What you need to know today.
Command injection in 'network' package, Linux kernel fixes, and GIMP/libzypp vulnerabilities lead today's security brief.

A command injection vulnerability in the network package, versions prior to 0.7.0, allows attackers to execute arbitrary commands by exploiting the child_process.exec function without proper input sanitization. This flaw, identified as CVE-2024-21488, is particularly concerning due to the potential for remote code execution if user-controlled input is passed to the mac_address_for function. Developers should update to version 0.7.0 or later to mitigate this risk.
Several vulnerabilities have been addressed in the Linux kernel, including a refcount leak in p9_read_work() error handling (CVE-2022-50114), a memory leak in nsim_dev->fa_cookie within netdevsim (CVE-2022-49803), and a null pointer dereference prevention in the dlm module when writing to event_done (CVE-2025-23131). These issues, while not indicating active exploitation, highlight the ongoing need for kernel maintenance and timely patching to prevent potential system instability or security compromises.
A heap buffer overflow vulnerability in GIMP's Paint Shop Pro (PSP) file format parser (CVE-2026-58379) could allow remote attackers to achieve arbitrary code execution or a denial of service by tricking users into opening specially crafted files. Additionally, a relative path traversal flaw in libzypp's keyhint option during repomd.xml parsing (CVE-2026-44941) enables attackers to inject or overwrite files as root if they can supply a malicious repository. Both vulnerabilities, affecting Debian systems and libzypp respectively, underscore the importance of validating external inputs and maintaining up-to-date software.
The Open Asset Import Library (Assimp) contains a vulnerability in its PLY Model Handler component (CVE-2026-14604) within the Assimp::Exporter::ExportToBlob function. This flaw can be triggered by manipulating the PLY model, potentially leading to code execution or denial of service. Users of Assimp, particularly those processing PLY files, should ensure they are using versions later than 6.0.4.