It was discovered that QuickJS could be forced to reference uninitialized
memory in certain instances. An attacker could possibly use this issue to
cause QuickJS to crash, resulting in a denial of service, or execute
arbitrary code. (CVE-2023-48183)

It was discovered that QuickJS incorrectly managed memory in certain
circumstances. An attacker could possibly use this issue to exhaust
system resources, resulting in a denial of service. (CVE-2023-48184)

It was discovered that QuickJS could be forced to crash due to a
failing test. An attacker could possibly use this issue to cause a
denial of service. (CVE-2024-33263)

Read More

Igor Pavlov discovered that 7-Zip had several memory-related issues.
An attacker could possibly use these issues to cause 7-Zip to crash,
resulting in a denial of service, or execute arbitrary code.
(CVE-2023-52168, CVE-2023-52169)

Read More

FEDORA-2025-8d023de6cb

Packages in this update:

mingw-libsoup-2.74.3-10.fc41

Update description:

Backport fixes for CVE-2025-32050 CVE-2025-32052 CVE-2025-32053 CVE-2025-32906
CVE-2025-32907 CVE-2025-32909

Read More

FEDORA-2025-4d3d9c564d

Packages in this update:

mingw-libsoup-2.74.3-10.fc42

Update description:

Backport fixes for CVE-2025-32050 CVE-2025-32052 CVE-2025-32053 CVE-2025-32906
CVE-2025-32907 CVE-2025-32909

Read More

FEDORA-2025-df1ce151e4

Packages in this update:

mingw-libsoup-2.74.3-10.fc40

Update description:

Backport fixes for CVE-2025-32050 CVE-2025-32052 CVE-2025-32053 CVE-2025-32906
CVE-2025-32907 CVE-2025-32909

Read More

FEDORA-2025-7d0fc65561

Packages in this update:

giflib-5.2.2-6.fc40

Update description:

Backport proposed fix for CVE-2025-31344 from OpenMandriva.

Read More

FEDORA-2025-928071dafb

Packages in this update:

giflib-5.2.2-6.fc42

Update description:

Backport proposed fix for CVE-2025-31344 from OpenMandriva.

Read More

FEDORA-2025-6e1b672fbf

Packages in this update:

giflib-5.2.2-6.fc41

Update description:

Backport proposed fix for CVE-2025-31344 from OpenMandriva.

Read More

USN-7161-1 and USN-7161-2 fixed CVE-2024-41110 for source package
docker.io in Ubuntu 18.04 LTS and for source package docker.io-app in
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10.
This update fixes it for source package docker.io in Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. These updates only
address the docker library and not the docker.io application itself, which
was already patched in the previous USNs (USN-7161-1 and USN-7161-2).

Original advisory details:

Yair Zak discovered that Docker could unexpectedly forward DNS requests
from internal networks in an unexpected manner. An attacker could possibly
use this issue to exfiltrate data by encoding information in DNS queries
to controlled nameservers. This issue was only addressed for the source
package docker.io-app in Ubuntu 24.04 LTS. (CVE-2024-29018)

Cory Snider discovered that Docker did not properly handle authorization
plugin request processing. An attacker could possibly use this issue to
bypass authorization controls by forwarding API requests without their
full body, leading to unauthorized actions. This issue was only addressed
for the source package docker.io-app in Ubuntu 24.10 and
Ubuntu 24.04 LTS, and the source package docker.io in Ubuntu 18.04 LTS.
(CVE-2024-41110)

Read More

A CVSS score 6.8 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Elias Ikkela-Koski’ was reported to the affected vendor on: 2025-04-15, 0 days ago. The vendor is given until 2025-08-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Read More