squid34: Fix of CVE-2025-62168

CVE-2025-62168: Redact HTTP authentication credentials in error handling to prevent information disclosure...

kernel: Fix of 6 CVEs

fix: virtio-net: Add validation for used length CVE-2021-47352 - xen/netfront: don't use gnttabqueryforeignaccess for mapped status CVE-2022-23037 - net/sched: schqfq: Fix race condition on qfqaggregate CVE-2025-38477 - net: fix information leakage in /proc/net/ptype CVE-2022-48757 - net: atm:...

libxml2: Fix of 2 CVEs

CVE-2024-56171: fix use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c - CVE-2025-24928: fix stack-based buffer overflow in xmlSnprintfElements in valid.c...

kernel: Fix of 39 CVEs

nfs: fix UAF in direct writes CVE-2024-26958 - NFSD: Fix the behavior of READ near OFFSETMAX CVE-2022-48827 - thermal: core: prevent potential string overflow CVE-2023-52868 - ath5k: fix OOB in ath5keepromreadpcalinfo5111 CVE-2021-47633 - RDMA/cma: Ensure rdmaaddrcancel happens before issuing...

libxml2: Fix of CVE-2022-49043

CVE-2022-49043: fix use-after-free in xmlXIncludeAddNode, free URI after reporting the error to avoid use-after-free...

openssl: Fix of CVE-2018-0734

CVE-2018-0734: fix timing side channel attack in DSA signature algorithm...

binutils: Fix of CVE-2017-9042

CVE-2017-9042: readelf.c fix a possible application crash known as the "cannot be represented in type long" issue...

nss: Fix of CVE-2020-25648

CVE-2020-25648: fix DoS in case of receiving multiple CCS messages - extended tests...

openvpn: Fix of CVE-2020-15078

CVE-2020-15078: fix authentication bypass and access to control channel data on servers configured with deferred authentication...

samba: Fix of CVE-2020-25717

CVE-2020-25717: Adapt CVE's patch to Centos 6 based systems where regular user id starts from 500, so change the default value of the new config parameters added: "min domain uid" to 500...

libxml2: Fix of CVE-2025-6021

CVE-2025-6021: fix integer overflows in buffer size calculations...

libwebp: Fix of 3 CVEs

CVE-2020-36329: fix use-after-free vulnerability by delaying thread termination - CVE-2020-36330: fix out-of-bounds read in ChunkVerifyAndAssign function - CVE-2020-36331: fix out-of-bounds read in ChunkAssignData function...

glib2: Fix of CVE-2024-52533

CVE-2024-52533: fix off-by-one error and resulting buffer overflow in gsocks4aproxy.c by increasing SOCKS4CONNMSGLEN...

dovecot: Fix of CVE-2020-12674

CVE-2020-12674: fix mishandling of zero length in RPA request to prevent auth service crash...

cups: Fix of CVE-2023-4504

CVE-2023-4504: check for null terminator after a backslash...

spamassassin: Fix of 2 CVEs

CVE-2020-1930: fix command-execution vulnerability in SpamAssassin .cf parsing - CVE-2020-1931: fix command-execution vulnerability in SpamAssassin .cf parsing...

glibc: Fix of CVE-2020-1752

CVE-2020-1752: fix use-after-free vulnerability in glob...

glib2: Fix of CVE-2020-35457

CVE-2020-35457: fix integer overflow in goptiongroupaddentries to prevent potential out-of-bounds write - Bug775510: avoid calling Standard C string/array functions with NULL arguments...

dovecot: Fix of CVE-2020-12673

CVE-2020-12673: fix reading past buffer...

libwebp: Fix of CVE-2020-36328

CVE-2020-36328: fix a heap-based buffer overflow in WebPDecodeInto functions...

httpd: Fix of 2 CVEs

CVE-2024-47252: escape characters are now properly handled in modssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to mitigate HTTP desynchronisation attack...

kernel: Fix of 3 CVEs

posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel CVE-2025-38352 - schqfq: make qfqqlennotify idempotent CVE-2025-38177 - schhfsc: make hfscqlennotify idempotent CVE-2025-38177 - schdrr: make drrqlennotify idempotent CVE-2025-38177 - schhtb: make htbqlennotify...

glibc: Fix of CVE-2019-9169

CVE-2019-9169: fix heap-based buffer over-read in proceednextnode in posix/regexec.c...

python: Fix of CVE-2016-5636

CVE-2016-5636: fix heap-based buffer overflow in zipimport.c...

squid: Fix of CVE-2025-54574

CVE-2025-54574: fix buffer overflow in URN handling...

squid34: Fix of CVE-2025-54574

CVE-2025-54574: fix buffer overflow in URN handling...

clamav: Fix of 8 CVEs

Update to 1.0.9 LTS version - CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser - CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser - CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems...

php: Fix of 3 CVEs

CVE-2025-1217: http stream wrapper: fix handling folded headers - CVE-2025-1734: http stream wrapper: fix handling headers with invalid name and no colon - CVE-2025-1861: fix http redirect location truncation...

wget: Fix of CVE-2024-38428

CVE-2024-38428: fix mishandle semicolons in userinfo subcomponent of URI to prevent insecure behavior...

kernel: Fix of CVE-2023-52572

cifs: Fix UAF in cifsdemultiplexthread CVE-2023-52572...

tomcat6: Fix of CVE-2025-24813

CVE-2025-24813: enhance lifecycle of temporary files used by partial PUT...

dmidecode: Fix of CVE-2023-30630

CVE-2023-30630: prevent --dump-bin from overwriting local files to address privilege escalation vulnerability...

git: Fix of CVE-2025-46835

CVE-2025-46835: fix vulnerability where Git GUI can create and overwrite arbitrary writable files...

subversion: Fix of CVE-2024-46901

CVE-2024-46901: fix moddavsvn denial-of-service via control characters in paths...

java-1.8.0-openjdk: Fix of 4 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u462-b08. That fixes following CVEs: - CVE-2025-30749: better Glyph drawing - CVE-2025-30754: enhance TLS protocol support - CVE-2025-30761: improve scripting supports - CVE-2025-50106: glyph out-of-memory access and crash...

Update of nss

update to CKBI 2.74 from NSS 3.110 - updated certificates: - Certificate "certSIGN ROOT CA" - Certificate "ACCVRAIZ1" - Certificate "Entrust Root Certification Authority - G4" - Certificate "Security Communication ECC RootCA1" - Certificate "BJCA Global Root CA1" - Certificate "BJCA Global Root...

git: Fix of CVE-2025-27613

CVE-2025-27613: fix vulnerability where Gitk can write and truncate arbitrary writable files...

sqlite: Fix of CVE-2025-6965

CVE-2025-6965: fix a potential memory corruption if the number of aggregate terms in a query exceeds the maximum number of columns...

php: Fix of CVE-2025-1220

CVE-2025-1220: fix null byte termination in hostnames...

libxml2: Fix of 2 CVEs

CVE-2025-49794: fix memory safety issues in xmlSchematronReportOutput when parsing XPath elements - CVE-2025-49796: fix memory corruption issue triggered by processing sch:name elements in input XML file...

perl: Fix of CVE-2018-18311

CVE-2018-18311: fix buffer overflow...

git: Fix of CVE-2025-48384

CVE-2025-48384: config: quote values containing CR character...

Update of tzdata

Fix incorrect tzdb.dat by harding links...

rsync: Fix of CVE-2024-12087

CVE-2024-12087: fix path traversal vulnerability by adding a proper symlink verification and deduplication checks on a per-file-list basis...

java-1.8.0-openjdk: Fix of 2 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u452-b09. That fixes following CVE: CVE-2025-21587, CVE-2025-30698...

rsync: Fix of CVE-2024-12088

CVE-2024-12088: fix improper verification of symbolic link destinations to prevent path traversal vulnerability...

Update of tzdata

Upgrade to tzdata-2025b - New zone for Aysén Region in Chile which moves from -04/-03 to -03. - Paraguay adopted permanent -03 starting spring 2024. - Improve pre-1991 data for the Philippines. - Etc/Unknown is now reserved. - Improve historical data for Mexico, Mongolia, and Portugal. - System V...

kernel: Fix of 4 CVEs

media: pvrusb2: fix array-index-out-of-bounds in pvr2i2ccoreinit CVE-2022-49478 - x86/kvm: Disable kvmclock on all CPUs on shutdown CVE-2021-47110 - cifs: fix potential double free during failed mount CVE-2022-49541 - drm/amd/pm: fix double free in siparsepowertable CVE-2022-49530...

sssd: Fix of CVE-2023-3758

CVE-2023-3758: fix race condition in adgpo...

kernel: Fix of 12 CVEs

ext4: fix OOB read when checking dotdot dir CVE-2025-37785 - iscsiibft: Fix UBSAN shift-out-of-bounds warning in ibftattrshownic CVE-2025-21993 - media: uvcvideo: Fix double free in error path CVE-2024-57980 - jffs2: Prevent rtime decompress memory corruption CVE-2024-57850 - wifi: iwlegacy:...