Aggregator

USN-7886-2: Python vulnerabilities

Ubuntu Security Advisories
1 week 1 day ago
USN-7886-1 fixed vulnerabilities in Python. This update provides the corresponding updates for python3.13 in Ubuntu 25.04 and Ubuntu 25.10. Original advisory details: It was discovered that Python inefficiently handled expanding system environment variables. An attacker could possibly use this issue to cause Python to consume excessive resources, leading to a denial of service. (CVE-2025-6075) Caleb Brown discovered that Python incorrectly handled the ZIP64 End of Central Directory (EOCD) Locator record offset value. An attacker could possibly use this issue to obfuscate malicious content. (CVE-2025-8291)

7zip-25.01-1.fc43

Fedora Security Advisories
1 week 1 day ago
FEDORA-2025-b6422d64f9 Packages in this update:
  • 7zip-25.01-1.fc43
Update description:

Various CVE fixes, most importantly CVE-2025-11001

This also backports the Debian patch (PR unfortunately stalled upstream, with no communication from upstream developers) to not echo passwords when dealing with encrypted archives.

7zip-25.01-1.el10_1

Fedora Security Advisories
1 week 1 day ago
FEDORA-EPEL-2025-0a81d38451 Packages in this update:
  • 7zip-25.01-1.el10_1
Update description:

Various CVE fixes, most importantly CVE-2025-11001

This also backports the Debian patch (PR unfortunately stalled upstream, with no communication from upstream developers) to not echo passwords when dealing with encrypted archives.

7zip-25.01-1.el10_2

Fedora Security Advisories
1 week 1 day ago
FEDORA-EPEL-2025-2bed30c65f Packages in this update:
  • 7zip-25.01-1.el10_2
Update description:

Various CVE fixes, most importantly CVE-2025-11001

This also backports the Debian patch (PR unfortunately stalled upstream, with no communication from upstream developers) to not echo passwords when dealing with encrypted archives.

7zip-25.01-1.fc44

Fedora Security Advisories
1 week 1 day ago
FEDORA-2025-b5a4903ea0 Packages in this update:
  • 7zip-25.01-1.fc44
Update description:

Automatic update for 7zip-25.01-1.fc44.

Changelog * Wed Nov 26 2025 Michel Lind <salimma@fedoraproject.org> - 25.01-1 - Update to 25.01 - 25.00+ fixes CVE-2025-11001; Resolves: rhbz#2416011 - Backport Debian patch to disable echo-ing password; Resolves: rhbz#2412315

USN-7894-1: EDK II vulnerabilities

Ubuntu Security Advisories
1 week 1 day ago
It was discovered that EDK II was susceptible to a predictable TCP Initial Sequence Number. An attacker could possibly use this issue to gain unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2023-45236, CVE-2023-45237) It was discovered that EDK II incorrectly handled S3 sleep. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-1298) It was discovered that the EDK II PE/COFF loader incorrectly handled certain memory operations. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-38796) It was discovered that the EDK II PE image hashing function incorrectly handled certain memory operations. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-38797) It was discovered that the EDK II BIOS incorrectly handled certain memory operations. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-38805, CVE-2025-2295) It was discovered that EDK II incorrectly handled the enabling of MCE. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2025-3770) It was discovered that the OpenSSL library embedded in EDK II contained multiple vulnerabilties. An attacker could possibly use these issues to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2021-3712, CVE-2022-0778, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6237, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511, CVE-2024-41996, CVE-2024-4741, CVE-2024-5535, CVE-2024-6119, CVE-2024-9143, CVE-2025-9232)

USN-7893-1: Valkey vulnerabilities

Ubuntu Security Advisories
1 week 1 day ago
Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Valkey incorrectly handled memory when running Lua scripts. An authenticated attacker could use this vulnerability to trigger a use-after-free condition, and potentially achieve remote code execution on the Valkey server. (CVE-2025-49844) It was discovered that Valkey incorrectly handled memory when running Lua scripts. An authenticated attacker could use this vulnerability to trigger a integer overflow condition, and potentially achieve remote code execution on the Valkey server. (CVE-2025-46817) It was discovered that Valkey incorrectly handled Lua objects. An authenticated attacker could possibly use this issue to escalate their privileges. (CVE-2025-46818) It was discovered that Valkey incorrectly handled memory when running Lua scripts. An authenticated attacker could use this vulnerability to read out-of-bounds memory, causing a denial of service or possibly obtaining sensitive information. (CVE-2025-46819) It was discovered that Valkey incorrectly handled memory in some calculations. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-49112)