util-linux bug fix and enhancement update

An update is available for util-linux. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

openldap bug fix update

An update is available for openldap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenLDAP is an open-source suite of Lightweight Directory Access Protocol LD...

Medium: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's extproc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failur...

Important: python-jinja2

Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker need...

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update ...

Advisory ROSA-SA-2025-2784

Software: libXpm 3.5.12 OS: ROSA Virtualization 3.0 packageevrstring: libXpm-3.5.12-11.rv30 CVE-ID: CVE-2023-43788 BDU-ID: 2023-06887 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the XpmCreateXpmImageFromBuffer function of the X Pixmap Image File XPM libXpm library is related to reading data...

gstreamer1-plugins-good security update

An update is available for gstreamer1-plugins-good. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStreamer is a streaming media framework based on graphs of...

mod_auth_openidc security update

An update is available for modauthopenidc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modauthopenidc is an OpenID Connect authentication module for Apac...

util-linux bug fix and enhancement update

An update is available for util-linux. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9...

Azure Linux 3.0 Security Update: kernel (CVE-2024-53171)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53171 advisory. - In the Linux kernel, the following vulnerability has been resolved: ubifs: authentication: Fix use-after- fr...

Important: libxml2

Issue Overview: xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CVE-2022-49043 Affected Packages: libxml2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

Medium: openjpeg2

Issue Overview: openjpeg: heap buffer overflow in lib/openjp2/j2k.c CVE-2024-56827 Affected Packages: openjpeg2 Issue Correction: Run dnf update openjpeg2 --releasever 2023.6.20250303 or dnf update --advisory ALAS2023-2025-875 --releasever 2023.6.20250303 to update your system. More information o...

openSUSE Security Advisory (SUSE-SU-2024:1943-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: apache-commons-compress

Issue Overview: When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package...

Google Chrome Security Update (stable-channel-update-for-desktop_18-2025-02) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

SUSE SLES15 Security Update : kernel (Live Patch 22 for SLE 15 SP4) (SUSE-SU-2025:0455-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0455-1 advisory. This update for the Linux Kernel 5.14.21-15040024103 fixes several issues. The following security issues were fixed: - CVE-2024-45016: netem: f...

SUSE SLES12 Security Update : python36 (SUSE-SU-2025:0434-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:0434-1 advisory. - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. bsc1236705 Tenable has extracted the preceding...

Azure Linux 3.0 Security Update: avahi (CVE-2023-38469)

The version of avahi installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-38469 advisory. - A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord...

Azure Linux 3.0 Security Update: rust (CVE-2024-32884)

The version of rust installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-32884 advisory. - gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for tex...

Azure Linux 3.0 Security Update: python-jinja2 (CVE-2024-56326)

The version of python-jinja2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56326 advisory. - Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed...