Aggregator

It was discovered that Django incorrectly handled certain characters in the FilteredRelation object. An attacker could possibly use this issue to execute arbitrary SQL commands. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-13372) Seokchan Yoon discovered that Django inefficiently handled deserialization of XML objects. An attacker could possibly use this issue to cause Django to use excessive resources, causing a denial of service. (CVE-2025-64460)

USN-7855-1 fixed vulnerabilities in Unbound. It was discovered that the fix for CVE-2025-11411 was incomplete. This update fixes the problem. Original advisory details: Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan discovered that Unbound incorrectly handled certain promiscuous NS RRSets. A remote attacker could possibly use this issue to perform a domain hijack attack.

FEDORA-2025-47551b2aa2 Packages in this update:

• perl-CGI-Simple-1.282-1.fc42

Update description:

1.282 - Sanitize all user-supplied values before inserting into HTTP headers; Fixed CVE-2025-40927.

FEDORA-2025-3dd97ed203 Packages in this update:

• perl-CGI-Simple-1.282-1.fc43

Update description:

1.282 - Sanitize all user-supplied values before inserting into HTTP headers; Fixed CVE-2025-40927.

Version:next-20251202 (linux-next) Released:2025-12-02

Jinfeng Guo discovered that the Security component of CRaC JDK 25 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. (CVE-2025-53057) Darius Bohni discovered that the JAXP component of CRaC JDK 25 was vulnerable to a XML External Entity (XEE) attack. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. (CVE-2025-53066) Yakov Shafranovich discovered that the Libraries component of CRaC JDK 25 contained an issue where certain Strings built with StringBuilder returned an incorrect result for String.equals() checks. An unauthenticated remote attacker could possibly use this issue to update, insert, or delete accessible data. (CVE-2025-61748) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-10-21

Jinfeng Guo discovered that the Security component of CRaC JDK 21 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. (CVE-2025-53057) Darius Bohni discovered that the JAXP component of CRaC JDK 21 was vulnerable to a XML External Entity (XEE) attack. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. (CVE-2025-53066) Yakov Shafranovich discovered that the Libraries component of CRaC JDK 21 contained an issue where certain Strings built with StringBuilder returned an incorrect result for String.equals() checks. An unauthenticated remote attacker could possibly use this issue to update, insert, or delete accessible data. (CVE-2025-61748) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-10-21

Jinfeng Guo discovered that the Security component of CRaC JDK 17 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. (CVE-2025-53057) Darius Bohni discovered that the JAXP component of CRaC JDK 17 was vulnerable to a XML External Entity (XEE) attack. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. (CVE-2025-53066) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-10-21

It was discovered that GNU binutils could be forced to perform an out- of-bounds read in certain instances. An attacker with local access to a system could possibly use this issue to cause a denial of service. (CVE-2025-11839, CVE-2025-11840) It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2025-8225) It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2025-5244, CVE-2025-5245) It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-3198) It was discovered that GNU binutils incorrectly handled certain files. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2025-1182) It was discovered that ld in GNU binutils incorrectly handled certain files. An attacker could possibly use this issue to cause a crash, expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2025-1181) It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash, expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 25.04. (CVE-2025-1153) It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2025-0840)

FEDORA-EPEL-2025-51d4080725 Packages in this update:

• imhex-1.37.4-3.el9
• lunasvg-3.5.0-1.el9

Update description:

• Unbundle plutovg from lunasvg, this avoids shipping a duplicate library with conflicting files.
• Update lunasvg to consume the plutovg version already available in the repositories and to fix various CVEs.
• Rebuild imhex for the updated lunasvg.

FEDORA-EPEL-2025-00dab21def Packages in this update:

• imhex-1.37.4-3.el10_1
• lunasvg-3.5.0-1.el10_1

Update description:

• Unbundle plutovg from lunasvg, this avoids shipping a duplicate library with conflicting files.
• Update lunasvg to consume the plutovg version already available in the repositories and to fix various CVEs.
• Rebuild imhex for the updated lunasvg.

FEDORA-EPEL-2025-85c58e7712 Packages in this update:

• imhex-1.37.4-3.el10_2
• lunasvg-3.5.0-1.el10_2

Update description:

• Unbundle plutovg from lunasvg, this avoids shipping a duplicate library with conflicting files.
• Update lunasvg to consume the plutovg version already available in the repositories and to fix various CVEs.
• Rebuild imhex for the updated lunasvg.

Version:6.17.10 (stable) Released:2025-12-01 Source:linux-6.17.10.tar.xz PGP Signature:linux-6.17.10.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.17.10

Version:6.12.60 (longterm) Released:2025-12-01 Source:linux-6.12.60.tar.xz PGP Signature:linux-6.12.60.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.60

Version:6.6.118 (longterm) Released:2025-12-01 Source:linux-6.6.118.tar.xz PGP Signature:linux-6.6.118.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.118

FEDORA-2025-9b6b49071f Packages in this update:

• imhex-1.37.4-3.fc42
• lunasvg-3.5.0-1.fc42

Update description:

• Unbundle plutovg from lunasvg, this avoids shipping a duplicate library with conflicting files.
• Update lunasvg to consume the plutovg version already available in the repositories and to fix various CVEs.
• Rebuild imhex for the updated lunasvg.

FEDORA-2025-58c0baba42 Packages in this update:

• imhex-1.37.4-3.fc43
• lunasvg-3.5.0-1.fc43

Update description:

• Unbundle plutovg from lunasvg, this avoids shipping a duplicate library with conflicting files.
• Update lunasvg to consume the plutovg version already available in the repositories and to fix various CVEs.
• Rebuild imhex for the updated lunasvg.

FEDORA-2025-49d2ea998c Packages in this update:

• imhex-1.37.4-3.fc44
• lunasvg-3.5.0-1.fc44

Update description:

• Unbundle plutovg from lunasvg, this avoids shipping a duplicate library with conflicting files.
• Update lunasvg to consume the plutovg version already available in the repositories and to fix various CVEs.
• Rebuild imhex for the updated lunasvg.