Aggregator

It was discovered that uriparser did not correctly handle certain inputs, which could lead to an integer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-34402, CVE-2024-34403)

Nakul Choudhary and Robert Xiao discovered that RestrictedPython did not properly sanitize certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-37271) Abhishek Govindarasu, Ankush Menat and Ward Theunisse discovered that RestrictedPython did not correctly handle certain format strings. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-41039) It was discovered that RestrictedPython did not correctly restrict access to certain fields. An attacker could possibly use this issue to leak sensitive information. (CVE-2024-47532) It was discovered that RestrictedPython contained a type confusion vulnerability. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-22153)

FEDORA-2025-92362585e0 Packages in this update:

• containerd-1.7.27-1.fc41

Update description:

Update to v1.7.27 for F41

FEDORA-2025-73800111e8 Packages in this update:

• golang-github-openprinting-ipp-usb-0.9.30-1.fc41

Update description:

0.9.30, rebuild due golang CVE-2025-22870

FEDORA-2025-0951177024 Packages in this update:

• nodejs-nodemon-3.1.9-3.fc41

Update description: Added patch for CVE-2024-4068 (rhbz#2280624)

FEDORA-2025-7d7b644265 Packages in this update:

• nodejs-nodemon-3.1.9-4.fc42

Update description: Added patch for CVE-2024-4068 (rhbz#2280624)

FEDORA-2025-9a278a7768 Packages in this update:

• nodejs-nodemon-3.1.9-3.fc40

Update description: Added patch for CVE-2024-4068 (rhbz#2280624)

Version:next-20250318 (linux-next) Released:2025-03-18

Diego Cebrián discovered that djoser did not properly handle user authentication. An attacker with valid credentials could possibly use this to bypass authentication checks, such as two-factor authentication, to gain unintended access.

FEDORA-2025-cc269f80fa Packages in this update:

• rust-zincati-0.0.30-1.fc41

Update description:

New upstream release v0.0.30 see: https://github.com/coreos/zincati/releases/tag/v0.0.30

Backport polkit rules patch for CVE-2025-27512

• https://github.com/coreos/zincati/security/advisories/GHSA-w6fv-6gcc-x825
• https://www.cve.org/CVERecord?id=CVE-2025-27512
• https://github.com/coreos/zincati/commit/920ac90204830e43fd597f3dcbacf0d772b50a81

FEDORA-2025-43bcbb0795 Packages in this update:

• rust-zincati-0.0.30-1.fc40

Update description:

New upstream release v0.0.30 see: https://github.com/coreos/zincati/releases/tag/v0.0.30

FEDORA-2025-19fabb2ca6 Packages in this update:

• rust-zincati-0.0.30-1.fc42

Update description:

New upstream release v0.0.30 see: https://github.com/coreos/zincati/releases/tag/v0.0.30

FEDORA-2025-35347bf9f0 Packages in this update:

• bluez-5.80-1.fc42
• iwd-3.4-1.fc42
• libell-0.74-1.fc42

Update description:

bluez 5.80:

Fix issue with handling address type for all types of keys. Fix issue with handling maximum number of GATT channels. Fix issue with handling MTU auto-tuning feature. Fix issue with handling AVRCP volume in reconfigured transports. Fix issue with handling VCP volume setting requests. Fix issue with handling VCP connection management. Fix issue with handling MAP qualification. Fix issue with handling PBAP qualification. Fix issue with handling BNEP qualification. Add support for PreferredBearer device property. Add support for SupportedTypes Message Access property. Add support for HFP, A2DP, AVRCP, AVCTP and MAP latest versions.

iwd 3.4:

Add support for the Test Anything Protocol.

libell 0.74:

Add support for NIST P-192 curve usage with ECDH. Add support for SHA-224 based checksums and HMACs.

libell 0.73:

Fix issue with parsing hwdb.bin child structures.

libell 0.72:

Add support for the Test Anything Protocol.

FEDORA-2025-78dcffbaa1 Packages in this update:

• dotnet9.0-9.0.104-1.fc40

Update description:

This is the monthly update for .NET 9 for March 2025.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.104.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.3.md

FEDORA-2025-2edd9dc83b Packages in this update:

• dotnet9.0-9.0.104-1.fc41

Update description:

This is the monthly update for .NET 9 for March 2025.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.104.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.3.md

FEDORA-2025-a4aedd0b23 Packages in this update:

• dotnet9.0-9.0.104-1.fc42

Update description:

This is the monthly update for .NET 9 for March 2025.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.104.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.3.md

USN-7352-1 fixed a vulnerability in FreeType. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update also fixes an additional vulnerability in Ubuntu 14.04 LTS. Original advisory details: It was discovered that FreeType incorrectly handled certain memory operations when parsing font subglyph structures. A remote attacker could use this issue to cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2025-27363) Additional advisory details: It was discovered that FreeType incorrectly handled certain memory operations during typical execution. An attacker could possibly use this issue to cause FreeType to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2022-27406)

Tobias S. Fink discovered that PlantUML was susceptible to cross-site scripting attacks (XSS) in instances where SVG images were rendered. An attacker could possibly use this issue to cause PlantUML to crash, resulting in a denial of service, or the execution of arbitrary code.

Version:next-20250317 (linux-next) Released:2025-03-17

It was discovered that FreeType incorrectly handled certain memory operations when parsing font subglyph structures. A remote attacker could use this issue to cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code.