INFOSEC – USERSPACE.ORG :

OS: Arch

Fedora: 203105-8 moderate: ruby-on-rails sql injection vulnerability

The package python-django before version 5.1.11-1 is vulnerable to content spoofing.

Ubuntu: 303103-1 medium: gnome-terminal privilege escalation

The package konsole before version 25.04.2-1 is vulnerable to arbitrary code execution.

ArchLinux: ASA-202506-4 medium risk of go certificate bypass issue

The package go before version 1.24.4-1 is vulnerable to multiple issues including certificate verification bypass and information disclosure.

Arch Linux: ASA-202506-3 CVE-2025-0620 low: samba access issue

The package samba before version 4.22.2-1 is vulnerable to access restriction bypass.

OS: Scientific

Scientific Linux 7 SLSA-2023:6885 Critical: Python TLS Handshake Bypass

python: TLS handshake bypass (CVE-2023-40217) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6885 SL7 srpm python-0:2.7.5-94.el7_9.src x86_64 python-0:2.7.5-94.el7_9.x86_64 i386 python-libs-0:2.7.5-94.el7_9.i686 - Scientific Linux Development Team

SciLinux: SLSA-2023:6886 Critical: Plexus-Archiver File Creation Risk

plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6886 SL7 srpm plexus-archiver-0:2.4.2-6.el7_9.src noarch plexus-archiver-0:2.4.2-6.el7_9.noarch - Scientific Linux Development Team

Scientific Linux 7 Advisory SLSA-2023:5691 Critical DoS in BIND

bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:5691 SL7 srpm bind-32:9.11.4-26.P2.el7_9.15.src i386 bind-export-libs-32:9.11.4-26.P2.el7_9.15.i686 x86_64 bind-export-libs-32:9.11.4-26.P2.el7_9.15.x86_64 noarch bind-license-32:9.11.4-26.P2.el7_9.15.noarch - Scie [More...]

Scientific Linux SLSA-2023:5615 Moderate Security Issue in libssh2

libssh2: use-of-uninitialized-value in _libssh2_transport_read (CVE-2020-22218) --- This content is derived from https://sso.redhat.com/auth/realms/redhat-external/protocol/saml?SAMLRequest=fZJBT8MwDIX%2FSm85ZWk7yrZonVQxIU0ChDbgwAVlqccipUmJXTb49aQbg3Hh6jy%2F79nOFFVjW1l1tHVLeOsAKakQIZDx7so77BoIKwjvRsPj8qZkW6IWpRBKa0AcBKi3igbaN6L2O2e9qlH0nmJjnLLmE1hSEQWz7giOfsa9fhsuXA37kmUsmUdu1PfQXwSiP%2FdXMaMIoGyD4ljmsCcIESPa4Mlrbw9olizmJXvJ9WgMWmV8qMcTfpGNUq7WxZCvVTEe5dmoUJebKEXsYhAk5ahkeZoXPL3g6eQhHcqikGn2zJInCHhIlg9Sluwb61D2oJJ1wUmv0KB0qgGUpOWqur2RUSjVaY3nLe3%2FPac52Gzaq%2BUhXZh1zmwM1PxnxVNx%2Fjw9HvEu2i3m994a%2FZFU1vrdVVwXQckodPEO1z40iv4P0FdMzTcHqWz7wZHAEROzI%2FPvX5l9AQ%3D%3D&RelayState=https%3A%2F%2Faccess.redhat.com%2Ferrata%2FRHSA-2&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=BrJPc%2FvdbvszAnFEmxMHTWhWO5IJXnU8CNik001PBsM04yezeCS%2B0pETxgMIupFPsrxTbmD1oepOHhERcPL4Byk1qKkm6TtFvfXm74lB8Pui6rdjg%2B8IwVmrenuF4Ph3LD4ZnDeuNW3YO4dDbN5Q4%2F89FIjEkeGKeLLar10vtkiy8GweKEe8cuja3717pxNrVTOi8ckfBHwomdUD8Xw1IE6M1qHI4u6pOMtxqpKQPu%2FZzsAgrME854P7NQqtGaZRI3eqZlBRVyG2FYrR7KFC6QtA%2FdVCYBxBWG4JdxZhXmbM%2Fc%2Bn%2B04WEKPpbhH12qa7URkjktnYMsJNcVF7rtYtn1D6gCyPnuXrwe7qcV0MgnrfuqmW4FoGsGrjhFdp7Eebe40wh78VaLxxAxO9hR%2BrYRDgNjvtewICpUbzYQUm6jzVk3i%2FYjt5Pmr9HesI1zvaI80Jmpgud1snf1z7VWoIqnAXwIZyLlo%2BxyFZs4qDUBgFr9tqrgbnGjBgTzdyJTItq7yFMVJDCt6dy5LjnMgKSMd%2BjjsoDBjssytWMM4ulzlyQHtn4IdVgCe4q4jgLQrHXf4ZucbUIA6q%2Fxgg7favSO%2FZaivTQq%2BoaQQKJ1NXxPiMXw6j354mdaEtz8jK549xaCEZi2OiF3l8Qrzc%2B7JikRXQ8wlX1gh8SbiNHfo6ZcE%3D 023:5615 SL7 srpm libssh2-0:1.8.0-4.el7_9.1.src i386 libssh2-0:1.8.0-4.el7_9.1.i686 x86_64 libssh2-0:1.8.0-4.el7_9.1.x86_64 noarch libssh2-docs-0:1.8.0- 4.el7_9.1.noarch - Scientific Linux Development Team

