Aggregator

USN-7015-7: Python 2.7 regression

Ubuntu Security Advisories
1 week ago
USN-7015-4 fixed vulnerabilities in Python. It was discovered that the fix for CVE-2023-27043 for python2.7 was incorrectly applied on Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. (CVE-2023-27043) It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. (CVE-2024-6232) It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. (CVE-2024-6923) It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. (CVE-2024-7592) It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service. (CVE-2024-8088)

USN-7280-3: Python 2.7 regression

Ubuntu Security Advisories
1 week ago
USN-7280-2 fixed vulnerabilities in Python. It was discovered that the fixes for CVE-2025-0938 and CVE-2024-11168 were incorrectly applied on Ubuntu 14.04 LTS as a result. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Python incorrectly handled parsing domain names that included square brackets. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery (SSRF) attack.

USN-7782-1: Ghostscript vulnerabilities

Ubuntu Security Advisories
1 week ago
It was discovered that Ghostscript incorrectly handled opening a file to write. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service (CVE-2025-7462) It was discovered that Ghostscript incorrectly handled writing certain files. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service (CVE-2025-59798, CVE-2025-59799) It was discovered that Ghostscript incorrectly handled performing OCR on certain files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-59800)

USN-5495-2: curl regression

Ubuntu Security Advisories
1 week ago
USN-5495-1 fixed vulnerabilities in curl. The fix for CVE-2022-32205 miscalculated the maximum cookie size, causing a regression. This update fixes the problem. Original advisory details: Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205) Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206) Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207) Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-middle attack. (CVE-2022-32208)

USN-7781-1: Inetutils vulnerabilities

Ubuntu Security Advisories
1 week ago
Matthew Hickey discovered that Inetutils did not correctly handle certain escape characters. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-0053) It was discovered that Inetutils did not correctly handle certain memory operations. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-10188) It was discovered that Inetutils did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-39028) It was discovered that Inetutils did not check the return values of set*id functions. An attacker could possibly use this issue to escalate their privileges. (CVE-2023-40303)

USN-7780-1: Qt vulnerabilities

Ubuntu Security Advisories
1 week ago
It was discovered that Qt did not correctly handle certain inputs when using the SQL ODBC driver plugin. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-24607) It was discovered that Qt did not correctly parse certain strict-transport- security headers. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-32762) It was discovered that Qt did not correctly handle certain inputs from DNS servers. A remote attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2023-33285) It was discovered that Qt did not correctly validate certain CA certificates for TLS. An attacker could possibly use this issue to gain access to unauthorized resources. (CVE-2023-34410)

jupyterlab-4.4.9-1.fc43

Fedora Security Advisories
1 week 2 days ago
FEDORA-2025-5ce0931fe3 Packages in this update:
  • jupyterlab-4.4.9-1.fc43
Update description:

jupyterlab 4.4.9 fixing CVE-2025-59842.

Rebuilt for Python 3.14.0rc3 bytecode change

chromium-140.0.7339.207-1.el10_2

Fedora Security Advisories
1 week 2 days ago
FEDORA-EPEL-2025-e5b8017942 Packages in this update:
  • chromium-140.0.7339.207-1.el10_2
Update description:

Update to 140.0.7339.207

* CVE-2025-10890: Side-channel information leakage in V8 * CVE-2025-10891: Integer overflow in V8 * CVE-2025-10892: Integer overflow in V8