Aggregator

USN-7755-3: Linux kernel (AWS FIPS) vulnerabilities

Ubuntu Security Advisories
1 week 5 days ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; - SPI subsystem; - USB core drivers; - NILFS2 file system; - IPv6 networking; - Network traffic control; (CVE-2025-38350, CVE-2024-47685, CVE-2024-57996, CVE-2024-53130, CVE-2025-37752, CVE-2023-52477, CVE-2024-53131, CVE-2024-50202, CVE-2024-27074, CVE-2024-50051)

USN-7762-1: pip vulnerabilities

Ubuntu Security Advisories
1 week 6 days ago
Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could possibly use this issue to obtain sensitive information. This update addresses the issue in the Requests module bundled into pip in Ubuntu 22.04 LTS. (CVE-2023-32681) It was discovered that urllib3 didn't strip HTTP body on status code 303 redirects under certain circumstances. A remote attacker could possibly use this issue to obtain sensitive information. This update addresses the issue in the urllib3 module bundled into pip in Ubuntu 24.04 LTS. (CVE-2023-45803) Guido Vranken discovered that idna did not properly manage certain inputs, which could lead to significant resource consumption. An attacker could possibly use this issue to cause a denial of service. This update addresses the issue in the idna module bundled into pip in Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-3651) Juho Forsén discovered that Requests did not correctly parse URLs. A remote attacker could possibly use this issue to leak sensitive information. This update addresses the issue in the Requests module bundled into pip in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.04. (CVE-2024-47081)

xen-4.20.1-6.fc43

Fedora Security Advisories
2 weeks ago
FEDORA-2025-873ad6df70 Packages in this update:
  • xen-4.20.1-6.fc43
Update description:

Rebuilt for Python 3.14.0rc3 bytecode

Mutiple vulnerabilities in the Viridian interface [XSA-472, CVE-2025-27466, CVE-2025-58142, CVE-2025-58143] Arm issues with page refcounting [XSA-473, CVE-2025-58144, CVE-2025-58145]

bird-3.1.4-1.el9

Fedora Security Advisories
2 weeks ago
FEDORA-EPEL-2025-e1e7d2cc95 Packages in this update:
  • bird-3.1.4-1.el9
Update description: BIRD 3.1.4 (2025-09-22)
  • BGP: Fixed crash on Notification with a message, CVE-2025-59688
  • BGP: Fixed invalid memory access in pending TX flush
  • BGP: Fixed a rare bug with listening socket delay
  • Pipe: Disabled statisticts for stopping pipe
  • Hash: Read-only assertions
  • ROA Aggregator: Fixed crash on multiwithdraw
  • Protocol: Fixed broken state announcements

bird-3.1.4-1.el8

Fedora Security Advisories
2 weeks ago
FEDORA-EPEL-2025-0de05270a6 Packages in this update:
  • bird-3.1.4-1.el8
Update description: BIRD 3.1.4 (2025-09-22)
  • BGP: Fixed crash on Notification with a message, CVE-2025-59688
  • BGP: Fixed invalid memory access in pending TX flush
  • BGP: Fixed a rare bug with listening socket delay
  • Pipe: Disabled statisticts for stopping pipe
  • Hash: Read-only assertions
  • ROA Aggregator: Fixed crash on multiwithdraw
  • Protocol: Fixed broken state announcements

bird-3.1.4-1.el10_2

Fedora Security Advisories
2 weeks ago
FEDORA-EPEL-2025-74dfc689e4 Packages in this update:
  • bird-3.1.4-1.el10_2
Update description: BIRD 3.1.4 (2025-09-22)
  • BGP: Fixed crash on Notification with a message, CVE-2025-59688
  • BGP: Fixed invalid memory access in pending TX flush
  • BGP: Fixed a rare bug with listening socket delay
  • Pipe: Disabled statisticts for stopping pipe
  • Hash: Read-only assertions
  • ROA Aggregator: Fixed crash on multiwithdraw
  • Protocol: Fixed broken state announcements

