Category Archives: Advisories

webkitgtk-2.48.1-2.fc40

Read Time:13 Second

FEDORA-2025-256a86d7c8

Packages in this update:

webkitgtk-2.48.1-2.fc40

Update description:

Limit the data stored in session state.
Remove the empty area below the title bar in Web Inspector when not docked.
Fix various crashes and rendering issues

Read More

webkitgtk-2.48.1-2.fc41

Read Time:13 Second

FEDORA-2025-059585d039

Packages in this update:

webkitgtk-2.48.1-2.fc41

Update description:

Limit the data stored in session state.
Remove the empty area below the title bar in Web Inspector when not docked.
Fix various crashes and rendering issues

Read More

webkitgtk-2.48.1-2.fc42

Read Time:13 Second

FEDORA-2025-5427adc3f4

Packages in this update:

webkitgtk-2.48.1-2.fc42

Update description:

Limit the data stored in session state.
Remove the empty area below the title bar in Web Inspector when not docked.
Fix various crashes and rendering issues

Read More

chromium-135.0.7049.52-2.el10_1

Read Time:31 Second

FEDORA-EPEL-2025-c6f4db8d49

Packages in this update:

chromium-135.0.7049.52-2.el10_1

Update description:

Update to 135.0.7049.52

High CVE-2025-3066: Use after free in Navigations
Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs
Medium CVE-2025-3068: Inappropriate implementation in Intents
Medium CVE-2025-3069: Inappropriate implementation in Extensions
Medium CVE-2025-3070: Insufficient validation of untrusted input in Extensions
Low CVE-2025-3071: Inappropriate implementation in Navigations
Low CVE-2025-3072: Inappropriate implementation in Custom Tabs
Low CVE-2025-3073: Inappropriate implementation in Autofill
Low CVE-2025-3074: Inappropriate implementation in Downloads

Read More

USN-7415-1: Linux kernel vulnerabilities

Read Time:18 Second

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Drivers core;
– Ext4 file system;
– JFS file system;
– Network namespace;
– CAIF protocol;
– Networking core;
– IPv6 networking;
(CVE-2024-56658, CVE-2021-47119, CVE-2024-56600, CVE-2021-47122,
CVE-2021-47483, CVE-2024-56595)

Read More

Kubernetes Ingress-nginx Controller RCE

Read Time:1 Minute, 35 Second

What is the Vulnerability?On March 24, researchers disclosed a set of five vulnerabilities, collectively known as “IngressNightmare,” affecting Ingress-nginx, one of the popular ingress controllers available for Kubernetes. Using Ingress-NGINX is one of the most common methods for exposing Kubernetes applications externally.CVE-2025-1974 is considered the most serious of the five and has been assigned a CVSS score of 9.8 (critical). When chained with one of the lower severity vulnerabilities, it allows for unauthenticated remote code execution. This exploitation could result in the exposure of sensitive information that the controller can access. Consequently, unauthenticated attackers have the potential to compromise the system by executing unauthorized code.What is the recommended Mitigation?Kubernetes has responded publicly to the disclosure of CVE-2025-1974, encouraging users to install patches released by the Ingress-nginx team that remediates CVE-2025-1974 including all five vulnerabilities listed: https://github.com/kubernetes/ingress-nginx/releasesFortiGuard Labs recommends users to follow instructions and mitigation steps as mentioned on the vendor’s advisory and follow other mitigation guidance: Ingress-nginx CVE-2025-1974: What You Need to Know | KubernetesFirst, determine if your clusters are using ingress-nginx.Enforce strict network policies so only the Kubernetes API Server can access the admission controller.Temporarily disable the admission controller component of Ingress-NGINX if you cannot upgrade right away.What FortiGuard Coverage is available?Lacework FortiCNAPP has available Continuous Security and Posture Analysis: How does Lacework FortiCNAPP Protect from… – Fortinet Community-Behavior Anomaly Detection flags, such as unexplained container processes and suspicious user activities, aligning with CVE-2025-1974. -Posture analysis that detects high-risk Kubernetes settings, such as enabled snippet annotations, and identifies additional misconfigurations (e.g. privileged containers or open service ports).The FortiGuard Incident Response team can be engaged to help with any suspected compromise.FortiGuard Labs will provide updates as more information becomes available.

Read More

Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution

Read Time:36 Second

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.

 

Mozilla Firefox is a web browser used to access the Internet.Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.Mozilla Thunderbird is an email client.

 

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More