INFOSEC – USERSPACE.ORG :

[Linux Security]

OS: OpenSuse

openSUSE Tumbleweed: Blender Moderate Threat Advisory 2025:15755-1

An update that solves 3 vulnerabilities can now be installed.

openSUSE: ansible-core Moderate Security Update 2025:15754-1 CVE-2023-5115

An update that solves 6 vulnerabilities can now be installed.

openSUSE: Blender 5.0 Security Update 2025:15756-1 for CVE-2022-0544

An update that solves 3 vulnerabilities can now be installed.

openSUSE: act Moderate CVE-2025-47913 Advisory 2025:15752-1

An update that solves one vulnerability can now be installed.

OS: Debian

Debian: Thunderbird Critical Code Execution Flaws DSA-6059-1

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the oldstable distribution (bookworm), these problems have been fixed

Debian: DSA-6058-1 lasso Critical Denial of Service CVE-2025-46404

Keane O'Kelley discovered several vulnerabilities in lasso, a library implementing Liberty Alliance and SAML protocols, which could result in denial of service or the execution of arbitrary code.

Debian: Critical Vulnerability in Privilege Escalation DSA-6080-1 Alert

A vulnerability was discovered in the ec2tokens and s3tokens APIs of Keystone, the OpenStack identity service, which may result in authorisation bypass or privilege escalation if /v3/ec2tokens or /v3/s3tokens are reachable by unauthenticated clients.

Debian DSA-6057-1 LXD Important Local Privilege Escalation CVE-2025-64507

It was discovered that LXD, a system container and virtual machine manager, is prone to a local privilege escalation vulnerability if unprivileged users are allowed to access LXD through lxd-user.

OS: Gentoo

Gentoo: PHP Library Remote Code Execution Vulnerabilities GLSA-202510-07

Multiple vulnerabilities have been discovered in Composer, the worst of which can lead to arbitrary code execution.

Gentoo: Spreadsheet-ParseExcel Vulnerability Overview GLSA-202508-06

A vulnerability has been discovered in Spreadsheet-ParseExcel, which can lead to arbitrary code execution.

Gentoo: Mozilla NSS Standard TLS RSA Decryption Timing Flaw GLSA-202509-05

A vulnerability has been discovered in NSS, which can lead to the recovery of private data.

Gentoo: FontForge Standard Uncontrolled Code Execution GLSA-202509-04

A vulnerability has been discovered in FontForge, which can lead to arbitrary code execution.

NIST Vulnerability Database

CVE-2023-36409
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2023-36769
Microsoft OneNote Spoofing Vulnerability

CVE-2023-47004
Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication.

CVE-2023-45556
Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.

OS: Scientific

Scientific Linux 7 SLSA-2023:6885 Critical: Python TLS Handshake Bypass

python: TLS handshake bypass (CVE-2023-40217) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6885 SL7 srpm python-0:2.7.5-94.el7_9.src x86_64 python-0:2.7.5-94.el7_9.x86_64 i386 python-libs-0:2.7.5-94.el7_9.i686 - Scientific Linux Development Team

SciLinux: SLSA-2023:6886 Critical: Plexus-Archiver File Creation Risk

plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6886 SL7 srpm plexus-archiver-0:2.4.2-6.el7_9.src noarch plexus-archiver-0:2.4.2-6.el7_9.noarch - Scientific Linux Development Team

Scientific Linux 7 Advisory SLSA-2023:5691 Critical DoS in BIND

bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:5691 SL7 srpm bind-32:9.11.4-26.P2.el7_9.15.src i386 bind-export-libs-32:9.11.4-26.P2.el7_9.15.i686 x86_64 bind-export-libs-32:9.11.4-26.P2.el7_9.15.x86_64 noarch bind-license-32:9.11.4-26.P2.el7_9.15.noarch - Scie [More...]

Scientific Linux SLSA-2023:5615 Moderate Security Issue in libssh2

libssh2: use-of-uninitialized-value in _libssh2_transport_read (CVE-2020-22218) --- This content is derived from https://sso.redhat.com/auth/realms/redhat-external/protocol/saml?SAMLRequest=fZJBT8MwDIX%2FSm85ZWk7yrZonVQxIU0ChDbgwAVlqccipUmJXTb49aQbg3Hh6jy%2F79nOFFVjW1l1tHVLeOsAKakQIZDx7so77BoIKwjvRsPj8qZkW6IWpRBKa0AcBKi3igbaN6L2O2e9qlH0nmJjnLLmE1hSEQWz7giOfsa9fhsuXA37kmUsmUdu1PfQXwSiP%2FdXMaMIoGyD4ljmsCcIESPa4Mlrbw9olizmJXvJ9WgMWmV8qMcTfpGNUq7WxZCvVTEe5dmoUJebKEXsYhAk5ahkeZoXPL3g6eQhHcqikGn2zJInCHhIlg9Sluwb61D2oJJ1wUmv0KB0qgGUpOWqur2RUSjVaY3nLe3%2FPac52Gzaq%2BUhXZh1zmwM1PxnxVNx%2Fjw9HvEu2i3m994a%2FZFU1vrdVVwXQckodPEO1z40iv4P0FdMzTcHqWz7wZHAEROzI%2FPvX5l9AQ%3D%3D&RelayState=https%3A%2F%2Faccess.redhat.com%2Ferrata%2FRHSA-2&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=BrJPc%2FvdbvszAnFEmxMHTWhWO5IJXnU8CNik001PBsM04yezeCS%2B0pETxgMIupFPsrxTbmD1oepOHhERcPL4Byk1qKkm6TtFvfXm74lB8Pui6rdjg%2B8IwVmrenuF4Ph3LD4ZnDeuNW3YO4dDbN5Q4%2F89FIjEkeGKeLLar10vtkiy8GweKEe8cuja3717pxNrVTOi8ckfBHwomdUD8Xw1IE6M1qHI4u6pOMtxqpKQPu%2FZzsAgrME854P7NQqtGaZRI3eqZlBRVyG2FYrR7KFC6QtA%2FdVCYBxBWG4JdxZhXmbM%2Fc%2Bn%2B04WEKPpbhH12qa7URkjktnYMsJNcVF7rtYtn1D6gCyPnuXrwe7qcV0MgnrfuqmW4FoGsGrjhFdp7Eebe40wh78VaLxxAxO9hR%2BrYRDgNjvtewICpUbzYQUm6jzVk3i%2FYjt5Pmr9HesI1zvaI80Jmpgud1snf1z7VWoIqnAXwIZyLlo%2BxyFZs4qDUBgFr9tqrgbnGjBgTzdyJTItq7yFMVJDCt6dy5LjnMgKSMd%2BjjsoDBjssytWMM4ulzlyQHtn4IdVgCe4q4jgLQrHXf4ZucbUIA6q%2Fxgg7favSO%2FZaivTQq%2BoaQQKJ1NXxPiMXw6j354mdaEtz8jK549xaCEZi2OiF3l8Qrzc%2B7JikRXQ8wlX1gh8SbiNHfo6ZcE%3D 023:5615 SL7 srpm libssh2-0:1.8.0-4.el7_9.1.src i386 libssh2-0:1.8.0-4.el7_9.1.i686 x86_64 libssh2-0:1.8.0-4.el7_9.1.x86_64 noarch libssh2-docs-0:1.8.0- 4.el7_9.1.noarch - Scientific Linux Development Team

OS: Mageia

Mageia 9: Kernel-linus Critical Security Issue MGASA-2025-0310

MGASA-2025-0310 - Updated kernel-linus packages fix security vulnerabilities

Mageia 9: Kernel Critical Security Fixes MGASA-2025-0309 CVE-2025-39869 DoS

MGASA-2025-0309 - Updated kernel, kmod-xtables-addons & kmod-virtualbox packages fix security vulnerabilities

Mageia 9: Serious Remote Code Execution Flaw in Konsole MGASA-2025-0308

MGASA-2025-0308 - Updated konsole packages fix security vulnerability

Mageia 9: Redis High Remote Exec Risk Advisory MGASA-2025-0307

MGASA-2025-0307 - Updated redis packages fix security vulnerabilities

NIST Vulnerability Database

CVE-2023-36409
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2023-36769
Microsoft OneNote Spoofing Vulnerability

CVE-2023-45556
Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.