bird-3.1.4-1.fc43

Fedora Security Advisories
2 weeks ago
FEDORA-2025-182c305561 Packages in this update:
  • bird-3.1.4-1.fc43
Update description: BIRD 3.1.4 (2025-09-22)
  • BGP: Fixed crash on Notification with a message, CVE-2025-59688
  • BGP: Fixed invalid memory access in pending TX flush
  • BGP: Fixed a rare bug with listening socket delay
  • Pipe: Disabled statisticts for stopping pipe
  • Hash: Read-only assertions
  • ROA Aggregator: Fixed crash on multiwithdraw
  • Protocol: Fixed broken state announcements

bird-3.1.4-1.el10_1

Fedora Security Advisories
2 weeks ago
FEDORA-EPEL-2025-569bc4dd06 Packages in this update:
  • bird-3.1.4-1.el10_1
Update description: BIRD 3.1.4 (2025-09-22)
  • BGP: Fixed crash on Notification with a message, CVE-2025-59688
  • BGP: Fixed invalid memory access in pending TX flush
  • BGP: Fixed a rare bug with listening socket delay
  • Pipe: Disabled statisticts for stopping pipe
  • Hash: Read-only assertions
  • ROA Aggregator: Fixed crash on multiwithdraw
  • Protocol: Fixed broken state announcements

bird-3.1.4-1.el10_0

Fedora Security Advisories
2 weeks ago
FEDORA-EPEL-2025-b8aaadaa26 Packages in this update:
  • bird-3.1.4-1.el10_0
Update description: BIRD 3.1.4 (2025-09-22)
  • BGP: Fixed crash on Notification with a message, CVE-2025-59688
  • BGP: Fixed invalid memory access in pending TX flush
  • BGP: Fixed a rare bug with listening socket delay
  • Pipe: Disabled statisticts for stopping pipe
  • Hash: Read-only assertions
  • ROA Aggregator: Fixed crash on multiwithdraw
  • Protocol: Fixed broken state announcements

bird-3.1.4-1.fc42

Fedora Security Advisories
2 weeks ago
FEDORA-2025-f6b553e67d Packages in this update:
  • bird-3.1.4-1.fc42
Update description: BIRD 3.1.4 (2025-09-22)
  • BGP: Fixed crash on Notification with a message, CVE-2025-59688
  • BGP: Fixed invalid memory access in pending TX flush
  • BGP: Fixed a rare bug with listening socket delay
  • Pipe: Disabled statisticts for stopping pipe
  • Hash: Read-only assertions
  • ROA Aggregator: Fixed crash on multiwithdraw
  • Protocol: Fixed broken state announcements

bird-3.1.4-1.fc41

Fedora Security Advisories
2 weeks ago
FEDORA-2025-702902f388 Packages in this update:
  • bird-3.1.4-1.fc41
Update description: BIRD 3.1.4 (2025-09-22)
  • BGP: Fixed crash on Notification with a message, CVE-2025-59688
  • BGP: Fixed invalid memory access in pending TX flush
  • BGP: Fixed a rare bug with listening socket delay
  • Pipe: Disabled statisticts for stopping pipe
  • Hash: Read-only assertions
  • ROA Aggregator: Fixed crash on multiwithdraw
  • Protocol: Fixed broken state announcements

ntpd-rs-1.6.2-1.fc41

Fedora Security Advisories
2 weeks ago
FEDORA-2025-ee9b86c6d9 Packages in this update:
  • ntpd-rs-1.6.2-1.fc41
Update description:

Update to version 1.6.2.

Includes fixes for CVE-2025-58066 (potential DoS in the ntpd-rs server) and CVE-2025-58160 (potential tracing log pollution).

ntpd-rs-1.6.2-1.fc42

Fedora Security Advisories
2 weeks ago
FEDORA-2025-7fbf258406 Packages in this update:
  • ntpd-rs-1.6.2-1.fc42
Update description:

Update to version 1.6.2.

Includes fixes for CVE-2025-58066 (potential DoS in the ntpd-rs server) and CVE-2025-58160 (potential tracing log pollution).

ntpd-rs-1.6.2-1.fc43

Fedora Security Advisories
2 weeks ago
FEDORA-2025-cf3fbd8fcf Packages in this update:
  • ntpd-rs-1.6.2-1.fc43
Update description:

Update to version 1.6.2.

Includes fixes for CVE-2025-58066 (potential DoS in the ntpd-rs server) and CVE-2025-58160 (potential tracing log pollution).