c to make
room for the null terminator.
- CVE-2026-32636
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_amd64.deb
b44fcbcf9dc29573c17948d810a0e8117e59a416
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_all.deb
8ec9a3ef7f3e5d06df9cc8b79f56d92f0beb0e1e
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_all.deb
f3c6107cdaff1f6cec494ba6722e9851f0e05b90
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_amd64.deb
539e8fa75d21a48ce57accb55613d52b1fab6e20
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_amd64.deb
8e2558350d1ee9ad71611ba148c524c3bc04dfb5
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_all.deb
2fccb67caefea3a7bc1d9781d28695e6cf97fef8
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_all.deb
ed7d8424699ddcf01923b79ab7ce1413f56a822c
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_all.deb
8def72be2c8278b9ecbe14478632cfa6fcfb6ba1
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_amd64.deb
276c8593ed77e09e8a7f2b81c0ee23ff5e4980a5
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_amd64.deb
5ebc35cbf242dc828a7c13cd833cf926ee33927d
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_all.deb
4f5ac3e961634eb2c5397f315ade9fed202e7b41
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_amd64.deb
ac676ed4b86240b6526a806b87f0a244e02e2e02
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_amd64.deb
48712f05bd2cdc4476840c41e7c500a8c86432bc
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_amd64.deb
2d16c8c112d2662f48aab9d6bf35cf9ca63e15f2
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_amd64.deb
e160e14679b5b0ca4c4d48dac9435b81859a03b4
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_all.deb
4ffc8ab2489077cfbc9780e06c4058c85839a6f7
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_amd64.deb
39981d0cd091a0fb9a91dc5a7cceaf3705a981ad
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_all.deb
f75f3954b2c257a2074b67d8bd509baca0fe67cb
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_amd64.deb
7823b67e49cebed2285bfc98204098fa8792ab09
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_amd64.deb
22acb83cb3180486b38a895332d947ded21f6b8d
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_amd64.deb
8070b7ca756b674a2fccc2ca678a110ebd8a577f
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_amd64.deb
b4e9b2389ca8eaa3713a4b022528932cc9e6ae02
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_amd64.deb
67afb2ef09fc395c82cd6d6e1fc06349afa34cee
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_amd64.deb
c451154b857923dca919bc377d71de564dc4e146
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_all.deb
309186ef5a0372419bc6e448a1aa88f31a406f6d
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_all.deb
20a7c8b15484fb0a0b3af163bd4a4d259baf9011
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_amd64.deb
67edaebcc365983492d8f84d963c632b16fcfcc9
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_amd64.deb
785556794fdcbb1d14eaf7e8429e2cb676bcde84
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_amd64.deb
76e94955ef92ed77c6c32722427e6db66de58254
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_amd64.deb
152ab7f11113fda75dd07292231158c9799ce0f9
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_all.deb
c1452da547d5078b39c1f56e3979427af825ea25
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els24_all.deb
d958a061fcb5e13d648307e10e9462a0a422aa46
CLSA-2026:1776687226
Fix CVE(s): CVE-2024-52005
TuxCare License Agreement
0
* SECURITY UPDATE: ANSI escape sequence injection via sideband
- debian/patches/CVE-2024-52005.patch: add strbuf_add_sanitized()
to mask control characters in sideband output in sideband.c.
- CVE-2024-52005
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: ANSI escape sequence injection via sideband
- debian/patches/CVE-2024-52005.patch: add strbuf_add_sanitized()
to mask control characters in sideband output in sideband.c.
- CVE-2024-52005
0
tuxcare-ubuntu20.04-els
git_2.25.1-1ubuntu3.14+tuxcare.els2_amd64.deb
8f191427a8ceb628b126d0f1d437eccf04b4d733
git-all_2.25.1-1ubuntu3.14+tuxcare.els2_all.deb
35f362dedddb076afa8e7a37f4cb479b9d429470
git-cvs_2.25.1-1ubuntu3.14+tuxcare.els2_all.deb
5fd0142d4ebb69249158cd08d3e0490bd66b9bf4
git-daemon-run_2.25.1-1ubuntu3.14+tuxcare.els2_all.deb
c84f6ed5be855fd760cd5612825439289fcac513
git-daemon-sysvinit_2.25.1-1ubuntu3.14+tuxcare.els2_all.deb
a5bb0110cbe29ecc825936b045f5c6df826b0806
git-doc_2.25.1-1ubuntu3.14+tuxcare.els2_all.deb
649f8b7b8eb73bac4f2ba53da6a4d81ade981e08
git-el_2.25.1-1ubuntu3.14+tuxcare.els2_all.deb
4b6188987f1a3d086f3e27f9b7b27e027d54598d
git-email_2.25.1-1ubuntu3.14+tuxcare.els2_all.deb
15dfbb6d39d6f63f6db115edac72b02405c86640
git-gui_2.25.1-1ubuntu3.14+tuxcare.els2_all.deb
938c0fd05c90a0f520320ac9862732b662b64033
git-man_2.25.1-1ubuntu3.14+tuxcare.els2_all.deb
2ad2705cd23dfa0553ccd5e40476ded5cb5b484e
git-mediawiki_2.25.1-1ubuntu3.14+tuxcare.els2_all.deb
6b9777c2c4b6cd474a708669b17f1eb50ac7e343
git-svn_2.25.1-1ubuntu3.14+tuxcare.els2_all.deb
f25ea017395559d3c817e14528227cfd3ae51091
gitk_2.25.1-1ubuntu3.14+tuxcare.els2_all.deb
5652ece0ccf4906216b02fcbffc9bad51c35fe82
gitweb_2.25.1-1ubuntu3.14+tuxcare.els2_all.deb
b45cefb20432316db11869452383bb47c49a7918
CLSA-2026:1776776980
Fix CVE(s): CVE-2023-52425
TuxCare License Agreement
0
* SECURITY UPDATE: quadratic re-parsing DoS with large tokens
- debian/patches/CVE-2023-52425.patch: add callProcessor() wrapper
with reparse deferral heuristic in expat/lib/xmlparse.c, add
XML_SetReparseDeferralEnabled() API in expat/lib/expat.h.
- CVE-2023-52425
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: quadratic re-parsing DoS with large tokens
- debian/patches/CVE-2023-52425.patch: add callProcessor() wrapper
with reparse deferral heuristic in expat/lib/xmlparse.c, add
XML_SetReparseDeferralEnabled() API in expat/lib/expat.h.
- CVE-2023-52425
0
tuxcare-ubuntu20.04-els
expat_2.2.9-1ubuntu0.8+tuxcare.els3_amd64.deb
1e3eb6aeaedc947f8e6c2dc8697de926d700c5da
libexpat1_2.2.9-1ubuntu0.8+tuxcare.els3_amd64.deb
dc0b4b2e654400578d19effa857daa1b85291027
libexpat1-dev_2.2.9-1ubuntu0.8+tuxcare.els3_amd64.deb
be571a004e4442da5e87ca2398e7df80f79a5296
CLSA-2026:1776965055
Fix CVE(s): CVE-2025-32988, CVE-2025-32990
TuxCare License Agreement
0
* SECURITY UPDATE: heap buffer overflow in certtool template parsing
- debian/patches/CVE-2025-32990.patch: use calloc(MAX_ENTRIES + 1)
instead of malloc(MAX_ENTRIES) in READ_MULTI_LINE and
READ_MULTI_LINE_TOKENIZED macros in src/certtool-cfg.c.
- CVE-2025-32990
* SECURITY UPDATE: double free when exporting othernames in SAN
- debian/patches/CVE-2025-32988.patch: remove erroneous
asn1_delete_structure calls on non-owned ext parameter in
_gnutls_write_new_othername in lib/x509/extensions.c.
- CVE-2025-32988
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: heap buffer overflow in certtool template parsing
- debian/patches/CVE-2025-32990.patch: use calloc(MAX_ENTRIES + 1)
instead of malloc(MAX_ENTRIES) in READ_MULTI_LINE and
READ_MULTI_LINE_TOKENIZED macros in src/certtool-cfg.c.
- CVE-2025-32990
* SECURITY UPDATE: double free when exporting othernames in SAN
- debian/patches/CVE-2025-32988.patch: remove erroneous
asn1_delete_structure calls on non-owned ext parameter in
_gnutls_write_new_othername in lib/x509/extensions.c.
- CVE-2025-32988
0
tuxcare-ubuntu20.04-els
gnutls-bin_3.6.13-2ubuntu1.12+tuxcare.els1_amd64.deb
2da7e7fd61e02fbe3ad189eb9d3d683a678924c4
gnutls-doc_3.6.13-2ubuntu1.12+tuxcare.els1_all.deb
c1b80e8dae211e690568807bd569e8725145b69e
guile-gnutls_3.6.13-2ubuntu1.12+tuxcare.els1_amd64.deb
3feb3f6479ea6ab91d028d7dc1aa48d2aa4e2cba
libgnutls-dane0_3.6.13-2ubuntu1.12+tuxcare.els1_amd64.deb
c7d111f484346abf05dd2cd459cb9455fd6a0c98
libgnutls-openssl27_3.6.13-2ubuntu1.12+tuxcare.els1_amd64.deb
b2362472ec13845b82bc924836b8705058f60e13
libgnutls28-dev_3.6.13-2ubuntu1.12+tuxcare.els1_amd64.deb
2f049e21b9eaebf7f1d5907bc1439cdf7bc0c001
libgnutls30_3.6.13-2ubuntu1.12+tuxcare.els1_amd64.deb
94820f4d6386841b44d0bd307582d1871135d06b
libgnutlsxx28_3.6.13-2ubuntu1.12+tuxcare.els1_amd64.deb
5d5aecdb1cb51071cc67071d6d0fa00a178ecd97
CLSA-2026:1776965343
Fix CVE(s): CVE-2022-29404
TuxCare License Agreement
0
* SECURITY UPDATE: DoS via unbounded request body in mod_lua
- debian/patches/CVE-2022-29404-part1.patch: set
AP_DEFAULT_LIMIT_REQ_BODY to 1GB in server/core.c, enforce
LimitRequestBody in ap_setup_client_block() in
modules/http/http_filters.c, remove redundant proxy check in
modules/proxy/mod_proxy_http.c.
- CVE-2022-29404
- Note: Part 2 (cast fix) was already applied.
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: DoS via unbounded request body in mod_lua
- debian/patches/CVE-2022-29404-part1.patch: set
AP_DEFAULT_LIMIT_REQ_BODY to 1GB in server/core.c, enforce
LimitRequestBody in ap_setup_client_block() in
modules/http/http_filters.c, remove redundant proxy check in
modules/proxy/mod_proxy_http.c.
- CVE-2022-29404
- Note: Part 2 (cast fix) was already applied.