NIST Vulnerability Database

CVE-2023-36409
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2023-36769
Microsoft OneNote Spoofing Vulnerability

CVE-2023-47004
Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication.

CVE-2023-45556
Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.

OS: Mageia

Mageia 9: Apache Commons BeanUtils Important Fix for CVE-2025-48734

MGASA-2025-0299 - Updated apache-commons-beanutils packages fix security vulnerability

Mageia 9: Critical Cleartext Vulnerability in Stardict CVE-2025-55014

MGASA-2025-0298 - Updated stardict packages fix security vulnerability

Mageia: yelp Important Remote Code Exec CVE-2025-3155 Advisory 2025-0297

MGASA-2025-0297 - Updated yelp & yelp-xsl packages fix security vulnerability

Mageia: Apache Commons FileUpload Important DoS Advisory MGASA-2025-0296

MGASA-2025-0296 - Updated apache-commons-fileupload packages fix security vulnerability

OS: Debian

Debian: Thunderbird Critical Code Execution Flaws DSA-6059-1

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the oldstable distribution (bookworm), these problems have been fixed

Debian: DSA-6058-1 lasso Critical Denial of Service CVE-2025-46404

Keane O'Kelley discovered several vulnerabilities in lasso, a library implementing Liberty Alliance and SAML protocols, which could result in denial of service or the execution of arbitrary code.

Debian: Critical Vulnerability in Privilege Escalation DSA-6080-1 Alert

A vulnerability was discovered in the ec2tokens and s3tokens APIs of Keystone, the OpenStack identity service, which may result in authorisation bypass or privilege escalation if /v3/ec2tokens or /v3/s3tokens are reachable by unauthenticated clients.

Debian DSA-6057-1 LXD Important Local Privilege Escalation CVE-2025-64507

It was discovered that LXD, a system container and virtual machine manager, is prone to a local privilege escalation vulnerability if unprivileged users are allowed to access LXD through lxd-user.

OS: Ubuntu

Ubuntu 22.04 LTS USN-7862-3 Important Info Exposure CVE-2025-40300

The system could be made to expose sensitive information.

Kernel Isolation Flaw in Ubuntu 24.04 LTS: USN-7861-3 CVE-2025-40300

Several security issues were fixed in the Linux kernel.

Ubuntu 22.04 LTS: USN-7835-6 Linux Kernel Important Security Update

Several security issues were fixed in the Linux kernel.

Ubuntu 20.04: Bind Important Denial of Service Cache Poisoning USN-7836-2

Several security issues were fixed in Bind.

OS: OpenSuse

openSUSE: MozillaFirefox Moderate Security Issues Advisory 2025:15735-1

An update that solves 16 vulnerabilities can now be installed.

openSUSE Tumbleweed: Chromedriver Moderate Update CVE-2025-13042

An update that solves one vulnerability can now be installed.

openSUSE: bind Important Spoofing Cache Poisoning Issues 2025:4107-1

An update that solves two vulnerabilities can now be installed.

openSUSE: BIND Critical Vulnerability Mitigation 2025:4109-2

An update that solves two vulnerabilities can now be installed.

