Read Time:7 Second
FEDORA-2025-fa5d8f7bf3
Packages in this update:
radare2-5.9.8-6.fc40
Update description:
Fix CVE-2025-1744 and CVE-2025-1864
Category Archives: Advisories
ffmpeg-7.1.1-1.fc41
Read Time:12 Second
FEDORA-2025-ab5fe60520
Packages in this update:
ffmpeg-7.1.1-1.fc41
Update description:
Latest maintenance release from 7.1 branch. Changelog: https://github.com/FFmpeg/FFmpeg/blob/n7.1.1/Changelog .
Contains backported fix for CVE-2025-22921.
ffmpeg-7.1.1-1.fc42
Read Time:12 Second
FEDORA-2025-1aff9a0e04
Packages in this update:
ffmpeg-7.1.1-1.fc42
Update description:
Latest maintenance release from 7.1 branch. Changelog: https://github.com/FFmpeg/FFmpeg/blob/n7.1.1/Changelog .
Contains backported fix for CVE-2025-22921.
ffmpeg-7.1.1-1.fc43
Read Time:19 Second
FEDORA-2025-b17c2ce3ff
Packages in this update:
ffmpeg-7.1.1-1.fc43
Update description:
Automatic update for ffmpeg-7.1.1-1.fc43.
Changelog
* Thu Mar 6 2025 Dominik Mierzejewski <dominik@greysector.net> – 7.1.1-1
– Update to 7.1.1 (resolves rhbz#2349351)
– Enable LC3 codec via liblc3
– Backport fix for CVE-2025-22921 (resolves rhbz#2346558)
exiv2-0.28.5-1.fc43
Read Time:18 Second
FEDORA-2025-7575224d15
Packages in this update:
exiv2-0.28.5-1.fc43
Update description:
Automatic update for exiv2-0.28.5-1.fc43.
Changelog
* Thu Feb 27 2025 Miloš Komarčević <kmilos@gmail.com> – 0.28.5-1
– Update to 0.28.5 (rhbz#2346993)
– CVE-2025-26623 exiv2: Use After Free in Exiv2 (rhbz#2346447)
ZDI-25-128: NI G Web Development GWEBPROJECT File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI G Web Development. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-12742.
ZDI-25-127: (0Day) (Pwn2Own) Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability
Read Time:12 Second
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-2233.
USN-7340-1: OpenVPN vulnerabilities
Read Time:31 Second
It was discovered that OpenVPN did not perform proper input validation
when generating a TLS key under certain configuration, which could lead to
a buffer overflow. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS. (CVE-2017-12166)
Reynir Björnsson discovered that OpenVPN incorrectly handled certain
control channel messages with nonprintable characters. A remote attacker
could possibly use this issue to cause OpenVPN to consume resources, or
fill up log files with garbage, leading to a denial of service.
(CVE-2024-5594)
USN-7338-1: CRaC JDK 17 vulnerabilities
Read Time:58 Second
Andy Boothe discovered that the Networking component of CRaC JDK 17 did not
properly handle access under certain circumstances. An unauthenticated
attacker could possibly use this issue to cause a denial of service.
(CVE-2024-21208)
It was discovered that the Hotspot component of CRaC JDK 17 did not
properly handle vectorization under certain circumstances. An
unauthenticated attacker could possibly use this issue to access
unauthorized resources and expose sensitive information.
(CVE-2024-21210, CVE-2024-21235)
It was discovered that the Serialization component of CRaC JDK 17 did not
properly handle deserialization under certain circumstances. An
unauthenticated attacker could possibly use this issue to cause a denial
of service. (CVE-2024-21217)
It was discovered that the Hotspot component of CRaC JDK 17 did not
properly handle API access under certain circumstances. An unauthenticated
attacker could possibly use this issue to access unauthorized resources
and expose sensitive information. (CVE-2025-21502)
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2024-10-15
https://openjdk.org/groups/vulnerability/advisories/2025-01-21
USN-7339-1: CRaC JDK 21 vulnerabilities
Read Time:58 Second
Andy Boothe discovered that the Networking component of CRaC JDK 21 did not
properly handle access under certain circumstances. An unauthenticated
attacker could possibly use this issue to cause a denial of service.
(CVE-2024-21208)
It was discovered that the Hotspot component of CRaC JDK 21 did not
properly handle vectorization under certain circumstances. An
unauthenticated attacker could possibly use this issue to access
unauthorized resources and expose sensitive information.
(CVE-2024-21210, CVE-2024-21235)
It was discovered that the Serialization component of CRaC JDK 21 did not
properly handle deserialization under certain circumstances. An
unauthenticated attacker could possibly use this issue to cause a denial
of service. (CVE-2024-21217)
It was discovered that the Hotspot component of CRaC JDK 21 did not
properly handle API access under certain circumstances. An unauthenticated
attacker could possibly use this issue to access unauthorized resources
and expose sensitive information. (CVE-2025-21502)
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2024-10-15
https://openjdk.org/groups/vulnerability/advisories/2025-01-21