0
tuxcare-ubuntu20.04-els
apache2_2.4.41-4ubuntu3.23+tuxcare.els2_amd64.deb
9d7ac645bbafa2b1c39c7525e3203d643073b21b
apache2-bin_2.4.41-4ubuntu3.23+tuxcare.els2_amd64.deb
9dec6ffecae41b13d3f6418c7b7809baa5fb4767
apache2-data_2.4.41-4ubuntu3.23+tuxcare.els2_all.deb
dc9cb0a657c015ed996a21de8421aa70a3442fa7
apache2-dev_2.4.41-4ubuntu3.23+tuxcare.els2_amd64.deb
5e4e3befd7ea1901097dd4483ea5bff3aa6ad1fa
apache2-doc_2.4.41-4ubuntu3.23+tuxcare.els2_all.deb
7f33232bfc495b66656b593314e3acb478eebeb3
apache2-ssl-dev_2.4.41-4ubuntu3.23+tuxcare.els2_amd64.deb
e71344f908895a77e25bffe35888fb35e156100e
apache2-suexec-custom_2.4.41-4ubuntu3.23+tuxcare.els2_amd64.deb
a692dd7a64a67aadf0b7b9797248efb587cdb719
apache2-suexec-pristine_2.4.41-4ubuntu3.23+tuxcare.els2_amd64.deb
695cb2048dd4171e4acc5eae19f353f9b0349649
apache2-utils_2.4.41-4ubuntu3.23+tuxcare.els2_amd64.deb
7bf23ee169924bb76aada29f7a5633a482af8003
libapache2-mod-md_2.4.41-4ubuntu3.23+tuxcare.els2_amd64.deb
60f7f934af2f1052fda3416f172e14f1bb2f4ccd
libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.23+tuxcare.els2_amd64.deb
6fb09f360da0b2752459c5863c43fc99fe2f760b
CLSA-2026:1777026478
Fix CVE(s): CVE-2026-34980
TuxCare License Agreement
0
* SECURITY UPDATE: control-character injection in scheduler option
handling
- debian/patches/CVE-2026-34980.patch: filter control characters
from IPP string option values and reject "special" PPD keywords
(cupsFilter, cupsFilter2, etc.) reported back by job filters to
prevent filter/command injection via crafted job options
- CVE-2026-34980
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: control-character injection in scheduler option
handling
- debian/patches/CVE-2026-34980.patch: filter control characters
from IPP string option values and reject "special" PPD keywords
(cupsFilter, cupsFilter2, etc.) reported back by job filters to
prevent filter/command injection via crafted job options
- CVE-2026-34980
0
tuxcare-ubuntu20.04-els
cups_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
eafd9b9b163c1cc8b36971c390afb58b7bd8c4fe
cups-bsd_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
94830c1eaf69a2eac19de3dd7b47ddc4da1af77b
cups-client_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
5dde839797a299520f09e9be91e16f78abf213a3
cups-common_2.3.1-9ubuntu1.9+tuxcare.els2_all.deb
025d224f98191215175c8b758e8e64ada5646654
cups-core-drivers_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
fd383200d6b55bb256b1008206e172c2ecffb537
cups-daemon_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
27f1de65f7f5dd692e3f88225491bd582b6e2078
cups-ipp-utils_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
39c077c38d12a5bc5590a0cf8052e19f8c4bb534
cups-ppdc_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
812b600d6341b09bb799be125206d92e4cc402c6
cups-server-common_2.3.1-9ubuntu1.9+tuxcare.els2_all.deb
2722b071f8ad4b83636e688a1398385a564310cd
libcups2_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
7fde2569878177aadb647e7dd9a4e2c202b9eed5
libcups2-dev_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
35e87ef95e305522f63257a79dd4cefea4e75633
libcupsimage2_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
87e6dfd14de40aca37ad4bb90922a4e68a67cd17
libcupsimage2-dev_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
bbb4c479be7321501e33b83923ffeeb52ba25631
CLSA-2026:1777070517
Fix CVE(s): CVE-2026-33900, CVE-2026-33905
TuxCare License Agreement
0
* SECURITY UPDATE: integer truncation in VIFF encoder leading to out-of-bounds heap write
- debian/patches/CVE-2026-33900.patch: add truncation check before
AcquireVirtualMemory() call in WriteVIFFImage() in coders/viff.c
- CVE-2026-33900
* SECURITY UPDATE: out-of-bounds read in SampleImage via sample:offset define
- debian/patches/CVE-2026-33905.patch: rewrite SampleImage() in
magick/resize.c to compute x_offset/y_offset per pixel and fetch a
single virtual pixel instead of indexing a preallocated row buffer
- CVE-2026-33905
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: integer truncation in VIFF encoder leading to out-of-bounds heap write
- debian/patches/CVE-2026-33900.patch: add truncation check before
AcquireVirtualMemory() call in WriteVIFFImage() in coders/viff.c
- CVE-2026-33900
* SECURITY UPDATE: out-of-bounds read in SampleImage via sample:offset define
- debian/patches/CVE-2026-33905.patch: rewrite SampleImage() in
magick/resize.c to compute x_offset/y_offset per pixel and fetch a
single virtual pixel instead of indexing a preallocated row buffer
- CVE-2026-33905
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_amd64.deb
dd01192e0b00a6cb41b830144d8fcce2f02554c6
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_all.deb
0d030f5310e36b2f9460cf895d10150935563dff
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_all.deb
6f9d3cae7ceb0d98e10434d24896051862c00543
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_amd64.deb
24ce11447d808b77e16822cfa2247fe0db769d07
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_amd64.deb
44f526856b137dac2b2808eb7231af6af12840fe
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_all.deb
f6cabf6757be288fe881c8adc43177c1d2fb2ea1
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_all.deb
267783ffd045bba44e2c76dddb59c05a2fb453ec
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_all.deb
7fdf217e3281bb02495ec3a2f6f52a707435bb5f
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_amd64.deb
f0d53be10c1c141d88517f76432c5d29c7a47577
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_amd64.deb
689b288d7d8fa7636b53432ca6d992eb99444154
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_all.deb
7a01b7f6fb2c544bc1278d9c59f9583f8d2017b6
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_amd64.deb
d80d12bf0a6ccf09fa5c30ceed092db0b28d8d52
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_amd64.deb
7ceece7fb7d588f40a8a0e6dc575d5fdc4488c21
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_amd64.deb
2667912fad0b4c47dee052672f10469c906fbaed
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_amd64.deb
4d4459e647621f0a206c9f988d4214edfde85b6d
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_all.deb
308aa4791cbe4ea77324d546cdee110060c4947f
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_amd64.deb
9d396481cc6daec656f07e5038fef959572b4d63
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_all.deb
91ea236474c0c9579baeec01044a393a2e7fece5
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_amd64.deb
5b55a9c9290719a21c5a5767390c93761b89afa6
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_amd64.deb
5b053105b19e2933e4e8b40e0d40c4d20a67b1df
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_amd64.deb
8e77bf7f9f288fa06cfb0e85b12a101d545d95f8
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_amd64.deb
212d4c52571825e0462b8d65ae7a31fe740db5f4
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_amd64.deb
bd1cbf5a94ca5eb8dbb2c4ebf8f9551bf2913ab4
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_amd64.deb
c11d833454b0653b1ec0aa7776592769626f90fe
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_all.deb
48c1f594933320bc5b928f05474fb3812f3e4329
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_all.deb
d39ef3f50a524d9c88a3bd0836cc1e4e2277a57e
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_amd64.deb
447ec7d02e36399f8e087bbc9ca3d4742b87e268
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_amd64.deb
0b2fc88d7c304de18bd4cb60087018bd64aa1e63
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_amd64.deb
c32ee4bd0cd8ff81c84e135b523c86553b6e48c2
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_amd64.deb
75d7cd69f589627447ad5d667101538504f2acf8
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_all.deb
8c3b2513f0897d488a9ef7413f9e897150cb25c0
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els25_all.deb
948fd55fe46df80aece98e107c0ba4fc18d23c48
CLSA-2026:1777296725
Fix CVE(s): CVE-2026-35414
TuxCare License Agreement
0
* SECURITY UPDATE: mishandling of authorized_keys principals option
- debian/patches/CVE-2026-35414.patch: replace match_list() with
xstrdup + strsep + exact strcmp in match_principals_option() in
auth2-pubkey.c, so certificate principals containing embedded
commas are no longer wrongly cross-matched.
- CVE-2026-35414
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: mishandling of authorized_keys principals option
- debian/patches/CVE-2026-35414.patch: replace match_list() with
xstrdup + strsep + exact strcmp in match_principals_option() in
auth2-pubkey.c, so certificate principals containing embedded
commas are no longer wrongly cross-matched.
- CVE-2026-35414
0
tuxcare-ubuntu20.04-els
openssh-client_8.2p1-4ubuntu0.13+tuxcare.els2_amd64.deb
9dd4c5be24232e421779af8b08a67b3211b4e001
openssh-server_8.2p1-4ubuntu0.13+tuxcare.els2_amd64.deb
144d7de05a1c0fea3bdf56b141dba32be368bcee
openssh-sftp-server_8.2p1-4ubuntu0.13+tuxcare.els2_amd64.deb
2e4174e0af781f35b73ab66022b1ff1aff64a6ce
openssh-tests_8.2p1-4ubuntu0.13+tuxcare.els2_amd64.deb
c2fb051b0731b15ab83a24031cd0fb021a4cc75c
ssh_8.2p1-4ubuntu0.13+tuxcare.els2_all.deb
144cc3e13fcba0867f7a80184f1ee428ace4520d
ssh-askpass-gnome_8.2p1-4ubuntu0.13+tuxcare.els2_amd64.deb
6a316c5541451338b205c7b6e0ab9ac766f08540
CLSA-2026:1777311274
Fix CVE(s): CVE-2026-22801, CVE-2026-25646
TuxCare License Agreement
0
* SECURITY UPDATE: Heap buffer over-read in png_write_image_* due to
truncation of ptrdiff_t row stride to png_uint_16
- debian/patches/CVE-2026-22801.patch: remove incorrect truncation
casts from png_write_image_16bit, png_write_image_8bit, and
png_image_write_main so large (>65535) and negative row strides
are handled correctly
- CVE-2026-22801
* SECURITY UPDATE: Heap buffer overflow in png_set_quantize due to
stale palette indices stored in the color distance hash table
- debian/patches/CVE-2026-25646.patch: store original palette
indices via palette_to_index in png_set_quantize so the
color-pruning loop does not read past the 769-element hash array
- CVE-2026-25646
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: Heap buffer over-read in png_write_image_* due to
truncation of ptrdiff_t row stride to png_uint_16
- debian/patches/CVE-2026-22801.patch: remove incorrect truncation
casts from png_write_image_16bit, png_write_image_8bit, and
png_image_write_main so large (>65535) and negative row strides
are handled correctly
- CVE-2026-22801
* SECURITY UPDATE: Heap buffer overflow in png_set_quantize due to
stale palette indices stored in the color distance hash table
- debian/patches/CVE-2026-25646.patch: store original palette
indices via palette_to_index in png_set_quantize so the
color-pruning loop does not read past the 769-element hash array
- CVE-2026-25646
0
tuxcare-ubuntu20.04-els
libpng-dev_1.6.37-2+tuxcare.els2_amd64.deb
9b6a9b3a3d144a97bfbb968c63ffd9e1709a13e8
libpng-tools_1.6.37-2+tuxcare.els2_amd64.deb
d5194d61df33e1a84cf2722022085205073eb5ea
libpng16-16_1.6.37-2+tuxcare.els2_amd64.deb
592b1a26b6676485ed215362b3afb5b75a71feab
CLSA-2026:1777321102
Fix CVE(s): CVE-2022-26923, CVE-2022-32743
TuxCare License Agreement
0
* SECURITY UPDATE: Samba AD DC did not enforce the Validated-DNS-Host-Name
write right, allowing an unprivileged authenticated user with machine
account write access (e.g. SeMachineAccountPrivilege) to set the
dNSHostName attribute to an arbitrary value, bypassing the MS-ADTS
requirement that it match <sAMAccountName-sans-$>.<dnsDomainName>.
This primitive is commonly chained with CVE-2022-26923 (Certifried) via
AD CS to forge a machine certificate and escalate to Domain Admin.
- debian/patches/CVE-2022-32743.patch
- CVE-2022-32743
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: Samba AD DC did not enforce the Validated-DNS-Host-Name
write right, allowing an unprivileged authenticated user with machine
account write access (e.g. SeMachineAccountPrivilege) to set the
dNSHostName attribute to an arbitrary value, bypassing the MS-ADTS
requirement that it match <sAMAccountName-sans-$>.<dnsDomainName>.
This primitive is commonly chained with CVE-2022-26923 (Certifried) via
AD CS to forge a machine certificate and escalate to Domain Admin.
- debian/patches/CVE-2022-32743.patch
- CVE-2022-32743
0
tuxcare-ubuntu20.04-els
ctdb_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els2_amd64.deb
6a7c3e2f4e9b60464fe9340b053092e439c49cd4
libnss-winbind_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els2_amd64.deb
3f8880fbb1d029f54926ade9680a30ce50becb4e
libpam-winbind_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els2_amd64.deb
29cb871ccbf25e193e71f39bf70c1e789a4d8a86
libsmbclient_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els2_amd64.deb
e2304416c5b4de16673900a1ddf08b104ab6755d
libsmbclient-dev_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els2_amd64.deb
7e23101c4fd547ff7052abd8259a7ed6f2ea9d9f
libwbclient-dev_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els2_amd64.deb
65b1787ce42f54b6fe4e0f8c79c76e3308f82ca9
libwbclient0_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els2_amd64.deb
e8d27119920f76388672bfd6b55f9439a5d8f80e
python3-samba_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els2_amd64.deb
19ec56e27748aab576285258137432113a97d11c
registry-tools_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els2_amd64.deb
5c22797fafef67ead494e286064918ba431e1312
samba_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els2_amd64.deb
e9c785a7cc7eefe4b7d2ec8197bd8f07a748642e
samba-common_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els2_all.deb
0933a816a2b834d2c7f0ec2ee94f2b7b3e2cda4b
samba-common-bin_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els2_amd64.deb
9dee1e46b5ff6b90da00c2c5b1e36d230d47696b
samba-dev_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els2_amd64.deb
3a163272895ffa8e4e425040143c9fc47ca85309
samba-dsdb-modules_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els2_amd64.deb
50187133539705b2bc7f43dd55fae1f8fefbd33b
samba-libs_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els2_amd64.deb
f0c990f7fa0f3e2f5cf66aeb46ab0006de653edd
samba-testsuite_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els2_amd64.deb
75b0acf3d2053a8ed1049fd99eb578ddfda1cafc
samba-vfs-modules_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els2_amd64.deb
adb45ba2e711c65b13a59b2bd0f50f9b7fa2bce7
smbclient_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els2_amd64.deb
7dee5a6dce271870a85221df5dd8057c7773db46
winbind_4.15.13+dfsg-0ubuntu0.20.04.8+tuxcare.els2_amd64.deb
f342607940d26c5bcaa7c80dbf93456a26cd13b5
CLSA-2026:1777305243
Fix CVE(s): CVE-2024-38286
TuxCare License Agreement
0
* SECURITY UPDATE: Denial of Service caused by unbounded TLS handshake
wrap queue in SecureNio2Channel / SecureNioChannel. Backport upstream
fix from 9.0.x commit 76c5cce6f0bcef14b0c21c38910371ca7d322d13.
- debian/patches/CVE-2024-38286.patch: cap the handshake wrap queue at
HANDSHAKE_WRAP_QUEUE_LENGTH_LIMIT (100) and close the connection
with a localised error message if the cap is exceeded, covering
both Nio2 and Nio connector variants. Also includes upstream
follow-up bfa5de95ad ("Avoid possible lost update") which converts
the SecureNio2Channel counter to AtomicInteger and resets it in
reset() to prevent a non-atomic read-modify-write race.
- CVE-2024-38286
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: Denial of Service caused by unbounded TLS handshake
wrap queue in SecureNio2Channel / SecureNioChannel. Backport upstream
fix from 9.0.x commit 76c5cce6f0bcef14b0c21c38910371ca7d322d13.
- debian/patches/CVE-2024-38286.patch: cap the handshake wrap queue at
HANDSHAKE_WRAP_QUEUE_LENGTH_LIMIT (100) and close the connection
with a localised error message if the cap is exceeded, covering
both Nio2 and Nio connector variants. Also includes upstream
follow-up bfa5de95ad ("Avoid possible lost update") which converts
the SecureNio2Channel counter to AtomicInteger and resets it in
reset() to prevent a non-atomic read-modify-write race.
