SUSE SLES15 Security Update : kernel RT (Live Patch 1 for SLE 15 SP7) (SUSE-SU-2025:02873-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02873-1 advisory. This update for the Linux Kernel 6.4.0-15070073 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: core: d...

SUSE SLES15 Security Update : kernel RT (Live Patch 11 for SLE 15 SP6) (SUSE-SU-2025:02871-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02871-1 advisory. This update for the Linux Kernel 6.4.0-1506001039 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: core:...

SUSE-SU-2025:02876-1 Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005591 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350. - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID bsc1247351....

Important: kernel-livepatch-5.10.238-234.956

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 Affected Packages: kernel-livepatch-5.10.238-234.956 Issue Correction: Please ensure you have live patching enabled. Run yum update...

SUSE SLES15 Security Update : kernel (Live Patch 58 for SLE 15 SP3) (SUSE-SU-2025:02832-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02832-1 advisory. This update for the Linux Kernel 5.3.18-15030059207 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: cor...

SUSE SLES12 Security Update : kernel (Live Patch 58 for SLE 12 SP5) (SUSE-SU-2025:02827-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02827-1 advisory. This update for the Linux Kernel 4.12.14-122222 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: core: d...

Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024158 fixes several issues. The following security issues were fixed: CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350. CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID bsc1247351...

Security update for libgcrypt

This update for libgcrypt fixes the following issues: CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

ROOT-OS-DEBIAN-12-CVE-2024-56378 CVE-2024-56378 in rootio-poppler - Patched by Root

Root has patched CVE-2024-56378 in the rootio-poppler package for Root:Debian:12. Multiple fixed versions available...

Fedora 42 : xen (2025-ddaa63a0f5)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-ddaa63a0f5 advisory. update to xen-4.19.3 includes patches for x86: Incorrect stubs exception handling for flags recovery XSA-470, CVE-2025-27465 x86: Transitive Schedul...

CVE-2025-8549

The CVE-2025-8549 entry concerns atjiu pybbs up to version 6.0.0. The vulnerable component is the update function in src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java, where manipulation leads to weak password requirements. The issue is remotely exploitable with high attack co...

Advisory ROSA-SA-2025-2920

software: freerdp 2.11.7 OS: ROSA-CHROME unaffected versions = freerdp-2.11.7-7 affected versions freerdp-2.11.7-7 CVE-ID: CVE-2024-32661 BDU-ID: 2024-03394 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the FreeRDP RDP client is related to null pointer dereferencing. Exploitation of the...

SUSE-SU-2025:02601-1 Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506008 fixes several issues. The following security issues were fixed: - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close bsc1235250. - CVE-2025-37797: netsched: hfsc: Fix a UAF vulnerability in class handling bsc1245793. -...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their July 2025 Critical Patch Update. For more information please refer to Oracle's July 2025 CPU Advisory and the CVE links referenced below. Vulnerability Details...

CVE-2025-54575 ImageSharp Triggers an Infinite Loop in its GIF Decoder When Skipping Malformed Comment Extension Blocks

ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block with a missing block terminator can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. Th...

CVE-2025-38443

In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbdgenlconnect error path There is a use-after-free issue in nbd: block nbd6: Receive control failed result -104 block nbd6: shutting down sockets ==================================================================...

CLSA-2025-1753298604 Fix CVE(s): CVE-2025-49794, CVE-2025-49796

SECURITY UPDATE: memory vulnerabilities in schematron - debian/patches/CVE-2025-49794CVE-2025-49796.patch: fix memory safety issues in xmlSchematronReportOutput when parsing XPath elements and memory corruption issue triggered by processing sch:name elements in input XML file - CVE-2025-49794 -...

Security update for iputils

This update for iputils fixes the following issues: CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp bsc1243772 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can...

Security Bulletin: Update JRE for Older Versions of IBM SPSS Statistics

Summary Vulnerabilities related to encryption were found in older versions of the Java Runtime Environment JRE. This Interim Fix addresses those problems. The IF applies to all applicable Java SE CVEs published by Oracle as part of their April 2025 Critical Patch Update plus CVE-2025-4447...

Security Bulletin: Update JRE for Older Versions of IBM SPSS Statistics

Summary Vulnerabilities related to encryption were found in older versions of the Java Runtime Environment JRE. This Interim Fix addresses those problems. The IF applies to all applicable Java SE CVEs published by Oracle as part of their April 2025 Critical Patch Update plus CVE-2025-4447...