USN-7806-1: PAM/U2F vulnerability
It was discovered that PAM/U2F could allow for authentication bypass in
some configurations. An attacker could possibly use this issue to execute
arbitrary code or cause a denial of service.
Aggregator
USN-7801-2: Linux kernel (Oracle) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- x86 architecture;
- Compute Acceleration Framework;
- Bus devices;
- AMD CDX bus driver;
- DPLL subsystem;
- EFI core;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Multiple devices driver;
- Network drivers;
- Mellanox network drivers;
- NVME drivers;
- Pin controllers subsystem;
- RapidIO drivers;
- Voltage and Current Regulator drivers;
- SCSI subsystem;
- SLIMbus drivers;
- QCOM SoC drivers;
- UFS subsystem;
- USB DSL drivers;
- Renesas USBHS Controller drivers;
- USB Type-C Connector System Software Interface driver;
- Framebuffer layer;
- ACRN Hypervisor Service Module driver;
- Ext4 file system;
- Network file system (NFS) client;
- Proc file system;
- SMB network file system;
- Memory Management;
- Scheduler infrastructure;
- SoC audio core drivers;
- Perf events;
- Tracing infrastructure;
- Memory management;
- 802.1Q VLAN protocol;
- Asynchronous Transfer Mode (ATM) subsystem;
- Bluetooth subsystem;
- Devlink API;
- IPv4 networking;
- IPv6 networking;
- Logical Link layer;
- Management Component Transport Protocol (MCTP);
- Multipath TCP;
- Netfilter;
- Packet sockets;
- Network traffic control;
- Switch device API;
- TLS protocol;
- VMware vSockets driver;
- Wireless networking;
- eXpress Data Path;
- XFRM subsystem;
(CVE-2025-21911, CVE-2025-21937, CVE-2025-21951, CVE-2025-21948,
CVE-2025-22017, CVE-2025-21982, CVE-2025-21927, CVE-2025-21935,
CVE-2025-21944, CVE-2025-21917, CVE-2025-21895, CVE-2025-21966,
CVE-2025-21975, CVE-2025-21945, CVE-2025-21964, CVE-2025-22001,
CVE-2025-21955, CVE-2025-21980, CVE-2025-21925, CVE-2025-21957,
CVE-2025-22003, CVE-2025-21999, CVE-2025-21969, CVE-2025-21885,
CVE-2025-21996, CVE-2025-21883, CVE-2025-21908, CVE-2025-21978,
CVE-2025-21894, CVE-2025-21929, CVE-2025-21910, CVE-2025-21979,
CVE-2025-21961, CVE-2025-21915, CVE-2025-21916, CVE-2025-22008,
CVE-2025-37785, CVE-2025-21873, CVE-2025-21922, CVE-2025-21936,
CVE-2025-22015, CVE-2025-22016, CVE-2025-21913, CVE-2025-22009,
CVE-2025-21928, CVE-2025-21899, CVE-2025-22007, CVE-2025-21898,
CVE-2025-21946, CVE-2025-21920, CVE-2025-22005, CVE-2025-21872,
CVE-2025-21962, CVE-2025-21888, CVE-2025-21934, CVE-2025-38618,
CVE-2025-22010, CVE-2025-22014, CVE-2024-58090, CVE-2025-21941,
CVE-2025-21968, CVE-2025-21972, CVE-2025-21977, CVE-2025-22013,
CVE-2025-21959, CVE-2025-21919, CVE-2025-21950, CVE-2025-21926,
CVE-2025-21892, CVE-2025-21880, CVE-2025-21994, CVE-2025-21909,
CVE-2025-21976, CVE-2025-21956, CVE-2025-21947, CVE-2025-21981,
CVE-2025-21877, CVE-2025-21995, CVE-2025-21918, CVE-2025-38500,
CVE-2025-22004, CVE-2025-37756, CVE-2025-21970, CVE-2025-21891,
CVE-2025-21924, CVE-2025-38477, CVE-2025-21878, CVE-2025-21881,
CVE-2025-21904, CVE-2025-21960, CVE-2025-21992, CVE-2025-37889,
CVE-2025-21997, CVE-2025-38617, CVE-2025-21963, CVE-2025-21890,
CVE-2025-21903, CVE-2025-21912, CVE-2025-22011, CVE-2025-21889,
CVE-2025-21991, CVE-2025-21914, CVE-2025-21905, CVE-2025-21986,
CVE-2025-21930, CVE-2025-21875, CVE-2025-21967)
USN-7791-3: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Packet sockets;
- Network traffic control;
- VMware vSockets driver;
- XFRM subsystem;
(CVE-2025-38617, CVE-2025-38500, CVE-2025-38477, CVE-2025-38618)
USN-7805-1: HAProxy vulnerability
Oula Kivalo discovered that HAProxy incorrectly handled parsing certain
json numbers. A remote attacker could possibly use this issue to cause
HAProxy to crash, resulting in a denial of service.
