5313 matches found
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: cifs: potential buffer overflow in handling symlinks CVE-2022-49058 kernel: media: uvcvideo: Remove dangling pointers CVE-2024-58002 kernel: media: uvcvideo: Fix double free in error path...
Moderate: glib2 security update
GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib2: Signal subscription...
Important: tomcat security update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITYUPDATE frame CVE-2025-3165...
Moderate: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: cifs: potential buffer overflow in handling symlinks CVE-2022-49058 kernel: media: uvcvideo: Remove dangling pointers CVE-2024-580...
Important: cloud-init security update
The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: Cloud init permissions flaw CVE-2024-6174 For more...
Important: tomcat security update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITYUPDATE frame CVE-2025-3165...
Important: java-17-openjdk security update
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: JDK: Better Glyph drawing CVE-2025-30749 JDK: Enhance TLS protocol support CVE-2025-30754 JDK: Improve HTTP client header handling CVE-2025-50059 JDK:...
Moderate: python-setuptools security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Moderate: lz4 security update
The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limi...
Moderate: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...
Moderate: glib2 security update
GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: buffer overflow in...
Moderate: socat security update
The socat utility establishes bi-directional byte streams and transfers data between them. The utility can establish streams between a large set of channels, such as files, pipes, devices, and sockets. Security Fixes: socat: arbitrary file overwrite via predictable /tmp directory CVE-2024-54661 F...
Moderate: emacs security update
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: arbitrary code execution via Lisp macro expansion CVE-2024-53920 For more details about th...
Moderate: python3.12-setuptools security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Moderate: python3.11-setuptools security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Important: cloud-init security update
The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: Cloud init permissions flaw CVE-2024-6174 For more...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes CVE-2025-21991 For more details about the security issues, including the impact, a CVSS score, acknowledgments, an...
Moderate: microcode_ctl security update
The microcodectl packages provide microcode updates for Intel and AMD processors. Security Fixes: microcodectl: From CVEorg collector CVE-2024-28956 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pag...
Moderate: golang security update
The golang packages provide the Go programming language compiler. Security Fixes: net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Bluetooth: Fix use after free in hcisendacl CVE-2022-49111 kernel: Bluetooth: hcisync: Fix queuing commands when HCIUNREGISTER is set CVE-2022-49136 kernel: udf: Fix a slab-out-of-bounds...
Important: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml: Heap use after free UAF leads to Denial of service DoS CVE-2025-49794 libxml: Type confusion leads to Denial of service DoS CVE-2025-49796 libxml2: Integer Overflow in...
Moderate: gnome-remote-desktop security update
GNOME Remote Desktop is a remote desktop and screen sharing service for the GNOME desktop environment. Security Fixes: gnome-remote-desktop: Uncontrolled Resource Consumption due to Malformed RDP PDUs CVE-2025-5024 For more details about the security issues, including the impact, a CVSS score,...
Important: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Bluetooth: Fix use after free in hcisendacl CVE-2022-49111 kernel: Bluetooth: hcisync: Fix queuing commands when HCIUNREGISTER is...
Moderate: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 For more details about the security issues, including the impact, a CVSS score,...
Important: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml: Heap use after free UAF leads to Denial of service DoS CVE-2025-49794 libxml: Type confusion leads to Denial of service DoS CVE-2025-49796 libxml2: Integer Overflow in...
Important: podman security update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: podman missing TLS verification CVE-2025-6032 For more details about the security...
Moderate: jq security update
jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: jq has signed integer...
Moderate: gnome-remote-desktop security update
GNOME Remote Desktop is a remote desktop and screen sharing service for the GNOME desktop environment. Security Fixes: gnome-remote-desktop: Uncontrolled Resource Consumption due to Malformed RDP PDUs CVE-2025-5024 For more details about the security issues, including the impact, a CVSS score,...
Important: container-tools:rhel8 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: podman: podman missing TLS verification CVE-2025-6032 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relate...
Moderate: jq security update
jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: jq has signed integer...
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ipv6: mcast: extend RCU protection in igmp6send CVE-2025-21759 kernel: ovl: fix UAF in ovldentryupdatereval by moving dput in ovllinkup CVE-2025-21887 kernel: net: atm: fix use after free...
Moderate: socat security update
The socat utility establishes bi-directional byte streams and transfers data between them. The utility can establish streams between a large set of channels, such as files, pipes, devices, and sockets. Security Fixes: socat: arbitrary file overwrite via predictable /tmp directory CVE-2024-54661 F...
Moderate: python-setuptools security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Important: python3.12 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links CVE-2025-5986 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links CVE-2025-5986 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...
Moderate: ruby:3.3 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion CVE-2025-25186 CGI: Denial of Service in CGI::Cookie.parse...
Important: python3.12 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Content-Disposition header ignored when a file is included in an embed or object tag CVE-2025-6430 firefox: Use-after-free in FontFaceSet CVE-2025-6424 firefox:...
Important: python3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Important: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Content-Disposition header ignored when a file is included in an embed or object tag CVE-2025-6430 firefox: Use-after-free in FontFaceSet CVE-2025-6424 firefox:...
Important: python3 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Important: pam security update
Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fixes: linux-pam: Linux-pam directory Traversal CVE-2025-6020 For more details about the security issues, including the impact, a CVSS...
Important: sudo security update
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fixes: sudo: LPE via host option CVE-2025-32462 For...
Important: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Important: sudo security update
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fixes: sudo: LPE via host option CVE-2025-32462 For...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Squashfs: fix handling and sanity checking of xattrids count CVE-2023-52933 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
Moderate: glibc security update
The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...
Important: libblockdev security update
The libblockdev packages provide a C library with GObject introspection support used for low-level operations on block devices. The library serves as a thin wrapper around plug-ins for specific functionality, such as LVM, Btrfs, LUKS, or MD RAID. Security Fixes: libblockdev: LPE from allowactive ...