Aggregator

Version:next-20250326 (linux-next) Released:2025-03-26

Martin van Kervel Smedshammer discovered that Varnish did not properly sanitize certain HTTP headers. A remote attacker could possibly use this issue to perform a cross-site request forgery (CSRF) attack.

FEDORA-2025-5fa61dc843 Packages in this update:

• suricata-7.0.10-1.fc41

Update description:

This is an extra release to address a critical issue in 7.0.9 affecting AF_PACKET users: setting a BPF would cause Suricata to fail to start up. This has been fixed.

Various security, performance, accuracy, and stability issues have been fixed. LibHTP has been updated to version 0.5.50 which is bundled with this new release. This fixes:

CVE-2025-29915: HIGH CVE-2025-29917: HIGH CVE-2025-29918: HIGH CVE-2025-29916: Moderate

FEDORA-EPEL-2025-811cbc0ed6 Packages in this update:

• suricata-7.0.10-1.el8

Update description:

This is an extra release to address a critical issue in 7.0.9 affecting AF_PACKET users: setting a BPF would cause Suricata to fail to start up. This has been fixed.

Various security, performance, accuracy, and stability issues have been fixed. LibHTP has been updated to version 0.5.50 which is bundled with this new release. This fixes:

CVE-2025-29915: HIGH CVE-2025-29917: HIGH CVE-2025-29918: HIGH CVE-2025-29916: Moderate

FEDORA-EPEL-2025-46a02bfa95 Packages in this update:

• suricata-7.0.10-1.el9

Update description:

This is an extra release to address a critical issue in 7.0.9 affecting AF_PACKET users: setting a BPF would cause Suricata to fail to start up. This has been fixed.

Various security, performance, accuracy, and stability issues have been fixed. LibHTP has been updated to version 0.5.50 which is bundled with this new release. This fixes:

CVE-2025-29915: HIGH CVE-2025-29917: HIGH CVE-2025-29918: HIGH CVE-2025-29916: Moderate

FEDORA-2025-2a295896e6 Packages in this update:

• suricata-7.0.10-1.fc40

Update description:

This is an extra release to address a critical issue in 7.0.9 affecting AF_PACKET users: setting a BPF would cause Suricata to fail to start up. This has been fixed.

Various security, performance, accuracy, and stability issues have been fixed. LibHTP has been updated to version 0.5.50 which is bundled with this new release. This fixes:

CVE-2025-29915: HIGH CVE-2025-29917: HIGH CVE-2025-29918: HIGH CVE-2025-29916: Moderate

FEDORA-2025-a9e7d63dc7 Packages in this update:

• suricata-7.0.10-1.fc42

Update description:

This is an extra release to address a critical issue in 7.0.9 affecting AF_PACKET users: setting a BPF would cause Suricata to fail to start up. This has been fixed.

Various security, performance, accuracy, and stability issues have been fixed. LibHTP has been updated to version 0.5.50 which is bundled with this new release. This fixes:

CVE-2025-29915: HIGH CVE-2025-29917: HIGH CVE-2025-29918: HIGH CVE-2025-29916: Moderate

FEDORA-2025-dbeb2c60c3 Packages in this update:

• nextcloud-31.0.2-2.fc40

Update description:

31.0.2 release RHBZ#2345769 RHBZ#2345775 RHBZ#2350414

FEDORA-2025-9e6b55e70b Packages in this update:

• nextcloud-31.0.2-1.fc41

Update description:

31.0.2 release RHBZ#2345769 RHBZ#2345775 RHBZ#2350414

FEDORA-2025-381c988800 Packages in this update:

• nextcloud-31.0.2-1.fc42

Update description:

31.0.2 release RHBZ#2345769 RHBZ#2345775 RHBZ#2350414

FEDORA-2025-ebd5b65ce8 Packages in this update:

• nextcloud-31.0.2-1.fc43

Update description:

Automatic update for nextcloud-31.0.2-1.fc43.

Changelog * Tue Mar 25 2025 Andrew Bauer <zonexpertconsulting@outlook.com> - 31.0.2-1 - 31.0.2 release RHBZ#2345769 RHBZ#2345775 RHBZ#2350414

FEDORA-2025-b7f0c55e00 Packages in this update:

• varnish-7.6.1-5.fc42

Update description:

Security: This update includes fix for VSV00015 aka CVE-2025-30346. Upstream considers this a low risk problem. For details, refer to https://varnish-cache.org/security/VSV00015.html.

Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service. (CVE-2024-32458) Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause FreeRDP clients and servers to crash, resulting in a denial of service. (CVE-2024-32459) It was discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service. (CVE-2024-32659, CVE-2024-32660)

Version:next-20250325 (linux-next) Released:2025-03-25

It was discovered that SmartDNS did not correctly align certain objects in memory, leading to undefined behaviour. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2024-24198, CVE-2024-24199) It was discovered that SmartDNS did not correctly handle certain inputs, which could lead to an integer overflow. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-42643)

FEDORA-2025-12f2e3e40b Packages in this update:

• dokuwiki-20240206b-1.fc42
• php-kissifrot-php-ixr-1.8.4-1.fc42
• php-phpseclib3-3.0.43-1.fc42

Update description:

Update DokuWiki to release 2024-02-06b "Kaos", update dependencies accordingly

FEDORA-2025-0ec100da82 Packages in this update:

• dokuwiki-20240206b-1.fc43
• php-kissifrot-php-ixr-1.8.4-1.fc43
• php-phpseclib3-3.0.43-1.fc43

Update description:

Update DokuWiki to release 2024-02-06b "Kaos", update dependencies accordingly