Explore top 10 tips to secure your open-source projects now. Read More
×New version fixing high-severity CVE. New version of jupyter-server fixing various security vulnerabilities.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-dd1d19e58b 2026-07-05 01:07:02.694197+00:00 -------------------------------------------------------------------------------- Name : python-jupyter-server Product : Fedora 44 Version : 2.20.0 Release : 1.fc44 URL : https://jupyter-server.readthedocs.io Summary : The backend for Jupyter web applications Description : The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. -------------------------------------------------------------------------------- Update Information: New version fixing high-severity CVE. New version of jupyter-server fixing various security vulnerabilities. -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 19 2026 Lumir Balhar - 2.20.0-1 - Update to 2.20.0 (rhbz#2489836) * Thu Jun 4 2026 Python Maint - 2.19.0-2 - Rebuilt for Python 3.15 * Mon Jun 1 2026 Lumir Balhar - 2.19.0-1 - Update to 2.19.0 (rhbz#2483209) * Mon May 11 2026 Lumir Balhar - 2.18.2-1 - Update to 2.18.2 (rhbz#2466683) * Tue May 5 2026 Lumir Balhar - 2.18.0-1 - Update to 2.18.0 (rhbz#2465646) * Tue Apr 14 2026 Tomáš Hrnčiar - 2.17.0-5 - Raise pytest upper bound to allow pytest 9 * Fri Mar 20 2026 Lumir Balhar - 2.17.0-4 - Ignore deprecation warnings from ptyprocess:pty to fix build with Python 3.15 alpha 7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2484708 - CVE-2026-35397 python-jupyter-server: Jupyter Server: Unauthorized File Access via Path Traversal Vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2484708 [ 2 ] Bug #2484713 - CVE-2026-40934 python-jupyter-server: Jupyter Server:Authentication bypass due to unrotated cookie secret [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2484713 [ 3 ] Bug #2485374 - CVE-2026-6657 python-jupyter-server: jupyter-server: Arbitrary code execution due to CORS origin validation bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2485374 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-dd1d19e58b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fixes high-severity security issue in Jupyter Server with improved vulnerabilities.. Jupyter Server Security Update, Fedora High Severity Vulnerabilities, Python Jupyter Server Fix. . Severity: high. LinuxSecurity.com Team
YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n-> type_id in place, corrupting shared node. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a8d89d8ae2 2026-03-31 00:16:35.926016+00:00 -------------------------------------------------------------------------------- Name : perl-YAML-Syck Product : Fedora 44 Version : 1.39 Release : 1.fc44 URL : https://metacpan.org/release/YAML-Syck Summary : Fast, lightweight YAML loader and dumper Description : This module provides a Perl interface to the libsyck data serialization library. It exports the Dump and Load functions for converting Perl data structures to YAML strings, and the other way around. -------------------------------------------------------------------------------- Update Information: YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n-> type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return. -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 22 2026 Paul Howarth - 1.39-1 - Update to 1.39 Bug Fixes: - Fix: escape solidus (/) as \/ in JSON::Syck::Dump for XSS safety (GH#125, GH#130) - Fix: anchor tracking for blessed scalar refs in Dump (GH#126, GH#131) -Fix: prevent buffer underflow in base60 (sexagesimal) parsing (GH#133) - Fix: guard against NULL type from strtok in tag parsing (GH#135) - Fix: correct copy-paste bug in syck_seq_assign() ASSERT macros (GH#137) - Fix t/yaml-implicit-typing.t failure with -Duselongdouble perls (GH#138, GH#139) Improvements: - Resolve TODO tests for empty/invalid YAML to match actual behaviour (GH#127, GH#129) Maintenance: - Remove dead Perl 5.6 TODOs and convert 5.8 TODO to SKIP (GH#129) - Add comprehensive implicit type resolution test suite (GH#137) - Update MANIFEST to include all unit tests - Clean up