Sublime Text 安全漏洞

Sublime Text is a cross-platform, extensible text editor from Sublime, Inc. A security vulnerability exists in Sublime Text version 4 4200 that originates from a low-privilege attacker who can replace uninstalled files in the installation folder, potentially resulting in elevated privileges...

drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV

...

[SECURITY] Fedora 43 Update: uv-0.9.5-1.fc43

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

CVE-2025-56232

GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle MitM attack to intercept update requests and replace installer or update packages with malicious files...

EUVD-2025-37923

GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle MitM attack to intercept update requests and replace installer or update packages with malicious files...

GOG Galaxy 安全漏洞

GOG Galaxy is a game client program from the Polish company GOG. The program is used to install, launch and update games. A security vulnerability exists in GOG Galaxy version 2.0.0.2, which stems from a lack of SSL certificate validation, and could lead to a man-in-the-middle attack that could...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990132)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990132 advisory. In the Linux kernel, the following vulnerability has been resolved: dropmonitor: replace spinlock by rawspinlock tracedropcommon is called with preemption disabled,...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990072)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990072 advisory. In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: enhanced error handling for tightly received RTS messages in xtprxrtssessionnew...

[SECURITY] Fedora 42 Update: uv-0.9.5-1.fc42

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

[SECURITY] Fedora 41 Update: ruff-0.14.2-1.fc41

An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 plus dozens of plugins, Black, isort, pydocstyle,...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: btrfs: exit gracefully if reloc roots don't match BUG Syzbot reported a crash that an ASSERT got triggered inside preparetomerge. CAUSE The root cause of the triggered ASSERT is we can have a race between quota tree creation and...

SUSE CVE-2025-11232

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "^A-Za-z0-9.-"; "hostname-char-replacement" must be empty the default; and "ddns-qualifying-suffix" must NOT be empty the default is empty. DDNS...

PT-2025-51592

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where enabling Huge Virtual Objects HVO on the s390 architecture can lead to reproducible crashes. This occurs because kernel page tables are modified...

FreeBSD : ISC KEA -- Invalid characters cause assert (55c4e822-b4e4-11f0-8438-001b217e4ee5)

"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 55c4e822-b4e4-11f0-8438-001b217e4ee5 advisory. Internet Systems Consortium, Inc. reports: To trigger the issue, three configuration parameters must...

CVE-2025-11232

A flaw was found in Kea. A remote attacker can send specific option content to the kea-dhcp4 server. When the server is configured with specific parameters, an assertion failure can be triggered and cause the kea-dhcp4 process to exit unexpectedly, resulting in a denial of service. Mitigation Set...

EUVD-2025-36693

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "^A-Za-z0-9.-"; "hostname-char-replacement" must be empty the default; and "ddns-qualifying-suffix" must NOT be empty the default is empty. DDNS...

CVE-2025-11232

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "^A-Za-z0-9.-"; "hostname-char-replacement" must be empty the default; and "ddns-qualifying-suffix" must NOT be empty the default is empty. DDNS...

Hash Collision Weakness

Dragonfly is vulnerable to Hash Collision Weakness. The vulnerability is due to the use of insecure hash functions such as MD5 for verifying downloaded files, which allows an attacker to craft malicious files with colliding hashes and replace legitimate files without detection...

PT-2025-44333

Name of the Vulnerable Software and Affected Versions Kea versions 3.0.1 through 3.0.1 Kea versions 3.1.1 through 3.1.2 Description The software can exit unexpectedly when receiving certain option content from a client if three configuration parameters are set to specific values. Specifically, th...

SUSE-SU-2025:3839-1 Security update 5.1.1 for Multi-Linux Manager Server

This update fixes the following issues: Multi-Linux-Manager-Server-SLE-release: - Update for the release packages for fixing the EOL - Fixed migration issue bsc1243486 server-attestation-image was updated from version 5.1.7 to 5.1.10: - CVE-2025-53192: Do not use apache-commons-ognl but its...