- CVE-2024-38286
0
tuxcare-ubuntu20.04-els
libtomcat9-embed-java_9.0.31-1ubuntu0.9+tuxcare.els3_all.deb
9d9bac67ec702ce130bd725a04bc4c7b84b4fa64
libtomcat9-java_9.0.31-1ubuntu0.9+tuxcare.els3_all.deb
9ea9001494a5d805153d85a8b28214c3ea0011b3
tomcat9_9.0.31-1ubuntu0.9+tuxcare.els3_all.deb
120fe3f77807b58ec2aaab5c9de13334df9cb6d8
tomcat9-admin_9.0.31-1ubuntu0.9+tuxcare.els3_all.deb
cb36ab4c4b56489c817bca9376ac90ecf7545519
tomcat9-common_9.0.31-1ubuntu0.9+tuxcare.els3_all.deb
e97fbc52c26d8dddba23d06756908ecee9efe80a
tomcat9-docs_9.0.31-1ubuntu0.9+tuxcare.els3_all.deb
ec3779a4423f364cebe02d315ad5fcd20e3430bb
tomcat9-examples_9.0.31-1ubuntu0.9+tuxcare.els3_all.deb
12bd4df126432c253258fe4f93800e456ff8e1bf
tomcat9-user_9.0.31-1ubuntu0.9+tuxcare.els3_all.deb
5c00ff394a1b7e0ee8bedc5e086f9e9f37c46e18
CLSA-2026:1777368104
Fix CVE(s): CVE-2023-39810
TuxCare License Agreement
0
* SECURITY UPDATE: directory traversal in cpio extraction
- debian/patches/CVE-2023-39810.patch: add FEATURE_PATH_TRAVERSAL_PROTECTION
config option, call strip_unsafe_prefix() in data_extract_all.c to prevent
path traversal via ../ in archive filenames. Covers cpio, ar, rpm.
- Enable CONFIG_FEATURE_PATH_TRAVERSAL_PROTECTION=y in all build configs.
- debian/patches/CVE-2023-39810.patch: replace `echo -e` with `printf` in
the new cpio path-traversal testcase so it is portable to dash (the
Ubuntu /bin/sh).
- debian/testsuite-linux.diff: skip the pre-existing
"cpio uses by default uid/gid" test, which is fragile in the pbuilder
chroot (id -u returns 0 but source files retain uid=1000 from the
build worker, causing a spurious mismatch).
- debian/patches/CVE-2023-39810.patch: include the "1 blocks" summary
line that busybox cpio -vi emits (to stderr, merged via 2>&1) at
end-of-archive in the expected output of the new path-traversal
testcase; the functional check (file not written, exit 0) already
passed but the string-match failed because 1.30.1 always prints
"N blocks", matching the pattern used by other cpio tests in
testsuite/cpio.tests.
- debian/testsuite-linux.diff: skip the pre-existing hostname-d-works
test when the pbuilder chroot cannot resolve its own hostname via DNS
(no /etc/hosts entry for the build host).
- CVE-2023-39810
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: directory traversal in cpio extraction
- debian/patches/CVE-2023-39810.patch: add FEATURE_PATH_TRAVERSAL_PROTECTION
config option, call strip_unsafe_prefix() in data_extract_all.c to prevent
path traversal via ../ in archive filenames. Covers cpio, ar, rpm.
- Enable CONFIG_FEATURE_PATH_TRAVERSAL_PROTECTION=y in all build configs.
- debian/patches/CVE-2023-39810.patch: replace `echo -e` with `printf` in
the new cpio path-traversal testcase so it is portable to dash (the
Ubuntu /bin/sh).
- debian/testsuite-linux.diff: skip the pre-existing
"cpio uses by default uid/gid" test, which is fragile in the pbuilder
chroot (id -u returns 0 but source files retain uid=1000 from the
build worker, causing a spurious mismatch).
- debian/patches/CVE-2023-39810.patch: include the "1 blocks" summary
line that busybox cpio -vi emits (to stderr, merged via 2>&1) at
end-of-archive in the expected output of the new path-traversal
testcase; the functional check (file not written, exit 0) already
passed but the string-match failed because 1.30.1 always prints
"N blocks", matching the pattern used by other cpio tests in
testsuite/cpio.tests.
- debian/testsuite-linux.diff: skip the pre-existing hostname-d-works
test when the pbuilder chroot cannot resolve its own hostname via DNS
(no /etc/hosts entry for the build host).
- CVE-2023-39810
0
tuxcare-ubuntu20.04-els
busybox_1.30.1-4ubuntu6.5+tuxcare.els1_amd64.deb
51598372f0db0f4577b1ea80b7c54c720c48abb3
busybox-initramfs_1.30.1-4ubuntu6.5+tuxcare.els1_amd64.deb
915b3bd3c9112ca4e0edfa77fe0c4060c08856b2
busybox-static_1.30.1-4ubuntu6.5+tuxcare.els1_amd64.deb
f5b596d3a95f24cbc53c1a5b604f3ee862df3576
busybox-syslogd_1.30.1-4ubuntu6.5+tuxcare.els1_all.deb
ab7a6de216a77323f7982124ef09f882620d3d66
udhcpc_1.30.1-4ubuntu6.5+tuxcare.els1_amd64.deb
35e228d429cdded5435bd338b316e343d44a25af
udhcpd_1.30.1-4ubuntu6.5+tuxcare.els1_amd64.deb
3f89beb4d9d272f8f335270917678d7c84e5ec69
CLSA-2026:1777378650
Fix CVE(s): CVE-2023-26604
TuxCare License Agreement
0
* SECURITY UPDATE: systemctl may pass arbitrary shell commands from a
pager like more(1) that does not honor LESSSECURE, allowing privilege
escalation under sudo.
- debian/patches/CVE-2023-26604.patch: set LESSSECURE=1 when invoking
a pager, rename to SYSTEMD_PAGERSECURE, gate insecure pagers behind
sd_pid_get_owner_uid()/euid check, skip non-"less" pagers in secure
mode, and read the envvar via secure_getenv(). Squash of upstream
commits 612ebf6c91, 0a42426d79, and b8f736b30e (src/shared/pager.c
only; man-page hunks dropped).
- CVE-2023-26604
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: systemctl may pass arbitrary shell commands from a
pager like more(1) that does not honor LESSSECURE, allowing privilege
escalation under sudo.
- debian/patches/CVE-2023-26604.patch: set LESSSECURE=1 when invoking
a pager, rename to SYSTEMD_PAGERSECURE, gate insecure pagers behind
sd_pid_get_owner_uid()/euid check, skip non-"less" pagers in secure
mode, and read the envvar via secure_getenv(). Squash of upstream
commits 612ebf6c91, 0a42426d79, and b8f736b30e (src/shared/pager.c
only; man-page hunks dropped).
- CVE-2023-26604
0
tuxcare-ubuntu20.04-els
libnss-myhostname_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
2abb36a9a4d7c5c14f325ddec662c114c49acf99
libnss-mymachines_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
5537eeb6dfbbb93c1947d350f9a3347df60bcefe
libnss-resolve_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
963a31bc044ea38e41096e879d088d68d6ebd436
libnss-systemd_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
1429d0950ea92be594c36eba72292c89096a49c4
libpam-systemd_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
50afd490620b7d3dd98f34a42b7f500f1cb58f2f
libsystemd-dev_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
eb94c63476b2765bd6770fef51efc6f0e015c53d
libsystemd0_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
fc626371755493eb4bc7c43ae3ffe8e636e009ce
libudev-dev_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
c356396714d07bdd87ec95bc8556366d9825df35
libudev1_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
40f448f728f117355513e8beaf654d7d9a0b1471
systemd_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
304d24b89cbe091a521e79daa5bbf71b86abc5ac
systemd-container_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
1e4af9ff4812032ea1a7fefd683c32c31ed0e854
systemd-coredump_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
e4d2e223ef71b63a1cae0d55d7927a0486692ca0
systemd-journal-remote_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
5666ac56a5ddaba4920159e59e605b14e7a67893
systemd-sysv_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
6117ab8a6acb40dc416778fed6fc7d7535b2c402
systemd-tests_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
873b87d674e9361f69a41ad4c55b02b44164654b
systemd-timesyncd_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
cb30e8bf14cd6827c59d25af7bb20e8df412fe4f
udev_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
1f1bdc4bd540fdbc5be0bd5202cfc751668daf38
CLSA-2026:1777389615
Fix CVE(s): CVE-2024-45802
TuxCare License Agreement
0
* SECURITY UPDATE: multiple vulnerabilities in Edge Side Includes (ESI)
processing
- debian/rules: build with --disable-esi to remove the vulnerable
ESI response processor (matches the upstream Squid 6.10 default,
where ESI support is disabled by default).
- debian/control: drop libexpat1-dev and libxml2-dev Build-Depends
as they are no longer required when ESI is disabled.
- CVE-2024-45802
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: multiple vulnerabilities in Edge Side Includes (ESI)
processing
- debian/rules: build with --disable-esi to remove the vulnerable
ESI response processor (matches the upstream Squid 6.10 default,
where ESI support is disabled by default).
- debian/control: drop libexpat1-dev and libxml2-dev Build-Depends
as they are no longer required when ESI is disabled.
- CVE-2024-45802
0
tuxcare-ubuntu20.04-els
squid_4.10-1ubuntu1.13+tuxcare.els3_amd64.deb
c9f8444afb903efaaeb0a3063fdb3fc92a701555
squid-cgi_4.10-1ubuntu1.13+tuxcare.els3_amd64.deb
0a285ba4f6d0b5ff6cedef22fde320e24c796843
squid-common_4.10-1ubuntu1.13+tuxcare.els3_all.deb
574ce3b17b255955ef8530d95583e0d14145e95d
squid-purge_4.10-1ubuntu1.13+tuxcare.els3_amd64.deb
413f9d44329a2e78acb13373612c20e95a58fab8
squidclient_4.10-1ubuntu1.13+tuxcare.els3_amd64.deb
e50b0204416df229c7858d410eefd8bed9707ccf
CLSA-2026:1777397374
Fix CVE(s): CVE-2026-28390
TuxCare License Agreement
0
* SECURITY UPDATE: A NULL pointer dereference in rsa_cms_decrypt() when
processing CMS messages with RSA-OAEP encryption where pSourceFunc is
present but its parameters field is absent can trigger a crash, leading
to Denial of Service.
- debian/patches/CVE-2026-28390.patch: use X509_ALGOR_get0 and
ASN1_STRING_* accessors to safely parse pSourceFunc; duplicate the
OAEP label before handing it to EVP_PKEY_CTX_set0_rsa_oaep_label.
- CVE-2026-28390
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: A NULL pointer dereference in rsa_cms_decrypt() when
processing CMS messages with RSA-OAEP encryption where pSourceFunc is
present but its parameters field is absent can trigger a crash, leading
to Denial of Service.
- debian/patches/CVE-2026-28390.patch: use X509_ALGOR_get0 and
ASN1_STRING_* accessors to safely parse pSourceFunc; duplicate the
OAEP label before handing it to EVP_PKEY_CTX_set0_rsa_oaep_label.
- CVE-2026-28390
0
tuxcare-ubuntu20.04-els
libssl-dev_1.1.1f-1ubuntu2.24+tuxcare.els3_amd64.deb
263f518498cd5570206fffd5a42293fa83f83b89
libssl-doc_1.1.1f-1ubuntu2.24+tuxcare.els3_all.deb
c97187cc230ae6442ae967f8d340f953594ba1f0
libssl1.1_1.1.1f-1ubuntu2.24+tuxcare.els3_amd64.deb
d0784f6a161806a0a3088c7c21c20a61297cd34f
openssl_1.1.1f-1ubuntu2.24+tuxcare.els3_amd64.deb
8e92d12f4502c288607346c26c7a85c4f685bef4
CLSA-2026:1777453233
Fix CVE(s): CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945
TuxCare License Agreement
0
* OpenJDK 11.0.30 release, build 7.
- CVE-2026-21925: Improve JMX connections
- CVE-2026-21932: Enhance handling of URIs (AWT/JavaFX)
- CVE-2026-21933: Improve HttpServer request handling
- CVE-2026-21945: Enhance certificate checking
- Release notes:
https://mail.openjdk.org/pipermail/jdk-updates-dev/2026-January/051739.html
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* OpenJDK 11.0.30 release, build 7.
- CVE-2026-21925: Improve JMX connections
- CVE-2026-21932: Enhance handling of URIs (AWT/JavaFX)
- CVE-2026-21933: Improve HttpServer request handling
- CVE-2026-21945: Enhance certificate checking
- Release notes:
https://mail.openjdk.org/pipermail/jdk-updates-dev/2026-January/051739.html
0
tuxcare-ubuntu20.04-els
openjdk-11-demo_11.0.30+7-0ubuntu1~20.04+tuxcare.els1_amd64.deb
1ff09b536ac0ec4d5b6fbb287554978084ab5bb5
openjdk-11-doc_11.0.30+7-0ubuntu1~20.04+tuxcare.els1_all.deb
b57bbfb7d2477d40770d1c1596c58667baa58d2c
openjdk-11-jdk_11.0.30+7-0ubuntu1~20.04+tuxcare.els1_amd64.deb
186d419028a690bd8401e88319b6b2663dd20f3b
openjdk-11-jdk-headless_11.0.30+7-0ubuntu1~20.04+tuxcare.els1_amd64.deb
3eff7a269f8f78a61159a00400d44625e6c8c060
openjdk-11-jre_11.0.30+7-0ubuntu1~20.04+tuxcare.els1_amd64.deb
9bd87b8cabd7457adb2548bc7b7de7824ba5a7bf
openjdk-11-jre-headless_11.0.30+7-0ubuntu1~20.04+tuxcare.els1_amd64.deb
a98f833c395438ce95da68740ece8b110be3a20d
openjdk-11-jre-zero_11.0.30+7-0ubuntu1~20.04+tuxcare.els1_amd64.deb
aafa2a028177baecbe106e8a342e02f85fa797d7
openjdk-11-source_11.0.30+7-0ubuntu1~20.04+tuxcare.els1_all.deb
740ebc0dc1be2d45f1bd8f77e0d5ae077436ebeb
CLSA-2026:1777482797
Fix CVE(s): CVE-2026-29111
TuxCare License Agreement
0
* SECURITY UPDATE: stack overwriting via crafted cgroup path
- debian/patches/CVE-2026-29111.patch: validate input cgroup path
in method_get_unit_by_control_group with path_is_absolute() and
path_is_normalized() checks before passing to
manager_get_unit_by_cgroup().
