Aggregator

FEDORA-2025-10d67f6509 Packages in this update:

• chromium-141.0.7390.65-1.fc42

Update description:

Update to 141.0.7390.65

* High CVE-2025-11458: Heap buffer overflow in Sync * High CVE-2025-11460: Use after free in Storage * Medium CVE-2025-11211: Out of bounds read in WebCodecs

It was discovered that Vim incorrectly handled certain internal calls when scrolling a window. An attacker could possibly use this issue to cause a denial of service.

It was discovered that LibHTP did not correctly handle certain HTTP headers. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-23837) It was discovered that LibHTP did not correctly parse certain HTTP requests. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-28871) It was discovered that LibHTP did not correctly parse certain HTTP requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2024-45797) It was discovered that LibHTP did not correctly handle certain memory operations. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2025-53537)

Woojin Park, Hojun Lee, Yougin Won and Siyeon Han discovered that ImageMagick did not properly sanitize image file names. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2025-55298) Lumina Mescuwa discovered that ImageMagick did not properly handle memory when encoding BMP images. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-57803)

FEDORA-2025-a870881eff Packages in this update:

• moby-engine-28.5.1-1.fc44

Update description:

Automatic update for moby-engine-28.5.1-1.fc44.

Changelog * Wed Oct 8 2025 Bradley G Smith <bradley.g.smith@gmail.com> - 28.5.1-1 - Update to release v28.5.1 - Resolves: rhbz#2401164, rhbz#2384164, rhbz#2384149 - Upstream new features and fixes

Niklas Vogel and Haya Schulmann discovered that FORT Validator did not perform proper input validation when parsing certain RPKI repository data. A remote attacker could possibly use this issue to cause FORT Validator to crash, resulting in a denial of service. (CVE-2024-45234, CVE-2024-45235, CVE-2024-45236, CVE-2024-45238, CVE-2024-45239) Niklas Vogel and Haya Schulmann discovered that FORT Validator did not perform proper input validation when parsing resource certificates. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-45237) Koen van Hove discovered that FORT Validator did not limit the duration of data transfers when fetching RPKI repository data. A remote attacker could possibly use this issue to cause FORT Validator to consume excessive resources, resulting in a denial of service. (CVE-2024-48943)

