Fedora: Security Advisory (FEDORA-2026-49fd0d9636)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libpng15 security update

1.5.30-14.1 - fix CVE-2026-25646: heap buffer overflow in pngsetquantize RHEL-148404...

Fedora 41 : kubernetes1.33 (2025-e282b00383)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-e282b00383 advisory. - Update to release v1.33.6 - Resolves: rhbz2398588, rhbz2398849, rhbz2399250, rhbz2399523 - Resolves: rhbz2407789, rhbz2408059, rhbz2408316,...

Fedora 44 : cri-o1.32 (2025-c48cd0beee)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c48cd0beee advisory. Automatic update for cri-o1.32-1.32.10-1.fc44. Changelog Tue Nov 11 2025 Bradley G Smith - 1.32.10-1 - Update to release v1.32.10 - Resolves:...

udisks2 security update

2.9.0-16.1 - udiskslinuxmanager: Add lower bounds check to fdindex CVE-2025-8067 RHEL-109408...

CLSA-2021-1616001357 Security fix for CVE-2019-10160

Security fix for CVE-2019-10160 Resolves: rhbz1716744...

CVE-2016-2781

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer...

CVE-2015-8025

driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors...

CVE-2011-3201

GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email...

CVE-2011-3597

Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor...

CVE-2009-5064

ldd in the GNU C Library aka glibc or libc6 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LDTRACELOADEDOBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion...

CVE-2009-2446

Multiple format string vulnerabilities in the dispatchcommand function in libmysqld/sqlparse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service daemon crash and possibly have unspecified other impact via format string specifiers in a database...

CVE-2009-1284

Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service memory corruption and crash via a long .bib bibliography file...

CVE-2008-1615

Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service crash via certain ptrace calls...

uucp --config patch -- not sufficient

Problem: uucp patch from RedHat possibly others prevents original exploit, but not variations. Severity: Potential for local root on some distributions, uucp.uucp on others. https://bugzilla.redhat.com/bugzilla/showbug.cgi?id=54466 I had seen this report some time ago, and thought: "Good. They've...