Aggregator

Jelte Fennema-Nio discovered that the PostgreSQL CREATE STATISTICS command did not correctly check for schema CREATE privileges. An authenticated attacker could possibly use this issue to create a denial of service against other CREATE STATISTICS users. (CVE-2025-12817) Aleksey Solovev discovered that the PostgreSQL libpq client library incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause libpq to crash, resulting in a denial of service. (CVE-2025-12818)

FEDORA-2025-54d78b9fed Packages in this update:

• singularity-ce-4.3.5-1.fc42

Update description:

Upgrade to 4.3.5 upstream version.

FEDORA-2025-894ea1b6a5 Packages in this update:

• dr_libs-0^20251201.877b096-1.fc43

Update description: dr_flac v0.13.2 - 2025-12-02

• Improve robustness of the parsing of picture metadata to improve support for memory constrained embedded devices.
• Fix a warning about an assigned by unused variable.
• Improvements to drflac_open_and_read_pcm_frames_*() and family to avoid excessively large memory allocations from malformed files.

v0.13.1 - 2025-09-10

• Fix an error with the NXDK build.

dr_mp3 v0.7.2 - 2025-12-02

• Reduce stack space to improve robustness on embedded systems.
• Fix a compilation error with MSVC Clang toolset relating to cpuid.
• Fix an error with APE tag parsing.

The APE tag parsing defect may have security implications, github.com/mackron/dr_libs/issues/291.

v0.7.1 - 2025-09-10

• Silence a warning with GCC.
• Fix an error with the NXDK build.
• Fix a decoding inconsistency when seeking. Prior to this change, reading to the end of the stream immediately after initializing will result in a different number of samples read than if the stream is seeked to the start and read to the end.

dr_wav v0.14.2 - 2025-12-02

• Fix a compilation warning.

v0.14.1 - 2025-09-10

• Fix an error with the NXDK build.

FEDORA-2025-5ad0214a85 Packages in this update:

• singularity-ce-4.3.5-1.fc43

Update description:

Upgrade to 4.3.5 upstream version.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - Hardware monitoring drivers; - InfiniBand drivers; - Mailbox framework; - Network drivers; - AFS file system; - Ceph distributed file system; - Network file system (NFS) server daemon; - NILFS2 file system; - File systems infrastructure; - KVM subsystem; - L3 Master device support module; - Tracing infrastructure; - Memory management; - Appletalk network protocol; - Netfilter; - Open vSwitch; (CVE-2021-47385, CVE-2022-49026, CVE-2022-49390, CVE-2024-49935, CVE-2024-49963, CVE-2024-50067, CVE-2024-50095, CVE-2024-50179, CVE-2024-53090, CVE-2024-53112, CVE-2024-53217, CVE-2024-58083, CVE-2025-21715, CVE-2025-21722, CVE-2025-21761, CVE-2025-21791, CVE-2025-21811, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666, CVE-2025-39964, CVE-2025-40018)

Version:5.4.302 (EOL) (longterm) Released:2025-12-03 Source:linux-5.4.302.tar.xz PGP Signature:linux-5.4.302.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.4.302

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - Cryptographic API; - Android drivers; - TTY drivers; - F2FS file system; - 9P file system network protocol; (CVE-2025-40025, CVE-2025-40026, CVE-2025-40027, CVE-2025-40028, CVE-2025-40108, CVE-2025-40109)

FEDORA-2025-dd47e79eb8 Packages in this update:

• cef-142.0.17^chromium142.0.7444.175-1.fc42

Update description:

Update to cef-142.0.17+g60aac24 & chromium 142.0.7444.175 (rhbz#2413981)

• High CVE-2025-13223: Type Confusion in V8
• High CVE-2025-13224: Type Confusion in V8

FEDORA-2025-d488db69f0 Packages in this update:

• cef-142.0.17^chromium142.0.7444.175-1.fc43

Update description:

Update to cef-142.0.17+g60aac24 & chromium 142.0.7444.175 (rhbz#2413981)

• High CVE-2025-13223: Type Confusion in V8
• High CVE-2025-13224: Type Confusion in V8

It was discovered that KDE Connect incorrectly handled device IDs. An attacker could possibly use this issue to bypass authentication and connect an unpaired device.

Piotr Kajda discovered that Ghostscript incorrectly handled writing certain files. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service.

Version:next-20251203 (linux-next) Released:2025-12-03

FEDORA-2025-e110b32ac7 Packages in this update:

• xkbcomp-1.5.0-1.fc42

Update description:

xkbcomp 1.5.0 (CVE-2018-15853, CVE-2018-15859, CVE-2018-15861, CVE-2018-15863)

FEDORA-2025-3a9b79ca0e Packages in this update:

• xkbcomp-1.5.0-1.fc43

Update description:

xkbcomp 1.5.0 (CVE-2018-15853, CVE-2018-15859, CVE-2018-15861, CVE-2018-15863)

FEDORA-EPEL-2025-0fa35909c3 Packages in this update:

• apptainer-1.4.5-1.el10_2

Update description:

Update to upstream 1.4.5, including a fix for CVE-2025-65105

FEDORA-EPEL-2025-066c32c492 Packages in this update:

• apptainer-1.4.5-1.el10_1

Update description:

Update to upstream 1.4.5, including a fix for CVE-2025-65105

FEDORA-EPEL-2025-730a1d821d Packages in this update:

• apptainer-1.4.5-1.el8

Update description:

Update to upstream 1.4.5, including a fix for CVE-2025-65105

FEDORA-2025-39d2a94670 Packages in this update:

• apptainer-1.4.5-1.fc41

Update description:

Update to upstream 1.4.5, including a fix for CVE-2025-65105

FEDORA-2025-a3e04f92cc Packages in this update:

• apptainer-1.4.5-1.fc43

Update description:

Update to upstream 1.4.5, including a fix for CVE-2025-65105