Version:next-20251008 (linux-next) Released:2025-10-08

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed overflow check in mi_enum_attr())(CVE-2024-27407). In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1) Use skb_put_zero() to clear the whole TCP header, as done in nf_reject_ip_tcphdr_put() BUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255 nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255 nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344 nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48 expr_call_ops_eval net/netfilter/nf_tables_core.c:240 . In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption (large read) crashes with a slab-use-after-free way down in the crypto API. In the Linux kernel, the following vulnerability has been resolved: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up The issue was caused by dput(upper) being called before ovl_dentry_update_reval(), while upper->d_flags was still accessed in ovl_dentry_remote(). In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF problem.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Ext4 file system; - Network file system (NFS) server daemon; - Packet sockets; - Network traffic control; - VMware vSockets driver; (CVE-2025-38618, CVE-2025-21796, CVE-2025-37785, CVE-2025-38477, CVE-2025-38617)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Packet sockets; - Network traffic control; - VMware vSockets driver; (CVE-2025-38618, CVE-2025-38477, CVE-2025-38617)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - Packet sockets; - Network traffic control; - VMware vSockets driver; (CVE-2025-38683, CVE-2025-38618, CVE-2025-38617, CVE-2025-38477)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Packet sockets; - Network traffic control; - VMware vSockets driver; (CVE-2025-38477, CVE-2025-38617, CVE-2025-38618)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Bus devices; - AMD CDX bus driver; - DPLL subsystem; - EFI core; - GPIO subsystem; - GPU drivers; - HID subsystem; - I2C subsystem; - InfiniBand drivers; - Multiple devices driver; - Network drivers; - Mellanox network drivers; - NVME drivers; - Pin controllers subsystem; - RapidIO drivers; - Voltage and Current Regulator drivers; - SCSI subsystem; - SLIMbus drivers; - QCOM SoC drivers; - UFS subsystem; - USB DSL drivers; - Renesas USBHS Controller drivers; - USB Type-C Connector System Software Interface driver; - Framebuffer layer; - ACRN Hypervisor Service Module driver; - Ext4 file system; - Network file system (NFS) client; - Overlay file system; - Proc file system; - SMB network file system; - Memory Management; - Scheduler infrastructure; - SoC audio core drivers; - Perf events; - Tracing infrastructure; - Memory management; - 802.1Q VLAN protocol; - Asynchronous Transfer Mode (ATM) subsystem; - Bluetooth subsystem; - Devlink API; - IPv4 networking; - IPv6 networking; - Logical Link layer; - Management Component Transport Protocol (MCTP); - Multipath TCP; - Netfilter; - Packet sockets; - Network traffic control; - Switch device API; - TLS protocol; - VMware vSockets driver; - Wireless networking; - eXpress Data Path; - XFRM