Advisory ROSA-SA-2026-3288

software: kernel-6.6 6.6.126 WASP: ROSA-CHROME unaffected versions = kernel-6.6-6.6.6.126-6 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption an...

Advisory ROSA-SA-2026-3254

software: coturn 4.5.2 OS: ROSA-CHROME unaffected versions = coturn-4.5.2-6 affected versions coturn-4.5.2-6 CVE-ID: CVE-2026-27624 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in Coturn allows a remote attacker to bypass loopback and internal IP range locking denied-peer-ip option and...

Advisory ROSA-SA-2026-3118

software: ghostscript 9.56.1 OS: ROSA-CHROME unaffected versions = ghostscript-9.56.1-9 affected versions ghostscript-9.56.1-9 CVE-ID: CVE-2025-59798 BDU-ID: 2025-11520 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the pdfwritecmap function of the Ghostscript document processing, conversion, and...

Medium: runfinch-finch

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

Important: dotnet8.0

Issue Overview: External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. CVE-2025-26646 Affected Packages: dotnet8.0 Issue Correction: Run dnf update dotnet8.0 --releasever 2023.7.20250609 or...

Medium: openjpeg2

Issue Overview: openjpeg: heap buffer overflow in bin/common/color.c CVE-2024-56826 Affected Packages: openjpeg2 Issue Correction: Run dnf update openjpeg2 --releasever 2023.6.20250203 to update your system. New Packages: aarch64: openjpeg2-debuginfo-2.4.0-11.amzn2023.0.5.aarch64 ...