USN-7774-5: Linux kernel (NVIDIA Tegra IGX) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- Network block device driver;
- Bus devices;
- Clock framework and drivers;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC drivers;
- GPU drivers;
- HID subsystem;
- InfiniBand drivers;
- Input Device (Miscellaneous) drivers;
- Multiple devices driver;
- Media drivers;
- VMware VMCI Driver;
- MMC subsystem;
- MTD block device drivers;
- Network drivers;
- Pin controllers subsystem;
- x86 platform drivers;
- PTP clock framework;
- RapidIO drivers;
- Voltage and Current Regulator drivers;
- Remote Processor subsystem;
- S/390 drivers;
- SCSI subsystem;
- ASPEED SoC drivers;
- TCM subsystem;
- Thermal drivers;
- Thunderbolt and USB4 drivers;
- TTY drivers;
- UFS subsystem;
- USB Gadget drivers;
- Renesas USBHS Controller drivers;
- USB Type-C support driver;
- Virtio Host (VHOST) subsystem;
- Backlight driver;
- Framebuffer layer;
- BTRFS file system;
- File systems infrastructure;
- Ext4 file system;
- F2FS file system;
- JFFS2 file system;
- JFS file system;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NTFS3 file system;
- DRM display driver;
- Memory Management;
- Mellanox drivers;
- Memory management;
- Netfilter;
- Network sockets;
- IPC subsystem;
- BPF subsystem;
- Perf events;
- Kernel exit() syscall;
- Restartable seuqences system call mechanism;
- Timer subsystem;
- Tracing infrastructure;
- Appletalk network protocol;
- Asynchronous Transfer Mode (ATM) subsystem;
- Networking core;
- IPv6 networking;
- MultiProtocol Label Switching driver;
- NetLabel subsystem;
- Netlink;
- NFC subsystem;
- Open vSwitch;
- Rose network layer;
- RxRPC session sockets;
- Network traffic control;
- TIPC protocol;
- VMware vSockets driver;
- USB sound devices;
(CVE-2025-38067, CVE-2025-38337, CVE-2025-38204, CVE-2025-38085,
CVE-2025-38514, CVE-2025-38313, CVE-2025-38273, CVE-2025-38143,
CVE-2025-38203, CVE-2025-38200, CVE-2025-38362, CVE-2025-38439,
CVE-2025-38346, CVE-2025-38465, CVE-2024-57883, CVE-2025-38181,
CVE-2025-38229, CVE-2025-38401, CVE-2025-38115, CVE-2025-38159,
CVE-2025-38420, CVE-2025-38516, CVE-2025-38371, CVE-2025-38445,
CVE-2025-38395, CVE-2025-38161, CVE-2025-38147, CVE-2025-38163,
CVE-2025-38384, CVE-2025-38498, CVE-2024-26775, CVE-2025-38231,
CVE-2025-38305, CVE-2025-38135, CVE-2025-38112, CVE-2025-38375,
CVE-2025-38403, CVE-2025-38515, CVE-2025-38363, CVE-2025-38377,
CVE-2025-38387, CVE-2025-38298, CVE-2025-38344, CVE-2025-21888,
CVE-2025-38107, CVE-2025-38160, CVE-2025-38174, CVE-2025-38319,
CVE-2025-38464, CVE-2025-38102, CVE-2025-38400, CVE-2025-38245,
CVE-2025-38153, CVE-2025-38310, CVE-2025-38513, CVE-2025-38167,
CVE-2025-38459, CVE-2025-38206, CVE-2025-38345, CVE-2025-38249,
CVE-2025-38119, CVE-2025-38336, CVE-2025-38154, CVE-2025-38457,
CVE-2025-38136, CVE-2025-38103, CVE-2025-38352, CVE-2025-38145,
CVE-2025-38146, CVE-2025-38393, CVE-2025-38184, CVE-2025-38460,
CVE-2025-38227, CVE-2025-38443, CVE-2025-38293, CVE-2025-38257,
CVE-2025-38462, CVE-2025-38328, CVE-2025-38090, CVE-2025-38389,
