Aggregator

brotli-1.2.0-1.fc42 perl-Alien-Brotli-0.2.2-11.fc42

Fedora Security Advisories
1 week ago
FEDORA-2025-9e233a4e22 Packages in this update:
  • brotli-1.2.0-1.fc42
  • perl-Alien-Brotli-0.2.2-11.fc42
Update description:

Update brotli to 1.2.0.

This update provides the necessary Python APIs in python3-brotli to fix denial-of-service security issues related to “decompression bombs,” such as CVE-2025-66471 or CVE-2025-6176, but actually fixing them would require separate updates in affected packages.

USN-7924-1: libpng vulnerabilities

Ubuntu Security Advisories
1 week ago
It was discovered that libpng incorrectly handled memory when processing certain PNG files, which could result in an out-of-bounds memory access. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-64505) It was discovered that libpng incorrectly handled memory when processing 8-bit images through the simplified write API with 'convert_to_8bit' enabled, which could result in an out-of-bounds memory access. If a user or automated system were tricked into opening a specially crafted 8-bit PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-64506) It was discovered that libpng incorrectly handled memory when processing palette images with 'PNG_FLAG_OPTIMIZE_ALPHA' enabled, which could result in an out-of-bounds memory access. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-64720) It was discovered that libpng incorrectly handled memory when processing 6-bit interlaced PNGs with 8-bit output format, which could result in an out-of-bounds memory access. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-65018)

USN-7923-1: Qt vulnerability

Ubuntu Security Advisories
1 week ago
It was discovered that Qt did not correctly handle certain memory operations. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

USN-7922-1: Linux kernel vulnerabilities

Ubuntu Security Advisories
1 week ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - InfiniBand drivers; - Media drivers; - Network drivers; - Pin controllers subsystem; - AFS file system; - F2FS file system; - Tracing infrastructure; - Memory management; - Appletalk network protocol; - Netfilter; (CVE-2022-49026, CVE-2022-49390, CVE-2024-47691, CVE-2024-49935, CVE-2024-50067, CVE-2024-50095, CVE-2024-50196, CVE-2024-53090, CVE-2024-53218, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018)

USN-7921-1: Linux kernel vulnerabilities

Ubuntu Security Advisories
1 week ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Media drivers; - Netfilter; - TLS protocol; (CVE-2025-39946, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018)

USN-7920-1: Linux kernel vulnerabilities

Ubuntu Security Advisories
1 week ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Tracing infrastructure; - Netfilter; (CVE-2025-40018, CVE-2025-40232)

libpng-1.6.53-1.fc43

Fedora Security Advisories
1 week ago
FEDORA-2025-7f360be18f Packages in this update:
  • libpng-1.6.53-1.fc43
Update description:
  • Fixed CVE-2025-66293 (high severity): Out-of-bounds read in png_image_read_composite.
  • Fixed the Paeth filter handling in the RISC-V RVV implementation.
  • Improved the performance of the RISC-V RVV implementation.

brotli-1.2.0-1.fc43 perl-Alien-Brotli-0.2.2-11.fc43 python-urllib3-2.6.1-1.fc43

Fedora Security Advisories
1 week ago
FEDORA-2025-d93200cf16 Packages in this update:
  • brotli-1.2.0-1.fc43
  • perl-Alien-Brotli-0.2.2-11.fc43
  • python-urllib3-2.6.1-1.fc43
Update description:

Update brotli to 1.2.0 and python-urllib3 to 2.6.1.

In python-urllib3:

  • Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 / `GHSA-2xpw-w6gg-jr37)
  • Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the Content-Encoding header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 / `GHSA-gm62-xv2j-4w53)