Advisory ROSA-SA-2025-2615

Software: wireshark 4.0.12 OS: ROSA-CHROME packageevrstring: wireshark-4.0.12-1 CVE-ID: CVE-2023-6174 BDU-ID: 2023-08355 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH dissector of the Wireshark computer network traffic analyzer is related to insufficient cleaning of special elements in the...

Advisory ROSA-SA-2025-2609

software: shadow-utils 4.10 WASP: ROSA-CHROME packageevrstring: shadow-utils-4.10-7 CVE-ID: CVE-2023-4641 BDU-ID: 2024-02776 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the shadow-utils package involves requesting a password twice and failing to clear the memory buffer. Exploitation of the...

Advisory ROSA-SA-2025-2582

software: libtiff 4.1.0 OS: ROSA-CHROME packageevrstring: libtiff-4.1.0-8 CVE-ID: CVE-2024-7006 BDU-ID: 2024-06610 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the LibTIFF library involves null pointer dereferencing via tifdirinfo.c. Exploitation of the vulnerability could allow an attacker...

Advisory ROSA-SA-2025-2579

software: suricata 6.0.20 WASP: ROSA-CHROME packageevrstring: suricata-6.0.20-2 CVE-ID: CVE-2024-45796 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Suricata allows an attacker to cause a failure in the reassembly of traffic fragments. CVE-STATUS: The vulnerability has been resolved...

Advisory ROSA-SA-2025-2578

software: suricata 6.0.20 WASP: ROSA-CHROME packageevrstring: suricata-6.0.20-1 CVE-ID: CVE-2024-38535 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in Suricata parsing HTTP/2 traffic. CVE-STATUS: Vulnerability has been resolved. CVE-REV: To close the vulnerability, run the command: dnf...

Advisory ROSA-SA-2025-2577

Software: wpasupplicant 2.11 WASP: ROSA-CHROME packageevrstring: wpasupplicant-2.11-3 CVE-ID: CVE-2023-52160 BDU-ID: 2024-01426 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Protected Extensible Authentication Protocol PEAP implementation of the Wi-Fi WPA Supplicant secure access client is...

Advisory ROSA-SA-2025-2571

software: ghostscript 9.56.1 OS: ROSA-CHROME packageevrstring: ghostscript-9.56.1-1 CVE-ID: CVE-2024-46956 BDU-ID: 2024-09737 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the psi/zfile.c component of the Ghostscript document processing, conversion, and generation software suite involves reading...

Important: python3.12

Issue Overview: Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the...

Important: iperf3

Issue Overview: iperf v3.17.1 was discovered to contain a segmentation violation via the iperfexchangeparameters function. CVE-2024-53580 Affected Packages: iperf3 Issue Correction: Run dnf update iperf3 --releasever 2023.6.20250123 or dnf update --advisory ALAS2023-2025-812 --releasever...

Advisory ROSA-SA-2024-2547

software: virglrenderer 0.8.1 OS: ROSA-CHROME packageevrstring: virglrenderer-0.8.1-4 CVE-ID: CVE-2020-8002 BDU-ID: 2023-00917 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the vrendrenderer.c component of the Virglrenderer virtual OpenGL renderer is related to pointer dereferencing errors...

Advisory ROSA-SA-2024-2542

Software: vorbis-tools 1.4.2 OS: ROSA-CHROME packageevrstring: vorbis-tools-1.4.2-3 CVE-ID: CVE-2023-43361 BDU-ID: 2024-02625 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Vorbis-tools package is related to the ability to write beyond buffer boundaries in memory when converting wav files to og...

Medium: python3.11-pip

Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...

Advisory ROSA-SA-2024-2541

software: tcl 8.6.13 WASP: ROSA-CHROME packageevrstring: tcl-8.6.13-1 CVE-ID: CVE-2021-35331 BDU-ID: 2022-01774 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nmakehlp.c component of the Tcl programming language is related to insufficient format string handling. Exploitation of the...

Advisory ROSA-SA-2024-2527

Software: clamav 0.103.11 OS: rosa-server79 packageevrstring: clamav-0.103.11-1.res7 CVE-ID: CVE-2023-20197 BDU-ID: 2023-04766 CVE-Crit: HIGH CVE-DESC.: A vulnerability in ClamAV's file system image parser for Hierarchical File System Plus HFS+ is related to incorrect resource scrubbing or freein...

Important: python3.11

Issue Overview: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. CVE-2024-6232 Affected Packages: python3.11 Issue Correction: Ru...

HASOMED Elefant 安全漏洞

HASOMED Elefant is an exercise software from the German company HASOMED. It specializes in meeting the needs of psychotherapists, child and adolescent psychotherapists, and medical psychotherapists. HASOMED Elefant has a security vulnerability. An attacker with local access to a medical office...

Advisory ROSA-SA-2024-2514

Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26.0.1.P2.res7.16 CVE-ID: CVE-2024-1737 BDU-ID: 2024-05964 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the BIND DNS server is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attack...

Advisory ROSA-SA-2024-2513

Software: python-setuptools 0.9.8 OS: rosa-server79 packageevrstring: python-setuptools-0.9.8-7.0.1.res7 CVE-ID: CVE-2024-6345 BDU-ID: 2024-05843 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the packageindex module of the setuptools project packaging simplification library is related to functions...

Important: oath-toolkit

Issue Overview: oath-toolkit: Local root exploit in a PAM module CVE-2024-47191 Affected Packages: oath-toolkit Issue Correction: Run dnf update oath-toolkit --releasever 2023.6.20241010 to update your system. New Packages: aarch64: libpskc-debuginfo-2.6.12-1.amzn2023.0.1.aarch64 ...

Advisory ROSA-SA-2024-2503

Software: wget 1.19.5 OS: ROSA Virtualization 2.1 packageevrstring: wget-1.19.5-12.rv3 CVE-ID: CVE-2024-38428 BDU-ID: 2024-04683 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the userinfo URI component of the GNU Wget download manager is related to insecure behavior in which data that should hav...