Read Time:36 Second

FEDORA-2025-5ef10f8485

Packages in this update:

SDL2_sound-2.0.4-1.fc40

Update description:

Latest stable release from upstream. Changelog: https://github.com/icculus/SDL_sound/releases/tag/v2.0.4 . NOTE: dr_libs are unbundled.

Fixes:
CVE-2023-45676: Multi-byte write heap buffer overflow in start_decoder()
CVE-2023-45677: Heap buffer out of bounds write in start_decoder()
CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbis_deinit()
CVE-2023-45680: Null pointer dereference in vorbis_deinit()
CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbis_deinit()
CVE-2023-45680: Null pointer dereference in vorbis_deinit()
CVE-2023-45682: Wild address read in vorbis_decode_packet_rest()

ZDI-25-030: Microsoft Office Word DOCX File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required...

January 15, 2025

ZDI-25-029: Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the...

January 15, 2025

ZDI-25-028: Microsoft Office Word RTF File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required...

January 15, 2025

git-lfs-3.6.1-1.fc41

FEDORA-2025-1de066b8af Packages in this update: git-lfs-3.6.1-1.fc41 Update description: Update to latest version Fix CVE-2024-53263 Read More

January 15, 2025

git-lfs-3.6.1-1.fc40

FEDORA-2025-50deb0acd5 Packages in this update: git-lfs-3.6.1-1.fc40 Update description: Update to latest version Fix CVE-2024-53263 Read More

January 15, 2025

USN-7206-1: rsync vulnerabilities

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync did not properly handle checksum lengths. An attacker could use...

January 14, 2025

Microsoft: Happy 2025. Here’s 161 Security Updates

Upcoming Speaking Engagements

New AI Rule Aims to Prevent Misuse of US Technology

Browser-Based Cyber-Threats Surge as Email Malware Declines

Manchester Law Firm Leads 15,000 to Sue Google and Microsoft over AI Data

The First Password on the Internet

UK Considers Ban on Ransomware Payments by Public Bodies

Remediation Times Drop Sharply as Cyber Hygiene Take Up Surges

UK Registry Nominet Breached Via Ivanti Zero-Day

SDL2_sound-2.0.4-1.fc40

FEDORA-2025-5ef10f8485

Packages in this update:

Update description:

ZDI-25-030: Microsoft Office Word DOCX File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

ZDI-25-029: Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability

ZDI-25-028: Microsoft Office Word RTF File Parsing Memory Corruption Remote Code Execution Vulnerability

git-lfs-3.6.1-1.fc41

git-lfs-3.6.1-1.fc40

USN-7206-1: rsync vulnerabilities