test names to remove unnecessary numbering * Thu Mar 19 2026 Paul Howarth - 1.37-1 - Update to 1.37 Features: - Add LoadBytes, LoadUTF8, DumpBytes, DumpUTF8 functions (GH#51) Fixes: - Fix heap buffer overflow in the YAML emitter - CVE-2026-4177 (GH#67) - Fix DumpFile with tied filehandles (IO::String, IO::Scalar) (GH#22) - Fix _is_glob to recognize IO::Handle subclasses (GH#23) - Fix memory leak when dumping filehandles (CPAN RT#41199, GH#42) - Fix dumping of tied hashes (GH#31) - Fix dumping strings starting with '...' as unquoted plain scalars (GH#34) - Fix dumping strings with tabs and carriage returns as plain scalars (GH#59) - Fix double-dash YAML parsing (RT#34073, GH#35) - Fix extra newline after empty arrays/hashes in YAML output (GH#36) - Remove trailing whitespace from YAML output lines (GH#37, GH#38, GH#39) - Fix quoting of \r and \t in YAML output instead of emitting raw bytes (GH#40) - Fix growing !!perl/regexp objects in round-trips (GH#43) - Fix quoted '=' being transformed into 'str' (GH#45) - Fix backslash-space escape in double-quoted YAML strings (GH#61) - Fix flow sequence comma separator not recognized without trailing space (GH#60) - Fix wide character warning in DumpFile (GH#28) - Fix inline arrays without space after comma (GH#25) - Fix: quote strings matching YAML implicit types toprevent round-trip failures (GH#26) - Fix JSON::Syck::Dump to use JSON-valid \uXXXX escapes in output (GH#21) - Fix JSON::Syck::Load decoding of \/ and \uXXXX escape sequences (GH#30) - Fix: apply JSON postprocessing to JSON::Syck::DumpFile output (GH#104) - Fix: add tied-filehandle fallback to JSON::Syck::DumpFile (GH#98) - Fix: handle JSON escape sequences in SingleQuote mode Load (GH#99) - Fix: restore Perl 5.8 compatibility in test suite (GH#121) - Fix: correct copy-paste error in Makefile.PL clean target (GH#101) - Fix: correct $SortKeys POD default from false to true (GH#100) - Fix: correct POD documentation errors (GH#103) Maintenance: - Add C23-compatible function prototypes for GCC 15 compatibility (GH#112) - Silence macOS compiler warnings (GH#92) - Guard stdint.h include for portability (HP-UX 11.11) (GH#33) - Guard stdint.h include in syck_st.h for portability (GH#24) - Update ppport.h to 3.68 - Add regression tests for magical variable dumping (GH#32) - CI: modernize GitHub Actions workflow (GH#123, GH#124) - CI: add disttest job to validate MANIFEST completeness - Use %{make_build} and %{make_install} - Drop workaround for C23 incompatibility -------------------------------------------------------------------------------- References: [ 1 ] Bug #2448281 - CVE-2026-4177 perl-YAML-Syck: YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2448281 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a8d89d8ae2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key.More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
1.28.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-9cfb46ac78 2026-03-14 00:15:28.464474+00:00 -------------------------------------------------------------------------------- Name : gst-editing-services Product : Fedora 44 Version : 1.28.1 Release : 1.fc44 URL : https://cgit.freedesktop.org/gstreamer/gst-editing-services/?__goaway_challenge=meta-refresh&__goaway_id=7a456481db14f26372c90c6290a4b235 Summary : Gstreamer editing services Description : This is a high-level library for facilitating the creation of audio/video non-linear editors. -------------------------------------------------------------------------------- Update Information: 1.28.1 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 26 2026 Gwyn Ciesla - 1.28.1-1 - 1.28.1 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9cfb46ac78' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