CVE-2025-38324, CVE-2025-38430, CVE-2025-37948, CVE-2025-38263,
CVE-2025-38218, CVE-2025-37963, CVE-2025-38226, CVE-2025-38415,
CVE-2025-38418, CVE-2025-38074, CVE-2025-38458, CVE-2025-38391,
CVE-2022-48703, CVE-2025-38219, CVE-2025-38412, CVE-2025-37958,
CVE-2025-38194, CVE-2025-38280, CVE-2025-38285, CVE-2025-38138,
CVE-2025-38251, CVE-2025-38222, CVE-2025-38461, CVE-2025-38100,
CVE-2025-38326, CVE-2025-38320, CVE-2025-38386, CVE-2025-38542,
CVE-2025-38237, CVE-2025-38419, CVE-2024-44939, CVE-2025-38410,
CVE-2024-26726, CVE-2025-38211, CVE-2025-38441, CVE-2025-38173,
CVE-2025-38428, CVE-2025-38212, CVE-2025-38157, CVE-2025-38088,
CVE-2025-38197, CVE-2025-38111, CVE-2025-38312, CVE-2025-38399,
CVE-2025-38286, CVE-2025-38406, CVE-2025-38540, CVE-2025-38108,
CVE-2025-38424, CVE-2025-38120, CVE-2025-38084, CVE-2025-38262,
CVE-2025-38086, CVE-2025-38342, CVE-2025-38416, CVE-2025-38348,
CVE-2025-38122, CVE-2025-38448, CVE-2025-38467, CVE-2025-38444,
CVE-2025-38332, CVE-2025-38466)
USN-7804-1: Squid vulnerability
It was discovered that Squid incorrectly handled certain long SNMP OIDs. A
remote attacker could possibly use this issue to cause Squid to crash,
resulting in a denial of service.
next-20251006: linux-next
Version:next-20251006 (linux-next)
Released:2025-10-06
USN-7803-1: poppler vulnerability
It was discovered that poppler incorrectly handled certain PDF files. If a
user or automated system were tricked into opening a specially crafted
document, a remote attacker could use this issue to cause poppler to crash,
leading to a denial of service.
USN-7691-2: MySQL vulnerabilities
USN-7691-1 fixed several vulnerabilities in MySQL. This update provides
the corresponding update for Ubuntu 20.04 LTS.
Original advisory details:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 8.0.43 in Ubuntu 20.04 LTS
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-43.html
https://www.oracle.com/security-alerts/cpujul2025.html
openssl-3.2.6-2.fc41
FEDORA-2025-e6f76d56fc
Packages in this update:
- openssl-3.2.6-2.fc41
Resolves: CVE-2025-9230, CVE-2025-9231, CVE-2025-9232
openssl-3.2.6-2.fc42
FEDORA-2025-c355a1291c
Packages in this update:
- openssl-3.2.6-2.fc42
Resolves: CVE-2025-9230, CVE-2025-9231, CVE-2025-9232
valkey-8.0.6-1.el8
FEDORA-EPEL-2025-2d44b874a0
Packages in this update:
- valkey-8.0.6-1.el8
Valkey 8.0.6 - Released Fri 03 October 2025
Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.
Security fixes
- CVE-2025-49844 A Lua script may lead to remote code execution
- CVE-2025-46817 A Lua script may lead to integer overflow and potential RCE
- CVE-2025-46818 A Lua script can be executed in the context of another user
- CVE-2025-46819 LUA out-of-bound read
Bug fixes
- Fix accounting for dual channel RDB bytes in replication stats (#2616)
- Minor fix for dual rdb channel connection conn error log (#2658)
- Fix unsigned difference expression compared to zero (#2101)
Valkey 8.0.5 - Released Thu 22 Aug 2025
Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.
