webkitgtk-2.48.1-2.fc40
Limit the data stored in session state.
Remove the empty area below the title bar in Web Inspector when not docked.
Fix various crashes and rendering issues
webkitgtk-2.48.1-2.fc41
Limit the data stored in session state.
Remove the empty area below the title bar in Web Inspector when not docked.
Fix various crashes and rendering issues
webkitgtk-2.48.1-2.fc42
Limit the data stored in session state.
Remove the empty area below the title bar in Web Inspector when not docked.
Fix various crashes and rendering issues
chromium-135.0.7049.52-2.el10_1
Update to 135.0.7049.52
High CVE-2025-3066: Use after free in Navigations
Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs
Medium CVE-2025-3068: Inappropriate implementation in Intents
Medium CVE-2025-3069: Inappropriate implementation in Extensions
Medium CVE-2025-3070: Insufficient validation of untrusted input in Extensions
Low CVE-2025-3071: Inappropriate implementation in Navigations
Low CVE-2025-3072: Inappropriate implementation in Custom Tabs
Low CVE-2025-3073: Inappropriate implementation in Autofill
Low CVE-2025-3074: Inappropriate implementation in Downloads
A CVSS score 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘Jiri Gogela of Trend Research’ was reported to the affected vendor on: 2025-04-04, 0 days ago. The vendor is given until 2025-08-02 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Drivers core;
– Ext4 file system;
– JFS file system;
– Network namespace;
– CAIF protocol;
– Networking core;
– IPv6 networking;
(CVE-2024-56658, CVE-2021-47119, CVE-2024-56600, CVE-2021-47122,
CVE-2021-47483, CVE-2024-56595)
What is the Vulnerability?On March 24, researchers disclosed a set of five vulnerabilities, collectively known as “IngressNightmare,” affecting Ingress-nginx, one of the popular ingress controllers available for Kubernetes. Using Ingress-NGINX is one of the most common methods for exposing Kubernetes applications externally.CVE-2025-1974 is considered the most serious of the five and has been assigned a CVSS score of 9.8 (critical). When chained with one of the lower severity vulnerabilities, it allows for unauthenticated remote code execution. This exploitation could result in the exposure of sensitive information that the controller can access. Consequently, unauthenticated attackers have the potential to compromise the system by executing unauthorized code.What is the recommended Mitigation?Kubernetes has responded publicly to the disclosure of CVE-2025-1974, encouraging users to install patches released by the Ingress-nginx team that remediates CVE-2025-1974 including all five vulnerabilities listed: https://github.com/kubernetes/ingress-nginx/releasesFortiGuard Labs recommends users to follow instructions and mitigation steps as mentioned on the vendor’s advisory and follow other mitigation guidance: Ingress-nginx CVE-2025-1974: What You Need to Know | KubernetesFirst, determine if your clusters are using ingress-nginx.Enforce strict network policies so only the Kubernetes API Server can access the admission controller.Temporarily disable the admission controller component of Ingress-NGINX if you cannot upgrade right away.What FortiGuard Coverage is available?Lacework FortiCNAPP has available Continuous Security and Posture Analysis: How does Lacework FortiCNAPP Protect from… – Fortinet Community-Behavior Anomaly Detection flags, such as unexplained container processes and suspicious user activities, aligning with CVE-2025-1974. -Posture analysis that detects high-risk Kubernetes settings, such as enabled snippet annotations, and identifies additional misconfigurations (e.g. privileged containers or open service ports).The FortiGuard Incident Response team can be engaged to help with any suspected compromise.FortiGuard Labs will provide updates as more information becomes available.
perl-Compress-Raw-Lzma-2.212-6.fc41
xz-5.8.1-1.fc41.1
xz 5.8.1
perl-Compress-Raw-Lzma-2.209-9.fc40
xz-5.8.1-1.1.fc40
xz 5.8.1
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.
Mozilla Firefox is a web browser used to access the Internet.Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.Mozilla Thunderbird is an email client.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