OS: CentOS

CentOS 7 CESA-2024-1498 Moderate Advisory: Thunderbird Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:1498

CentOS 7 CESA-2024-1486 Critical: Firefox Security Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:1486

CentOS 7 CESA-2024-1249 Important: Kernel Critical Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:1249

CentOS 7 CESA-2024-0957 Critical Thunderbird Security Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:0957

OS: Fedora

Ubuntu 24: Docker 2.13.5 Important Security Notice 2026-6f2b2d1a9f8

Update to release v1.32.10 Resolves: rhbz#2414539 Resolves: rhbz#2398587, rhbz#2398848, rhbz#2399249, rhbz#2399522 Resolves: rhbz#2399703, rhbz#2399721, rhbz#2407788, rhbz#2408058 Resolves: rhbz#2408315, rhbz#2408609, rhbz#2408672, rhbz#2408730

Fedora 43: Critical Patch for GnuTLS 3.8.11 Addressing CVE-2025-9820

Update to the 3.8.11 release with a fix for CVE-2025-9820 and several enhancements.

Fedora: Important linux-firmware Update for RTL BT and Other Devices

Upstream linux-firmware 20251111 release: rtl_bt: Update RTL8922A BT USB firmware to 0x41C0_C905 add firmware for mt7987 internal 2.5G ethernet phy rtw88: 8822b: Update firmware to v30.20.0 rtl_nic: add firmware rtl8125k-1

Fedora 43: dotnet10.0 GA Update Advisory 2025-41518fc0fd

This is the .NET 10 GA update Update .NET 10 to RC 2

OS: Arch

Fedora: 203105-8 moderate: ruby-on-rails sql injection vulnerability

The package python-django before version 5.1.11-1 is vulnerable to content spoofing.

Ubuntu: 303103-1 medium: gnome-terminal privilege escalation

The package konsole before version 25.04.2-1 is vulnerable to arbitrary code execution.

ArchLinux: ASA-202506-4 medium risk of go certificate bypass issue

The package go before version 1.24.4-1 is vulnerable to multiple issues including certificate verification bypass and information disclosure.

Arch Linux: ASA-202506-3 CVE-2025-0620 low: samba access issue

The package samba before version 4.22.2-1 is vulnerable to access restriction bypass.

OS: Slackware

Slackware 15.0: gnutls Low Severity Stack Overflow Fix SSA:2025-324-01

New gnutls packages are available for Slackware 15.0 and -current to fix security issues.

Slackware 15.0: OpenVPN Important State Exhaustion Issue SSA:2025-323-01

New openvpn packages are available for Slackware 15.0 and -current to fix security issues.

Slackware 15.0: libarchive Critical Buffer Overrun Fix SSA:2025-322-01

New libarchive packages are available for Slackware 15.0 and -current to fix security issues.

Slackware 15.0: xpdf Critical Fix for Buffer Overflow SSA:2025-319-01

New xpdf packages are available for Slackware 15.0 and -current to fix security issues.

OS: Ubuntu

Ubuntu 24.04: Critical Memory Corruption CVE-2024-36331 in Linux Kernel

Several security issues were fixed in the Linux kernel.

Ubuntu 24.04 LTS USN-7879-2: Linux Kernel Critical Local Access Threats

Several security issues were fixed in the Linux kernel.

Ubuntu 25.04: Linux Kernel Critical Security Flaws USN-7879-1

Several security issues were fixed in the Linux kernel.

Ubuntu: ImageMagick Critical DoS Attack Advisory USN-7876-1 CVE-2025-62171

ImageMagick could be made to crash or run programs as your login if it opened a specially crafted file.

OS: Debian LTS

Debian 11: Important Crash Advisory for WebKitGTK DLA-4375-1 CVE-2025-43272

The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2025-43272

Debian 11: pdfminer Critical Code Exec Risk DLA-4374-1 CVE-2025-64512

It was discovered that there was a potential arbitrary code execution in pdfminer, a tool for extracting information from PDF documents. A malicious, zipped pickle file could have contained code that might have been executed when the PDF was processed.

Debian 11: Libwebsockets Critical DoS and Buffer Overflow DLA-4373-1

Libwebsockets (LWS) is a flexible, lightweight pure C library for implementing modern network protocols easily with a tiny footprint, using a nonblocking event loop.

Debian: Thunderbird Critical Arbitrary Code Exec Update DLA-4372-1

Multiple security issues were discovered in Thunderbird, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy.

OS: Redhat

Red Hat: RHSA-2023-5538-01 Important: libvpx Heap Overflow and Crash

An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Red Hat Enterprise Linux 8.2 RHSA-2023-5527 Important: Bind DoS Risk

An update for bind is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Enterprise Linux 8.2 RHSA-2023-5534-01 Important: libvpx Issues

An update for libvpx is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Important Advisory RHSA-2023-5539-01 for libvpx Crash and Heap Overflow

An update for libvpx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability