INFOSEC – USERSPACE.ORG :

OS: Fedora

Fedora 42: yarnpkg Command Injection Fix CVE-2025-64756 Advisory

Fix CVE-2205-64756.

Fedora 42: Wireshark 4.6.1 Critical Issue Advisory - FEDORA-2025-f810869906

New version 4.6.1 Beware of the move of files from /usr/lib64/wireshark/extcap/ to /usr/libexec/wireshark/extcap. Any custom user scripts should be moved too.

Fedora 42: SingularityCE Important Upgrade 4.3.5 - FEDORA-2025-54d78b9fed

Upgrade to 4.3.5 upstream version.

Fedora 43: Brotli 1.2.0 Update - Addressing DoS Risks and Security Issues

Update brotli to 1.2.0 and python-urllib3 to 2.6.1. In python-urllib3: Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small

OS: Redhat

Red Hat: RHSA-2023-5538-01 Important: libvpx Heap Overflow and Crash

An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Red Hat Enterprise Linux 8.2 RHSA-2023-5527 Important: Bind DoS Risk

An update for bind is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Enterprise Linux 8.2 RHSA-2023-5534-01 Important: libvpx Issues

An update for libvpx is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Important Advisory RHSA-2023-5539-01 for libvpx Crash and Heap Overflow

An update for libvpx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

OS: Debian

Debian: Chromium Important DSA-6080-1 Code Exec DoS Issues

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. An additional CVE (that has yet to be assigned) is fixed in this release; Google is aware of an expoit in the wild for that issue. For the oldstable distribution (bookworm), these problems have been fixed

Debian: Important DoS Vulnerabilities in FFmpeg DSA-6080-1 Advisory

Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. For the oldstable distribution (bookworm), this problem has been fixed in version 7:5.1.8-0+deb12u1.

Debian: firefox-esr Critical Privilege Escalation DSA-6078-1 CVE-2025-14321

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypass or privilege escalation. For the oldstable distribution (bookworm), these problems have been fixed in version 140.6.0esr-1~deb12u1.

Debian: pdns-recursor Critical Denial of Service Vulnerability DSA-6077-1

Insufficient validation of incoming notifies over TCP in PDNS Recursor, a resolving name server, could result in denial of service. For the stable distribution (trixie), this problem has been fixed in version 5.2.7-0+deb13u1. We recommend that you upgrade your pdns-recursor packages.

OS: CentOS

CentOS 7 CESA-2024-1498 Moderate Advisory: Thunderbird Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:1498

CentOS 7 CESA-2024-1486 Critical: Firefox Security Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:1486

CentOS 7 CESA-2024-1249 Important: Kernel Critical Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:1249

CentOS 7 CESA-2024-0957 Critical Thunderbird Security Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:0957

OS: Slackware

Slackware: mozilla-thunderbird Important Security Fix SSA:2025-345-01

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues.

Slackware 15.0: Mozilla Firefox Critical Security Update 2025-343-01

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues.

Slackware 15.0: libpng High Severity OOB Read CVE-2025-66293 Advisory

New libpng packages are available for Slackware 15.0 and -current to fix a security issue.

Slackware 15.0: httpd Critical Update for Security Issues SSA:2025-338-01

New httpd packages are available for Slackware 15.0 and -current to fix security issues.

NIST Vulnerability Database

CVE-2023-36409
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2023-36769
Microsoft OneNote Spoofing Vulnerability

CVE-2023-47004
Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication.

CVE-2023-45556
Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.

OS: Scientific

Scientific Linux 7 SLSA-2023:6885 Critical: Python TLS Handshake Bypass

python: TLS handshake bypass (CVE-2023-40217) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6885 SL7 srpm python-0:2.7.5-94.el7_9.src x86_64 python-0:2.7.5-94.el7_9.x86_64 i386 python-libs-0:2.7.5-94.el7_9.i686 - Scientific Linux Development Team

SciLinux: SLSA-2023:6886 Critical: Plexus-Archiver File Creation Risk

plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6886 SL7 srpm plexus-archiver-0:2.4.2-6.el7_9.src noarch plexus-archiver-0:2.4.2-6.el7_9.noarch - Scientific Linux Development Team

Scientific Linux 7 Advisory SLSA-2023:5691 Critical DoS in BIND

bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:5691 SL7 srpm bind-32:9.11.4-26.P2.el7_9.15.src i386 bind-export-libs-32:9.11.4-26.P2.el7_9.15.i686 x86_64 bind-export-libs-32:9.11.4-26.P2.el7_9.15.x86_64 noarch bind-license-32:9.11.4-26.P2.el7_9.15.noarch - Scie [More...]