- CVE-2026-29111
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: stack overwriting via crafted cgroup path
- debian/patches/CVE-2026-29111.patch: validate input cgroup path
in method_get_unit_by_control_group with path_is_absolute() and
path_is_normalized() checks before passing to
manager_get_unit_by_cgroup().
- CVE-2026-29111
0
tuxcare-ubuntu20.04-els
libnss-myhostname_245.4-4ubuntu3.24+tuxcare.els1_amd64.deb
599a6d29a9ef7dc856eda7e2984af8aad4b75967
libnss-mymachines_245.4-4ubuntu3.24+tuxcare.els1_amd64.deb
4bd9854b6c107a51424411fb35f0a5eb331b2653
libnss-resolve_245.4-4ubuntu3.24+tuxcare.els1_amd64.deb
360f91c997aeaa052175226dd17c009e4687aa6d
libnss-systemd_245.4-4ubuntu3.24+tuxcare.els1_amd64.deb
b2d051f6068f0d39df28309a8ad27ce410d639c1
libpam-systemd_245.4-4ubuntu3.24+tuxcare.els1_amd64.deb
aa7161ff7e5ff152f5300b185c38a7e917f50d18
libsystemd-dev_245.4-4ubuntu3.24+tuxcare.els1_amd64.deb
bf84e3b1b980307deb1b4e2b2aa9a79de59eb92c
libsystemd0_245.4-4ubuntu3.24+tuxcare.els1_amd64.deb
4f36cfd862993200ae9fd86301c146a8066d2fe6
libudev-dev_245.4-4ubuntu3.24+tuxcare.els1_amd64.deb
34b34251136d8a7f7cbc765d5a2b6f2b7fdc1ca6
libudev1_245.4-4ubuntu3.24+tuxcare.els1_amd64.deb
884b657c2c8670840348e0151dad3620ce1f5248
systemd_245.4-4ubuntu3.24+tuxcare.els1_amd64.deb
9e33b81dc4e807d53194aaa81fa6cc08e9797728
systemd-container_245.4-4ubuntu3.24+tuxcare.els1_amd64.deb
7ce273fdf24ee1d0809d271c3dddfa2b780db971
systemd-coredump_245.4-4ubuntu3.24+tuxcare.els1_amd64.deb
b945cce7fe3e413c30bbd5a7101eea13a57508a6
systemd-journal-remote_245.4-4ubuntu3.24+tuxcare.els1_amd64.deb
8c81e4d41b5e9aa486e26517051a914040c81800
systemd-sysv_245.4-4ubuntu3.24+tuxcare.els1_amd64.deb
0b92b1d9d25022f73f3910036b491f3f041fa756
systemd-tests_245.4-4ubuntu3.24+tuxcare.els1_amd64.deb
09fdd9c7ed923ade93896612d3cd724f2a26a857
systemd-timesyncd_245.4-4ubuntu3.24+tuxcare.els1_amd64.deb
e00c94b28fb12a214fbc39510e3fc9718d6cd1a4
udev_245.4-4ubuntu3.24+tuxcare.els1_amd64.deb
2d47a99a26513081009ba15bc6ec6894a08af6b9
CLSA-2026:1777548161
Fix CVE(s): CVE-2023-31486
TuxCare License Agreement
0
* SECURITY UPDATE: HTTP::Tiny does not verify TLS certificates by default
- debian/patches/CVE-2023-31486.patch: flip verify_SSL default from 0
to 1 in cpan/HTTP-Tiny/lib/HTTP/Tiny.pm; add
PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT escape-hatch env var; update
POD (SSL SUPPORT -> TLS/SSL SUPPORT, machine-in-the-middle, extra
CA search paths); add offline regression test
cpan/HTTP-Tiny/t/180_verify_SSL.t.
- CVE-2023-31486
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: HTTP::Tiny does not verify TLS certificates by default
- debian/patches/CVE-2023-31486.patch: flip verify_SSL default from 0
to 1 in cpan/HTTP-Tiny/lib/HTTP/Tiny.pm; add
PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT escape-hatch env var; update
POD (SSL SUPPORT -> TLS/SSL SUPPORT, machine-in-the-middle, extra
CA search paths); add offline regression test
cpan/HTTP-Tiny/t/180_verify_SSL.t.
- CVE-2023-31486
0
tuxcare-ubuntu20.04-els
libperl-dev_5.30.0-9ubuntu0.5+tuxcare.els1_amd64.deb
6b9cf28724c470cc95606c30242cff95b7f5a775
libperl5.30_5.30.0-9ubuntu0.5+tuxcare.els1_amd64.deb
17fc7c2772ca3d1c9ca409c83bbef1131e07dccc
perl_5.30.0-9ubuntu0.5+tuxcare.els1_amd64.deb
9b429f2d11dcadf2c77b34bfd34f1e63dfbe390e
perl-base_5.30.0-9ubuntu0.5+tuxcare.els1_amd64.deb
46fb604e6d59948a28b2ba61e62bf132ef1c8041
perl-debug_5.30.0-9ubuntu0.5+tuxcare.els1_amd64.deb
b8ba9fad680ba5c44f97f23e1fb65892feb347df
perl-doc_5.30.0-9ubuntu0.5+tuxcare.els1_all.deb
1264a6cf459944b457063177316add40cd95138d
perl-modules-5.30_5.30.0-9ubuntu0.5+tuxcare.els1_all.deb
1ff6c60bb469e93ff424ed9b809efb111465f459
CLSA-2026:1777552532
Fix CVE(s): CVE-2025-64720, CVE-2025-65018
TuxCare License Agreement
0
* No-source-change rebuild against libpng (>= 1.6.37-2+tuxcare.els2) to
pick up the libpng security fixes for:
- CVE-2025-64720: png_image_read_composite OOB read on palette images
with PNG_FLAG_OPTIMIZE_ALPHA (libpng < 1.6.51).
- CVE-2025-65018: png_image_finish_read heap buffer overflow on 16-bit
interlaced PNGs with 8-bit output (libpng < 1.6.51).
Both vulnerabilities live entirely in libpng (used in OpenJDK only via
the system libpng linked into libsplashscreen / AWT image decoding via
libsplashscreen --with-libpng=system); no OpenJDK source change is
required. The fix is delivered by the libpng rebuild
(build 69ef31c7922f4d8bf30fd637, libpng1.6 1.6.37-2+tuxcare.els2).
Bumping the Build-Depends floor on libpng-dev guarantees the fixed
headers/library are linked in this rebuild.
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* No-source-change rebuild against libpng (>= 1.6.37-2+tuxcare.els2) to
pick up the libpng security fixes for:
- CVE-2025-64720: png_image_read_composite OOB read on palette images
with PNG_FLAG_OPTIMIZE_ALPHA (libpng < 1.6.51).
- CVE-2025-65018: png_image_finish_read heap buffer overflow on 16-bit
interlaced PNGs with 8-bit output (libpng < 1.6.51).
Both vulnerabilities live entirely in libpng (used in OpenJDK only via
the system libpng linked into libsplashscreen / AWT image decoding via
libsplashscreen --with-libpng=system); no OpenJDK source change is
required. The fix is delivered by the libpng rebuild
(build 69ef31c7922f4d8bf30fd637, libpng1.6 1.6.37-2+tuxcare.els2).
Bumping the Build-Depends floor on libpng-dev guarantees the fixed
headers/library are linked in this rebuild.
0
tuxcare-ubuntu20.04-els
openjdk-11-demo_11.0.30+7-0ubuntu1~20.04+tuxcare.els2_amd64.deb
d4373130a7c9b1a6a4b22073a94dfcf2b279b999
openjdk-11-doc_11.0.30+7-0ubuntu1~20.04+tuxcare.els2_all.deb
794cca1b9289c7bb5f723ee4fed6fb09a8ff44fc
openjdk-11-jdk_11.0.30+7-0ubuntu1~20.04+tuxcare.els2_amd64.deb
c696658970f386f43c182e6996f1540b1d28e342
openjdk-11-jdk-headless_11.0.30+7-0ubuntu1~20.04+tuxcare.els2_amd64.deb
2312698d9fecc7379053f44f6ee1275e4c053602
openjdk-11-jre_11.0.30+7-0ubuntu1~20.04+tuxcare.els2_amd64.deb
304c5601038a479a7b5274281f962a081603738b
openjdk-11-jre-headless_11.0.30+7-0ubuntu1~20.04+tuxcare.els2_amd64.deb
6a48a51fa430e319f5b535e8e25e2c0fb5d27284
openjdk-11-jre-zero_11.0.30+7-0ubuntu1~20.04+tuxcare.els2_amd64.deb
54f887add89156f8b3b93dea7b266a10d7030e75
openjdk-11-source_11.0.30+7-0ubuntu1~20.04+tuxcare.els2_all.deb
45d2f88413f0966f85eefdc24ba8ccafd4dbdabd
CLSA-2026:1777556512
Fix CVE(s): CVE-2026-35385
TuxCare License Agreement
0
* SECURITY UPDATE: setuid/setgid bits preserved on scp downloads without -p
- debian/patches/CVE-2026-35385.patch: in legacy (-O) mode, OR 07000 into
the saved umask in sink() in scp.c so that setuid/setgid/sticky bits
are stripped from received files when -p is not specified.
- CVE-2026-35385
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: setuid/setgid bits preserved on scp downloads without -p
- debian/patches/CVE-2026-35385.patch: in legacy (-O) mode, OR 07000 into
the saved umask in sink() in scp.c so that setuid/setgid/sticky bits
are stripped from received files when -p is not specified.
