2 weeks 4 days ago
Phil Turnbull discovered that GSS NTLMSSP may perform out-of-bounds reads
when decoding NTLM fields and target information. An attacker could
possibly use this issue to cause GSS NTLMSSP to crash, resulting in
a denial of service. (CVE-2023-25563, CVE-2023-25567)
Phil Turnbull discovered that GSS NTLMSSP did not properly initialize
memory when decoding UTF16 strings. An attacker could possibly use
this issue to trigger an out-of-bounds write, resulting in a crash.
(CVE-2023-25564)
Phil Turnbull discovered that GSS NTLMSSP did not properly handle memory
cleanup. An attacker could possibly use this issue to cause an assertion
failure, resulting in a denial of service. (CVE-2023-25565)
2 weeks 4 days ago
FEDORA-2025-526eca6b78
Packages in this update:
- qt6-qtbase-6.8.3-2.fc41
- qt6-qtimageformats-6.8.3-2.fc41
Update description:
Fix crash in fontconfig database. Fix some CVEs.
2 weeks 4 days ago
Version:next-20250623 (linux-next)
Released:2025-06-23
2 weeks 4 days ago
2 weeks 4 days ago
Suhwan Song discovered that Fig2dev did not correctly handle certain
memory operations. If a user or automated system were tricked into
opening a specially crafted file, an attacker could possibly use this
issue to cause a denial of service. This issue only affected
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-21680, CVE-2020-21682,
CVE-2020-21683)
It was discovered that Fig2dev did not limit the size of certain inputs.
If a user or automated system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a
denial of service. (CVE-2025-31162, CVE-2025-31163)
It was discovered that Fig2dev did not correctly handle certain inputs.
If a user or automated system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 24.04 LTS and
Ubuntu 24.10. (CVE-2025-31164)
2 weeks 4 days ago
It was discovered that Botan could have compiler dependent operations
induced under certain circumstances. An attacker could possibly use this
issue to cause undefined behavior. (CVE-2024-50382, CVE-2024-50383)
Bing Shi discovered that Botan did not limit the size of certain inputs
when checking primality and name constraints. An attacker could possibly
use this issue to cause a denial of service. (CVE-2024-34702,
CVE-2024-34703)
It was discovered that Botan did not correctly handle conflicting name
constraints. An attacker could possibly use this issue to bypass
authentication. (CVE-2024-39312)
2 weeks 5 days ago
FEDORA-2025-b5b1634cd0
Packages in this update:
Update description:
5.2.0 release
2 weeks 5 days ago
FEDORA-2025-a2b4be7d9b
Packages in this update:
Update description:
5.2.0 release
2 weeks 5 days ago
2 weeks 5 days ago
2 weeks 6 days ago
FEDORA-2025-e489437b3d
Packages in this update:
Update description:
This update contains the following bug fixes and enhancements:
* String function register clobbers specific to POWER10 machines (CVE-2025-5702, CVE-2025-5745).
* Crashes in TLS management when auditors are used (rhbz#2330213)
* Optimizations for x86-64 CPUs
* Optimizations for AArch64 CPUs
2 weeks 6 days ago
FEDORA-2025-851644b160
Packages in this update:
Update description:
This update addresses two string function vulnerabilities specific to POWER10 machines (CVE-2025-5702, CVE-2025-5745) and fixes a bug in TLS management when auditors are used (rhbz#2330213).
3 weeks ago
FEDORA-2025-b434717c22
Packages in this update:
- chromium-137.0.7151.119-1.fc42
Update description:
Update to 137.0.7151.119
* CVE-2025-6191: Integer overflow in V8
* CVE-2025-6192: Use after free in Profiler
3 weeks ago
FEDORA-2025-4fed640c91
Packages in this update:
- chromium-137.0.7151.119-1.fc41
Update description:
Update to 137.0.7151.119
* CVE-2025-6191: Integer overflow in V8
* CVE-2025-6192: Use after free in Profiler
3 weeks ago
Version:next-20250620 (linux-next)
Released:2025-06-20
3 weeks ago
FEDORA-EPEL-2025-5b39298529
Packages in this update:
- chromium-137.0.7151.119-1.el10_1
Update description:
Update to 137.0.7151.119
* CVE-2025-6191: Integer overflow in V8
* CVE-2025-6192: Use after free in Profiler
3 weeks ago
FEDORA-EPEL-2025-4e9f40089d
Packages in this update:
- chromium-137.0.7151.119-1.el9
Update description:
Update to 137.0.7151.119
* CVE-2025-6191: Integer overflow in V8
* CVE-2025-6192: Use after free in Profiler
3 weeks ago
3 weeks 1 day ago
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- x86 architecture;
- iSCSI Boot Firmware Table Attributes driver;
- GPU drivers;
- HID subsystem;
- InfiniBand drivers;
- Media drivers;
- MemoryStick subsystem;
- Network drivers;
- NTB driver;
- PCI subsystem;
- SCSI subsystem;
- Thermal drivers;
- JFS file system;
- File systems infrastructure;
- Tracing infrastructure;
- 802.1Q VLAN protocol;
- Asynchronous Transfer Mode (ATM) subsystem;
- Bluetooth subsystem;
- IPv6 networking;
- Netfilter;
- Network traffic control;
- Sun RPC protocol;
- USB sound devices;
(CVE-2025-22007, CVE-2025-21959, CVE-2025-22021, CVE-2025-22063,
CVE-2025-22045, CVE-2024-58093, CVE-2022-49636, CVE-2025-22020,
CVE-2024-53168, CVE-2025-22071, CVE-2025-39735, CVE-2025-21991,
CVE-2025-21992, CVE-2025-21996, CVE-2025-22035, CVE-2023-53034,
CVE-2025-22054, CVE-2025-23136, CVE-2025-22073, CVE-2024-56551,
CVE-2025-22005, CVE-2025-37937, CVE-2021-47211, CVE-2025-22086,
CVE-2025-21956, CVE-2025-38637, CVE-2025-22004, CVE-2025-22018,
CVE-2025-22079, CVE-2025-21957, CVE-2025-21993)
3 weeks 1 day ago
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- x86 architecture;
- iSCSI Boot Firmware Table Attributes driver;
- GPU drivers;
- HID subsystem;
- InfiniBand drivers;
- Media drivers;
- MemoryStick subsystem;
- Network drivers;
- NTB driver;
- PCI subsystem;
- SCSI subsystem;
- Thermal drivers;
- JFS file system;
- File systems infrastructure;
- Tracing infrastructure;
- 802.1Q VLAN protocol;
- Asynchronous Transfer Mode (ATM) subsystem;
- Bluetooth subsystem;
- IPv6 networking;
- Netfilter;
- Network traffic control;
- Sun RPC protocol;
- USB sound devices;
(CVE-2025-22007, CVE-2025-21959, CVE-2025-22021, CVE-2025-22063,
CVE-2025-22045, CVE-2024-58093, CVE-2022-49636, CVE-2025-22020,
CVE-2024-53168, CVE-2025-22071, CVE-2025-39735, CVE-2025-21991,
CVE-2025-21992, CVE-2025-21996, CVE-2025-22035, CVE-2023-53034,
CVE-2025-22054, CVE-2025-23136, CVE-2025-22073, CVE-2024-56551,
CVE-2025-22005, CVE-2025-37937, CVE-2021-47211, CVE-2025-22086,
CVE-2025-21956, CVE-2025-38637, CVE-2025-22004, CVE-2025-22018,
CVE-2025-22079, CVE-2025-21957, CVE-2025-21993)