[SECURITY] Fedora 42 Update: python-pdfminer-20240706-5.fc42

Pdfminer.six is a community maintained fork of the original PDFMiner. It is a tool for extracting information from PDF documents. It focuses on getting and analyzing text data. Pdfminer.six extracts the text from a page directly from the sourcecode of the PDF. It can also be used to get the exact...

[SECURITY] Fedora 43 Update: python-pdfminer-20251230-1.fc43

Pdfminer.six is a community maintained fork of the original PDFMiner. It is a tool for extracting information from PDF documents. It focuses on getting and analyzing text data. Pdfminer.six extracts the text from a page directly from the sourcecode of the PDF. It can also be used to get the exact...

Metasploit Wrap-Up 12/12/2025

React2shell Module As you may have heard, on December 3, 2025, the React team announced a critical Remote Code Execution RCE vulnerability in servers using the React Server Components RSC Flight protocol. The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0 and is informally...

[SECURITY] Fedora 41 Update: python-pdfminer-20240706-3.fc41

Pdfminer.six is a community maintained fork of the original PDFMiner. It is a tool for extracting information from PDF documents. It focuses on getting and analyzing text data. Pdfminer.six extracts the text from a page directly from the sourcecode of the PDF. It can also be used to get the exact...

[SECURITY] Fedora 42 Update: python-pdfminer-20240706-4.fc42

Pdfminer.six is a community maintained fork of the original PDFMiner. It is a tool for extracting information from PDF documents. It focuses on getting and analyzing text data. Pdfminer.six extracts the text from a page directly from the sourcecode of the PDF. It can also be used to get the exact...

[SECURITY] Fedora 43 Update: python-pdfminer-20251107-1.fc43

Pdfminer.six is a community maintained fork of the original PDFMiner. It is a tool for extracting information from PDF documents. It focuses on getting and analyzing text data. Pdfminer.six extracts the text from a page directly from the sourcecode of the PDF. It can also be used to get the exact...

[SECURITY] Fedora 41 Update: mupdf-1.25.4-2.fc41

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

CVE-2022-49899 fscrypt: stop using keyrings subsystem for fscrypt_master_key

In the Linux kernel, the following vulnerability has been resolved: fscrypt: stop using keyrings subsystem for fscryptmasterkey The approach of fs/crypto/ internally managing the fscryptmasterkey structs as the payloads of "struct key" objects contained in a "struct key" keyring has outlived its...

[SECURITY] Fedora 42 Update: php-tcpdf-6.9.1-1.fc42

PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...

SUSE: Security Advisory (SUSE-SU-2024:1462-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-RU-2023:4192-1 Recommended update for libssh2_org

This update for libssh2org fixes the following issues: - Upgrade to version 1.11.0 in SLE-15: jscPED-7040 Update to 1.11.0: Enhancements and bugfixes - Adds support for encrypt-then-mac ETM MACs - Adds support for AES-GCM crypto protocols - Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed255...

USN-6274-1: XMLTooling vulnerability

Jurien de Jong discovered that XMLTooling did not properly handle certain KeyInfo element content within an XML signature. An attacker could possibly use this issue to achieve server-side request forgery...

XPDF 输入验证错误漏洞

XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. A security vulnerability exists in XPDF versions prior to 4.04, which stems from a missing integer overflow check in JPXStream.cc...

OPENSUSE-SU-2020:1785-1 Security update for MozillaThunderbird and mozilla-nspr

This update for MozillaThunderbird and mozilla-nspr fixes the following issues: - Mozilla Thunderbird 78.4 new: MailExtensions: browser.tabs.sendMessage API added new: MailExtensions: messageDisplayScripts API added changed: Yahoo and AOL mail users using password authentication will be migrated ...

Moderate: Red Hat Security Advisory: novnc security update

An updated novnc package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 13.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

SUSE-SU-2020:0104-1 Security update for nodejs10

This update for nodejs10 to version 10.18.0 fixes the following issues: Security issues fixed: - CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field bsc1159352. - Added support for chacha20-poly1305 for Authenticated...

[SECURITY] Fedora 27 Update: rsyslog-8.37.0-1.fc27

Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is compatible with stock sysklogd and can be used as a drop-in replacement. Rsyslog is simple to set up,...

CVE-2016-10318

A missing authorization check in the fscryptprocesspolicy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of...

Code Execution Vulnerability Found in Libpurple IM Library

A severe vulnerability has been disclosed in libpurple, the library used in the development of a number of popular instant messaging clients, including Pidgin and Adium for the macOS platform. Adium 1.5.10.2 is vulnerable and can be exploited to run arbitrary code remotely. A researcher who goes ...

Patrick Wardle on macOS Gatekeeper, Crypto Enhancements

At last week’s Apple Worldwide Developer Conference, Apple announced some security upgrades around Gatekeeper and a new filesystem that includes native support for encryption. Mac hacker Patrick Wardle, director of research at Synack, explains whether this a big deal and how the upgrades address...