FEDORA-2025-6e1b672fbf

Packages in this update:

giflib-5.2.2-6.fc41

Update description:

Backport proposed fix for CVE-2025-31344 from OpenMandriva.

Install gif_getarg.h header.

Read More

USN-7161-1 and USN-7161-2 fixed CVE-2024-41110 for source package
docker.io in Ubuntu 18.04 LTS and for source package docker.io-app in
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10.
This update fixes it for source package docker.io in Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. These updates only
address the docker library and not the docker.io application itself, which
was already patched in the previous USNs (USN-7161-1 and USN-7161-2).

Original advisory details:

Yair Zak discovered that Docker could unexpectedly forward DNS requests
from internal networks in an unexpected manner. An attacker could possibly
use this issue to exfiltrate data by encoding information in DNS queries
to controlled nameservers. This issue was only addressed for the source
package docker.io-app in Ubuntu 24.04 LTS. (CVE-2024-29018)

Cory Snider discovered that Docker did not properly handle authorization
plugin request processing. An attacker could possibly use this issue to
bypass authorization controls by forwarding API requests without their
full body, leading to unauthorized actions. This issue was only addressed
for the source package docker.io-app in Ubuntu 24.10 and
Ubuntu 24.04 LTS, and the source package docker.io in Ubuntu 18.04 LTS.
(CVE-2024-41110)

Read More

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Mat Powell of Trend Zero Day Initiative’ was reported to the affected vendor on: 2025-04-15, 0 days ago. The vendor is given until 2025-08-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Read More

FEDORA-EPEL-2025-ba03a05138

Packages in this update:

cacti-1.2.30-1.el8
cacti-spine-1.2.30-1.el8

Update description:

Update cacti and cacti-spine to version 1.2.30. This includes the upstream fixes for many CVEs, including several remote code execution bugs.

Read More

FEDORA-EPEL-2025-19d7286f00

Packages in this update:

cacti-1.2.30-1.el9
cacti-spine-1.2.30-1.el9

Update description:

Update cacti and cacti-spine to version 1.2.30. This includes the upstream fixes for many CVEs, including several remote code execution bugs.

Read More

It was discovered that the CImg library did not properly check the size
of images before loading them. An attacker could possibly use this issue
to cause a denial of service. This issue only affected Ubuntu 22.04 LTS.
(CVE-2022-1325)

It was discovered that the CImg library did not correctly handle certain
memory operations, which could lead to a buffer overflow. An attacker
could possibly use this issue to execute arbitrary code or cause a denial
of service. (CVE-2024-26540)

Read More

FEDORA-EPEL-2025-141926b526

Packages in this update:

mujs-1.0.9-2.el8

Update description:

Backport upstream fix for CVE-2021-33796.

https://nvd.nist.gov/vuln/detail/CVE-2021-33796

Read More

Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.

Read More

It was discovered that Protocol Buffers incorrectly handled memory when
receiving malicious input using the Java bindings. An attacker could
possibly use this issue to cause a denial of service.

Read More

FEDORA-2025-f974cb8ce5

Packages in this update:

golang-1.23.8-1.fc40

Update description:

Includes security fixes to the net/http package, as well as bug fixes to the runtime and the go command. Full changelog.

Read More