Bug fixes
- Fix clients remaining blocked when reprocessing commands after certain blocking operations (#2109)
- Fix a memory corruption issue in the sharded pub/sub unsubscribe logic (#2137)
- Fix potential memory leak by ensuring module context is freed when aux_save2 callback writes no data (#2132)
- Fix CLIENT UNBLOCK triggering unexpected errors when used on paused clients (#2117)
- Fix missing NULL check on SSL_new() when creating outgoing TLS connections (#2140)
- Fix incorrect casting of ping extension lengths to prevent silent packet drops (#2144)
- Fix replica failover stall due to outdated config epoch (#2178)
- Fix incorrect port/tls-port info in CLUSTER SLOTS/CLUSTER NODES after dynamic config change (#2186)
- Ensure empty error tables in Lua scripts don't crash Valkey (#2229)
- Fix client tracking memory overhead calculation (#2360)
- Handle divergent shard-id from nodes.conf and reconcile to the primary node's shard-id (#2174)
- Fix pre-size hashtables per slot when reading RDB files (#2466)
Behavior changes
- Trigger election immediately during a forced manual failover (CLUSTER FAILOVER FORCE) to avoid delay (#1067)
- Reset ongoing election state when initiating a new manual failover (#1274)
Logging and Tooling Improvements
- Add support to drop all cluster packets (#1252)
- Improve log clarity in failover auth denial message (#1341)
Security fixes
- CVE-2025-27151: Check length of AOF file name in valkey-check-aof and reject paths longer than PATH_MAX (#2146)
valkey-8.0.6-1.el9
FEDORA-EPEL-2025-115d3a5484
Packages in this update:
- valkey-8.0.6-1.el9
Valkey 8.0.6 - Released Fri 03 October 2025
Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.
Security fixes
- CVE-2025-49844 A Lua script may lead to remote code execution
- CVE-2025-46817 A Lua script may lead to integer overflow and potential RCE
- CVE-2025-46818 A Lua script can be executed in the context of another user
- CVE-2025-46819 LUA out-of-bound read
Bug fixes
- Fix accounting for dual channel RDB bytes in replication stats (#2616)
- Minor fix for dual rdb channel connection conn error log (#2658)
- Fix unsigned difference expression compared to zero (#2101)
Valkey 8.0.5 - Released Thu 22 Aug 2025
Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.
Bug fixes
- Fix clients remaining blocked when reprocessing commands after certain blocking operations (#2109)
- Fix a memory corruption issue in the sharded pub/sub unsubscribe logic (#2137)
- Fix potential memory leak by ensuring module context is freed when aux_save2 callback writes no data (#2132)
- Fix CLIENT UNBLOCK triggering unexpected errors when used on paused clients (#2117)
- Fix missing NULL check on SSL_new() when creating outgoing TLS connections (#2140)
- Fix incorrect casting of ping extension lengths to prevent silent packet drops (#2144)
- Fix replica failover stall due to outdated config epoch (#2178)
- Fix incorrect port/tls-port info in CLUSTER SLOTS/CLUSTER NODES after dynamic config change (#2186)
- Ensure empty error tables in Lua scripts don't crash Valkey (#2229)
- Fix client tracking memory overhead calculation (#2360)
- Handle divergent shard-id from nodes.conf and reconcile to the primary node's shard-id (#2174)
- Fix pre-size hashtables per slot when reading RDB files (#2466)
Behavior changes
- Trigger election immediately during a forced manual failover (CLUSTER FAILOVER FORCE) to avoid delay (#1067)
- Reset ongoing election state when initiating a new manual failover (#1274)
Logging and Tooling Improvements
- Add support to drop all cluster packets (#1252)
- Improve log clarity in failover auth denial message (#1341)
Security fixes
- CVE-2025-27151: Check length of AOF file name in valkey-check-aof and reject paths longer than PATH_MAX (#2146)
6.17.1: stable
Version:6.17.1 (stable)
Released:2025-10-06
Source:linux-6.17.1.tar.xz
PGP Signature:linux-6.17.1.tar.sign
Patch:full
ChangeLog:ChangeLog-6.17.1
6.16.11: stable
Version:6.16.11 (stable)
Released:2025-10-06
Source:linux-6.16.11.tar.xz
PGP Signature:linux-6.16.11.tar.sign
Patch:full (incremental)
ChangeLog:ChangeLog-6.16.11
6.12.51: longterm
Version:6.12.51 (longterm)
Released:2025-10-06
Source:linux-6.12.51.tar.xz
PGP Signature:linux-6.12.51.tar.sign
Patch:full (incremental)
ChangeLog:ChangeLog-6.12.51
6.6.110: longterm
Version:6.6.110 (longterm)
Released:2025-10-06
Source:linux-6.6.110.tar.xz
PGP Signature:linux-6.6.110.tar.sign
Patch:full (incremental)
ChangeLog:ChangeLog-6.6.110
mod_http2-2.0.35-1.fc41
FEDORA-2025-494d9f64cb
Packages in this update:
- mod_http2-2.0.35-1.fc41
- version update
mod_http2-2.0.35-1.fc42
FEDORA-2025-40b7d151db
Packages in this update:
- mod_http2-2.0.35-1.fc42
- version update