Aggregator

Junwha Hong and Wonil Jang discovered that Micropython incorrectly handled the length of a buffer in mp_vfs_umount, leading to a heap-based buffer overflow vulnerability. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2024-8946) Junwha Hong and Wonil Jang discovered that Micropython incorrectly handled memory, leading to a use-after-free vulnerability under certain circumstances. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2024-8947) It was discovered that Middleware USB Host MCU Component incorrectly handled memory, leading to a buffer overflow vulnerability, If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2021-42553)

It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly bypass file path validation.

Version:next-20250501 (linux-next) Released:2025-05-01

FEDORA-2025-23fe8c5b7e Packages in this update:

• thunderbird-128.10.0-1.fc41

Update description:

Update to 128.10.0

• https://www.thunderbird.net/en-US/thunderbird/128.10.0esr/releasenotes/

FEDORA-2025-e1bb9ed986 Packages in this update:

• thunderbird-128.10.0-1.fc42

Update description:

Update to 128.10.0

• https://www.thunderbird.net/en-US/thunderbird/128.10.0esr/releasenotes/

FEDORA-2025-6e3f18b2c0 Packages in this update:

• thunderbird-128.10.0-1.fc40

Update description:

Update to 128.10.0

• https://www.thunderbird.net/en-US/thunderbird/128.10.0esr/releasenotes/

USN-7315-1 fixed a vulnerability in PostgreSQL. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Stephen Fewer discovered that PostgreSQL incorrectly handled quoting syntax in certain scenarios. A remote attacker could possibly use this issue to perform SQL injection attacks.

Version:next-20250430 (linux-next) Released:2025-04-30

USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update provides the corresponding updates for H2O. Original advisory details: It was discovered that Apache Traffic Server exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to cause Apache Traffic Server to crash, resulting in a denial of service.

FEDORA-2025-908a30fd98 Packages in this update:

• firefox-138.0-1.fc42

Update description:

• Update to latest upstream (138.0)

FEDORA-2025-33d579ecb1 Packages in this update:

• firefox-138.0-1.fc41

Update description:

• Update to latest upstream (138.0)

FEDORA-2025-272b21cf93 Packages in this update:

• firefox-138.0-1.fc40

Update description:

• Update to latest upstream (138.0)

It was discovered that poppler did not properly verify adbe.pkcs7.sha1 signatures in PDF documents. An attacker could possibly use this issue to create documents with forged signatures that are treated as legitimately signed.

USN-7423-1 fixed several vulnerabilities in GNU. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2025-0840) It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash, expose sensitive information or execute arbitrary code. (CVE-2025-1153) It was discovered that ld in GNU binutils incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-1176)