Aggregator

USN-7555-2: Django vulnerability

2 weeks 3 days ago
USN-7555-1 fixed vulnerabilities in Django. The fix was incomplete. This update applies an additional patch to fix it properly. Original advisory details: It was discovered that Django incorrectly handled certain unescaped request paths. An attacker could possibly use this issue to perform a log injection.

USN-7570-1: Python vulnerabilities

2 weeks 3 days ago
It was discovered that Python incorrectly handled certain unicode characters during decoding. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-4516) It was discovered that Python incorrectly handled unicode encoding of email headers with list separators in folded lines. An attacker could possibly use this issue to expose sensitive information. (CVE-2025-1795)

USN-7536-2: cifs-utils regression

2 weeks 3 days ago
USN-7536-1 fixed vulnerabilities in cifs-utils. This update introduced a regression in certain environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that cifs-utils incorrectly handled namespaces when obtaining Kerberos credentials. An attacker could possibly use this issue to obtain sensitive information.

atuin-18.3.0-4.el9

2 weeks 3 days ago
FEDORA-EPEL-2025-3a9b0a638b Packages in this update:
  • atuin-18.3.0-4.el9
Update description:

Rebuild applications to apply two recent security updates:

  • build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels that do not produce any non-ASCII when decoded)
  • build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double-free on Drop)

atuin-18.3.0-4.fc41 awatcher-0.3.1-2.fc41 gotify-desktop-1.3.7-5.fc41 keylime-agent-rust-0.2.7-5.fc41 mirrorlist-server-3.0.7-7.fc41

2 weeks 3 days ago
FEDORA-2025-297c7ac7fe Packages in this update:
  • atuin-18.3.0-4.fc41
  • awatcher-0.3.1-2.fc41
  • gotify-desktop-1.3.7-5.fc41
  • keylime-agent-rust-0.2.7-5.fc41
  • mirrorlist-server-3.0.7-7.fc41
Update description:

Rebuild applications to apply two recent security updates:

  • build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels that do not produce any non-ASCII when decoded)
  • build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double-free on Drop)

atuin-18.3.0-4.fc42 awatcher-0.3.1-2.fc42 gotify-desktop-1.3.7-5.fc42 mirrorlist-server-3.0.7-7.fc42

2 weeks 3 days ago
FEDORA-2025-8a18a5a077 Packages in this update:
  • atuin-18.3.0-4.fc42
  • awatcher-0.3.1-2.fc42
  • gotify-desktop-1.3.7-5.fc42
  • mirrorlist-server-3.0.7-7.fc42
Update description:

Rebuild applications to apply two recent security updates:

  • build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels that do not produce any non-ASCII when decoded)
  • build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double-free on Drop)

atuin-18.3.0-4.fc43 awatcher-0.3.1-2.fc43 gotify-desktop-1.3.7-5.fc43 mirrorlist-server-3.0.7-7.fc43

2 weeks 3 days ago
FEDORA-2025-9f8cbb5e03 Packages in this update:
  • atuin-18.3.0-4.fc43
  • awatcher-0.3.1-2.fc43
  • gotify-desktop-1.3.7-5.fc43
  • mirrorlist-server-3.0.7-7.fc43
Update description:

Rebuild applications to apply two recent security updates:

  • build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels that do not produce any non-ASCII when decoded)
  • build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double-free on Drop)

USN-7569-1: Dojo vulnerabilities

2 weeks 3 days ago
It was discovered that Dojo did not correctly handle DataGrids. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-15494) It was discovered that Dojo was vulnerable to prototype pollution. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-23450) Jonathan Leitschuh discovered that Dojo did not correctly sanitize certain inputs. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-10785, CVE-2020-4051)

USN-7568-1: Requests vulnerabilities

2 weeks 3 days ago
Dennis Brinkrolf and Tobias Funke discovered that Requests did not correctly handle certain HTTP headers. A remote attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2023-32681) Juho Forsén discovered that Requests did not correctly parse URLs. A remote attacker could possibly use this issue to leak sensitive information. (CVE-2024-47081)