Scientific Linux SLSA-2023:5615 Moderate Security Issue in libssh2

libssh2: use-of-uninitialized-value in _libssh2_transport_read (CVE-2020-22218) --- This content is derived from https://sso.redhat.com/auth/realms/redhat-external/protocol/saml?SAMLRequest=fZJBT8MwDIX%2FSm85ZWk7yrZonVQxIU0ChDbgwAVlqccipUmJXTb49aQbg3Hh6jy%2F79nOFFVjW1l1tHVLeOsAKakQIZDx7so77BoIKwjvRsPj8qZkW6IWpRBKa0AcBKi3igbaN6L2O2e9qlH0nmJjnLLmE1hSEQWz7giOfsa9fhsuXA37kmUsmUdu1PfQXwSiP%2FdXMaMIoGyD4ljmsCcIESPa4Mlrbw9olizmJXvJ9WgMWmV8qMcTfpGNUq7WxZCvVTEe5dmoUJebKEXsYhAk5ahkeZoXPL3g6eQhHcqikGn2zJInCHhIlg9Sluwb61D2oJJ1wUmv0KB0qgGUpOWqur2RUSjVaY3nLe3%2FPac52Gzaq%2BUhXZh1zmwM1PxnxVNx%2Fjw9HvEu2i3m994a%2FZFU1vrdVVwXQckodPEO1z40iv4P0FdMzTcHqWz7wZHAEROzI%2FPvX5l9AQ%3D%3D&RelayState=https%3A%2F%2Faccess.redhat.com%2Ferrata%2FRHSA-2&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=BrJPc%2FvdbvszAnFEmxMHTWhWO5IJXnU8CNik001PBsM04yezeCS%2B0pETxgMIupFPsrxTbmD1oepOHhERcPL4Byk1qKkm6TtFvfXm74lB8Pui6rdjg%2B8IwVmrenuF4Ph3LD4ZnDeuNW3YO4dDbN5Q4%2F89FIjEkeGKeLLar10vtkiy8GweKEe8cuja3717pxNrVTOi8ckfBHwomdUD8Xw1IE6M1qHI4u6pOMtxqpKQPu%2FZzsAgrME854P7NQqtGaZRI3eqZlBRVyG2FYrR7KFC6QtA%2FdVCYBxBWG4JdxZhXmbM%2Fc%2Bn%2B04WEKPpbhH12qa7URkjktnYMsJNcVF7rtYtn1D6gCyPnuXrwe7qcV0MgnrfuqmW4FoGsGrjhFdp7Eebe40wh78VaLxxAxO9hR%2BrYRDgNjvtewICpUbzYQUm6jzVk3i%2FYjt5Pmr9HesI1zvaI80Jmpgud1snf1z7VWoIqnAXwIZyLlo%2BxyFZs4qDUBgFr9tqrgbnGjBgTzdyJTItq7yFMVJDCt6dy5LjnMgKSMd%2BjjsoDBjssytWMM4ulzlyQHtn4IdVgCe4q4jgLQrHXf4ZucbUIA6q%2Fxgg7favSO%2FZaivTQq%2BoaQQKJ1NXxPiMXw6j354mdaEtz8jK549xaCEZi2OiF3l8Qrzc%2B7JikRXQ8wlX1gh8SbiNHfo6ZcE%3D 023:5615 SL7 srpm libssh2-0:1.8.0-4.el7_9.1.src i386 libssh2-0:1.8.0-4.el7_9.1.i686 x86_64 libssh2-0:1.8.0-4.el7_9.1.x86_64 noarch libssh2-docs-0:1.8.0- 4.el7_9.1.noarch - Scientific Linux Development Team