subsystem; (CVE-2025-21976, CVE-2025-21890, CVE-2025-38617, CVE-2025-21945, CVE-2025-21878, CVE-2025-21925, CVE-2025-21927, CVE-2025-21997, CVE-2025-21919, CVE-2025-21979, CVE-2025-21899, CVE-2025-21955, CVE-2025-21967, CVE-2024-57996, CVE-2025-22014, CVE-2025-21956, CVE-2025-21887, CVE-2025-37785, CVE-2025-21935, CVE-2024-58090, CVE-2025-21975, CVE-2025-21969, CVE-2025-21914, CVE-2025-21963, CVE-2025-21934, CVE-2025-21872, CVE-2025-21961, CVE-2025-38244, CVE-2025-21908, CVE-2025-21920, CVE-2025-21980, CVE-2025-21904, CVE-2025-22008, CVE-2025-21911, CVE-2025-21880, CVE-2025-21928, CVE-2025-21885, CVE-2025-21913, CVE-2025-37752, CVE-2025-22015, CVE-2025-38500, CVE-2025-22013, CVE-2025-21970, CVE-2025-21877, CVE-2025-21916, CVE-2025-21889, CVE-2025-21982, CVE-2025-22001, CVE-2025-22007, CVE-2025-22016, CVE-2025-21981, CVE-2025-37756, CVE-2025-21962, CVE-2025-21891, CVE-2025-21968, CVE-2025-21936, CVE-2025-21995, CVE-2025-21922, CVE-2025-21930, CVE-2025-21894, CVE-2025-38477, CVE-2025-22011, CVE-2025-21991, CVE-2025-38618, CVE-2025-22003, CVE-2025-21903, CVE-2025-21986, CVE-2025-21941, CVE-2025-21951, CVE-2025-22004, CVE-2025-21929, CVE-2025-21917, CVE-2025-21915, CVE-2025-21977, CVE-2025-21875, CVE-2025-21959, CVE-2025-22017, CVE-2025-21881, CVE-2025-21937, CVE-2025-22009, CVE-2025-38350, CVE-2025-21944, CVE-2025-21918, CVE-2025-21947, CVE-2025-21883, CVE-2025-21892, CVE-2025-21966, CVE-2025-21950, CVE-2025-21926, CVE-2025-37954, CVE-2025-21999, CVE-2025-21992, CVE-2025-21948, CVE-2025-21960, CVE-2025-21924, CVE-2025-21873, CVE-2025-21895, CVE-2025-21946, CVE-2025-37889, CVE-2025-21978, CVE-2025-21905, CVE-2025-22010, CVE-2025-38683, CVE-2025-21898, CVE-2025-21910, CVE-2025-21994, CVE-2025-21996, CVE-2025-21972, CVE-2025-21912, CVE-2025-22005, CVE-2025-21909, CVE-2025-21957, CVE-2025-21964)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - Ext4 file system; - SMB network file system; - Packet sockets; - Network traffic control; - TLS protocol; - VMware vSockets driver; - XFRM subsystem; (CVE-2025-38617, CVE-2025-37785, CVE-2025-38244, CVE-2025-37756, CVE-2025-38618, CVE-2025-38477, CVE-2025-38683, CVE-2025-38500)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Ext4 file system; - Packet sockets; - Network traffic control; - TLS protocol; - VMware vSockets driver; - XFRM subsystem; (CVE-2025-38500, CVE-2025-37785, CVE-2025-38617, CVE-2025-37756, CVE-2025-38477, CVE-2025-38618)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Android drivers; - Bluetooth drivers; - Bus devices; - Clock framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - Arm Firmware Framework for ARMv8-A(FFA); - FPGA Framework; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - HW tracing; - InfiniBand drivers; - IOMMU subsystem; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MTD block device drivers; - Network drivers; - Mellanox network drivers; - STMicroelectronics network drivers; - NVDIMM (Non-Volatile Memory Device) drivers; - NVME drivers; - NVMEM (Non Volatile Memory) drivers; - PCI subsystem; - Amlogic Meson DDR PMU; - NI-700 PMU driver; - PHY drivers; - Pin controllers subsystem; - x86 platform drivers; - PTP clock framework; - SCSI subsystem; - ASPEED SoC drivers; - SPI subsystem; - TCM subsystem; - Thunderbolt and USB4 drivers; - TTY drivers; - UFS subsystem; - USB core drivers; - USB Gadget drivers; - Renesas USBHS Controller drivers; - USB Type-C Port Controller Manager driver; - VFIO drivers; - Virtio Host (VHOST) subsystem; - Backlight driver; - Framebuffer layer; - Virtio drivers; - BTRFS file system; - EROFS file system; - F2FS file system; - File systems infrastructure; - Network file systems library; - NTFS3 file system; - SMB network file system; - Codetag library; - BPF subsystem; - LZO compression library; - Mellanox drivers; - IPv4 networking; - Bluetooth subsystem; - Network sockets; - XFRM subsystem; - Digital Audio (PCM) driver; - Tracing infrastructure; - io_uring subsystem; - Padata parallel execution mechanism; - DVFS energy model driver; - Restartable seuqences system