Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– Microsoft Azure Network Adapter (MANA) driver;
– SMB network file system;
– Network namespace;
– Networking core;
(CVE-2024-35864, CVE-2024-56658, CVE-2024-57798, CVE-2024-42069,
CVE-2024-26928)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– SMB network file system;
– Network namespace;
– Networking core;
(CVE-2024-26928, CVE-2024-56658, CVE-2024-35864, CVE-2024-57798)
It was discovered that Ruby incorrectly handled parsing of an XML document
that has specific XML characters in an attribute value using REXML gem. An
attacker could use this issue to cause Ruby to crash, resulting in a
denial of service. This issue only affected in Ubuntu 22.04 LTS, Ubuntu
24.04 LTS, and Ubuntu 24.10. (CVE-2024-35176, CVE-2024-39908,
CVE-2024-41123, CVE-2024-43398)
It was discovered that Ruby incorrectly handled expanding ranges in the
net-imap response parser. If a user or automated system were tricked into
connecting to a malicious IMAP server, a remote attacker could possibly use
this issue to consume memory, leading to a denial of service. This issue
only affected Ubuntu 24.04 LTS, and Ubuntu 24.10. (CVE-2025-25186)
It was discovered that the Ruby CGI gem incorrectly handled parsing certain
cookies. A remote attacker could possibly use this issue to consume
resources, leading to a denial of service. (CVE-2025-27219)
It was discovered that the Ruby CGI gem incorrectly handled parsing certain
regular expressions. A remote attacker could possibly use this issue to
consume resources, leading to a denial of service. (CVE-2025-27220)
It was discovered that the Ruby URI gem incorrectly handled certain URI
handling methods. A remote attacker could possibly use this issue to leak
authentication credentials. (CVE-2025-27221)
thunderbird-128.9.0-1.fc40
Update to 128.9.0
https://www.thunderbird.net/en-US/thunderbird/128.9.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-24/
thunderbird-128.9.0-1.fc41
Update to 128.9.0
https://www.thunderbird.net/en-US/thunderbird/128.9.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-24/
It was discovered that Vim incorrectly handled memory when using invalid
input with the log option. An attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 24.04 LTS and
Ubuntu 24.10. (CVE-2025-1215)
It was discovered that Vim incorrectly handled memory when redirecting
certain output to the register. An attacker could possibly use this issue
to cause a denial of service. (CVE-2025-26603)
php-tcpdf-6.9.1-1.fc40
Fixed Path Traversal security vulnerability reported by Positive Technologies.
Added PHP 8.4 testing.
Removed tcpdf_import.php and tcpdf_parser.php files (for a parser check the tc-lib-pdf-parser project instead).
Fix composer.json.
php-tcpdf-6.9.1-1.fc42
Fixed Path Traversal security vulnerability reported by Positive Technologies.
Added PHP 8.4 testing.
Removed tcpdf_import.php and tcpdf_parser.php files (for a parser check the tc-lib-pdf-parser project instead).
Fix composer.json.
php-tcpdf-6.9.1-1.fc41
Fixed Path Traversal security vulnerability reported by Positive Technologies.
Added PHP 8.4 testing.
Removed tcpdf_import.php and tcpdf_parser.php files (for a parser check the tc-lib-pdf-parser project instead).
Fix composer.json.
perl-Crypt-URandom-Token-0.003-1.fc41
perl-DBIx-Class-EncodedColumn-0.11000-1.fc41
Needed for perl-DBIx-Class-EncodedColumn-0.11
