Aggregator

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - MTD block device drivers; - Network drivers; - Pin controllers subsystem; - x86 platform drivers; - PTP clock framework; - RapidIO drivers; - Voltage and Current Regulator drivers; - Remote Processor subsystem; - S/390 drivers; - SCSI subsystem; - ASPEED SoC drivers; - TCM subsystem; - Thermal drivers; - Thunderbolt and USB4 drivers; - TTY drivers; - UFS subsystem; - USB Gadget drivers; - Renesas USBHS Controller drivers; - USB Type-C support driver; - Virtio Host (VHOST) subsystem; - Backlight driver; - Framebuffer layer; - BTRFS file system; - File systems infrastructure; - Ext4 file system; - F2FS file system; - JFFS2 file system; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NTFS3 file system; - DRM display driver; - Memory Management; - Mellanox drivers; - Memory management; - Netfilter; - Network sockets; - IPC subsystem; - BPF subsystem; - Perf events; - Kernel exit() syscall; - Restartable seuqences system call mechanism; - Timer subsystem; - Tracing infrastructure; - Appletalk network protocol; - Asynchronous Transfer Mode (ATM) subsystem; - Networking core; - IPv6 networking; - MultiProtocol Label Switching driver; - NetLabel subsystem; - Netlink; - NFC subsystem; - Open vSwitch; - Rose network layer; - RxRPC session sockets; - Network traffic control; - TIPC protocol; - VMware vSockets driver; - USB sound devices; (CVE-2025-38067, CVE-2025-38337, CVE-2025-38204, CVE-2025-38085, CVE-2025-38514, CVE-2025-38313, CVE-2025-38273, CVE-2025-38143, CVE-2025-38203, CVE-2025-38200, CVE-2025-38362, CVE-2025-38439, CVE-2025-38346, CVE-2025-38465, CVE-2024-57883, CVE-2025-38181, CVE-2025-38229, CVE-2025-38401, CVE-2025-38115, CVE-2025-38159, CVE-2025-38420, CVE-2025-38516, CVE-2025-38371, CVE-2025-38445, CVE-2025-38395, CVE-2025-38161, CVE-2025-38147, CVE-2025-38163, CVE-2025-38384, CVE-2025-38498, CVE-2024-26775, CVE-2025-38231, CVE-2025-38305, CVE-2025-38135, CVE-2025-38112, CVE-2025-38375, CVE-2025-38403, CVE-2025-38515, CVE-2025-38363, CVE-2025-38377, CVE-2025-38387, CVE-2025-38298, CVE-2025-38344, CVE-2025-21888, CVE-2025-38107, CVE-2025-38160, CVE-2025-38174, CVE-2025-38319, CVE-2025-38464, CVE-2025-38102, CVE-2025-38400, CVE-2025-38245, CVE-2025-38153, CVE-2025-38310, CVE-2025-38513, CVE-2025-38167, CVE-2025-38459, CVE-2025-38206, CVE-2025-38345, CVE-2025-38249, CVE-2025-38119, CVE-2025-38336, CVE-2025-38154, CVE-2025-38457, CVE-2025-38136, CVE-2025-38103, CVE-2025-38352, CVE-2025-38145, CVE-2025-38146, CVE-2025-38393, CVE-2025-38184, CVE-2025-38460, CVE-2025-38227, CVE-2025-38443, CVE-2025-38293, CVE-2025-38257, CVE-2025-38462, CVE-2025-38328, CVE-2025-38090, CVE-2025-38389, CVE-2025-38324, CVE-2025-38430, CVE-2025-37948, CVE-2025-38263, CVE-2025-38218, CVE-2025-37963, CVE-2025-38226, CVE-2025-38415, CVE-2025-38418, CVE-2025-38074, CVE-2025-38458, CVE-2025-38391, CVE-2022-48703, CVE-2025-38219, CVE-2025-38412, CVE-2025-37958, CVE-2025-38194, CVE-2025-38280, CVE-2025-38285, CVE-2025-38138, CVE-2025-38251, CVE-2025-38222, CVE-2025-38461, CVE-2025-38100, CVE-2025-38326, CVE-2025-38320, CVE-2025-38386, CVE-2025-38542, CVE-2025-38237, CVE-2025-38419, CVE-2024-44939, CVE-2025-38410, CVE-2024-26726, CVE-2025-38211, CVE-2025-38441, CVE-2025-38173, CVE-2025-38428, CVE-2025-38212, CVE-2025-38157, CVE-2025-38088, CVE-2025-38197, CVE-2025-38111, CVE-2025-38312, CVE-2025-38399, CVE-2025-38286, CVE-2025-38406, CVE-2025-38540, CVE-2025-38108, CVE-2025-38424, CVE-2025-38120, CVE-2025-38084, CVE-2025-38262, CVE-2025-38086, CVE-2025-38342, CVE-2025-38416, CVE-2025-38348, CVE-2025-38122, CVE-2025-38448, CVE-2025-38467, CVE-2025-38444, CVE-2025-38332, CVE-2025-38466)

It was discovered that Squid incorrectly handled certain long SNMP OIDs. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.

