ruby-3.3.8-19.fc41
Upgrade to Ruby 3.3.8.
CVE-2025-25186: Fix Net::IMAP vulnerable to possible DoS by memory exhaustion
Resolves: rhbz#2345557
CVE-2025-27219: Denial of Service in CGI::Cookie.parse
Resolves: rhbz#2357516
CVE-2025-27221: userinfo leakage in URI#join, URI#merge and URI#+
The NVD program manager has announced undergoing process improvements to catch up with its growing vulnerability backlog
dnf-4.23.0-1.fc40.1
This releases preserves enablement state of dnf-automatic.timer when upgrading to Fedora 41.
Researchers are trying to use squid color-changing biochemistry for solar tech.
This appears to be new and related research to a 2019 squid post.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Experts at the Google Cloud Next event set out how security teams need to adapt their focuses in the wake of trends such as rising cyber-attacks and advances in AI
Microsoft is reporting that its AI systems are able to find new vulnerabilities in source code:
Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison.
Additionally, 9 buffer overflows in parsing SquashFS, EXT4, CramFS, JFFS2, and symlinks were discovered in U-Boot and Barebox, which require physical access to exploit.
The newly discovered flaws impact devices relying on UEFI Secure Boot, and if the right conditions are met, attackers can bypass security protections to execute arbitrary code on the device.
Nothing major here. These aren’t exploitable out of the box. But that an AI system can do this at all is impressive, and I expect their capabilities to continue to improve.
Will you be shedding a tear for the cybercriminals?
Read more in my article on the Tripwire blog.
podman-tui-1.5.0-2.el9
release v1.5.0
prometheus-podman-exporter-1.16.0-1.fc42
release v1.16.0
prometheus-podman-exporter-1.16.0-1.fc41
release v1.16.0
