A security issue was discovered in MariaDB and this update includes
a new upstream MariaDB version to fix the issue.

In addition to security fixes, the updated packages contain bug and
regression fixes, new features, and possibly incompatible changes.

Read More

What is the Vulnerability?On March 10, 2025, Apache issued a security advisory regarding a critical vulnerability (CVE-2025-24813) affecting the Apache Tomcat web server. This flaw could allow attackers to view or inject arbitrary content into security-sensitive files and potentially achieve remote code execution.Exploit code for this vulnerability is publicly available, and no authentication is required to launch an attack, making prompt mitigation essential. According to Apache, successful exploitation requires specific conditions, many of which are enabled by default, allowing attackers to manipulate and view sensitive files or execute remote code.What is the recommended Mitigation?Impacted users should implement the recommended mitigations provided by Apache and follow the instructions outlined in the vendor’s advisory:https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq- Upgrade to Apache Tomcat 11.0.3 or later- Upgrade to Apache Tomcat 10.1.35 or later- Upgrade to Apache Tomcat 9.0.99 or laterWhat FortiGuard Coverage is available?FortiGuard Labs has available IPS protection to detect and block any attack attempts targeting the CVE-2025-24813 affecting the Apache Tomcat web server. https://www.fortiguard.com/encyclopedia/ips/57559FortiGuard Endpoint Vulnerability Service provides a systematic and automated method of patching applications on an endpoint, eliminating manual processes while reducing the attack surface. https://www.fortiguard.com/encyclopedia/endpoint-vuln/84317The FortiGuard Incident Response team can be engaged to help with any suspected compromise.

Read More

It was discovered that Org Mode did not correctly handle filenames
containing shell metacharacters. An attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. This issue only
affected Ubuntu 22.04 LTS. (CVE-2023-28617)

It was discovered that Org Mode could run untrusted code left in its
buffer. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. This issue only affected
Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-30202)

It was discovered that Org Mode did not correctly handle the contents of
remote files. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2024-30205)

It was discovered that Org Mode could be made to run arbitrary Elisp code.
An attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. (CVE-2024-39331)

Read More