Aggregator

USN-7588-1: GSS NTLMSSP vulnerabilities

2 weeks 4 days ago
Phil Turnbull discovered that GSS NTLMSSP may perform out-of-bounds reads when decoding NTLM fields and target information. An attacker could possibly use this issue to cause GSS NTLMSSP to crash, resulting in a denial of service. (CVE-2023-25563, CVE-2023-25567) Phil Turnbull discovered that GSS NTLMSSP did not properly initialize memory when decoding UTF16 strings. An attacker could possibly use this issue to trigger an out-of-bounds write, resulting in a crash. (CVE-2023-25564) Phil Turnbull discovered that GSS NTLMSSP did not properly handle memory cleanup. An attacker could possibly use this issue to cause an assertion failure, resulting in a denial of service. (CVE-2023-25565)

USN-7587-1: Fig2dev vulnerabilities

2 weeks 4 days ago
Suhwan Song discovered that Fig2dev did not correctly handle certain memory operations. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-21680, CVE-2020-21682, CVE-2020-21683) It was discovered that Fig2dev did not limit the size of certain inputs. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2025-31162, CVE-2025-31163) It was discovered that Fig2dev did not correctly handle certain inputs. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-31164)

USN-7586-1: Botan vulnerabilities

2 weeks 4 days ago
It was discovered that Botan could have compiler dependent operations induced under certain circumstances. An attacker could possibly use this issue to cause undefined behavior. (CVE-2024-50382, CVE-2024-50383) Bing Shi discovered that Botan did not limit the size of certain inputs when checking primality and name constraints. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-34702, CVE-2024-34703) It was discovered that Botan did not correctly handle conflicting name constraints. An attacker could possibly use this issue to bypass authentication. (CVE-2024-39312)

glibc-2.40-26.fc41

2 weeks 6 days ago
FEDORA-2025-e489437b3d Packages in this update:
  • glibc-2.40-26.fc41
Update description:

This update contains the following bug fixes and enhancements: * String function register clobbers specific to POWER10 machines (CVE-2025-5702, CVE-2025-5745). * Crashes in TLS management when auditors are used (rhbz#2330213) * Optimizations for x86-64 CPUs * Optimizations for AArch64 CPUs

glibc-2.41-7.fc42

2 weeks 6 days ago
FEDORA-2025-851644b160 Packages in this update:
  • glibc-2.41-7.fc42
Update description:

This update addresses two string function vulnerabilities specific to POWER10 machines (CVE-2025-5702, CVE-2025-5745) and fixes a bug in TLS management when auditors are used (rhbz#2330213).

chromium-137.0.7151.119-1.el9

3 weeks ago
FEDORA-EPEL-2025-4e9f40089d Packages in this update:
  • chromium-137.0.7151.119-1.el9
Update description:

Update to 137.0.7151.119

* CVE-2025-6191: Integer overflow in V8 * CVE-2025-6192: Use after free in Profiler

USN-7585-2: Linux kernel (FIPS) vulnerabilities

3 weeks 1 day ago
It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. (CVE-2025-2312) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - x86 architecture; - iSCSI Boot Firmware Table Attributes driver; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Media drivers; - MemoryStick subsystem; - Network drivers; - NTB driver; - PCI subsystem; - SCSI subsystem; - Thermal drivers; - JFS file system; - File systems infrastructure; - Tracing infrastructure; - 802.1Q VLAN protocol; - Asynchronous Transfer Mode (ATM) subsystem; - Bluetooth subsystem; - IPv6 networking; - Netfilter; - Network traffic control; - Sun RPC protocol; - USB sound devices; (CVE-2025-22007, CVE-2025-21959, CVE-2025-22021, CVE-2025-22063, CVE-2025-22045, CVE-2024-58093, CVE-2022-49636, CVE-2025-22020, CVE-2024-53168, CVE-2025-22071, CVE-2025-39735, CVE-2025-21991, CVE-2025-21992, CVE-2025-21996, CVE-2025-22035, CVE-2023-53034, CVE-2025-22054, CVE-2025-23136, CVE-2025-22073, CVE-2024-56551, CVE-2025-22005, CVE-2025-37937, CVE-2021-47211, CVE-2025-22086, CVE-2025-21956, CVE-2025-38637, CVE-2025-22004, CVE-2025-22018, CVE-2025-22079, CVE-2025-21957, CVE-2025-21993)

USN-7585-1: Linux kernel vulnerabilities

3 weeks 1 day ago
It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. (CVE-2025-2312) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - x86 architecture; - iSCSI Boot Firmware Table Attributes driver; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Media drivers; - MemoryStick subsystem; - Network drivers; - NTB driver; - PCI subsystem; - SCSI subsystem; - Thermal drivers; - JFS file system; - File systems infrastructure; - Tracing infrastructure; - 802.1Q VLAN protocol; - Asynchronous Transfer Mode (ATM) subsystem; - Bluetooth subsystem; - IPv6 networking; - Netfilter; - Network traffic control; - Sun RPC protocol; - USB sound devices; (CVE-2025-22007, CVE-2025-21959, CVE-2025-22021, CVE-2025-22063, CVE-2025-22045, CVE-2024-58093, CVE-2022-49636, CVE-2025-22020, CVE-2024-53168, CVE-2025-22071, CVE-2025-39735, CVE-2025-21991, CVE-2025-21992, CVE-2025-21996, CVE-2025-22035, CVE-2023-53034, CVE-2025-22054, CVE-2025-23136, CVE-2025-22073, CVE-2024-56551, CVE-2025-22005, CVE-2025-37937, CVE-2021-47211, CVE-2025-22086, CVE-2025-21956, CVE-2025-38637, CVE-2025-22004, CVE-2025-22018, CVE-2025-22079, CVE-2025-21957, CVE-2025-21993)