Aggregator

USN-8056-1: U-Boot vulnerabilities

Ubuntu Security Advisories
1 week 2 days ago
Simon Diepold discovered that U-Boot incorrectly handled certain DHCP responses. An attacker on the local network could possibly use this issue to obtain sensitive memory contents. (CVE-2024-42040) It was discovered that U-Boot incorrectly handled symlink size calculations in squashfs file systems. An attacker could use this issue with a specially crafted squashfs file system to cause U-Boot to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2024-57254) It was discovered that U-Boot incorrectly handled inode size calculations in squashfs file systems. An attacker could use this issue with a specially crafted squashfs file system to cause U-Boot to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2024-57255) It was discovered that U-Boot incorrectly handled inode size calculations in EXT4 file systems. An attacker could use this issue with a specially crafted EXT4 file system to cause U-Boot to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2024-57256) It was discovered that U-Boot incorrectly handled deep symlink nesting in squashfs file systems. An attacker could possibly use this issue with a specially crafted squashfs file system to cause U-Boot to crash, resulting in a denial of service. (CVE-2024-57257) It was discovered that U-Boot incorrectly handled memory allocation in squashfs file systems. An attacker could use this issue with a specially crafted squashfs file system to cause U-Boot to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2024-57258)

USN-8054-1: DjVuLibre vulnerabilities

Ubuntu Security Advisories
1 week 2 days ago
It was discovered that DjVuLibre could be forced to execute a division by zero in certain instances. A remote attacker could possibly use this issue to cause applications to stop responding or crash, resulting in a denial of service. (CVE-2021-46312) It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to stop responding or crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2025-53367)

avr-binutils-2.45-4.fc43.1

Fedora Security Advisories
1 week 3 days ago
FEDORA-2026-10cccbf560 Packages in this update:
  • avr-binutils-2.45-4.fc43.1
Update description:
  • fix CVE-2025-11083: heap-based overflow
  • fix CVE-2025-11082: heap-based overflow
  • fix CVE-2025-11081: out-of-bounds read

avr-binutils-2.45-4.fc42.1

Fedora Security Advisories
1 week 3 days ago
FEDORA-2026-405dab5af2 Packages in this update:
  • avr-binutils-2.45-4.fc42.1
Update description:
  • fix CVE-2025-11083: heap-based overflow
  • fix CVE-2025-11082: heap-based overflow
  • fix CVE-2025-11081: out-of-bounds read

cef-145.0.25^chromium145.0.7632.75-4.fc44

Fedora Security Advisories
1 week 5 days ago
FEDORA-2026-376794abc1 Packages in this update:
  • cef-145.0.25^chromium145.0.7632.75-4.fc44
Update description:

Update to cef-145.0.25 + chromium 145.0.7632.75

  • CVE-2026-1861: Heap buffer overflow in libvpx
  • CVE-2026-1862: Type Confusion in V8
  • CVE-2026-2313: Use after free in CSS
  • CVE-2026-2314: Heap buffer overflow in Codecs
  • CVE-2026-2315: Inappropriate implementation in WebGPU
  • CVE-2026-2316: Insufficient policy enforcement in Frames
  • CVE-2026-2317: Inappropriate implementation in Animation
  • CVE-2026-2318: Inappropriate implementation in PictureInPicture
  • CVE-2026-2319: Race in DevTools
  • CVE-2026-2320: Inappropriate implementation in File input
  • CVE-2026-2321: Use after free in Ozone
  • CVE-2026-2322: Inappropriate implementation in File input
  • CVE-2026-2323: Inappropriate implementation in Downloads
  • CVE-2026-2441: Use after free in CSS

cef-145.0.25^chromium145.0.7632.75-4.fc42

Fedora Security Advisories
1 week 5 days ago
FEDORA-2026-a48b5f36ec Packages in this update:
  • cef-145.0.25^chromium145.0.7632.75-4.fc42
Update description:

Update to cef-145.0.25 + chromium 145.0.7632.75

  • CVE-2026-1861: Heap buffer overflow in libvpx
  • CVE-2026-1862: Type Confusion in V8
  • CVE-2026-2313: Use after free in CSS
  • CVE-2026-2314: Heap buffer overflow in Codecs
  • CVE-2026-2315: Inappropriate implementation in WebGPU
  • CVE-2026-2316: Insufficient policy enforcement in Frames
  • CVE-2026-2317: Inappropriate implementation in Animation
  • CVE-2026-2318: Inappropriate implementation in PictureInPicture
  • CVE-2026-2319: Race in DevTools
  • CVE-2026-2320: Inappropriate implementation in File input
  • CVE-2026-2321: Use after free in Ozone
  • CVE-2026-2322: Inappropriate implementation in File input
  • CVE-2026-2323: Inappropriate implementation in Downloads
  • CVE-2026-2441: Use after free in CSS

cef-145.0.25^chromium145.0.7632.75-4.fc43

Fedora Security Advisories
1 week 5 days ago
FEDORA-2026-0bced5158d Packages in this update:
  • cef-145.0.25^chromium145.0.7632.75-4.fc43
Update description:

Update to cef-145.0.25 + chromium 145.0.7632.75

  • CVE-2026-1861: Heap buffer overflow in libvpx
  • CVE-2026-1862: Type Confusion in V8
  • CVE-2026-2313: Use after free in CSS
  • CVE-2026-2314: Heap buffer overflow in Codecs
  • CVE-2026-2315: Inappropriate implementation in WebGPU
  • CVE-2026-2316: Insufficient policy enforcement in Frames
  • CVE-2026-2317: Inappropriate implementation in Animation
  • CVE-2026-2318: Inappropriate implementation in PictureInPicture
  • CVE-2026-2319: Race in DevTools
  • CVE-2026-2320: Inappropriate implementation in File input
  • CVE-2026-2321: Use after free in Ozone
  • CVE-2026-2322: Inappropriate implementation in File input
  • CVE-2026-2323: Inappropriate implementation in Downloads
  • CVE-2026-2441: Use after free in CSS