Security update 5.1.1.1 for Multi-Linux Manager Client Tools

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...

SUSE-SU-2025:4447-1 Security update 5.1.1.1 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 - CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 - Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...

CVE-2025-68195

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Add missing terminator for zen5rdseedmicrocode Running x86matchminmicrocoderev on a Zen5 CPU trips up KASAN for an out of bounds access...

Updated libraw, digikam & darktable packages fix security vulnerabilities

In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. CVE-2025-43961 In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult...

Update: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities

CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances ASA and Firepower devices. Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issu...

CVE-2025-40129

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix null pointer dereference on zero-length checksum In xdrstreamdecodeopaqueauth, zero-length checksum.len causes checksum.data to be set to NULL. This triggers a NPD when accessing checksum.data in gsskrb5verifymicv2...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990792)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990792 advisory. In the Linux kernel, the following vulnerability has been resolved: macvlan: enforce a consistent minimal mtu macvlan should enforce a minimal mtu of 68, even at lin...

Malicious code in minimum_lungfish_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a8188a67a79755bb9207754ed4990e0cca11edaa9610b2987eb385c08357b04 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-103753

Malicious code in minimumparrotfishz3n npm...

EUVD-2025-103752

Malicious code in minimumplanarianz3n npm...

EUVD-2025-96447

Malicious code in minimumhalibutz3n npm...

Malicious code in minimum_halibut_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 918d680ec9e5e29f9eed996fc4c8d8fc17d6df2bd46b9bdf8d7e3452026c7b71 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-74457

Malicious code in minimumbeesapphire-6 npm...

EUVD-2025-81215

Malicious code in minimumcuckoo0xrequest npm...

EUVD-2025-81216

Malicious code in minimumbison0xrequest npm...

EUVD-2025-84727

Malicious code in minimumdonkeyz3n npm...

EUVD-2025-84728

Malicious code in minimumcobraz3n npm...

MAL-2025-69406 Malicious code in minimum-sapphire-moth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb5622d9c6b8d9fd497209a31da78aff6efe7342273004d8616697762400679e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in minimum-ivory-flyingfish (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93ae7aaedcdf92f5b530587138a709f9d4139da94ef6b34919f0672aa2795761 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-53245

Malicious code in minimum-ivory-flyingfish npm...