Aggregator

Phil Turnbull discovered that GSS NTLMSSP may perform out-of-bounds reads when decoding NTLM fields and target information. An attacker could possibly use this issue to cause GSS NTLMSSP to crash, resulting in a denial of service. (CVE-2023-25563, CVE-2023-25567) Phil Turnbull discovered that GSS NTLMSSP did not properly initialize memory when decoding UTF16 strings. An attacker could possibly use this issue to trigger an out-of-bounds write, resulting in a crash. (CVE-2023-25564) Phil Turnbull discovered that GSS NTLMSSP did not properly handle memory cleanup. An attacker could possibly use this issue to cause an assertion failure, resulting in a denial of service. (CVE-2023-25565)

FEDORA-2025-526eca6b78 Packages in this update:

• qt6-qtbase-6.8.3-2.fc41
• qt6-qtimageformats-6.8.3-2.fc41

Update description:

Fix crash in fontconfig database. Fix some CVEs.

Version:next-20250623 (linux-next) Released:2025-06-23

Suhwan Song discovered that Fig2dev did not correctly handle certain memory operations. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-21680, CVE-2020-21682, CVE-2020-21683) It was discovered that Fig2dev did not limit the size of certain inputs. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2025-31162, CVE-2025-31163) It was discovered that Fig2dev did not correctly handle certain inputs. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-31164)

It was discovered that Botan could have compiler dependent operations induced under certain circumstances. An attacker could possibly use this issue to cause undefined behavior. (CVE-2024-50382, CVE-2024-50383) Bing Shi discovered that Botan did not limit the size of certain inputs when checking primality and name constraints. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-34702, CVE-2024-34703) It was discovered that Botan did not correctly handle conflicting name constraints. An attacker could possibly use this issue to bypass authentication. (CVE-2024-39312)

FEDORA-2025-b5b1634cd0 Packages in this update:

• darktable-5.2.0-1.fc41

Update description:

5.2.0 release

FEDORA-2025-a2b4be7d9b Packages in this update:

• darktable-5.2.0-1.fc42

Update description:

5.2.0 release

Version:6.16-rc3 (mainline) Released:2025-06-22 Source:linux-6.16-rc3.tar.gz Patch:full (incremental)

FEDORA-2025-e489437b3d Packages in this update:

• glibc-2.40-26.fc41

Update description:

This update contains the following bug fixes and enhancements: * String function register clobbers specific to POWER10 machines (CVE-2025-5702, CVE-2025-5745). * Crashes in TLS management when auditors are used (rhbz#2330213) * Optimizations for x86-64 CPUs * Optimizations for AArch64 CPUs

FEDORA-2025-851644b160 Packages in this update:

• glibc-2.41-7.fc42

Update description:

This update addresses two string function vulnerabilities specific to POWER10 machines (CVE-2025-5702, CVE-2025-5745) and fixes a bug in TLS management when auditors are used (rhbz#2330213).

FEDORA-2025-b434717c22 Packages in this update:

• chromium-137.0.7151.119-1.fc42

Update description:

Update to 137.0.7151.119

* CVE-2025-6191: Integer overflow in V8 * CVE-2025-6192: Use after free in Profiler

FEDORA-2025-4fed640c91 Packages in this update:

• chromium-137.0.7151.119-1.fc41

Update description:

Update to 137.0.7151.119

* CVE-2025-6191: Integer overflow in V8 * CVE-2025-6192: Use after free in Profiler

Version:next-20250620 (linux-next) Released:2025-06-20

FEDORA-EPEL-2025-5b39298529 Packages in this update:

• chromium-137.0.7151.119-1.el10_1

Update description:

Update to 137.0.7151.119

* CVE-2025-6191: Integer overflow in V8 * CVE-2025-6192: Use after free in Profiler

FEDORA-EPEL-2025-4e9f40089d Packages in this update:

• chromium-137.0.7151.119-1.el9

Update description:

Update to 137.0.7151.119

* CVE-2025-6191: Integer overflow in V8 * CVE-2025-6192: Use after free in Profiler

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. (CVE-2025-2312) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - x86 architecture; - iSCSI Boot Firmware Table Attributes driver; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Media drivers; - MemoryStick subsystem; - Network drivers; - NTB driver; - PCI subsystem; - SCSI subsystem; - Thermal drivers; - JFS file system; - File systems infrastructure; - Tracing infrastructure; - 802.1Q VLAN protocol; - Asynchronous Transfer Mode (ATM) subsystem; - Bluetooth subsystem; - IPv6 networking; - Netfilter; - Network traffic control; - Sun RPC protocol; - USB sound devices; (CVE-2025-22007, CVE-2025-21959, CVE-2025-22021, CVE-2025-22063, CVE-2025-22045, CVE-2024-58093, CVE-2022-49636, CVE-2025-22020, CVE-2024-53168, CVE-2025-22071, CVE-2025-39735, CVE-2025-21991, CVE-2025-21992, CVE-2025-21996, CVE-2025-22035, CVE-2023-53034, CVE-2025-22054, CVE-2025-23136, CVE-2025-22073, CVE-2024-56551, CVE-2025-22005, CVE-2025-37937, CVE-2021-47211, CVE-2025-22086, CVE-2025-21956, CVE-2025-38637, CVE-2025-22004, CVE-2025-22018, CVE-2025-22079, CVE-2025-21957, CVE-2025-21993)

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. (CVE-2025-2312) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - x86 architecture; - iSCSI Boot Firmware Table Attributes driver; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Media drivers; - MemoryStick subsystem; - Network drivers; - NTB driver; - PCI subsystem; - SCSI subsystem; - Thermal drivers; - JFS file system; - File systems infrastructure; - Tracing infrastructure; - 802.1Q VLAN protocol; - Asynchronous Transfer Mode (ATM) subsystem; - Bluetooth subsystem; - IPv6 networking; - Netfilter; - Network traffic control; - Sun RPC protocol; - USB sound devices; (CVE-2025-22007, CVE-2025-21959, CVE-2025-22021, CVE-2025-22063, CVE-2025-22045, CVE-2024-58093, CVE-2022-49636, CVE-2025-22020, CVE-2024-53168, CVE-2025-22071, CVE-2025-39735, CVE-2025-21991, CVE-2025-21992, CVE-2025-21996, CVE-2025-22035, CVE-2023-53034, CVE-2025-22054, CVE-2025-23136, CVE-2025-22073, CVE-2024-56551, CVE-2025-22005, CVE-2025-37937, CVE-2021-47211, CVE-2025-22086, CVE-2025-21956, CVE-2025-38637, CVE-2025-22004, CVE-2025-22018, CVE-2025-22079, CVE-2025-21957, CVE-2025-21993)