Aggregator

USN-7688-1: cifs-utils vulnerabilities

Ubuntu Security Advisories
3 weeks 5 days ago
Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a password. In certain environments, a local attacker could possibly use this issue to escalate privileges. (CVE-2020-14342) It was discovered that cifs-utils incorrectly used host credentials when mounting a krb5 CIFS file system from within a container. An attacker inside a container could possibly use this issue to obtain access to sensitive information. (CVE-2021-20208) It was discovered that cifs-utils incorrectly handled certain command-line arguments. A local attacker could possibly use this issue to obtain root privileges. (CVE-2022-27239) It was discovered that cifs-utils incorrectly handled verbose logging. A local attacker could possibly use this issue to obtain sensitive information. (CVE-2022-29869)

webkitgtk-2.48.5-1.fc42

Fedora Security Advisories
3 weeks 6 days ago
FEDORA-2025-61ca72f430 Packages in this update:
  • webkitgtk-2.48.5-1.fc42
Update description:

Update to 2.48.5. Changes since 2.48.3:

  • Improve emoji font selection.
  • Improve playback of multimedia streams from blob URLs.
  • Fix crash when using a WebKitWebView widget in an offscreen window.
  • Fix several crashes and rendering issues.
  • CVE-2025-31273, CVE-2025-31278, CVE-2025-43211, CVE-2025-43212, CVE-2025-43216, CVE-2025-43227, CVE-2025-43240, CVE-2025-43265, CVE-2025-6558

webkitgtk-2.48.5-1.fc41

Fedora Security Advisories
3 weeks 6 days ago
FEDORA-2025-9b8165a4b3 Packages in this update:
  • webkitgtk-2.48.5-1.fc41
Update description:

Update to 2.48.5. Changes since 2.48.3:

  • Improve emoji font selection.
  • Improve playback of multimedia streams from blob URLs.
  • Fix crash when using a WebKitWebView widget in an offscreen window.
  • Fix several crashes and rendering issues.
  • CVE-2025-31273, CVE-2025-31278, CVE-2025-43211, CVE-2025-43212, CVE-2025-43216, CVE-2025-43227, CVE-2025-43240, CVE-2025-43265, CVE-2025-6558

socat-1.8.0.3-1.fc41

Fedora Security Advisories
3 weeks 6 days ago
FEDORA-2025-4f0d6d3522 Packages in this update:
  • socat-1.8.0.3-1.fc41
Update description:
  • Update to 1.8.0.3 (rhbz#2307725)
  • Resolves: CVE-2024-54661 (rhbz#2330520)
  • Resolves: non-working ipv6-join-group option (rhbz#2352860)
  • Resolves: FTBFS in Fedora (rhbz#2385633)

socat-1.8.0.3-1.fc42

Fedora Security Advisories
3 weeks 6 days ago
FEDORA-2025-33885cfff8 Packages in this update:
  • socat-1.8.0.3-1.fc42
Update description:
  • Update to 1.8.0.3 (rhbz#2307725)
  • Resolves: CVE-2024-54661 (rhbz#2330520)
  • Resolves: non-working ipv6-join-group option (rhbz#2352860)
  • Resolves: FTBFS in Fedora (rhbz#2385633)

USN-7687-1: poppler vulnerabilities

Ubuntu Security Advisories
3 weeks 6 days ago
Jieyong Ma discovered that poppler incorrectly handled certain malformed PDF files. A remote attacker could possibly use this issue to cause poppler to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2022-27337) Kevin Backhouse discovered that poppler incorrectly handled documents with a large number of annotations. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could use this issue to cause poppler to consume resources, leading to a denial of service, or possibly execute arbitrary code. (CVE-2025-52886)

socat-1.8.0.3-1.fc43

Fedora Security Advisories
3 weeks 6 days ago
FEDORA-2025-0d54679581 Packages in this update:
  • socat-1.8.0.3-1.fc43
Update description:

Automatic update for socat-1.8.0.3-1.fc43.

Changelog * Wed Aug 6 2025 Martin Osvald <mosvald@redhat.com> - 1.8.0.3-1 - Update to 1.8.0.3 (rhbz#2307725) - Resolves: CVE-2024-54661 (rhbz#2330520) - Resolves: non-working ipv6-join-group option (rhbz#2352860) - Resolves: FTBFS in Fedora (rhbz#2385633) * Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

xen-4.19.3-1.fc41

Fedora Security Advisories
3 weeks 6 days ago
FEDORA-2025-d2a821d9d1 Packages in this update:
  • xen-4.19.3-1.fc41
Update description:

update to xen-4.19.3 includes patches for x86: Incorrect stubs exception handling for flags recovery [XSA-470, CVE-2025-27465] x86: Transitive Scheduler Attacks [XSA-471, CVE-2024-36350,

open62541-1.4.13-1.fc42

Fedora Security Advisories
4 weeks ago
FEDORA-2025-c2afaee8fe Packages in this update:
  • open62541-1.4.13-1.fc42
Update description:

Changes in v1.4.13:

  • server: Cover edge-case in the EventFilter validation
  • client: Cover edge-case in the UserTokenPolicy validation
  • arch: Process delayed callbacks immediately via the nextCyclicTime
  • plugins: Fixed memleak for scandir in OpenSSL SecurityPolicies
  • tools: Fixed parsing of ByteString-NodeIds in the Nodeset compiler
  • tools: Fix build-system edge-case in the Nodeset-Injector
  • tools: Fixed edge-case for parsing of LocalizedText in the Nodeset compiler

Changes in v1.4.12:

  • core: Added QNX support
  • core: Fix use of null pointer in certificate verification
  • arch: Fix busy loop in the EventLoop
  • client: Check if the "CreatedAt" timestamp of the SecurityToken
  • client: Fix potential infinite loop in client connect
  • server: Fix duplicate entries in discoveryUrls list
  • server: Fix server lock state while copying out statistics
  • deps: Update musl time methods to avoid name clashes
  • plugin: Fix length calculation in mbedtls CreateCertificate
  • ci: Run linux CI in a Ubuntu container

open62541-1.4.13-1.fc41

Fedora Security Advisories
4 weeks ago
FEDORA-2025-2b2997564c Packages in this update:
  • open62541-1.4.13-1.fc41
Update description:

Changes in v1.4.13:

  • server: Cover edge-case in the EventFilter validation
  • client: Cover edge-case in the UserTokenPolicy validation
  • arch: Process delayed callbacks immediately via the nextCyclicTime
  • plugins: Fixed memleak for scandir in OpenSSL SecurityPolicies
  • tools: Fixed parsing of ByteString-NodeIds in the Nodeset compiler
  • tools: Fix build-system edge-case in the Nodeset-Injector
  • tools: Fixed edge-case for parsing of LocalizedText in the Nodeset compiler

Changes in v1.4.12:

  • core: Added QNX support
  • core: Fix use of null pointer in certificate verification
  • arch: Fix busy loop in the EventLoop
  • client: Check if the "CreatedAt" timestamp of the SecurityToken
  • client: Fix potential infinite loop in client connect
  • server: Fix duplicate entries in discoveryUrls list
  • server: Fix server lock state while copying out statistics
  • deps: Update musl time methods to avoid name clashes
  • plugin: Fix length calculation in mbedtls CreateCertificate
  • ci: Run linux CI in a Ubuntu container