Version:next-20251006 (linux-next) Released:2025-10-06

It was discovered that poppler incorrectly handled certain PDF files. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could use this issue to cause poppler to crash, leading to a denial of service.

USN-7691-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.43 in Ubuntu 20.04 LTS In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-43.html https://www.oracle.com/security-alerts/cpujul2025.html

FEDORA-2025-e6f76d56fc Packages in this update:

• openssl-3.2.6-2.fc41

Update description:

Resolves: CVE-2025-9230, CVE-2025-9231, CVE-2025-9232

FEDORA-2025-c355a1291c Packages in this update:

• openssl-3.2.6-2.fc42

Update description:

Resolves: CVE-2025-9230, CVE-2025-9231, CVE-2025-9232

FEDORA-EPEL-2025-2d44b874a0 Packages in this update:

• valkey-8.0.6-1.el8

Update description:

Valkey 8.0.6 - Released Fri 03 October 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Security fixes

• CVE-2025-49844 A Lua script may lead to remote code execution
• CVE-2025-46817 A Lua script may lead to integer overflow and potential RCE
• CVE-2025-46818 A Lua script can be executed in the context of another user
• CVE-2025-46819 LUA out-of-bound read

Bug fixes

• Fix accounting for dual channel RDB bytes in replication stats (#2616)
• Minor fix for dual rdb channel connection conn error log (#2658)
• Fix unsigned difference expression compared to zero (#2101)

Valkey 8.0.5 - Released Thu 22 Aug 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Bug fixes

• Fix clients remaining blocked when reprocessing commands after certain blocking operations (#2109)
• Fix a memory corruption issue in the sharded pub/sub unsubscribe logic (#2137)
• Fix potential memory leak by ensuring module context is freed when aux_save2 callback writes no data (#2132)
• Fix CLIENT UNBLOCK triggering unexpected errors when used on paused clients (#2117)
• Fix missing NULL check on SSL_new() when creating outgoing TLS connections (#2140)
• Fix incorrect casting of ping extension lengths to prevent silent packet drops (#2144)
• Fix replica failover stall due to outdated config epoch (#2178)
• Fix incorrect port/tls-port info in CLUSTER SLOTS/CLUSTER NODES after dynamic config change (#2186)
• Ensure empty error tables in Lua scripts don't crash Valkey (#2229)
• Fix client tracking memory overhead calculation (#2360)
• Handle divergent shard-id from nodes.conf and reconcile to the primary node's shard-id (#2174)
• Fix pre-size hashtables per slot when reading RDB files (#2466)

Behavior changes

• Trigger election immediately during a forced manual failover (CLUSTER FAILOVER FORCE) to avoid delay (#1067)
• Reset ongoing election state when initiating a new manual failover (#1274)

Logging and Tooling Improvements

• Add support to drop all cluster packets (#1252)
• Improve log clarity in failover auth denial message (#1341)

Security fixes

• CVE-2025-27151: Check length of AOF file name in valkey-check-aof and reject paths longer than PATH_MAX (#2146)

FEDORA-EPEL-2025-115d3a5484 Packages in this update:

• valkey-8.0.6-1.el9

Update description:

Valkey 8.0.6 - Released Fri 03 October 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Security fixes

• CVE-2025-49844 A Lua script may lead to remote code execution
• CVE-2025-46817 A Lua script may lead to integer overflow and potential RCE
• CVE-2025-46818 A Lua script can be executed in the context of another user
• CVE-2025-46819 LUA out-of-bound read

Bug fixes

• Fix accounting for dual channel RDB bytes in replication stats (#2616)
• Minor fix for dual rdb channel connection conn error log (#2658)
• Fix unsigned difference expression compared to zero (#2101)

Valkey 8.0.5 - Released Thu 22 Aug 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Bug fixes