- CVE-2026-35385
0
tuxcare-ubuntu20.04-els
openssh-client_8.2p1-4ubuntu0.13+tuxcare.els3_amd64.deb
801b7ec0a476f9ca16e3bfca2b3890a5c05884f9
openssh-server_8.2p1-4ubuntu0.13+tuxcare.els3_amd64.deb
e599cd25dcfdc44533edd7f3c21d50f3091692db
openssh-sftp-server_8.2p1-4ubuntu0.13+tuxcare.els3_amd64.deb
a950420dedec2c831144e463f7524a819b03a256
openssh-tests_8.2p1-4ubuntu0.13+tuxcare.els3_amd64.deb
2f73bda5667795a58fc20cbcc9ac96c9060185da
ssh_8.2p1-4ubuntu0.13+tuxcare.els3_all.deb
a12bef9772ba461c1c15f8af65d6b2d1d6b20115
ssh-askpass-gnome_8.2p1-4ubuntu0.13+tuxcare.els3_amd64.deb
92e41bfaeb335f4b918b4f6bf8510b2cf27f8f88
CLSA-2026:1777636990
Fix of 9 CVEs
TuxCare License Agreement
0
* CVE-2026-31431
- crypto: scatterwalk - Backport memcpy_sglist() {CVE-2026-31431}
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher
{CVE-2026-31431}
- crypto: algif_aead - Revert to operating out-of-place {CVE-2026-31431}
- crypto: algif_aead - snapshot IV for async AEAD requests {CVE-2026-31431}
- crypto: authenc - use memcpy_sglist() instead of null skcipher
{CVE-2026-31431}
- crypto: authencesn - Do not place hiseq at end of dst for out-of-place
decryption {CVE-2026-31431}
- crypto: authencesn - Fix src offset when decrypting in-place
{CVE-2026-31431}
- crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec
{CVE-2026-31431}
- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
{CVE-2026-31431}
- crypto: algif_aead - Fix minimum RX size check for decryption
{CVE-2026-31431}
* CVE-2022-49720
- block: Fix handling of offline queues in blk_mq_alloc_request_hctx()
{CVE-2022-49720}
* CVE-2024-49960
- ext4: fix timer use-after-free on failed mount {CVE-2024-49960}
* CVE-2025-71086
- net: rose: fix invalid array index in rose_kill_by_device() {CVE-2025-71086}
* CVE-2026-23073
- wifi: rsi: Fix memory corruption due to not set vif driver data size
{CVE-2026-23073}
* CVE-2022-49900
- i2c: piix4: Fix adapter not be removed in piix4_remove() {CVE-2022-49900}
* CVE-2022-43945
- NFSD: Protect against send buffer overflow in NFSv2 READ {CVE-2022-43945}
* Miscellaneous upstream changes
- team: fix check for port enabled in team_queue_override_port_prio_changed()
{CVE-2025-71091}
- scsi: aic94xx: fix use-after-free in device removal path {CVE-2025-71075}
- tuxcare: update version
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* CVE-2026-31431
- crypto: scatterwalk - Backport memcpy_sglist() {CVE-2026-31431}
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher
{CVE-2026-31431}
- crypto: algif_aead - Revert to operating out-of-place {CVE-2026-31431}
- crypto: algif_aead - snapshot IV for async AEAD requests {CVE-2026-31431}
- crypto: authenc - use memcpy_sglist() instead of null skcipher
{CVE-2026-31431}
- crypto: authencesn - Do not place hiseq at end of dst for out-of-place
decryption {CVE-2026-31431}
- crypto: authencesn - Fix src offset when decrypting in-place
{CVE-2026-31431}
- crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec
{CVE-2026-31431}
- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
{CVE-2026-31431}
- crypto: algif_aead - Fix minimum RX size check for decryption
{CVE-2026-31431}
* CVE-2022-49720
- block: Fix handling of offline queues in blk_mq_alloc_request_hctx()
{CVE-2022-49720}
* CVE-2024-49960
- ext4: fix timer use-after-free on failed mount {CVE-2024-49960}
* CVE-2025-71086
- net: rose: fix invalid array index in rose_kill_by_device() {CVE-2025-71086}
* CVE-2026-23073
- wifi: rsi: Fix memory corruption due to not set vif driver data size
{CVE-2026-23073}
* CVE-2022-49900
- i2c: piix4: Fix adapter not be removed in piix4_remove() {CVE-2022-49900}
* CVE-2022-43945
- NFSD: Protect against send buffer overflow in NFSv2 READ {CVE-2022-43945}
* Miscellaneous upstream changes
- team: fix check for port enabled in team_queue_override_port_prio_changed()
{CVE-2025-71091}
- scsi: aic94xx: fix use-after-free in device removal path {CVE-2025-71075}
- tuxcare: update version
0
tuxcare-ubuntu20.04-els
linux-buildinfo-5.4.0-228-tuxcare.els10-generic_5.4.0-228.248_amd64.deb
6b630e89df4265a6b8c30ecd139eac28751753c2
linux-buildinfo-5.4.0-228-tuxcare.els10-lowlatency_5.4.0-228.248_amd64.deb
9e087d908a4e75d6c7feb2cfb68f30252a3eeb8d
linux-cloud-tools-5.4.0-228-tuxcare.els10_5.4.0-228.248_amd64.deb
4cbdbba3c72ad833e19c83fa498537ca99f83fa5
linux-cloud-tools-5.4.0-228-tuxcare.els10-generic_5.4.0-228.248_amd64.deb
9fe41936817f53204cd2712b00d9888e65457090
linux-cloud-tools-5.4.0-228-tuxcare.els10-lowlatency_5.4.0-228.248_amd64.deb
b8b260f3faf1480430695314034b3f6e4d7d7614
linux-cloud-tools-common_5.4.0-228.248_all.deb
a68d71d5047dd12d336d62642ad3bc90468d31e9
linux-doc_5.4.0-228.248_all.deb
f984b07d72b0a1825016fee6dd0df565518493a7
linux-headers-5.4.0-228-tuxcare.els10_5.4.0-228.248_all.deb
230d1d0be59306130ed5dcea039723d17debba82
linux-headers-5.4.0-228-tuxcare.els10-generic_5.4.0-228.248_amd64.deb
05b89b1dbb3c7501c1dec48d0fd0c51048b816d8
linux-headers-5.4.0-228-tuxcare.els10-lowlatency_5.4.0-228.248_amd64.deb
766cda73170edd16097152a429517c32446145ec
linux-image-unsigned-5.4.0-228-tuxcare.els10-generic_5.4.0-228.248_amd64.deb
9d9b29661d9602fe6977c15b77d64237a4b2881b
linux-image-unsigned-5.4.0-228-tuxcare.els10-lowlatency_5.4.0-228.248_amd64.deb
ed4790cf182e89d0899dafc7d1186841c53e55f9
linux-libc-dev_5.4.0-228.248_amd64.deb
0a18f9320d109c4dbf55b0b5da54907c8d6bc4fb
linux-modules-5.4.0-228-tuxcare.els10-generic_5.4.0-228.248_amd64.deb
94d5ca3bb3d6c36f033608a806e32cb29f4f080a
linux-modules-5.4.0-228-tuxcare.els10-lowlatency_5.4.0-228.248_amd64.deb
d640962f772a091df7e4a9e83a0345015efe8761
linux-modules-extra-5.4.0-228-tuxcare.els10-generic_5.4.0-228.248_amd64.deb
915096e2a2a350eb8ee6a400f6aaacdbd03020da
linux-source-5.4.0_5.4.0-228.248_all.deb
77fe9eb15437f1413ebb3de4c26b2f875b2c474b
linux-tools-5.4.0-228-tuxcare.els10_5.4.0-228.248_amd64.deb
e2ee8fa2b9631306d82fd0913e11328842d17245
linux-tools-5.4.0-228-tuxcare.els10-generic_5.4.0-228.248_amd64.deb
d4b2f2f32c10a0663f270fa3aa04d8a1d838d055
linux-tools-5.4.0-228-tuxcare.els10-lowlatency_5.4.0-228.248_amd64.deb
d1ba7c1d7b780726cce50f35b9c2e36e5fbb1dd3
linux-tools-common_5.4.0-228.248_all.deb
8321bafd5d559d67b9974f0ebae62d71c6fdb376
linux-tools-host_5.4.0-228.248_all.deb
b78cceddcd514449ee79a07e0d8e3a82ecad133f
CLSA-2026:1777941636
Fix CVE(s): CVE-2026-4878
TuxCare License Agreement
0
* SECURITY UPDATE: TOCTOU race in cap_set_file()
- debian/patches/CVE-2026-4878.patch: lock onto the target file via an
O_PATH descriptor and operate via /proc/self/fd/N in libcap/cap_file.c
so that file capability changes cannot be redirected to an attacker-
controlled file by a local user with write access to a parent directory.
- CVE-2026-4878
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: TOCTOU race in cap_set_file()
- debian/patches/CVE-2026-4878.patch: lock onto the target file via an
O_PATH descriptor and operate via /proc/self/fd/N in libcap/cap_file.c
so that file capability changes cannot be redirected to an attacker-
controlled file by a local user with write access to a parent directory.
- CVE-2026-4878
0
tuxcare-ubuntu20.04-els
libcap-dev_2.32-1ubuntu0.2+tuxcare.els1_amd64.deb
86e02ab70a21e559268ccb0eb6c48404834979db
libcap2_2.32-1ubuntu0.2+tuxcare.els1_amd64.deb
e7257df0680f8a0cde5f0331f1bf0f5d7fe880b6
libcap2-bin_2.32-1ubuntu0.2+tuxcare.els1_amd64.deb
5c11e8beddd3a4ad39eba413cb65f1441ff569b5
libpam-cap_2.32-1ubuntu0.2+tuxcare.els1_amd64.deb
36537df44a41df81fd2c3f59e76fc5d7fd04f7e6
CLSA-2026:1777946894
Fix CVE(s): CVE-2022-0391, CVE-2022-45061, CVE-2024-7592, CVE-2026-4519
TuxCare License Agreement
0
* SECURITY UPDATE: URL parsing accepts ASCII tab/CR/LF (URL smuggling)
- debian/patches/CVE-2022-0391.patch: sanitise tab, CR, LF anywhere in
URL/scheme inside urlsplit() before cache lookup, plus regression
test in Lib/urlparse.py, Lib/test/test_urlparse.py.
- CVE-2022-0391
* SECURITY UPDATE: Quadratic complexity in IDNA decoding (DoS)
- debian/patches/CVE-2022-45061.patch: replace O(n) outer loop with a
single any() guard in nameprep(), plus regression test in
Lib/encodings/idna.py, Lib/test/test_codecs.py.
- CVE-2022-45061
* SECURITY UPDATE: ReDoS in Cookie._unquote (quadratic backslash parsing)
- debian/patches/CVE-2024-7592.patch: replace the quadratic _OctalPatt
/ _QuotePatt loop with a single linear re.sub-based decoder, plus
regression tests in Lib/Cookie.py, Lib/test/test_cookie.py.
- CVE-2024-7592
* SECURITY UPDATE: webbrowser.open() argument injection via leading dash
- debian/patches/CVE-2026-4519.patch: add BaseBrowser._check_url() and
call it from every browser open() to reject URLs whose first
non-whitespace char is '-', plus regression test in Lib/webbrowser.py,
Lib/test/test_webbrowser.py. Also backports upstream gh-148169
(commit d22922c8a7) to close the %action-substitution bypass: the
check is deferred until after %action substitution and the per-arg
replace() chain is reordered (%action before %s) so an attacker
cannot smuggle a leading dash via the URL.
- CVE-2026-4519
* BUILD: replace libdb-dev (<< 1:6.0) with libdb5.3-dev in
debian/control{,.in} so the build pulls the explicit Berkeley DB 5.3
development headers available on Ubuntu 20.04 ESM, instead of the
virtual libdb-dev package that is no longer satisfied in the ELS
build environment.
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: URL parsing accepts ASCII tab/CR/LF (URL smuggling)
- debian/patches/CVE-2022-0391.patch: sanitise tab, CR, LF anywhere in
URL/scheme inside urlsplit() before cache lookup, plus regression
test in Lib/urlparse.py, Lib/test/test_urlparse.py.
- CVE-2022-0391
* SECURITY UPDATE: Quadratic complexity in IDNA decoding (DoS)
- debian/patches/CVE-2022-45061.patch: replace O(n) outer loop with a
single any() guard in nameprep(), plus regression test in
Lib/encodings/idna.py, Lib/test/test_codecs.py.
- CVE-2022-45061
* SECURITY UPDATE: ReDoS in Cookie._unquote (quadratic backslash parsing)
- debian/patches/CVE-2024-7592.patch: replace the quadratic _OctalPatt
/ _QuotePatt loop with a single linear re.sub-based decoder, plus
regression tests in Lib/Cookie.py, Lib/test/test_cookie.py.
- CVE-2024-7592
* SECURITY UPDATE: webbrowser.open() argument injection via leading dash
- debian/patches/CVE-2026-4519.patch: add BaseBrowser._check_url() and
call it from every browser open() to reject URLs whose first
non-whitespace char is '-', plus regression test in Lib/webbrowser.py,
Lib/test/test_webbrowser.py. Also backports upstream gh-148169
(commit d22922c8a7) to close the %action-substitution bypass: the
check is deferred until after %action substitution and the per-arg
replace() chain is reordered (%action before %s) so an attacker
cannot smuggle a leading dash via the URL.
- CVE-2026-4519
* BUILD: replace libdb-dev (<< 1:6.0) with libdb5.3-dev in
debian/control{,.in} so the build pulls the explicit Berkeley DB 5.3
development headers available on Ubuntu 20.04 ESM, instead of the
virtual libdb-dev package that is no longer satisfied in the ELS
build environment.
