Important: kernel-livepatch-6.1.144-170.251

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fix DT error handling for num-channels/ees CVE-2025-39923 Affected Packages: kernel-livepatch-6.1.144-170.251 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-6.12.46-66.121

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fix DT error handling for num-channels/ees CVE-2025-39923 Affected Packages: kernel-livepatch-6.12.46-66.121 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel

Issue Overview: An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in dodivsz,mtd-erasesize, used indirectly by ctrlcdevioctl, when mtd-erasesize is 0. CVE-2023-31085 A flaw in the kernel Xen event handler can cause a deadlock with Xen conso...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: always use READONCE to read ring provided buffer lengths CVE-2025-39816 In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Set merge to zero early in afalgsendmsg...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: target: targetcoreconfigfs: Add length check to avoid buffer overflow CVE-2025-39998 In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ipvsftp unregister during netns cleanup...

Medium: samba

Issue Overview: A flaw was found in Samba, in the vfsstreamsxattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure...

Medium: python3.13

Issue Overview: The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be...

Important: kernel-livepatch-5.10.244-240.970

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix memory leak in nsimdrvprobe when nsimdevresourcesregister failed CVE-2022-50500 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of...

Important: kernel-livepatch-5.10.244-240.965

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix memory leak in nsimdrvprobe when nsimdevresourcesregister failed CVE-2022-50500 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix memory leak in nsimdrvprobe when nsimdevresourcesregister failed CVE-2022-50500 In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid accesses to...

Important: kernel-livepatch-4.14.355-280.679

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of smpprocessorid CVE-2023-53530 Affected Packages: kernel-livepatch-4.14.355-280.679 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: thunderbird

Issue Overview: There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpximgalloc with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpximaget struct may be...

Important: kernel-livepatch-6.12.40-63.114

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fix DT error handling for num-channels/ees CVE-2025-39923 Affected Packages: kernel-livepatch-6.12.40-63.114 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-6.1.141-167.250

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fix DT error handling for num-channels/ees CVE-2025-39923 Affected Packages: kernel-livepatch-6.1.141-167.250 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Medium: libsoup3

Issue Overview: A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 Unauthorized HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing th...

Medium: python3

Issue Overview: The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be...

Medium: python3.12

Issue Overview: The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be...

Important: kernel-livepatch-4.14.355-280.684

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of smpprocessorid CVE-2023-53530 Affected Packages: kernel-livepatch-4.14.355-280.684 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Medium: python3.11

Issue Overview: The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be...

Important: kernel-livepatch-5.10.240-238.959

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix memory leak in nsimdrvprobe when nsimdevresourcesregister failed CVE-2022-50500 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of...

Important: kernel-livepatch-5.10.240-238.966

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix memory leak in nsimdrvprobe when nsimdevresourcesregister failed CVE-2022-50500 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of...

Important: golang

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Medium: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 a...

Important: golang

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Low: docker

Issue Overview: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails...

Important: kernel-livepatch-4.14.355-280.664

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of smpprocessorid CVE-2023-53530 Affected Packages: kernel-livepatch-4.14.355-280.664 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Low: java-11-amazon-corretto

Issue Overview: Vulnerability in the Java SE product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...

Important: kernel-livepatch-6.12.40-63.107

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fix DT error handling for num-channels/ees CVE-2025-39923 Affected Packages: kernel-livepatch-6.12.40-63.107 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-6.12.37-61.105

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fix DT error handling for num-channels/ees CVE-2025-39923 Affected Packages: kernel-livepatch-6.12.37-61.105 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-6.1.148-173.267

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fix DT error handling for num-channels/ees CVE-2025-39923 Affected Packages: kernel-livepatch-6.1.148-173.267 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling CVE-2022-50053 In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX CVE-2025-38201 Affected Packages:...

Medium: python3.9

Issue Overview: The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smpexecutetasksg CVE-2022-50422 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of smpprocessorid...

Important: firefox

Issue Overview: Use-after-free in MediaTrackGraphImpl::GetInstance This vulnerability affects Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. CVE-2025-11708 A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using...

Important: 7zip

Issue Overview: This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handlin...

Important: squid

Issue Overview: Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. . This potentially allows a remote client to identify security tokens or credentials used internally by a web...

Important: sssd

Issue Overview: A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, SSSD does not enable the Kerberos local authentication plugin sssdkrb5localauthplugin, allowing an attacker with permission to modify...

Important: sssd

Issue Overview: A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, SSSD does not enable the Kerberos local authentication plugin sssdkrb5localauthplugin, allowing an attacker with permission to modify...

Medium: java-1.8.0-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 a...

Medium: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 a...

Medium: java-21-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 a...

Important: qemu

Issue Overview: A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client wi...

Important: perl-YAML-Syck

Issue Overview: YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex YAML...

Important: gi-docgen

Issue Overview: gi-docgen does not encode search terms before inserting them into HTML, allowing XSS via a crafted URL. Description obtained from: https://gitlab.gnome.org/GNOME/gi-docgen/-/issues/228 CVE-2025-11687 Affected Packages: gi-docgen Issue Correction: Run dnf update gi-docgen...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration CVE-2025-38248 In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal...

Important: kernel-livepatch-5.10.242-239.961

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix memory leak in nsimdrvprobe when nsimdevresourcesregister failed CVE-2022-50500 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of...

Important: squid

Issue Overview: Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. . This potentially allows a remote client to identify security tokens or credentials used internally by a web...

Important: kernel-livepatch-4.14.355-280.672

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of smpprocessorid CVE-2023-53530 Affected Packages: kernel-livepatch-4.14.355-280.672 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: xmlrpc-c

Issue Overview: libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. Considering the tradeoff between the stability of Amazon Linux and the impact of CVE-2023-52425...

Important: p7zip

Issue Overview: This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handlin...