[SECURITY] Fedora 40 Update: php-8.3.19-1.fc40

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

CVE-2025-2574

Out-of-bounds array write in Xpdf 4.05 and earlier, due to incorrect integer overflow checking in the PostScript function interpreter code...

CVE-2024-7598

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies ...

CVE-2024-47609 vulnerabilities

Vulnerabilities for packages: qdrant, wadm, atuin, parseable, buck2, wash...

Updated vim packages fix security vulnerability

Vim vulnerable to potential data loss with zip.vim and special crafted zip files. CVE-2025-29768...

CVE-2023-29933 affecting package llvm16 for versions less than 16.0.0-4

CVE-2023-29933 affecting package llvm16 for versions less than 16.0.0-4. A patched version of the package is available...

CVE-2025-22868 affecting package telegraf for versions less than 1.31.0-5

CVE-2025-22868 affecting package telegraf for versions less than 1.31.0-5. A patched version of the package is available...

CVE-2025-22869 affecting package telegraf for versions less than 1.31.0-5

CVE-2025-22869 affecting package telegraf for versions less than 1.31.0-5. A patched version of the package is available...

CVE-2025-24801

GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of .php files located on the GLPI server. This vulnerability is fixed in 10.0.18...

GHSA-8355-XJ3P-HV6Q vulnerabilities

Vulnerabilities for packages: trino...

CVE-2024-40965 affecting package kernel for versions less than 6.6.64.2-9

CVE-2024-40965 affecting package kernel for versions less than 6.6.64.2-9. A patched version of the package is available...

CVE-2024-43857 affecting package kernel for versions less than 6.6.64.2-9

CVE-2024-43857 affecting package kernel for versions less than 6.6.64.2-9. A patched version of the package is available...

CVE-2024-56549 affecting package kernel for versions less than 6.6.78.1-1

CVE-2024-56549 affecting package kernel for versions less than 6.6.78.1-1. A patched version of the package is available...

CVE-2024-49915 affecting package kernel for versions less than 6.6.64.2-9

CVE-2024-49915 affecting package kernel for versions less than 6.6.64.2-9. A patched version of the package is available...

CVE-2024-50010 affecting package kernel for versions less than 5.15.176.3-1

CVE-2024-50010 affecting package kernel for versions less than 5.15.176.3-1. A patched version of the package is available...

polkit bug fix and enhancement update

An update is available for polkit. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.5...

CVE-2024-44931 affecting package kernel for versions less than 5.15.176.3-1

CVE-2024-44931 affecting package kernel for versions less than 5.15.176.3-1. A patched version of the package is available...

CVE-2024-50275 affecting package kernel for versions less than 5.15.176.3-1

CVE-2024-50275 affecting package kernel for versions less than 5.15.176.3-1. A patched version of the package is available...

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: out-of-bounds write vulnerability CVE-2025-24201 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer ...

CVE-2025-27363 affecting package freetype for versions less than 2.13.1-1

CVE-2025-27363 affecting package freetype for versions less than 2.13.1-1. An upgraded version of the package is available that resolves this issue...