Advisory ROSA-SA-2025-2845

Software: harfbuzz 1.7.5 OS: ROSA Virtualization 2.1 packageevrstring: harfbuzz-1.7.5-4.rv3 CVE-ID: CVE-2023-25193 BDU-ID: 2023-06149 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the hb-ot-layout-gsubgpos.hh component of the Harfbuzz text conversion library is associated with unrestricted resourc...

Advisory ROSA-SA-2025-2780

Software: pixman 0.38.4 OS: ROSA Virtualization 2.1 packageevrstring: pixman-0.38.4-4.rv3 CVE-ID: CVE-2020-35492 BDU-ID: 2021-03445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the image-compositor.c component of the Cairo vector graphics library is related to a data stack buffer overflow...

Advisory ROSA-SA-2025-2698

Software: perl-CPAN 2.18 OS: ROSA Virtualization 3.0 packageevrstring: perl-CPAN-2.18-397.0.1 CVE-ID: CVE-2023-31484 BDU-ID: 2023-03871 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the CPAN.pm component of the Perl programming language is related to errors in the TLS certificate authentication...

Advisory ROSA-SA-2025-2565

software: mcpp 2.7.2 OS: ROSA-CHROME packageevrstring: mcpp-2.7.2-14 CVE-ID: CVE-2019-14274 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Heap-based buffer overflow vulnerability in MCPP in domsg in support.c. CVE-STATUS: The vulnerability has been resolved CVE-REV: To close the vulnerability, run the...

Advisory ROSA-SA-2024-2538

software: libgsf 1.14.53 WASP: ROSA-CHROME packageevrstring: libgsf-1.14.53-1 CVE-ID: CVE-2024-42415 BDU-ID: 2024-08625 CVE-Crit: HIGH CVE-DESC.: A vulnerability in The GNOME Project's structured file library libgsf involves a dynamic memory-based integer overflow when processing the sector...