An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed.
More Stories
USN-7555-3: Django vulnerability
USN-7555-1 fixed a vulnerability in Django. This update provides an additional fix for Ubuntu 18.04 LTS. Original advisory details: It...
spdlog-1.14.1-4.fc41
FEDORA-2025-7d5c7fe0c7 Packages in this update: spdlog-1.14.1-4.fc41 Update description: Backported the upstream CVE-2025-6140 fix. Read More
dotnet8.0-8.0.117-1.fc41
FEDORA-2025-433fb98ceb Packages in this update: dotnet8.0-8.0.117-1.fc41 Update description: This is the June 2025 monthly update for .NET 8. Release Notes:...
dotnet8.0-8.0.117-1.fc42
FEDORA-2025-fa1fdd193f Packages in this update: dotnet8.0-8.0.117-1.fc42 Update description: This is the June 2025 monthly update for .NET 8. Release Notes:...
USN-7571-1: c3p0 vulnerability
Aaron Massey discovered that c3p0 could be made to crash when parsing certain input. An attacker able to modify the...
python-setuptools-69.2.0-10.fc41
FEDORA-2025-1746085e78 Packages in this update: python-setuptools-69.2.0-10.fc41 Update description: Security fix for CVE-2025-47273 Read More