New libpng packages are available for Slackware 15.0 and -current to fix a security issue.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libpng (SSA:2026-042-02) New libpng packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/libpng-1.6.55-i586-1_slack15.0.txz: Upgraded. Fixed a high severity security issue: Heap buffer overflow in `png_set_quantize`. Reported and fixed by Joshua Inscoe. For more information, see: https://www.cve.org/CVERecord?id=CVE-2026-25646 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libpng-1.6.55-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libpng-1.6.55-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.55-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.55-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: b8c6388882ce11d9980511d631a7081f libpng-1.6.55-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 980b9faf4fffacb2967c95501484d804 libpng-1.6.55-x86_64-1_slack15.0.txz Slackware -current package: 02382db893ab6faee7a1e58e40201bff l/libpng-1.6.55-i686-1.txz Slackware x86_64 -current package: 5cbe89190236dbdce06ab31194737284 l/libpng-1.6.55-x86_64-1.txz Installationinstructions: +------------------------+ Upgrade the package as root: # upgradepkg libpng-1.6.55-i586-1_slack15.0.txz +-----+ . New libpng packages for Slackware address a heap overflow security issue, requiring immediate updates for system protection.. libpng security fix. . Severity: Critical. LinuxSecurity.com Team
Update to 143.0.7499.40 * High CVE-2025-13630: Type Confusion in V8 * High CVE-2025-13631: Inappropriate implementation in Google Updater * High CVE-2025-13632: Inappropriate implementation in DevTools * High CVE-2025-13633: Use after free in Digital Credentials. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-a41df7ce46 2025-12-06 01:27:06.737466+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 42 Version : 143.0.7499.40 Release : 1.fc42 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 143.0.7499.40 * High CVE-2025-13630: Type Confusion in V8 * High CVE-2025-13631: Inappropriate implementation in Google Updater * High CVE-2025-13632: Inappropriate implementation in DevTools * High CVE-2025-13633: Use after free in Digital Credentials * Medium CVE-2025-13634: Inappropriate implementation in Downloads * Medium CVE-2025-13720: Bad cast in Loader * Medium CVE-2025-13721: Race in v8 * Low CVE-2025-13635: Inappropriate implementation in Downloads * Low CVE-2025-13636: Inappropriate implementation in Split View * Low CVE-2025-13637: Inappropriate implementation in Downloads * Low CVE-2025-13638: Use after free in Media Stream * Low CVE-2025-13639: Inappropriate implementation in WebRTC * Low CVE-2025-13640: Inappropriate implementation in Passwords -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 2 2025 Than Ngo - 143.0.7499.40-1 - Update to 143.0.7499.40 * High CVE-2025-13630: Type Confusion in V8 * High CVE-2025-13631: Inappropriate implementation in GoogleUpdater * High CVE-2025-13632: Inappropriate implementation in DevTools * High CVE-2025-13633: Use after free in Digital Credentials * Medium CVE-2025-13634: Inappropriate implementation in Downloads * Medium CVE-2025-13720: Bad cast in Loader * Medium CVE-2025-13721: Race in v8 * Low CVE-2025-13635: Inappropriate implementation in Downloads * Low CVE-2025-13636: Inappropriate implementation in Split View * Low CVE-2025-13637: Inappropriate implementation in Downloads * Low CVE-2025-13638: Use after free in Media Stream * Low CVE-2025-13639: Inappropriate implementation in WebRTC * Low CVE-2025-13640: Inappropriate implementation in Passwords * Mon Dec 1 2025 LuK1337 - 142.0.7444.175-5 - Backport one more Wayland DnD bug fix from upstream * Mon Nov 24 2025 Than Ngo - 142.0.7444.175-4 - Enable system libcxx - Fix link error when building with system libcxx - Apply memory-allocator-dcheck-assert-fix for aarch64 * Thu Nov 20 2025 LuK1337 - 142.0.7444.175-3 - Backport Wayland DnD bug fix from upstream -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-a41df7ce46' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
