Package-Management

🟠 High | Source: Microsoft Security Response Center CVE-2026-9149 is a heap buffer overflow vulnerability in libsolv, an open-source dependency resolver library used in Linux package management. The flaw can be triggered by a specially crafted .solv file that supplies a negative maxsize value, causing memory corruption in the repo_add_solv function. This matters because libsolv is widely used in Linux-based environments, including Azure workloads, and memory corruption bugs of this nature can potentially lead to arbitrary code execution. ...

🟠 High | Source: Microsoft Security Response Center CVE-2026-9150 is a stack-based buffer overflow vulnerability in libsolv, an open-source dependency resolution library, specifically within its Debian metadata parser when processing SHA-384 or SHA-512 checksums. An attacker who can supply malicious package metadata could potentially trigger the overflow to execute arbitrary code or crash affected services. This vulnerability is relevant to Azure environments that rely on libsolv for package management operations, such as those running Linux-based workloads or services that consume package repositories. ...