[SECURITY] Fedora 41 Update: wine-10.12-2.fc41

Wine as a compatibility layer for UNIX to run Windows applications. This package includes a program loader, which allows unmodified Windows 3.x/9x/NT binaries to run on x86 and x8664 Unixes. Wine can use native system .dll files if they are available. In Fedora wine is a meta-package which will...

DEBIAN-CVE-2025-7394

In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...

CVE-2025-7394

In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...

CVE-2025-23267

A flaw was found in nvidia-container-toolkit. The update-ldcache hook contains a vulnerability allowing an attacker to trigger link following via a specially crafted container image. This issue allows a local attacker to potentially cause data corruption. The root cause is the improper handling o...

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path though incorrect handling of the OCI hook createContainer during container initialization when enable-cuda-compat is used. An attacker with low privileges in a container can run arbitrary code with higher privilege...

A Bayesian Incentive Mechanism for Poison-Resilient Federated Learning

Federated learning FL enables collaborative model training across decentralized clients while preserving data privacy. However, its open-participation nature exposes it to data-poisoning attacks, in which malicious actors submit corrupted model updates to degrade the global model. Existing defens...

[SECURITY] Fedora 42 Update: luajit-2.1.1748459687-2.fc42

LuaJIT implements the full set of language features defined by Lua 5.1. The virtual machine VM is API- and ABI-compatible to the standard Lua interpreter and can be deployed as a drop-in replacement...

OESA-2025-1824 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: arm64: Don't call NULL in docompatalignmentfixup doalignmentt32tohandler only fixes up alignment faults for specific instructions; it returns NULL otherwise e.g...

SSH-Passkeys: Leveraging Web Authentication for Passwordless SSH

We propose a method for using Web Authentication APIs for SSH authentication, enabling passwordless remote server login with passkeys. These are credentials that are managed throughout the key lifecycle by an authenticator on behalf of the user and offer strong security guarantees. Passwords rema...

Exploit for Out-of-bounds Read in Citrix Netscaler_Application_Delivery_Controller

CVE-2025-5777 - Citrix NetScaler Memory Leak Exploit !Banner...

jq security update

1.6-17.el9.2 - Fix CVE-2025-48060 - Resolves: RHEL-92990 1.6-17.el9.1 - Fix CVE-2024-23337 - Resolves: RHEL-92972 1.6-17 - Fix SAST findings in jq 1.6 - Resolves: RHEL-28653 1.6-16 - Make jq 1.6 fast - Resolves: RHEL-13431...

RHEL 8 : python3 (RHSA-2025:10602)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10602 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

FIDESlib: a Fully-Fledged Open-Source FHE Library for Efficient CKKS on GPUs

Word-wise Fully Homomorphic Encryption FHE schemes, such as CKKS, are gaining significant traction due to their ability to provide post-quantum-resistant, privacy-preserving approximate computing; an especially desirable feature in Machine-Learning-as-a-Service MLaaS cloud-computing paradigms...

Securing Mixed Rust with Hardware Capabilities

The Rust programming language enforces three basic Rust principles, namely ownership, borrowing, and AXM Aliasing Xor Mutability to prevent security bugs such as memory safety violations and data races. However, Rust projects often have mixed code, i.e., code that also uses unsafe Rust, FFI Forei...

SecureT2I: No More Unauthorized Manipulation on AI Generated Images from Prompts

Text-guided image manipulation with diffusion models enables flexible and precise editing based on prompts, but raises ethical and copyright concerns due to potential unauthorized modifications. To address this, we propose SecureT2I, a secure framework designed to prevent unauthorized editing in...

firefox: thunderbird: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser and persisted between containers and...

ALSA-2025:10073 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Content-Disposition header ignored when a file is included in an embed or object tag CVE-2025-6430 firefox: Use-after-free in FontFaceSet CVE-2025-6424 firefox:...

UBUNTU-CVE-2025-5372

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

An ETSI GS QKD Compliant TLS Implementation

A modification of the TLS protocol is presented, using our implementation of the Quantum Key Distribution QKD standard ETSI GS QKD 014 v1.1.1. We rely on the Rustls library for this. The TLS protocol is modified while maintaining backward compatibility on the client and server side. We thus wish ...

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore

A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service...