USN-7894-1 introduced a regression in EDK II. ========================================================================== Ubuntu Security Notice USN-7894-2 November 28, 2025 edk2 regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: USN-7894-1 introduced a regression in EDK II Software Description: - edk2: UEFI firmware for virtual machines Details: USN-7894-1 fixed vulnerabilities in EDK II. The update introduced a regression in the UEFI network boot. This update reverts the corresponding fixes for CVE-2023-45236 and CVE-2023-45237 pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that EDK II was susceptible to a predictable TCP Initial Sequence Number. An attacker could possibly use this issue to gain unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2023-45236, CVE-2023-45237) It was discovered that EDK II incorrectly handled S3 sleep. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-1298) It was discovered that the EDK II PE/COFF loader incorrectly handled certain memory operations. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-38796) It was discovered that the EDK II PE image hashing function incorrectly handled certain memory operations. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-38797) It was discovered that the EDK II BIOS incorrectly handled certain memory operations. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-38805, CVE-2025-2295) It was discovered that EDK IIincorrectly handled the enabling of MCE. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2025-3770) It was discovered that the OpenSSL library embedded in EDK II contained multiple vulnerabilties. An attacker could possibly use these issues to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2021-3712, CVE-2022-0778, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6237, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511, CVE-2024-41996, CVE-2024-4741, CVE-2024-5535, CVE-2024-6119, CVE-2024-9143, CVE-2025-9232) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS efi-shell-aa64 2024.02-2ubuntu0.7 efi-shell-arm 2024.02-2ubuntu0.7 efi-shell-ia32 2024.02-2ubuntu0.7 efi-shell-riscv64 2024.02-2ubuntu0.7 efi-shell-x64 2024.02-2ubuntu0.7 ovmf 2024.02-2ubuntu0.7 ovmf-ia32 2024.02-2ubuntu0.7 qemu-efi-aarch64 2024.02-2ubuntu0.7 qemu-efi-arm 2024.02-2ubuntu0.7 qemu-efi-riscv64 2024.02-2ubuntu0.7 Ubuntu 22.04 LTS ovmf 2022.02-3ubuntu0.22.04.5 ovmf-ia32 2022.02-3ubuntu0.22.04.5 qemu-efi 2022.02-3ubuntu0.22.04.5 qemu-efi-aarch64 2022.02-3ubuntu0.22.04.5 qemu-efi-arm 2022.02-3ubuntu0.22.04.5 After a standard system update you need to restart the virtual machines that use the affected firmware to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7894-2 https://ubuntu.com/security/notices/USN-7894-1 https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2133157 PackageInformation: https://launchpad.net/ubuntu/+source/edk2/2024.02-2ubuntu0.7 https://launchpad.net/ubuntu/+source/edk2/2022.02-3ubuntu0.22.04.5 . EDK II regression impacts Ubuntu 22.04 and 24.04 LTS, urging updates due to critical network boot issues.. Ubuntu security update, EDK II regression, Denial of Service issue, UEFI firmware vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Update to 142.0.7444.59 * High CVE-2025-12428: Type Confusion in V8 * High CVE-2025-12429: Inappropriate implementation in V8 * High CVE-2025-12430: Object lifecycle issue in Media * High CVE-2025-12431: Inappropriate implementation in Extensions. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-916064e307 2025-11-07 02:35:35.301825+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 41 Version : 142.0.7444.59 Release : 1.fc41 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 142.0.7444.59 * High CVE-2025-12428: Type Confusion in V8 * High CVE-2025-12429: Inappropriate implementation in V8 * High CVE-2025-12430: Object lifecycle issue in Media * High CVE-2025-12431: Inappropriate implementation in Extensions * High CVE-2025-12432: Race in V8 * High CVE-2025-12433: Inappropriate implementation in V8 * High CVE-2025-12036: Inappropriate implementation in V8 * Medium CVE-2025-12434: Race in Storage * Medium CVE-2025-12435: Incorrect security UI in Omnibox * Medium CVE-2025-12436: Policy bypass in Extensions * Medium CVE-2025-12437: Use after free in PageInfo * Medium CVE-2025-12438: Use after free in Ozone * Medium CVE-2025-12439: Inappropriate implementation in App-Bound Encryption * Low CVE-2025-12440: Inappropriate implementation in Autofill * Medium CVE-2025-12441: Out of bounds read in V8 * Medium CVE-2025-12443: Out of bounds