call mechanism; - Timer subsystem; - Memory management; - KASAN memory debugging framework; - CAN network layer; - Networking core; - IPv6 networking; - Netfilter; - NetLabel subsystem; - Open vSwitch; - Network traffic control; - TIPC protocol; - TLS protocol; - ALSA framework; - sma1307 audio codecs; - Intel ASoC drivers; - MediaTek ASoC drivers; - USB sound devices; (CVE-2025-38081, CVE-2025-38142, CVE-2025-38157, CVE-2025-38174, CVE-2025-38156, CVE-2025-38044, CVE-2025-38414, CVE-2025-38041, CVE-2025-38124, CVE-2025-38122, CVE-2025-38285, CVE-2025-38317, CVE-2025-38159, CVE-2025-38352, CVE-2025-38117, CVE-2025-38040, CVE-2025-38292, CVE-2025-38301, CVE-2025-38149, CVE-2025-38299, CVE-2025-38116, CVE-2025-38100, CVE-2025-38107, CVE-2025-38063, CVE-2025-38069, CVE-2025-38130, CVE-2025-38032, CVE-2025-38113, CVE-2025-38287, CVE-2025-38138, CVE-2025-38004, CVE-2025-38097, CVE-2025-38270, CVE-2025-38311, CVE-2025-38499, CVE-2025-38050, CVE-2025-38064, CVE-2025-38278, CVE-2025-38297, CVE-2025-38091, CVE-2025-38065, CVE-2025-38114, CVE-2025-38048, CVE-2025-38096, CVE-2025-38112, CVE-2025-38148, CVE-2025-38101, CVE-2025-38062, CVE-2025-38057, CVE-2025-38029, CVE-2025-38105, CVE-2025-38277, CVE-2025-38053, CVE-2025-38302, CVE-2025-38169, CVE-2025-38307, CVE-2025-38153, CVE-2025-38106, CVE-2025-38293, CVE-2025-38267, CVE-2025-38314, CVE-2025-38291, CVE-2025-38284, CVE-2025-38141, CVE-2025-38052, CVE-2025-38079, CVE-2025-38088, CVE-2025-38164, CVE-2025-38288, CVE-2025-38289, CVE-2025-38074, CVE-2025-38073, CVE-2025-38274, CVE-2025-38167, CVE-2025-38129, CVE-2025-38082, CVE-2025-38109, CVE-2025-38003, CVE-2025-38042, CVE-2025-38319, CVE-2025-38165, CVE-2025-38102, CVE-2025-38045, CVE-2025-38154, CVE-2025-38127, CVE-2025-38034, CVE-2025-38051, CVE-2025-38143, CVE-2025-38061, CVE-2025-38119, CVE-2025-38077, CVE-2025-38115, CVE-2025-38175, CVE-2025-38147, CVE-2025-38172, CVE-2025-38176, CVE-2025-38269, CVE-2025-38126, CVE-2025-38131, CVE-2025-38296, CVE-2025-38170, CVE-2025-38110, CVE-2025-38111, CVE-2025-38295, CVE-2025-38072, CVE-2025-38168, CVE-2025-38098, CVE-2025-38160, CVE-2025-38125, CVE-2025-38054, CVE-2025-38286, CVE-2025-38310, CVE-2025-38162, CVE-2025-38135, CVE-2025-38161, CVE-2025-38055, CVE-2025-38066, CVE-2025-38318, CVE-2025-38173, CVE-2025-38033, CVE-2025-38281, CVE-2025-38140, CVE-2025-38146, CVE-2025-38305, CVE-2025-38103, CVE-2025-38080, CVE-2025-38068, CVE-2025-38037, CVE-2025-38043, CVE-2025-38272, CVE-2025-38137, CVE-2025-38279, CVE-2025-38275, CVE-2025-38151, CVE-2025-38123, CVE-2025-38158, CVE-2025-38268, CVE-2025-38136, CVE-2025-38132, CVE-2025-38120, CVE-2025-38047, CVE-2025-38304, CVE-2025-38298, CVE-2025-38265, CVE-2025-38134, CVE-2025-38128, CVE-2025-38118, CVE-2025-38058, CVE-2025-38303, CVE-2025-38316, CVE-2025-38092, CVE-2025-38163, CVE-2025-38155, CVE-2025-38145, CVE-2025-38280, CVE-2025-38076, CVE-2025-38031, CVE-2025-38306, CVE-2025-38078, CVE-2025-38035, CVE-2025-38315, CVE-2025-38300, CVE-2025-38283, CVE-2025-38059, CVE-2025-38312, CVE-2025-38071, CVE-2025-38294, CVE-2025-38036, CVE-2025-38498, CVE-2025-38099, CVE-2025-38070, CVE-2025-38166, CVE-2025-38060, CVE-2025-38282, CVE-2025-38313, CVE-2025-38038, CVE-2025-38290, CVE-2025-39890, CVE-2025-38415, CVE-2025-38039, CVE-2025-38067, CVE-2025-38075, CVE-2025-38108, CVE-2025-38139)

FEDORA-2025-0022827a20 Packages in this update:

• runc-1.3.2-1.fc44

Update description:

Automatic update for runc-1.3.2-1.fc44.

Changelog * Tue Oct 7 2025 Bradley G Smith <bradley.g.smith@gmail.com> - 2:1.3.2-1 - Update to release v1.3.2 - Resolves: rhbz#2399284, rhbz#2399563 - Upstream fixes