Advisory ROSA-SA-2025-2717

Software: rsyslog 8.2102.0 OS: ROSA Virtualization 3.0 packageevrstring: rsyslog-8.2102.0 CVE-ID: CVE-2022-24903 BDU-ID: 2022-04363 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the TCP modules of the Rsyslog log processing software utility is related to writes beyond buffer boundaries in memory...

Advisory ROSA-SA-2025-2712

Software: lz4 1.8.3 OS: ROSA Virtualization 3.0 packageevrstring: lz4-1.8.3-3.0.1 CVE-ID: CVE-2021-3520 BDU-ID: 2021-05259 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the memmove function of the LZ4 lossless data compression algorithm is related to an operation exceeding the allowable data buffe...

Advisory ROSA-SA-2025-2709

Software: libX11 1.6.8 OS: ROSA Virtualization 3.0 packageevrstring: libX11-1.6.8-6.0.1 CVE-ID: CVE-2021-31535 BDU-ID: 2021-02747 CVE-Crit: LOW CVE-DESC.: A vulnerability in the XLookupColor function of the libX11 library is related to insufficient input validation. Exploitation of the...

Advisory ROSA-SA-2025-2701

Software: gzip 1.9 OS: ROSA Virtualization 3.0 packageevrstring: gzip-1.9 CVE-ID: CVE-2022-1271 BDU-ID: 2022-02113 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gzip library is related to errors in file name handling. Exploitation of the vulnerability could allow an attacker acting remotely to...

Advisory ROSA-SA-2025-2699

Software: perl-HTTP-Tiny 0.074 OS: ROSA Virtualization 3.0 packageevrstring: perl-HTTP-Tiny-0.074-2 CVE-ID: CVE-2023-31486 BDU-ID: 2023-03872 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Perl HTTP::Tiny programming language library is related to errors in the TLS certificate authentication...

Important: libxml2

Issue Overview: xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CVE-2022-49043 Affected Packages: libxml2 Issue Correction: Run dnf update libxml2 --releasever 2023.6.20250218 to update your system. New Packages: aarch64: ...

Medium: grub2

Issue Overview: GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. CVE-2024-56737 Affected Packages: grub2 Issue Correction: Run dnf update grub2 --releasever 2023.6.20250218 to update your system. New Packages: aarch64: ...

Advisory ROSA-SA-2025-2697

Software: tomcat 9.0.62 OS: ROSA Virtualization 3.0 packageevrstring: tomcat-9.0.62-30.0.2 CVE-ID: CVE-2022-29885 BDU-ID: 2022-03434 CVE-Crit: HIGH CVE-DESC.: An implementation vulnerability in the EncryptInterceptor class of the Apache Tomcat application server is related to incomplete program...

Advisory ROSA-SA-2025-2692

Software: gnutls 3.6.16 OS: ROSA Virtualization 3.0 packageevrstring: gnutls-3.6.16-8 CVE-ID: CVE-2021-20231 BDU-ID: 2022-00206 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the keyshare extension of the GnuTLS transport layer security library is related to memory usage after it has been freed...

Advisory ROSA-SA-2025-2689

Software: scipy 1.0.0 OS: ROSA Virtualization 3.0 packageevrstring: scipy-1.0.0-21.0.2 CVE-ID: CVE-2023-29824 BDU-ID: 2024-07432 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the PyFindObjects function of the PyFindObjects library for the open source Python programming language scipy is relat...

Important: kernel-livepatch-6.1.96-102.177

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error CVE-2024-41087 Affected Packages: kernel-livepatch-6.1.96-102.177 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Advisory ROSA-SA-2025-2677

software: qt4 4.8.7 OS: ROSA-CHROME packageevrstring: qt4-4.8.7-18 CVE-ID: CVE-2023-32763 BDU-ID: 2023-03802 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the QTextLayout component of the Qt cross-platform software development framework is related to buffer copying without input validation...

Advisory ROSA-SA-2025-2673

software: curl 8.5.0 WASP: ROSA-CHROME packageevrstring: curl-8.5.0-1 CVE-ID: CVE-2023-46218 BDU-ID: 2024-02420 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the cURL command-line utility is related to the installation of "supercookie files" in Curl, which are then passed back to more sources...

Advisory ROSA-SA-2025-2671

software: shapelib 1.5.0 AXIS: ROSA-CHROME packageevrstring: shapelib-1.5.0-2 CVE-ID: CVE-2022-0699 BDU-ID: 2022-06588 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the implementation of the malloc function of the shapelib library is related to double memory freeing. Exploitation of the...

Advisory ROSA-SA-2025-2648

software: ghostscript 9.54.0 OS: ROSA-CHROME packageevrstring: ghostscript-9.54.0 CVE-ID: CVE-2023-43115 BDU-ID: 2023-06329 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the gdevijs.c component of the Ghostscript document processing software suite is related to incorrect code generation...

Advisory ROSA-SA-2025-2629

software: jackson-databind 2.9.9.3 OS: ROSA-CHROME packageevrstring: jackson-databind-2.9.9.9.3 CVE-ID: CVE-2019-14540 BDU-ID: 2019-04085 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the FasterXML com.zaxxer.hikari.HikariConfig function of the Java library for grammar parsing JSON files...

Advisory ROSA-SA-2025-2628

Software: libvncserver 0.9.13 OS: ROSA-CHROME packageevrstring: libvncserver-0.9.13-2 CVE-ID: CVE-2020-29260 BDU-ID: 2024-06666 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the rfbClientCleanup function of the libvncclient component of the libvncclient cross-platform LibVNCServer library is relat...

Advisory ROSA-SA-2025-2624

software: libxml2 2.9.14 OS: ROSA-CHROME packageevrstring: libxml2-2.9.14-6 CVE-ID: CVE-2024-25062 BDU-ID: 2024-01415 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlValidatePopElement function of the XML Reader Interface component of the Libxml2 library is related to memory usage after it is...

Advisory ROSA-SA-2025-2621

software: xerces-j2 2.12.0 WASP: ROSA-CHROME packageevrstring: xerces-j2-2.12.0-4 CVE-ID: CVE-2022-23437 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache Xerces Java XercesJ XML parser causes it to hang in an infinite loop when processing specially crafted XML documents...

Advisory ROSA-SA-2025-2618

software: libid3tag 0.15.1b WASP: ROSA-CHROME packageevrstring: libid3tag-0.15.1b-24 CVE-ID: CVE-2017-11550 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in libid3tag allows remote attackers to cause a denial of service via a special mp3 file. CVE-STATUS: The vulnerability has been...