read in WebXR * Low CVE-2025-12444: Incorrect security UI in Fullscreen UI * Low CVE-2025-12445: Policy bypass in Extensions * LowCVE-2025-12446: Incorrect security UI in SplitView * Low CVE-2025-12447: Incorrect security UI in Omnibox -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 30 2025 Than Ngo - 142.0.7444.59-1 - Update to 142.0.7444.59 * Refreshed ppc64le patches * Refreshed system-brotli patch * Refreshed clang++-unknown-argument patch * Refreshed split-threshold-for-reg-with-hint patch * Fixed some FTBFS caused by missing header files * Fixed FTBFS caused by old rust compiler * Fixed FTBFS caused by new glibc-2.42 in Rawhide * Fixed FTBFS caused by old python-3.9.x in EL8/9 * Dropped obsoleted chromium-141-el9-ffmpeg-5.x-duration.patch for old ffmpeg on EL9 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-916064e307' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that solves one vulnerability can now be installed.. # Security update for mariadb Announcement ID: SUSE-SU-2025:01716-1 Release Date: 2025-05-27T12:44:15Z Rating: moderate References: * bsc#1243356 Cross-References: * CVE-2025-21490 CVSS scores: * CVE-2025-21490 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21490 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21490 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Affected Products: * Galera for Ericsson 15 SP6 * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability can now be installed. ## Description: This update for mariadb fixes the following issues: Update to version 10.11.11. * CVE-2025-21490: vulnerability allows high privileged attacker with network access to cause hangs and frequent crashes on affected servers (bsc#1243356). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-1716=1 openSUSE-SLE-15.6-2025-1716=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1716=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-1716=1 * Galera for Ericsson 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-ERICSSON-2025-1716=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * mariadb-rpm-macros-10.11.11-150600.4.10.1 * libmariadbd19-debuginfo-10.11.11-150600.4.10.1 *mariadb-debugsource-10.11.11-150600.4.10.1 * mariadb-galera-10.11.11-150600.4.10.1 * mariadb-client-debuginfo-10.11.11-150600.4.10.1 * mariadb-test-10.11.11-150600.4.10.1 * mariadb-client-10.11.11-150600.4.10.1 * mariadb-debuginfo-10.11.11-150600.4.10.1 * mariadb-10.11.11-150600.4.10.1 * mariadb-bench-debuginfo-10.11.11-150600.4.10.1 * mariadb-test-debuginfo-10.11.11-150600.4.10.1 * libmariadbd19-10.11.11-150600.4.10.1 * libmariadbd-devel-10.11.11-150600.4.10.1 * mariadb-tools-10.11.11-150600.4.10.1 * mariadb-bench-10.11.11-150600.4.10.1 * mariadb-tools-debuginfo-10.11.11-150600.4.10.1 * openSUSE Leap 15.6 (noarch) * mariadb-errormessages-10.11.11-150600.4.10.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * mariadb-debuginfo-10.11.11-150600.4.10.1 * mariadb-debugsource-10.11.11-150600.4.10.1 * mariadb-galera-10.11.11-150600.4.10.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libmariadbd19-debuginfo-10.11.11-150600.4.10.1 * mariadb-debugsource-10.11.11-150600.4.10.1 * mariadb-client-debuginfo-10.11.11-150600.4.10.1 * mariadb-client-10.11.11-150600.4.10.1 * mariadb-debuginfo-10.11.11-150600.4.10.1 * mariadb-10.11.11-150600.4.10.1 * libmariadbd19-10.11.11-150600.4.10.1 * mariadb-tools-10.11.11-150600.4.10.1 * libmariadbd-devel-10.11.11-150600.4.10.1 * mariadb-tools-debuginfo-10.11.11-150600.4.10.1 * Server Applications Module 15-SP6 (noarch) * mariadb-errormessages-10.11.11-150600.4.10.1 * Galera for Ericsson 15 SP6 (x86_64) * mariadb-debuginfo-10.11.11-150600.4.10.1 * mariadb-debugsource-10.11.11-150600.4.10.1 * mariadb-galera-10.11.11-150600.4.10.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21490.html * https://bugzilla.suse.com/show_bug.cgi?id=1243356 . The latest mariadb update resolves a significant vulnerability in openSUSE, bolstering both security and system reliability with the newly released patch.. openSUSESecurity Update, MariaDB Patch, Network Vulnerability Fix. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.