OS: CentOS

CentOS 7 CESA-2024-1498 Moderate Advisory: Thunderbird Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:1498

CentOS 7 CESA-2024-1486 Critical: Firefox Security Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:1486

CentOS 7 CESA-2024-1249 Important: Kernel Critical Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:1249

CentOS 7 CESA-2024-0957 Critical Thunderbird Security Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:0957

OS: Debian LTS

Debian: Thunderbird Critical Arbitrary Code Exec Update DLA-4372-1

Multiple security issues were discovered in Thunderbird, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy.

Debian 11: gst-plugins-base1.0 Critical DoS Fix DLA-4371-1 CVE-2025-47806

Multiple vulnerabilities were fixed in the subparse plugin of gst-plugins-base1.0. GStreamer is a popular multimedia framework. CVE-2025-47806: Fix DoS via stack overflow in subparse plugin

Debian 11: firefox-esr Moderate Code Exec Risks DLA-4370-1

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy.

Debian 11: Critical Info Disclosure & ASN Encoding Bugs DLA-4369-1

Squid a popular proxy server was affected by multiple vulnerabilities CVE-2025-59362

OS: Redhat

Red Hat: RHSA-2023-5538-01 Important: libvpx Heap Overflow and Crash

An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Red Hat Enterprise Linux 8.2 RHSA-2023-5527 Important: Bind DoS Risk

An update for bind is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Enterprise Linux 8.2 RHSA-2023-5534-01 Important: libvpx Issues

An update for libvpx is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Important Advisory RHSA-2023-5539-01 for libvpx Crash and Heap Overflow

An update for libvpx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

OS: Slackware

Slackware 15.0: xpdf Critical Fix for Buffer Overflow SSA:2025-319-01

New xpdf packages are available for Slackware 15.0 and -current to fix security issues.

Slackware 15.0: mozilla-thunderbird Critical Security Update 2025-316-01

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues.

Slackware 15.0: mozilla-firefox Critical Security Fix 2025-315-01

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues.

Slackware 15.0: Seamonkey Important Update for DoS Issue SSA:2025-305-01

New seamonkey packages are available for Slackware 15.0 and -current to fix security issues.

OS: Fedora

Fedora 43: chrome Significant Vulnerability Alert CVE-2025-13042

Update to 142.0.7444.162 * High CVE-2025-13042: Inappropriate implementation in V8

Fedora 43: bind9-next Security Update CVE-2025-8677 Cache Poisoning

Update to 9.21.14 (rhbz#2394406) Security Fixes: DNSSEC validation fails if matching but invalid DNSKEY is found. (CVE-2025-8677) Address various spoofing attacks. (CVE-2025-40778) Cache-poisoning due to weak pseudo-random number generator. (CVE-2025-40780)

Fedora 41: LUKSData Integrity Restoration Update CVE-2025-11678

New upstream release v10 Fix: CVE-2025-11568

Fedora 42: bind9-next Critical DNSSEC Issues Fix 2025-d9f9394ecd

NIST Vulnerability Database

CVE-2023-36409
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2023-36769
Microsoft OneNote Spoofing Vulnerability

CVE-2023-45556
Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.

OS: Suse

SUSE: BIND Important Spoofing Cache Poisoning Vulnerability 2025:4107-1

* bsc#1252379 * bsc#1252380 Cross-References: * CVE-2025-40778

SUSE: Bind Important Spoofing Cache Poisoning Vuln 2025:4108-1

* bsc#1252379 * bsc#1252380 Cross-References: * CVE-2025-40778

SUSE: BIND Important Spoofing Cache Poisoning Fix SUSE-SU-2025:4109-1

* bsc#1252379 * bsc#1252380 Cross-References: * CVE-2025-40778

SUSE: Bind Important DNSSEC Spoofing and Cache Poisoning Fix 2025:4110-1

* bsc#1252378 * bsc#1252379 * bsc#1252380 Cross-References:

OS: Gentoo

Gentoo: PHP Library Remote Code Execution Vulnerabilities GLSA-202510-07

Multiple vulnerabilities have been discovered in Composer, the worst of which can lead to arbitrary code execution.

Gentoo: Spreadsheet-ParseExcel Vulnerability Overview GLSA-202508-06

A vulnerability has been discovered in Spreadsheet-ParseExcel, which can lead to arbitrary code execution.

Gentoo: Mozilla NSS Standard TLS RSA Decryption Timing Flaw GLSA-202509-05

A vulnerability has been discovered in NSS, which can lead to the recovery of private data.

Gentoo: FontForge Standard Uncontrolled Code Execution GLSA-202509-04

A vulnerability has been discovered in FontForge, which can lead to arbitrary code execution.