Updated python-pip packages fix security vulnerability

Mercurial configuration injectable in repo revision when installing via pip. CVE-2023-5752...

Updated nginx packages fix security vulnerability

TLS Session Resumption Vulnerability. CVE-2025-23419...

Updated python-waitress packages fix security vulnerabilities

Waitress has a request processing race condition in HTTP pipelining with an invalid first request. CVE-2024-49768 Waitress has a denial of service leading to high CPU usage/resource exhaustion. CVE-2024-49769...

Updated python-twisted packages fix security vulnerabilities

Twisted.web has disordered HTTP pipeline response. CVE-2023-46137 Twisted.web has disordered HTTP pipeline response. CVE-2024-41671 HTML injection in HTTP redirect body. CVE-2024-41810...

Updated python-ansible-core packages fix security vulnerabilities

Exposure of sensitive information in Ansible vault files due to improper logging. CVE-2024-8775 Ansible-core user may read/write unauthorized content. CVE-2024-9902 Unsafe tagging bypass via hostvars object in ansible-core. CVE-2024-11079...

Updated python-setuptools packages fix security vulnerability

Remote Code Execution in pypa/setuptools. CVE-2024-6345...

Updated qtbase5 & qtbase6 packages fix security vulnerabilities

network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVE-2023-51714 A buffer overflow and application crash can occur via a crafted KTX image file. CVE-2024-25580 Code to make security-relevant decisions about an established connection may execute too early, because...

Updated thunderbird packages fix security vulnerabilities

Use-after-free in XSLT. CVE-2025-1009 Use-after-free in Custom Highlight. CVE-2025-1010 A bug in WebAssembly code generation could result in a crash. CVE-2025-1011 Use-after-free during concurrent delazification. CVE-2025-1012 Potential double-free vulnerability in PKCS7 decryption handling...

Updated mariadb packages fix security vulnerability

Bug fix release which fixes some memory leaks and crashes...

Updated rootcerts, nss & firefox packages fix security vulnerabilities

Use-after-free in XSLT. CVE-2025-1009 Use-after-free in Custom Highlight. CVE-2025-1010 A bug in WebAssembly code generation could result in a crash. CVE-2025-1011 Use-after-free during concurrent delazification. CVE-2025-1012 Potential double-free vulnerability in PKCS7 decryption handling...

Updated xrdp packages fix security vulnerability

xrdp allows an infinite number of login attempts. CVE-2024-39917...

Updated libtasn1 packages fix security vulnerability

When an input DER data contains a large number of SEQUENCE OF or SET OF elements, decoding the data and searching a specific element in it take quadratic time to complete. This could be utilized for a remote DoS attack by presenting a crafted certificate to the network peer...

Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk packages fix security vulnerability

A difficult to exploit vulnerability allows unauthenticated attackers with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to Oracle Java SE accessible. This vulnerability can b...

Updated nodejs packages fix security vulnerabilities

Worker permission bypass via InternalWorker leak in diagnostics. CVE-2025-23083 GOAWAY HTTP/2 frames cause memory leak outside heap. CVE-2025-23085...

Updated gstreamer1.0, gstreamer1.0-plugins-base & gstreamer1.0-plugins-good packages fix security vulnerabilities

GStreamer has an OOB-write in isomp4/qtdemux.c. CVE-2024-47537 GStreamer has a stack-buffer overflow in vorbishandleidentificationpacket. CVE-2024-47538 GStreamer has an OOB-write in converttos3341a. CVE-2024-47539 GStreamer uses uninitialized stack memory in Matroska/WebM demuxer. CVE-2024-47540...

Updated chromium-browser-stable packages fix security vulnerability

Use after free in DevTools. CVE-2025-0762...

Updated bind packages fix security vulnerabilities

Many records in the additional section cause CPU exhaustion. CVE-2024-11187 DNS-over-HTTPS implementation suffers from multiple issues under heavy query load. CVE-2024-12705...

Updated vim packages fix security vulnerability

Segmentation fault in winline in Vim 9.1.1043. CVE-2025-24014...

Updated python-django packages fix security vulnerabilities

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. CVE-2024-38875 An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. T...

Updated libreoffice packages fix security vulnerabilities

Path traversal leading to arbitrary .ttf file write. CVE-2024-12425 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables. CVE-2024-12426...

Updated libxml2 packages fix security vulnerability

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CVE-2022-49043...

Updated redis packages fix security vulnerabilities

Redis' Lua library commands may lead to remote code execution. CVE-2024-46981 Redis allows denial-of-service due to malformed ACL selectors. CVE-2024-51741...

Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.74 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

Updated kernel, kmod-virtualbox, kmod-xtables-addons & dwarves packages fix security vulnerabilities

Upstream kernel version 6.6.74 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

Updated clamav packages fix security vulnerability

ClamAV OLE2 File Format Decryption Denial of Service Vulnerability. CVE-2025-20128...

Updated git-lfs packages fix security vulnerability

Git LFS permits exfiltration of credentials via crafted HTTP URLs. CVE-2024-53263...

Updated chromium-browser-stable packages fix security vulnerabilities

Object corruption in V8. CVE-2025-0611 Out of bounds memory access in V8. CVE-2025-0612...

Updated virtualbox, kmod-virtualbox packages fix security vulnerabilities

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

Updated glibc packages fix security vulnerability

When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. CVE-2025-0395...

Updated openssl packages fix security vulnerability

Timing side-channel in ECDSA signature computation. CVE-2024-13176...

Updated iperf packages fix security vulnerability

It was discovered that iperf 3.17.1 contains a segmentation violation via the iperfexchangeparameters function...

Updated phpmyadmin packages fix security vulnerabilities

fix possible security issue with library code slim/psr7 CVE-2023-30536 fix possible security issue relating to iconv CVE-2024-2961, PMASA-2025-3 fix an XSS vulnerability in the check tables feature PMASA-2025-1 fix an XSS vulnerability in the Insert tab PMASA-2025-2...

Updated poppler packages fix security vulnerability

libpoppler.so has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc. CVE-2024-56378...

Updated golang packages fix security vulnerabilities

net/http: sensitive headers incorrectly sent after cross-domain redirect, CVE-2024-45336. crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints, CVE-2024-45341...

Updated chromium-browser-stable packages fix security vulnerabilities

Lot of CVEs were fixed by upstream since our current version; please see the links...

Updated rsync packages fix security vulnerabilities

Heap buffer overflow in rsync due to improper checksum length handling. CVE-2024-12084 Info leak via uninitialized stack contents. CVE-2024-12085 Rsync server leaks arbitrary client files. CVE-2024-12086 Path traversal vulnerability in rsync. CVE-2024-12087 Rsync --safe-links option bypass leads ...

Updated raptor2 packages fix security vulnerability

In the Raptor RDF Syntax Library there is an integer underflow when normalizing a URI with the turtle parser in raptorurinormalizepath...

Updated dcmtk packages fix security vulnerabilities

An improper array index validation vulnerability exists in the nowindow functionality of OFFIS. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability, CVE-2024-47796. An improper array index validation vulnerabili...

Updated git packages fix security vulnerabilities

Git does not sanitize URLs when asking for credentials interactively. CVE-2024-50349 Newline confusion in credential helpers can lead to credential exfiltration in git. CVE-2024-52006...

Updated proftpd packages fix security vulnerability

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql. CVE-2024-48651...

Updated vim packages fix security vulnerability

Heap-buffer-overflow with visual mode in Vim 9.1.1003. CVE-2025-22134...

Updated openafs packages fix security vulnerabilities

A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix client. CVE-2024-10394 An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash. CVE-2024-10396 A malicious server can crash the OpenAFS cac...

Updated openjpeg2 packages fix security vulnerabilities

Heap buffer overflow in bin/common/color.c. CVE-2024-56826 Heap buffer overflow in lib/openjp2/j2k.c. CVE-2024-56827...

Updated ceph packages fix security vulnerability

Authentication bypass in CEPH RadosGW. CVE-2024-48916...

Updated thunderbird packages fix security vulnerabilities

WebChannel APIs susceptible to confused deputy attack. CVE-2025-0237 Use-after-free when breaking lines in text. CVE-2025-0238 Alt-Svc ALPN validation failure when redirected. CVE-2025-0239 Compartment mismatch when parsing JavaScript JSON module. CVE-2025-0240 Memory corruption when using...

Updated firefox packages fix security vulnerabilities

WebChannel APIs susceptible to confused deputy attack. CVE-2025-0237 Use-after-free when breaking lines in text. CVE-2025-0238 Alt-Svc ALPN validation failure when redirected. CVE-2025-0239 Compartment mismatch when parsing JavaScript JSON module. CVE-2025-0240 Memory corruption when using...

Updated radare2 packages fix security vulnerability

Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parsedie function. CVE-2024-29645...

Updated avahi packages fix security vulnerabilities

Avahi wide-area dns uses constant source port. CVE-2024-52615 Avahi wide-area dns predictable transaction ids. CVE-2024-52616...

Updated rizin packages fix security vulnerability

Command injection via RzBinInfo bclass due legacy code. CVE-2022-1207...

Updated libjxl packages fix security vulnerabilities

Out of Bounds Memory Read/Write in libjxl. CVE-2024-11403 Resource exhaustion via Stack overflow in libjxl. CVE-2024-11498...