Advisory ROSA-SA-2026-3312

Software: ffmpeg 4.4.6 OS: ROSA-CHROME Unaffected versions: = ffmpeg-4.4.6-4 Affected versions: ffmpeg-4.4.6-4 CVE-ID: CVE-2026-40962 BDU-ID: None CVE-Crit: Medium CVE-DESCRIPTION: The vulnerability related to integer overflow in FFmpeg allows an attacker to execute write operations beyond the...

Advisory ROSA-SA-2026-3311

Component: avahi 0.8 OS: ROSA-CHROME Unaffected versions: = avahi-0.8-12.git35bb1b.11 Affected versions: avahi-0.8-12.git35bb1b.11 CVE-ID: CVE-2026-34933 BDU-ID: None CVE-Crit: Medium CVE-DESC.: The vulnerability in Avahi allows an unprivileged local user to cause an emergency termination of...

Advisory ROSA-SA-2026-3307

Software: python-future 0.18.2 Operating System: ROSA-CHROME Unaffected versions: = python-future-0.18.2-4 Affected versions: python-future-0.18.2-4 CVE-ID: CVE-2022-40899 BDU-ID: 2023-02446 CVE-Crit: HIGH CVE-DESCRIPTION: The compatibility vulnerability in Python Charmers Future is related to...

Advisory ROSA-SA-2026-3299

Package: iputils 20221126 OS: ROSA-CHROME Unaffected versions: = iputils-20221126-2 Affected versions: iputils-20221126-2 CVE-ID: CVE-2025-47268 BDU-ID: 2025-11086 CVE-Crit: Medium CVE-DESC.: The vulnerability in the ICMP Echo Reply ping utility tool is related to a numerical overflow. Exploiting...

Advisory ROSA-SA-2026-3289

software: kernel-6.1 6.1.152 OS: ROSA-CHROME unaffected versions = kernel-6.1-6.1.1.152-4 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption and...

Advisory ROSA-SA-2026-3281

software: libde265 1.0.18 OS: ROSA-CHROME unaffected versions = libde265-1.0.18-1 affected versions libde265-1.0.18-1 CVE-ID: CVE-2025-61147 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in strukturag libde265 commit d9fea9d is related to a segmentation error in the...

Advisory ROSA-SA-2026-3271

Software: open-vm-tools 12.5.2 OS: ROSA-CHROME unaffected versions = open-vm-tools-12.5.2-1 affected versions open-vm-tools-12.5.2-1 CVE-ID: CVE-2025-22247 BDU-ID: 2025-05681 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the VMware Tools suite of utilities is related to incorrectly identifying a...

Advisory ROSA-SA-2026-3250

software: zlib 1.2.13 OS: ROSA-CHROME unaffected versions = zlib-1.2.13-2 affected versions zlib-1.2.13-2 CVE-ID: CVE-2026-27171 BDU-ID: None CVE-Crit: LOW CVE-DESC.: In zlib before 1.3.2, excessive CPU consumption DoS via crc32combine64 and crc32combinegen64 functions is possible: the x2nmodp...

Advisory ROSA-SA-2026-3248

software: exim 4.99.1 OS: ROSA-CHROME unaffected versions = exim-4.99.1-1 affected versions exim-4.99.1-1 CVE-ID: CVE-2025-67896 BDU-ID: 2026-00906 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the Exim mail server is related to a buffer overflow in dynamic memory. Exploitation of the...

Advisory ROSA-SA-2026-3246

software: ghostscript 9.56.1 OS: ROSA-CHROME unaffected versions = ghostscript-9.56.1-3 affected versions ghostscript-9.56.1-3 CVE-ID: CVE-2024-33869 BDU-ID: 2024-07480 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the base/gpmisc.c file of the Ghostscript document processing, conversion, and...

Advisory ROSA-SA-2026-3237

software: libsndfile 1.1.0 OS: ROSA-CHROME unaffected versions = libsndfile-1.1.0-6 affected versions libsndfile-1.1.0-6 CVE-ID: CVE-2025-56226 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Memory leak in Libsndfile =1.2.2 in the mpegl3encoderinit function file mpegl3encode.c. CVE-STATUS: The...

Advisory ROSA-SA-2026-3224

software: tpm2-tools 5.5.1 OS: ROSA-CHROME unaffected versions = tpm2-tools-5.5.1-1 affected versions tpm2-tools-5.5.1-1 CVE-ID: CVE-2024-29039 BDU-ID: 2025-16174 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the tpm2 checkquote component of the Trusted Platform Module tpm2-tools repository fo...

Advisory ROSA-SA-2026-3219

software: cups 2.4.16 OS: ROSA-CHROME unaffected versions = cups-2.4.16-1 affected versions cups-2.4.16-1 CVE-ID: CVE-2025-58436 BDU-ID: 2026-02912 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server is associated with uncontrolled resource consumption. Exploitation of the...

Advisory ROSA-SA-2026-3129

software: expat 2.7.3 OS: ROSA-CHROME unaffected versions = expat-2.7.3-1 affected versions expat-2.7.3-1 CVE-ID: CVE-2025-59375 BDU-ID: 2025-12925 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to unrestricted resource allocation. Exploitation of th...

Advisory ROSA-SA-2026-3127

software: freerdp 2.11.7 OS: ROSA-CHROME CVE-ID: CVE-2025-4478 BDU-ID: 2025-12117 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the GNOME Remote Desktop service is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker acting remotely to compromise data...

Advisory ROSA-SA-2025-3026

Software: openjpeg2 2.4.0 OS: ROSA-CHROME unaffected versions = openjpeg2-2.4.0 affected versions openjpeg2-2.4.0 CVE-ID: CVE-2025-54874 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: In OpenJPEG versions 2.5.1-2.5.3, calling opjjp2readheader may cause heap overruns when the data stream is short and...

Advisory ROSA-SA-2025-2987

software: rlottie 0.2 WASP: ROSA-CHROME unaffected versions = rlottie-0.2-4 affected versions rlottie-0.2-4 CVE-ID: CVE-2025-53074 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: Samsung Open Source rLottie - out-of-bounds read vulnerability allows buffers to overflow. CVE-STATUS: Vulnerability has be...

Advisory ROSA-SA-2025-2986

software: spdlog 1.8.5 OS: ROSA-CHROME unaffected versions = spdlog-1.8.5-2 affected versions spdlog-1.8.5-2 CVE-ID: CVE-2025-6140 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A vulnerability in spdlog causes excessive resource consumption when running the scopedpadder function patternformatter-inl.h,...

Advisory ROSA-SA-2025-2952

software: cjson 1.7.18 WASP: ROSA-CHROME unaffected versions = cjson-1.7.18-1 affected versions cjson-1.7.18-1 CVE-ID: CVE-2023-53154 BDU-ID: None CVE-Crit: LOW CVE-DESC.: cJSON: Buffer overflow vulnerability on read from heap via parsestring function. CVE-STATUS: Vulnerability has been resolved...

Advisory ROSA-SA-2025-2948

software: libsoup2.4 2.74.2 OS: ROSA-CHROME unaffected versions = libsoup2.4-2.74.2-2 affected versions libsoup2.4-2.74.2-2 CVE-ID: CVE-2025-32913 BDU-ID: 2025-06242 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the soupmessageheadersgetcontentdisposition function of the GNOME GUI libsoup library ...