OS: OpenSuse

openSUSE: python-Django Important Denial of Service Fix 2025-20153-1

An update that solves 3 vulnerabilities and has 2 bug fixes can now be installed.

openSUSE Leap 16.0: binutils Important Security Update 2025-20150-1

An update that solves 27 vulnerabilities and has 28 bug fixes can now be installed.

openSUSE: MozillaThunderbird Moderate Issues with Access 2025:15814-1

An update that solves 10 vulnerabilities can now be installed.

openSUSE: MozillaFirefox Moderate Update Advisory 2025:15813-1

An update that solves 13 vulnerabilities can now be installed.

OS: Suse

SUSE: GEGL Important Buffer Overflow Threat CVE-2025-10921 2025:4382-1

* bsc#1250496 Cross-References: * CVE-2025-10921

SUSE: Moderate Heap Buffer Over-Read in libpng12 CVE-2025-64505 Advisory

* bsc#1254157 Cross-References: * CVE-2025-64505

openSUSE: python-Django Important SQL Injection DoS Fix 2025:4384-1

* bsc#1254437 Cross-References: * CVE-2025-13372 * CVE-2025-64460

SUSE: Important Update for PostgreSQL16 Addresses Privilege Check Issues

* bsc#1253332 * bsc#1253333 Cross-References: * CVE-2025-12817

OS: Debian LTS

Debian 11: Linux Critical Kernel Update DLA-4404-1 for Privilege Escalation

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Debian 11: tzdata Important Leap Second Update DLA-4403-1

This update includes the latest changes to the leap second list, including an update to its expiry date, which was set for the end of December.

Debian 11: libsndfile DLA-4402-1 CVE-2021-4156 Out-of-Bounds Read Risk

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with

Debian 11: firefox-esr Important Security Fix DLA-4401-1 CVE-2025-14321

OS: Mageia

Important Vulnerabilities in Webkit2 for Mageia MGASA-2025-0325 and CVEs

MGASA-2025-0325 - Updated webkit2 packages fix security vulnerabilities

Mageia 9: Security Update for Python3 Addresses Moderate DoS Issues

MGASA-2025-0324 - Updated python3 packages fix security vulnerabilities

Mageia 9: libpng Important Out-of-Bounds Read MGASA-2025-0323

MGASA-2025-0323 - Updated libpng packages fix security vulnerability

Mageia 9: Apache Important Security Update MGASA-2025-0322 CVE-2025-55753

MGASA-2025-0322 - Updated apache packages fix security vulnerabilities

OS: Gentoo

Gentoo: librnp High Weak Random Ending Generation GLSA-202511-07

librnp uses weak random number generation such that generated keys can be easily cracked.

Gentoo: redict, redis High Risk Multiple Vulnerabilities GLSA-202511-05

Multiple vulnerabilities have been discovered in redis and redict, the worst of which could lead to execution of arbitrary code.

Gentoo: GLSA 202511-04 for Chromium High Remote Code Execution Risk

Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.

Gentoo: qtsvg High Risk Arbitrary Code Execution GLSA-202511-03

Multiple vulnerabilities have been discovered in qtsvg, the worst of which could lead to execution of arbitrary code.

OS: Arch

Fedora: 203105-8 moderate: ruby-on-rails sql injection vulnerability

The package python-django before version 5.1.11-1 is vulnerable to content spoofing.

Ubuntu: 303103-1 medium: gnome-terminal privilege escalation

The package konsole before version 25.04.2-1 is vulnerable to arbitrary code execution.

ArchLinux: ASA-202506-4 medium risk of go certificate bypass issue

The package go before version 1.24.4-1 is vulnerable to multiple issues including certificate verification bypass and information disclosure.

Arch Linux: ASA-202506-3 CVE-2025-0620 low: samba access issue

The package samba before version 4.22.2-1 is vulnerable to access restriction bypass.

NIST Vulnerability Database

CVE-2023-36409
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2023-36769
Microsoft OneNote Spoofing Vulnerability

CVE-2023-45556
Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.