0
tuxcare-ubuntu20.04-els
idle-python2.7_2.7.18-1~20.04.7+tuxcare.els1_all.deb
34bc9e211dcf7202884ff50d5458e373002868ad
libpython2.7_2.7.18-1~20.04.7+tuxcare.els1_amd64.deb
1727851323a3d8066d6c86e3277e52380f20c735
libpython2.7-dev_2.7.18-1~20.04.7+tuxcare.els1_amd64.deb
221957d55dd68467b6df000177ecf56d953dcef3
libpython2.7-minimal_2.7.18-1~20.04.7+tuxcare.els1_amd64.deb
a2152542da2cf0f128120a1bd2800a6626cc49a6
libpython2.7-stdlib_2.7.18-1~20.04.7+tuxcare.els1_amd64.deb
8a4d96965bedbfd0b75ab59d81293af9a0ca0818
libpython2.7-testsuite_2.7.18-1~20.04.7+tuxcare.els1_all.deb
580ea6e73775f002380651b0c31f45db1119499f
python2.7_2.7.18-1~20.04.7+tuxcare.els1_amd64.deb
308bb3c469bb02e6eb8938081048eb7f0ee56e18
python2.7-dev_2.7.18-1~20.04.7+tuxcare.els1_amd64.deb
5d27e15662aa9f5f27025b5d9adee131d5bc0fa9
python2.7-doc_2.7.18-1~20.04.7+tuxcare.els1_all.deb
e4768ed6a4d08e12934e8adbe94503e1523c28c1
python2.7-examples_2.7.18-1~20.04.7+tuxcare.els1_all.deb
d418e2e4f7e1ac23202a7c9e2f3f00b81a63783c
python2.7-minimal_2.7.18-1~20.04.7+tuxcare.els1_amd64.deb
2ba94f968154845cd582e6d3e51782cef6174d11
CLSA-2026:1778003336
Fix CVE(s): CVE-2026-0966
TuxCare License Agreement
0
* SECURITY UPDATE: heap buffer underflow in ssh_get_hexa() when called
with a NULL pointer or zero-length input
- debian/patches/CVE-2026-0966.patch: add NULL/zero-length input
validation in ssh_get_hexa(); add unit-test coverage
- CVE-2026-0966
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: heap buffer underflow in ssh_get_hexa() when called
with a NULL pointer or zero-length input
- debian/patches/CVE-2026-0966.patch: add NULL/zero-length input
validation in ssh_get_hexa(); add unit-test coverage
- CVE-2026-0966
0
tuxcare-ubuntu20.04-els
libssh-4_0.9.3-2ubuntu2.5+tuxcare.els5_amd64.deb
fb41dfebdc3ce9499a465900b9b41cd8b3563033
libssh-dev_0.9.3-2ubuntu2.5+tuxcare.els5_amd64.deb
01102ab4b0c8ad23c2666886bb25f34505c4b6ba
libssh-doc_0.9.3-2ubuntu2.5+tuxcare.els5_all.deb
2aea8561200604952cf92ec5be24a56695dd69e2
libssh-gcrypt-4_0.9.3-2ubuntu2.5+tuxcare.els5_amd64.deb
7743b365feeacb1e7e30132850169b29ea085e69
libssh-gcrypt-dev_0.9.3-2ubuntu2.5+tuxcare.els5_amd64.deb
801816c256da15898b520ff2232657114adb053e
CLSA-2026:1778003565
Fix CVE(s): CVE-2026-40684, CVE-2026-40685, CVE-2026-40687
TuxCare License Agreement
0
* SECURITY UPDATE: out-of-bounds read in DNS reverse-lookup escape
decoding when running against musl libc
- debian/patches/CVE-2026-40684.patch: harden string_copy_dnsdomain()
to consume 1, 2, or 3 digits incrementally instead of indexing past
the input string when fewer than 3 digits follow a backslash escape
- CVE-2026-40684
* SECURITY UPDATE: out-of-bounds heap write in JSON dewrap on malformed
header value ending in a trailing backslash
- debian/patches/CVE-2026-40685.patch: only skip a backslash in
dewrap() when followed by a non-NUL character
- CVE-2026-40685
* SECURITY UPDATE: SPA authenticator out-of-bounds write and
uninitialised-heap information disclosure
- debian/patches/CVE-2026-40687.patch: zero the spa_base64_to_bits()
output buffer to plug the infoleak; replace assert()-based length
guards in unicodeToString(), strToUnicode(), and toString() with
explicit length clamping to prevent OOB writes
- CVE-2026-40687
Critical
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: out-of-bounds read in DNS reverse-lookup escape
decoding when running against musl libc
- debian/patches/CVE-2026-40684.patch: harden string_copy_dnsdomain()
to consume 1, 2, or 3 digits incrementally instead of indexing past
the input string when fewer than 3 digits follow a backslash escape
- CVE-2026-40684
* SECURITY UPDATE: out-of-bounds heap write in JSON dewrap on malformed
header value ending in a trailing backslash
- debian/patches/CVE-2026-40685.patch: only skip a backslash in
dewrap() when followed by a non-NUL character
- CVE-2026-40685
* SECURITY UPDATE: SPA authenticator out-of-bounds write and
uninitialised-heap information disclosure
- debian/patches/CVE-2026-40687.patch: zero the spa_base64_to_bits()
output buffer to plug the infoleak; replace assert()-based length
guards in unicodeToString(), strToUnicode(), and toString() with
explicit length clamping to prevent OOB writes
- CVE-2026-40687
0
tuxcare-ubuntu20.04-els
exim4_4.93-13ubuntu1.12+tuxcare.els1_all.deb
92f33be4c5fa17d5512aceabb80a04d0a175140d
exim4-base_4.93-13ubuntu1.12+tuxcare.els1_amd64.deb
bbf2accdb9f6537edea0b8f780a4d147c8b55281
exim4-config_4.93-13ubuntu1.12+tuxcare.els1_all.deb
db7a8793dedb0705d2661bf12f60044cf9abcfc5
exim4-daemon-heavy_4.93-13ubuntu1.12+tuxcare.els1_amd64.deb
746a0da28111f8e564fe754d95726c3b3325418e
exim4-daemon-light_4.93-13ubuntu1.12+tuxcare.els1_amd64.deb
ada5266d7d9872c46aa6ff12b9e2f75f94a04acc
exim4-dev_4.93-13ubuntu1.12+tuxcare.els1_amd64.deb
26d8ec65c6be662ee64f5f77257acdd054fc95ad
eximon4_4.93-13ubuntu1.12+tuxcare.els1_amd64.deb
8ee5f7afb2104cbbde0cb6314b272928a2765ea9
CLSA-2026:1778054005
Fix CVE(s): CVE-2026-23918
TuxCare License Agreement
0
* SECURITY UPDATE: double free and possible remote code execution via
HTTP/2 stream double-purge in mod_http2
- debian/patches/CVE-2026-23918.patch: prevent double purge of a
stream by introducing add_for_purge() helper that checks for
duplicates before adding to the purge queue in
modules/http2/h2_mplx.c
- CVE-2026-23918
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: double free and possible remote code execution via
HTTP/2 stream double-purge in mod_http2
- debian/patches/CVE-2026-23918.patch: prevent double purge of a
stream by introducing add_for_purge() helper that checks for
duplicates before adding to the purge queue in
modules/http2/h2_mplx.c
- CVE-2026-23918
0
tuxcare-ubuntu20.04-els
apache2_2.4.41-4ubuntu3.23+tuxcare.els3_amd64.deb
319985688f2f3b4fa257be117e49f3470084e026
apache2-bin_2.4.41-4ubuntu3.23+tuxcare.els3_amd64.deb
46702d1a43da4494482f0769485f00e9f8afd247
apache2-data_2.4.41-4ubuntu3.23+tuxcare.els3_all.deb
2826df4b2656ac87676a1410b8baf3fcfb4f5c41
apache2-dev_2.4.41-4ubuntu3.23+tuxcare.els3_amd64.deb
09200488e25387802bccb7e9df71c3fd7956edab
apache2-doc_2.4.41-4ubuntu3.23+tuxcare.els3_all.deb
d4399dda7f44c07b5902ce2ab930795bef0f64fe
apache2-ssl-dev_2.4.41-4ubuntu3.23+tuxcare.els3_amd64.deb
696c88e3b7a49c12eafc2bf77bbb1986b038a90b
apache2-suexec-custom_2.4.41-4ubuntu3.23+tuxcare.els3_amd64.deb
2d6650ad64d09ce26bea394495c395b9d5ca650b
apache2-suexec-pristine_2.4.41-4ubuntu3.23+tuxcare.els3_amd64.deb
6e9f532de76d419eff2439c02ca2d0b35e721317
apache2-utils_2.4.41-4ubuntu3.23+tuxcare.els3_amd64.deb
d9bfa641609de176b97bfc84c11d7e428675d88d
libapache2-mod-md_2.4.41-4ubuntu3.23+tuxcare.els3_amd64.deb
cfd02196527d7f48e45f0ac878ba026b5ee06ca0
libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.23+tuxcare.els3_amd64.deb
e37a59f455236dccde5f3245d6533f20d44e6dc3
CLSA-2026:1778261513
Update of alt-php
TuxCare License Agreement
0
* Miscellaneous Ubuntu changes
- [Packaging]: add tuxcare suffix
* Miscellaneous upstream changes
- xfrm: esp: avoid in-place decrypt on shared skb frags
- rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* Miscellaneous Ubuntu changes
- [Packaging]: add tuxcare suffix
* Miscellaneous upstream changes
- xfrm: esp: avoid in-place decrypt on shared skb frags
- rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
0
tuxcare-ubuntu20.04-els
linux-buildinfo-5.4.0-229-tuxcare.els11-generic_5.4.0-229.249_amd64.deb
de597fad0593a36b730a86126a085925ba23648d
linux-buildinfo-5.4.0-229-tuxcare.els11-lowlatency_5.4.0-229.249_amd64.deb
ab53afdd593952780e35c7bfe4e1085fc0dfd4bb
linux-cloud-tools-5.4.0-229-tuxcare.els11_5.4.0-229.249_amd64.deb
f6d323380f2480ef1d16decbf6535a4a88fff1fc
linux-cloud-tools-5.4.0-229-tuxcare.els11-generic_5.4.0-229.249_amd64.deb
92a54cd4bad248e6489067bb3bdeaeb242cd6f8f
linux-cloud-tools-5.4.0-229-tuxcare.els11-lowlatency_5.4.0-229.249_amd64.deb
fae239d741acd241bc2f37f838edac35c8f5af6c
linux-cloud-tools-common_5.4.0-229.249_all.deb
f4d28131728e6e724357fca58cceaf688fa2726c
linux-doc_5.4.0-229.249_all.deb
adbdc9ec4f3f7f284feb57b3b4e67cf90af989bf
linux-headers-5.4.0-229-tuxcare.els11_5.4.0-229.249_all.deb
79a6a6480eb0a2735db934f66444d324f4169fd9
linux-headers-5.4.0-229-tuxcare.els11-generic_5.4.0-229.249_amd64.deb
999fd852fe6f7f36f2fddca1c2c631eb4385ced0
linux-headers-5.4.0-229-tuxcare.els11-lowlatency_5.4.0-229.249_amd64.deb
7582a85e8e3039fbf4d996a357be6aceb8e78371
linux-image-unsigned-5.4.0-229-tuxcare.els11-generic_5.4.0-229.249_amd64.deb
31f5a13417af181699384c2711686ea904b78d58
linux-image-unsigned-5.4.0-229-tuxcare.els11-lowlatency_5.4.0-229.249_amd64.deb
299eca78ab00b27c02804c95cf12ec8447eed6f7
linux-libc-dev_5.4.0-229.249_amd64.deb
df303202682f2ddaa2b8572f31eaf7e98bf7fc4f
linux-modules-5.4.0-229-tuxcare.els11-generic_5.4.0-229.249_amd64.deb
8fc7461ef5d8d5c7a5ecfa2ec659599c36527d2d
linux-modules-5.4.0-229-tuxcare.els11-lowlatency_5.4.0-229.249_amd64.deb
84fa39ee4e2b348daed84130ee45ccaf62364aa3
linux-modules-extra-5.4.0-229-tuxcare.els11-generic_5.4.0-229.249_amd64.deb
78ca9d59fb0689d73f7a77f8a0dbe57d35391e0c
linux-source-5.4.0_5.4.0-229.249_all.deb
7921c66b8298ebb62679ede8e977b248e13b8176
linux-tools-5.4.0-229-tuxcare.els11_5.4.0-229.249_amd64.deb
7b9bbd349c220e001935710dbb71003394feb332
linux-tools-5.4.0-229-tuxcare.els11-generic_5.4.0-229.249_amd64.deb
4a8c003500d4a6e38a96155c9ccb07fa9c0d7e9c
linux-tools-5.4.0-229-tuxcare.els11-lowlatency_5.4.0-229.249_amd64.deb
4a7576d9f794189b17e23d501713c841e3ef4e59
linux-tools-common_5.4.0-229.249_all.deb
58ece260a7662569e216c106b54150868556fc1c
linux-tools-host_5.4.0-229.249_all.deb
b50bfbb683942d864b2f8c95d4e8f0764eedff41
CLSA-2026:1778583971
Fix CVE(s): CVE-2026-28387, CVE-2026-28388
TuxCare License Agreement
0
* SECURITY UPDATE: A use-after-free / heap corruption in dane_match() of
the X.509 verifier where the cached DANE-matched certificate was freed
via OPENSSL_free() instead of X509_free(), bypassing the X509 reference
counting and freeing certificate fields that may still be referenced by
other holders. An attacker able to influence the DANE TLSA records used
during certificate verification can trigger memory corruption.
- debian/patches/CVE-2026-28387.patch: replace OPENSSL_free(dane->mcert)
with X509_free(dane->mcert) in dane_match() in crypto/x509/x509_vfy.c.
- CVE-2026-28387
* SECURITY UPDATE: A NULL pointer dereference in check_delta_base() of
the X.509 CRL verifier when a delta CRL lacks the CRL Number extension.
A remote attacker controlling a delta CRL can trigger a crash, leading
to Denial of Service in applications using -crl_check with -use_deltas.
- debian/patches/CVE-2026-28388.patch: NULL-check delta->crl_number
before passing it to ASN1_INTEGER_cmp() in check_delta_base() in
crypto/x509/x509_vfy.c, and ship the upstream test fixtures and
verify recipe.
- CVE-2026-28388
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: A use-after-free / heap corruption in dane_match() of
the X.509 verifier where the cached DANE-matched certificate was freed
via OPENSSL_free() instead of X509_free(), bypassing the X509 reference
counting and freeing certificate fields that may still be referenced by
other holders. An attacker able to influence the DANE TLSA records used
during certificate verification can trigger memory corruption.
- debian/patches/CVE-2026-28387.patch: replace OPENSSL_free(dane->mcert)
with X509_free(dane->mcert) in dane_match() in crypto/x509/x509_vfy.c.
- CVE-2026-28387
* SECURITY UPDATE: A NULL pointer dereference in check_delta_base() of
the X.509 CRL verifier when a delta CRL lacks the CRL Number extension.
A remote attacker controlling a delta CRL can trigger a crash, leading
to Denial of Service in applications using -crl_check with -use_deltas.
- debian/patches/CVE-2026-28388.patch: NULL-check delta->crl_number
before passing it to ASN1_INTEGER_cmp() in check_delta_base() in
crypto/x509/x509_vfy.c, and ship the upstream test fixtures and
verify recipe.
- CVE-2026-28388
0
tuxcare-ubuntu20.04-els
libssl-dev_1.1.1f-1ubuntu2.24+tuxcare.els4_amd64.deb
75c84e5d81974077afcc2de159bd856d4b8c44a0
libssl-doc_1.1.1f-1ubuntu2.24+tuxcare.els4_all.deb
c70bac3648925ad4ce9536f2aec452e9e95f4724
libssl1.1_1.1.1f-1ubuntu2.24+tuxcare.els4_amd64.deb
5078f54c5a87725764081ed0b4d7f97f9ec47695
openssl_1.1.1f-1ubuntu2.24+tuxcare.els4_amd64.deb
b1c07e6ee3e25368284288e934f627e7c3bdb2b8
CLSA-2026:1778750122
Fix CVE(s): CVE-2026-27857
TuxCare License Agreement
0
* SECURITY UPDATE: imap-login excessive memory usage DoS (ELSCVE-123445)
- debian/patches/CVE-2026-27857.patch: limit IMAP parser open list
count via new imap_parser_params struct; cap pre-auth
IMAP_LOGIN_LIST_COUNT_LIMIT to 1. Squashes upstream commits
825bc297, d0f67b52, af1fb4da, 3435e0d44.