• Fix clients remaining blocked when reprocessing commands after certain blocking operations (#2109)
• Fix a memory corruption issue in the sharded pub/sub unsubscribe logic (#2137)
• Fix potential memory leak by ensuring module context is freed when aux_save2 callback writes no data (#2132)
• Fix CLIENT UNBLOCK triggering unexpected errors when used on paused clients (#2117)
• Fix missing NULL check on SSL_new() when creating outgoing TLS connections (#2140)
• Fix incorrect casting of ping extension lengths to prevent silent packet drops (#2144)
• Fix replica failover stall due to outdated config epoch (#2178)
• Fix incorrect port/tls-port info in CLUSTER SLOTS/CLUSTER NODES after dynamic config change (#2186)
• Ensure empty error tables in Lua scripts don't crash Valkey (#2229)
• Fix client tracking memory overhead calculation (#2360)
• Handle divergent shard-id from nodes.conf and reconcile to the primary node's shard-id (#2174)
• Fix pre-size hashtables per slot when reading RDB files (#2466)

Behavior changes

• Trigger election immediately during a forced manual failover (CLUSTER FAILOVER FORCE) to avoid delay (#1067)
• Reset ongoing election state when initiating a new manual failover (#1274)

Logging and Tooling Improvements

• Add support to drop all cluster packets (#1252)
• Improve log clarity in failover auth denial message (#1341)

Security fixes

• CVE-2025-27151: Check length of AOF file name in valkey-check-aof and reject paths longer than PATH_MAX (#2146)

Version:6.17.1 (stable) Released:2025-10-06 Source:linux-6.17.1.tar.xz PGP Signature:linux-6.17.1.tar.sign Patch:full ChangeLog:ChangeLog-6.17.1

Version:6.16.11 (stable) Released:2025-10-06 Source:linux-6.16.11.tar.xz PGP Signature:linux-6.16.11.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.16.11

Version:6.12.51 (longterm) Released:2025-10-06 Source:linux-6.12.51.tar.xz PGP Signature:linux-6.12.51.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.51

Version:6.6.110 (longterm) Released:2025-10-06 Source:linux-6.6.110.tar.xz PGP Signature:linux-6.6.110.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.110

FEDORA-2025-494d9f64cb Packages in this update:

• mod_http2-2.0.35-1.fc41

Update description:

• version update

FEDORA-2025-40b7d151db Packages in this update:

• mod_http2-2.0.35-1.fc42

Update description:

• version update

FEDORA-2025-15b4c6bad6 Packages in this update:

• mingw-poppler-24.08.0-6.fc42

Update description:

Backport fix for CVE-2025-43718.

FEDORA-2025-e16b533459 Packages in this update:

• mingw-poppler-24.02.0-6.fc41

Update description:

Backport fix for CVE-2025-43718.

FEDORA-EPEL-2025-96049efbd2 Packages in this update:

• chromium-141.0.7390.54-1.el10_2

Update description:

Update to 141.0.7390.54

* High CVE-2025-11205: Heap buffer overflow in WebGPU * High CVE-2025-11206: Heap buffer overflow in Video * Medium CVE-2025-11207: Side-channel information leakage in Storage * Medium CVE-2025-11208: Inappropriate implementation in Media * Medium CVE-2025-11209: Inappropriate implementation in Omnibox * Medium CVE-2025-11210: Side-channel information leakage in Tab * Medium CVE-2025-11211: Out of bounds read in Media * Medium CVE-2025-11212: Inappropriate implementation in Media * Medium CVE-2025-11213: Inappropriate implementation in Omnibox * Medium CVE-2025-11215: Off by one error in V8 * Low CVE-2025-11216: Inappropriate implementation in Storage * Low CVE-2025-11219: Use after free in V8

FEDORA-2025-37da05914f Packages in this update:

• chromium-141.0.7390.54-1.fc43

Update description:

Update to 141.0.7390.54

* High CVE-2025-11205: Heap buffer overflow in WebGPU * High CVE-2025-11206: Heap buffer overflow in Video * Medium CVE-2025-11207: Side-channel information leakage in Storage * Medium CVE-2025-11208: Inappropriate implementation in Media * Medium CVE-2025-11209: Inappropriate implementation in Omnibox * Medium CVE-2025-11210: Side-channel information leakage in Tab * Medium CVE-2025-11211: Out of bounds read in Media * Medium CVE-2025-11212: Inappropriate implementation in Media * Medium CVE-2025-11213: Inappropriate implementation in Omnibox * Medium CVE-2025-11215: Off by one error in V8 * Low CVE-2025-11216: Inappropriate implementation in Storage * Low CVE-2025-11219: Use after free in V8