- CVE-2026-27857
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: imap-login excessive memory usage DoS (ELSCVE-123445)
- debian/patches/CVE-2026-27857.patch: limit IMAP parser open list
count via new imap_parser_params struct; cap pre-auth
IMAP_LOGIN_LIST_COUNT_LIMIT to 1. Squashes upstream commits
825bc297, d0f67b52, af1fb4da, 3435e0d44.
- CVE-2026-27857
0
tuxcare-ubuntu20.04-els
dovecot-auth-lua_2.3.7.2-1ubuntu3.7+tuxcare.els1_amd64.deb
6af4d3c8eb56d952854146c750c6128e0bff2f84
dovecot-core_2.3.7.2-1ubuntu3.7+tuxcare.els1_amd64.deb
56e66f188804af78e11a862839ee8dd59d0a96e2
dovecot-dev_2.3.7.2-1ubuntu3.7+tuxcare.els1_amd64.deb
b9e078c932e6626392f44f6b0e6e08e60c677088
dovecot-gssapi_2.3.7.2-1ubuntu3.7+tuxcare.els1_amd64.deb
f56fda794b8e4d831f5338018727ea6cc4ff01c4
dovecot-imapd_2.3.7.2-1ubuntu3.7+tuxcare.els1_amd64.deb
241418d42b7f9b66c0826ac725d13c37f6fc0a3e
dovecot-ldap_2.3.7.2-1ubuntu3.7+tuxcare.els1_amd64.deb
26b4ccdeac6181b71c92a0decd3b57f350cd2ea7
dovecot-lmtpd_2.3.7.2-1ubuntu3.7+tuxcare.els1_amd64.deb
21e128503439588805af834cce550ad2dd92a408
dovecot-lucene_2.3.7.2-1ubuntu3.7+tuxcare.els1_amd64.deb
8cd0be397556ff370febb94f9df6d13c56ccd6b1
dovecot-managesieved_2.3.7.2-1ubuntu3.7+tuxcare.els1_amd64.deb
1325131603afba4613f5e0c8fd30a2b2329130ed
dovecot-mysql_2.3.7.2-1ubuntu3.7+tuxcare.els1_amd64.deb
fc4cb9b80a5ae261c086723ac35bc499175495d0
dovecot-pgsql_2.3.7.2-1ubuntu3.7+tuxcare.els1_amd64.deb
8fa1f3052fb52426356221a8bcc67d528d69f478
dovecot-pop3d_2.3.7.2-1ubuntu3.7+tuxcare.els1_amd64.deb
db91f362393e594e3e43d6e33833978f1569273c
dovecot-sieve_2.3.7.2-1ubuntu3.7+tuxcare.els1_amd64.deb
ffc0d5fc7e5eb7932f379a337aba0fdca4cf0546
dovecot-solr_2.3.7.2-1ubuntu3.7+tuxcare.els1_amd64.deb
9ec7f8e9296629a68d476fd5dca1cdfe4947da9f
dovecot-sqlite_2.3.7.2-1ubuntu3.7+tuxcare.els1_amd64.deb
4a566c17e92a36503119cba13a34ea40a444bdbe
dovecot-submissiond_2.3.7.2-1ubuntu3.7+tuxcare.els1_amd64.deb
d7a68071dbe462a626d9c7a9b685d3426cad5972
mail-stack-delivery_2.3.7.2-1ubuntu3.7+tuxcare.els1_all.deb
c4d0de74660625cd8d4fbe4f2ed1a8a023c0c879
CLSA-2026:1778767103
Fix CVE(s): CVE-2026-25576, CVE-2026-28688, CVE-2026-28690
TuxCare License Agreement
0
* Security:
- CVE-2026-25576: heap buffer over-read in raw pixel coders
- CVE-2026-28688: use-after-free in MSL encoder
- CVE-2026-28690: stack-based buffer overflow in MNG/JNG encoder
Moderate
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* Security:
- CVE-2026-25576: heap buffer over-read in raw pixel coders
- CVE-2026-28688: use-after-free in MSL encoder
- CVE-2026-28690: stack-based buffer overflow in MNG/JNG encoder
0
tuxcare-ubuntu20.04-els
imagemagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_amd64.deb
42037fea2d062e379851afd734d069d3d6d270ec
imagemagick-6-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_all.deb
f4bf9bd3b36bf6c60afb65a071ef8ea7ac026810
imagemagick-6-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_all.deb
a49f2515e260f41436d9463d41001c9044b45d78
imagemagick-6.q16_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_amd64.deb
8e3b03bc315011e053fe01cd49abe2acea785607
imagemagick-6.q16hdri_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_amd64.deb
a5b70aef4b816f4d2eaae786623eb9a96efeb097
imagemagick-common_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_all.deb
45c9fa70d7dc2452cf44a8684f6392daec98b158
imagemagick-doc_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_all.deb
074094beaf178a0d5265eaa9236f9de8cb85c0f3
libimage-magick-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_all.deb
675cbac606381444609bdbff771e029a1a273845
libimage-magick-q16-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_amd64.deb
dfa649e3fd35997750d91c960833899e383ea9cd
libimage-magick-q16hdri-perl_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_amd64.deb
806d3f1d7bac49157f20c29b3f6058e955b0ba66
libmagick++-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_all.deb
a405c0fcf12d059a1cbeb701bd215ae099934fff
libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_amd64.deb
7357f9cd1d304720120349bab0ac5996f3993cc8
libmagick++-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_amd64.deb
49f0275301ff0963d25365fabd2be5b36b47370b
libmagick++-6.q16hdri-8_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_amd64.deb
1e5fc97a86ee42b97fcbdd3ac201f29cf9347029
libmagick++-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_amd64.deb
3d84e6e650a1619f30837f918113b937336d67b0
libmagick++-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_all.deb
242d1e0b85b7d57ea16016ef50e4c05bee7de243
libmagickcore-6-arch-config_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_amd64.deb
36c16bc2a8075c7f2883b10e2d7666b14893cd08
libmagickcore-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_all.deb
494ea50eac371111970221bb52f68303697cbd9e
libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_amd64.deb
924e62ced841d9479d5b42988a1d7969f01ee8cb
libmagickcore-6.q16-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_amd64.deb
08d88e7165b5fc92881f758b69e2d784740d4b2c
libmagickcore-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_amd64.deb
546e1a01d815108806de772a281cbc98b99bde99
libmagickcore-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_amd64.deb
20fbb74bd2cba7bf3760604960871c65d99377ae
libmagickcore-6.q16hdri-6-extra_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_amd64.deb
df572331bc3236e1fc3df5926a268f2afc80905a
libmagickcore-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_amd64.deb
caa63106eaf04bfa1bbd7b86a3ad2d68315dbcca
libmagickcore-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_all.deb
526e8e9e9e3c2100a47d732759c4ec713773744d
libmagickwand-6-headers_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_all.deb
e5ea81b132203e55b537937d6a57653f08aedf06
libmagickwand-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_amd64.deb
938f8f25c9fa0f6802006cd6085930338c6acfd1
libmagickwand-6.q16-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_amd64.deb
b1786a54f4aa8bdebfe8a4abfeb1b1c695caed27
libmagickwand-6.q16hdri-6_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_amd64.deb
97f645c6e549a92f8eea24d06b0e19cc20bf5e09
libmagickwand-6.q16hdri-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_amd64.deb
b0eb98b43ce9b4fa252d410ed42438a34ad47b11
libmagickwand-dev_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_all.deb
02311bbc36ce43ecf7af0028fd8fcbd009bebc8d
perlmagick_6.9.10.23+dfsg-2.1ubuntu11.11+tuxcare.els26_all.deb
0085d9e858ac6b396752a3943e7813871aea424a
CLSA-2026:1778787692
Fix CVE(s): CVE-2026-7258, CVE-2026-7262, CVE-2026-7568
TuxCare License Agreement
0
* SECURITY UPDATE: NULL pointer dereference in SOAP apache:Map decoder
- debian/patches/CVE-2026-7262.patch: fix wrong variable checked in
to_zval_map() NULL check, changing if (!xmlKey) to if (!xmlValue)
- CVE-2026-7262
* SECURITY UPDATE: Signed integer overflow in metaphone() char array offset
- debian/patches/CVE-2026-7568.patch: widen w_idx in metaphone() and
how_far/idx in Lookahead() from int to size_t in
ext/standard/metaphone.c to prevent signed overflow on inputs
exceeding 2^31 bytes
- CVE-2026-7568
* SECURITY UPDATE: Denial of service via signed char passed to ctype functions
- debian/patches/CVE-2026-7258.patch: consistently cast chars to
unsigned char before all ctype.h calls (isxdigit, isdigit, isalpha,
isalnum, isspace, tolower, toupper) across 54 files including
ext/standard/url.c (php_url_decode, php_raw_url_decode) and
ext/standard/formatted_print.c, Zend/zend_virtual_cwd.c, and others
- CVE-2026-7258
Critical
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: NULL pointer dereference in SOAP apache:Map decoder
- debian/patches/CVE-2026-7262.patch: fix wrong variable checked in
to_zval_map() NULL check, changing if (!xmlKey) to if (!xmlValue)
- CVE-2026-7262
* SECURITY UPDATE: Signed integer overflow in metaphone() char array offset
- debian/patches/CVE-2026-7568.patch: widen w_idx in metaphone() and
how_far/idx in Lookahead() from int to size_t in
ext/standard/metaphone.c to prevent signed overflow on inputs
exceeding 2^31 bytes
- CVE-2026-7568
* SECURITY UPDATE: Denial of service via signed char passed to ctype functions
- debian/patches/CVE-2026-7258.patch: consistently cast chars to
unsigned char before all ctype.h calls (isxdigit, isdigit, isalpha,
isalnum, isspace, tolower, toupper) across 54 files including
ext/standard/url.c (php_url_decode, php_raw_url_decode) and
ext/standard/formatted_print.c, Zend/zend_virtual_cwd.c, and others
- CVE-2026-7258
0
tuxcare-ubuntu20.04-els
libapache2-mod-php7.4_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
b1bab3c52b467b3a0ba7c1ba2b927fb31d6ca88a
libphp7.4-embed_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
c6521eb272145ba02c6dbffa265bb7d1456caf1f
php7.4_7.4.3-4ubuntu2.29+tuxcare.els4_all.deb
b38000ba49bcd8d6b134b7f816789394b4b026bf
php7.4-bcmath_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
075233d5718569dabce7c861fbbf8e51ac7e4766
php7.4-bz2_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
a255eaf0a567bd23cbc4c14cf02a63b3b14f33f0
php7.4-cgi_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
d7ba6ab1cff2bd049a370e50efa9b5d2e180ad95
php7.4-cli_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
6946a4783ec535fd56341d38bc34d5b218e81afc
php7.4-common_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
fc8faf32a4bf6618def9860dc5ce7989cb103ec8
php7.4-curl_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
3ec4e0d0c1cdc9ede6d0f227c07d7060fca586a3
php7.4-dba_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
6c3d39961bb0d90fd2e1388921df17f3e57f5421
php7.4-dev_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
c2cfa1dbc6d1036c46fd630cdc1bdb4ddd047723
php7.4-enchant_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
5c25eb81a3a87b0625ea3657714f43f3f2040540
php7.4-fpm_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
5b0904e0a5ec380e7789f17faeff0b3925873f68
php7.4-gd_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
606f31674c8bc20c0e299e8e62dbbe49ffbe780c
php7.4-gmp_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
c66414cb8f1bff5153b078c578257d74568f0e33
php7.4-imap_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
39f7baf6e05151bbc6b58626e4856071fd55a6eb
php7.4-interbase_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
19e3584caf393d5ef76e571aa991dd5bb0c4159b
php7.4-intl_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
725559e2550cf34304b3745ce9241c6e1229b80c
php7.4-json_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
1b20bb2bb94ea6f89d0093f1aa16871ac55d2819
php7.4-ldap_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
3e3b775bc1d548faa6b6d906889ecd53564b3889
php7.4-mbstring_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
3f1eacbeff20c26cdef4fb0770233fe9cabbeb05
php7.4-mysql_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
68ffd99fe08d135c1f0910abe4554a99e17d556d
php7.4-odbc_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
61b40d96034b944c9804c45d1976b1351aa2616e
php7.4-opcache_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
59f03bd76df5a535155c4eabd83998499fd8058f
php7.4-pgsql_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
f20ed7836b1fa546e041bfb1efca08fe97e0cd33
php7.4-phpdbg_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
a1bf28a316225ac9254f24c1862f4bcd1e1788b2
php7.4-pspell_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
3e841c831632036636e65cbe2f04755c8fde6e4b
php7.4-readline_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
d541eccd3658d020e3d0a17195199c071f76d3e7
php7.4-snmp_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
0b17e5b8d3dc6f404602a57966d04823c5df0221
php7.4-soap_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
05bfe974df09dba090cf8638d801ebae1ff5aeda
php7.4-sqlite3_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
332522457dc5667d3fb6d82c587d27c91f548338
php7.4-sybase_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
8716099087a01187c5b318aacd3c77f4333ae6b0
php7.4-tidy_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
693a949003b15d4359a45b1266ae16671ef7dfcd
php7.4-xml_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
addca5394ab32de3128262a8220bbb908238812b
php7.4-xmlrpc_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
398d911745bb05984abb09a19861f21b3e1b9af6
php7.4-xsl_7.4.3-4ubuntu2.29+tuxcare.els4_all.deb
2e6370c0f7f37391c10a0b5c592396fd6f4d6439
php7.4-zip_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
13e2f4cf08f4a5d31e3dee0254be76cd4c5006be
CLSA-2026:1778832314
Fix CVE(s): CVE-2026-3833
TuxCare License Agreement
0
* SECURITY UPDATE: Certificate policy bypass via case-sensitive nameConstraints
- debian/patches/CVE-2026-3833.patch: replace memcmp with c_strncasecmp in
ends_with, email_ends_with, dnsname_matches and email_matches in
lib/x509/name_constraints.c so DNS labels and email domains are compared
case-insensitively per RFC 5280 7.2
- CVE-2026-3833
Critical
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: Certificate policy bypass via case-sensitive nameConstraints
- debian/patches/CVE-2026-3833.patch: replace memcmp with c_strncasecmp in
ends_with, email_ends_with, dnsname_matches and email_matches in
lib/x509/name_constraints.c so DNS labels and email domains are compared
case-insensitively per RFC 5280 7.2
- CVE-2026-3833
0
tuxcare-ubuntu20.04-els
gnutls-bin_3.6.13-2ubuntu1.12+tuxcare.els3_amd64.deb
902b1fe00b7ade18f6ea5c3565fdc40465aef729
gnutls-doc_3.6.13-2ubuntu1.12+tuxcare.els3_all.deb
e0853553be0c090f18f67fee662a4ef7048fe7a9
guile-gnutls_3.6.13-2ubuntu1.12+tuxcare.els3_amd64.deb
cf45122e384289064b1944b9ff2a40e348ca9413
libgnutls-dane0_3.6.13-2ubuntu1.12+tuxcare.els3_amd64.deb
00cf2b4d617366fa4557dd990e23d0d3f1617386
libgnutls-openssl27_3.6.13-2ubuntu1.12+tuxcare.els3_amd64.deb
9b60d126f5ca1fa83abf8fad39ef2001247a078a
libgnutls28-dev_3.6.13-2ubuntu1.12+tuxcare.els3_amd64.deb
c4c4dd41d14193a0d894fab14c978b471c5be845
libgnutls30_3.6.13-2ubuntu1.12+tuxcare.els3_amd64.deb
5e9eec7d842ea89883bd86563810b73a23ab06d2
libgnutlsxx28_3.6.13-2ubuntu1.12+tuxcare.els3_amd64.deb
4ad5aac860fb781d54f888e44b90c60baddb79f8
CLSA-2026:1778933429
Fix CVE(s): CVE-2024-11003, CVE-2024-48990, CVE-2024-48991, CVE-2024-48992
TuxCare License Agreement
0
* SECURITY UPDATE: drop usage of Module::ScanDeps to prevent LPE
- debian/patches/CVE-2024-11003.patch: drop usage of Module::ScanDeps to prevent LPE
- CVE-2024-11003
* SECURITY UPDATE: do not set PYTHONPATH environment variable to prevent a LPE
- debian/patches/CVE-2024-48990.patch: do not set PYTHONPATH environment variable to prevent a LPE
- CVE-2024-48990
* SECURITY UPDATE: prevent race condition on /proc/$PID/exec evaluation and fix chroot/mountns regression
- debian/patches/CVE-2024-48991.patch: prevent race condition on /proc/$PID/exec evaluation and fix chroot/mountns regression
- CVE-2024-48991
* SECURITY UPDATE: do not set RUBYLIB environment variable to prevent a LPE
- debian/patches/CVE-2024-48992.patch: do not set RUBYLIB environment variable to prevent a LPE
- CVE-2024-48992
Low
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: drop usage of Module::ScanDeps to prevent LPE
- debian/patches/CVE-2024-11003.patch: drop usage of Module::ScanDeps to prevent LPE
- CVE-2024-11003
* SECURITY UPDATE: do not set PYTHONPATH environment variable to prevent a LPE
- debian/patches/CVE-2024-48990.patch: do not set PYTHONPATH environment variable to prevent a LPE
- CVE-2024-48990
* SECURITY UPDATE: prevent race condition on /proc/$PID/exec evaluation and fix chroot/mountns regression
- debian/patches/CVE-2024-48991.patch: prevent race condition on /proc/$PID/exec evaluation and fix chroot/mountns regression
- CVE-2024-48991
* SECURITY UPDATE: do not set RUBYLIB environment variable to prevent a LPE
- debian/patches/CVE-2024-48992.patch: do not set RUBYLIB environment variable to prevent a LPE
- CVE-2024-48992
0
tuxcare-ubuntu20.04-els
needrestart_3.4-6ubuntu0.1+tuxcare.els1_all.deb
7c5b2c5f76806f875755ee8e522ce4d1530d676b
CLSA-2026:1778934026
Fix CVE(s): CVE-2026-42010
TuxCare License Agreement
0
* SECURITY UPDATE: Authentication bypass via NUL-byte truncation in RSA-PSK username lookup
- debian/patches/CVE-2026-42010.patch: replace strlen(info->username) with
info->username_len in _gnutls_proc_rsa_psk_client_kx in lib/auth/rsa_psk.c
to prevent NUL-byte truncation allowing username matching with truncated entries
- CVE-2026-42010
Critical
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: Authentication bypass via NUL-byte truncation in RSA-PSK username lookup
- debian/patches/CVE-2026-42010.patch: replace strlen(info->username) with
info->username_len in _gnutls_proc_rsa_psk_client_kx in lib/auth/rsa_psk.c
to prevent NUL-byte truncation allowing username matching with truncated entries
- CVE-2026-42010
0
tuxcare-ubuntu20.04-els
gnutls-bin_3.6.13-2ubuntu1.12+tuxcare.els4_amd64.deb
6bf69483e72050ca872926e4d5e5c4a9c5ece719
gnutls-doc_3.6.13-2ubuntu1.12+tuxcare.els4_all.deb
6f423cd7ea727d5ae7708ee8f597abcdb52c23d5
guile-gnutls_3.6.13-2ubuntu1.12+tuxcare.els4_amd64.deb
b466a6fcceb13bf21798ef09e8a1af4688c44ea2
libgnutls-dane0_3.6.13-2ubuntu1.12+tuxcare.els4_amd64.deb
9d0c88ba7ac7cb8768f45c88c4bc0eae49c80306
libgnutls-openssl27_3.6.13-2ubuntu1.12+tuxcare.els4_amd64.deb
78ad44ff7f572123c0cc7be87c77fa3012e2184f
libgnutls28-dev_3.6.13-2ubuntu1.12+tuxcare.els4_amd64.deb
203254b65ebe47f7ceb6b487ec2432ba0715855f
libgnutls30_3.6.13-2ubuntu1.12+tuxcare.els4_amd64.deb
5a760a79e4d976ca9fc72fcf7756bac7555a01a1
libgnutlsxx28_3.6.13-2ubuntu1.12+tuxcare.els4_amd64.deb
17dc12f6e5c6a649953aa73c0a4c24e4e924bb62
CLSA-2026:1778934210
Fix of 7 CVEs
TuxCare License Agreement
0
* SECURITY UPDATE: off-by-one OOB read in mod_proxy_ajp message getters
- debian/patches/CVE-2026-33857.patch: tighten length checks
(`> msg->len` -> `>= msg->len`) in ajp_msg_get_uint8/16/32 and
ajp_msg_peek_uint8/16 in modules/proxy/ajp_msg.c.
- CVE-2026-33857
* SECURITY UPDATE: heap over-read in mod_proxy_ajp via missing
null-termination check in ajp_msg_get_string()
- debian/patches/CVE-2026-34032.patch: switch the buffer overflow
check to compare against msg->len and verify the expected null
terminator is present before returning the pointer in
modules/proxy/ajp_msg.c.
- CVE-2026-34032
* SECURITY UPDATE: heap over-read and memory disclosure in
mod_proxy_ajp ajp_parse_data() via missing minimum message-length
validation
- debian/patches/CVE-2026-34059.patch: reject AJP data messages
whose `msg->len` is smaller than AJP_HEADER_LEN +
AJP_HEADER_SZ_LEN + 1 + 1 before computing expected_len in
modules/proxy/ajp_header.c.
- CVE-2026-34059
* SECURITY UPDATE: local information disclosure via .htaccess /
mod_setenvif / ProxyFCGISetEnvIf, where a non-privileged user
with .htaccess write access could read files accessible to the
httpd service account
- debian/patches/CVE-2026-24072.patch: pass
AP_EXPR_FLAG_RESTRICTED when parsing ap_expr expressions from
htaccess context in modules/mappers/mod_rewrite.c,
modules/metadata/mod_setenvif.c, and
modules/proxy/mod_proxy_fcgi.c.
- CVE-2026-24072
* SECURITY UPDATE: timing attack against mod_auth_digest allowing
bypass of Digest authentication
- debian/patches/CVE-2026-33006.patch: validate nonce and digest
lengths earlier and replace the strcmp of the nonce hash with
the constant-time apr_crypto_equals (apr-util >= 1.6) in
modules/aaa/mod_auth_digest.c; bump APU minimum to 1.6 in
configure.in.
- CVE-2026-33006
* SECURITY UPDATE: NULL pointer dereference in mod_authn_socache
crashes the child process in a caching forward proxy setup
- debian/patches/CVE-2026-33007.patch: validate the URL before
using the cache hash in construct_key() in
modules/aaa/mod_authn_socache.c.
- CVE-2026-33007
* SECURITY UPDATE: HTTP response splitting via newline/control
characters in an outgoing status line forwarded from a
compromised backend
- debian/patches/CVE-2026-33523.patch: reject status reason
strings that contain newlines or control characters in
modules/http/http_filters.c.
- CVE-2026-33523
Important
Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.
* SECURITY UPDATE: off-by-one OOB read in mod_proxy_ajp message getters
- debian/patches/CVE-2026-33857.patch: tighten length checks
(`> msg->len` -> `>= msg->len`) in ajp_msg_get_uint8/16/32 and
ajp_msg_peek_uint8/16 in modules/proxy/ajp_msg.c.
- CVE-2026-33857
* SECURITY UPDATE: heap over-read in mod_proxy_ajp via missing
null-termination check in ajp_msg_get_string()
- debian/patches/CVE-2026-34032.patch: switch the buffer overflow
check to compare against msg->len and verify the expected null
terminator is present before returning the pointer in
modules/proxy/ajp_msg.c.
- CVE-2026-34032
* SECURITY UPDATE: heap over-read and memory disclosure in
mod_proxy_ajp ajp_parse_data() via missing minimum message-length
validation
- debian/patches/CVE-2026-34059.patch: reject AJP data messages
whose `msg->len` is smaller than AJP_HEADER_LEN +
AJP_HEADER_SZ_LEN + 1 + 1 before computing expected_len in
modules/proxy/ajp_header.c.
- CVE-2026-34059
* SECURITY UPDATE: local information disclosure via .htaccess /
mod_setenvif / ProxyFCGISetEnvIf, where a non-privileged user
with .htaccess write access could read files accessible to the
httpd service account
- debian/patches/CVE-2026-24072.patch: pass
AP_EXPR_FLAG_RESTRICTED when parsing ap_expr expressions from
htaccess context in modules/mappers/mod_rewrite.c,
modules/metadata/mod_setenvif.c, and
modules/proxy/mod_proxy_fcgi.c.
- CVE-2026-24072
* SECURITY UPDATE: timing attack against mod_auth_digest allowing
bypass of Digest authentication
- debian/patches/CVE-2026-33006.patch: validate nonce and digest
lengths earlier and replace the strcmp of the nonce hash with
the constant-time apr_crypto_equals (apr-util >= 1.6) in
modules/aaa/mod_auth_digest.c; bump APU minimum to 1.6 in
configure.in.
- CVE-2026-33006
* SECURITY UPDATE: NULL pointer dereference in mod_authn_socache
crashes the child process in a caching forward proxy setup
- debian/patches/CVE-2026-33007.patch: validate the URL before
using the cache hash in construct_key() in
modules/aaa/mod_authn_socache.c.
- CVE-2026-33007
* SECURITY UPDATE: HTTP response splitting via newline/control
characters in an outgoing status line forwarded from a
compromised backend
- debian/patches/CVE-2026-33523.patch: reject status reason
strings that contain newlines or control characters in
modules/http/http_filters.c.
- CVE-2026-33523
0
tuxcare-ubuntu20.04-els
apache2_2.4.41-4ubuntu3.23+tuxcare.els4_amd64.deb
c3ef4d4ce18786768553b9bdd291e49bd1eab187
apache2-bin_2.4.41-4ubuntu3.23+tuxcare.els4_amd64.deb
c5116ae212c3879e21867b08994ee19068fbb8ab
apache2-data_2.4.41-4ubuntu3.23+tuxcare.els4_all.deb
610e910f6507372dca860571d2b626db6b207806
apache2-dev_2.4.41-4ubuntu3.23+tuxcare.els4_amd64.deb
37eecf7462a422f62b745558a98b8bf7e82536c1
apache2-doc_2.4.41-4ubuntu3.23+tuxcare.els4_all.deb
d56ae88cf5c3a3478548621087113fd67b0c6536
apache2-ssl-dev_2.4.41-4ubuntu3.23+tuxcare.els4_amd64.deb
eb05a8741724dcf59ce50fed52183c249f8a59b7
apache2-suexec-custom_2.4.41-4ubuntu3.23+tuxcare.els4_amd64.deb
ad95db3d63a09e77d58d1bf46842f9cc572e4322
apache2-suexec-pristine_2.4.41-4ubuntu3.23+tuxcare.els4_amd64.deb
8dba5ac7b6cd7141294570c2a25e02284ac31442
apache2-utils_2.4.41-4ubuntu3.23+tuxcare.els4_amd64.deb
5fba9373a00a7a9152a97926b8b985ab4901c413
libapache2-mod-md_2.4.41-4ubuntu3.23+tuxcare.els4_amd64.deb
594bf31a20cb7466797653b3e2812e6d038404e5
libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.23+tuxcare.els4_amd64.deb
f2c4cd8cea66b55b9fe46aeb8050fb37f185ea32