Explore top 10 tips to secure your open-source projects now. Read More
×
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-8814 http://linux.oracle.com/errata/ELSA-2025-8814.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: aspnetcore-runtime-8.0-8.0.17-1.0.1.el10_0.x86_64.rpm aspnetcore-runtime-dbg-8.0-8.0.17-1.0.1.el10_0.x86_64.rpm aspnetcore-targeting-pack-8.0-8.0.17-1.0.1.el10_0.x86_64.rpm dotnet-apphost-pack-8.0-8.0.17-1.0.1.el10_0.x86_64.rpm dotnet-hostfxr-8.0-8.0.17-1.0.1.el10_0.x86_64.rpm dotnet-runtime-8.0-8.0.17-1.0.1.el10_0.x86_64.rpm dotnet-runtime-dbg-8.0-8.0.17-1.0.1.el10_0.x86_64.rpm dotnet-sdk-8.0-8.0.117-1.0.1.el10_0.x86_64.rpm dotnet-sdk-8.0-source-built-artifacts-8.0.117-1.0.1.el10_0.x86_64.rpm dotnet-sdk-dbg-8.0-8.0.117-1.0.1.el10_0.x86_64.rpm dotnet-targeting-pack-8.0-8.0.17-1.0.1.el10_0.x86_64.rpm dotnet-templates-8.0-8.0.117-1.0.1.el10_0.x86_64.rpm aarch64: aspnetcore-runtime-8.0-8.0.17-1.0.1.el10_0.aarch64.rpm aspnetcore-runtime-dbg-8.0-8.0.17-1.0.1.el10_0.aarch64.rpm aspnetcore-targeting-pack-8.0-8.0.17-1.0.1.el10_0.aarch64.rpm dotnet-apphost-pack-8.0-8.0.17-1.0.1.el10_0.aarch64.rpm dotnet-hostfxr-8.0-8.0.17-1.0.1.el10_0.aarch64.rpm dotnet-runtime-8.0-8.0.17-1.0.1.el10_0.aarch64.rpm dotnet-runtime-dbg-8.0-8.0.17-1.0.1.el10_0.aarch64.rpm dotnet-sdk-8.0-8.0.117-1.0.1.el10_0.aarch64.rpm dotnet-sdk-8.0-source-built-artifacts-8.0.117-1.0.1.el10_0.aarch64.rpm dotnet-sdk-dbg-8.0-8.0.117-1.0.1.el10_0.aarch64.rpm dotnet-targeting-pack-8.0-8.0.17-1.0.1.el10_0.aarch64.rpm dotnet-templates-8.0-8.0.117-1.0.1.el10_0.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/dotnet8.0-8.0.117-1.0.1.el10_0.src.rpm Related CVEs: CVE-2025-30399 Description of changes: [8.0.117-1.0.1] - Add support for Oracle Linux [8.0.117-1] - Update to .NET SDK 8.0.117 and Runtime 8.0.17 - Resolves: RHEL-94416 [8.0.116-2] - Update to .NET SDK 8.0.116 and Runtime 8.0.16 - Resolves: RHEL-89447 [8.0.115-2] - Update to .NETSDK 8.0.115 and Runtime 8.0.15 - Resolves: RHEL-85275 [8.0.114-2] - Update to .NET SDK 8.0.114 and Runtime 8.0.14 - Resolves: RHEL-81643 _______________________________________________ El-errata mailing list
Perl could be made to crash or run programs if it processed specially crafted data.. ========================================================================== Ubuntu Security Notice USN-7434-1 April 14, 2025 perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Perl could be made to crash or run programs if it processed specially crafted data. Software Description: - perl: Practical Extraction and Report Language Details: It was discovered that Perl incorrectly handled transliterating non-ASCII bytes. A remote attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 perl 5.38.2-5ubuntu0.1 Ubuntu 24.04 LTS perl 5.38.2-3.2ubuntu0.1 Ubuntu 22.04 LTS perl 5.34.0-3ubuntu1.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7434-1 CVE-2024-56406 Package Information: https://launchpad.net/ubuntu/+source/perl/5.38.2-5ubuntu0.1 https://launchpad.net/ubuntu/+source/perl/5.38.2-3.2ubuntu0.1 https://launchpad.net/ubuntu/+source/perl/5.34.0-3ubuntu1.4 . A critical Perl vulnerability impacts Ubuntu versions 18.04, 20.04, and 22.04, allowing potential unauthorized access. Users must update promptly for security.. Ubuntu Perl Threat, Denial of Service Issue, Remote Code Execution Fix. . Severity: Critical. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # python312-3.12.9-2.1 on GA media Announcement ID: openSUSE-SU-2025:14873-1 Rating: moderate Cross-References: * CVE-2025-1795 CVSS scores: * CVE-2025-1795 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-1795 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the python312-3.12.9-2.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * python312 3.12.9-2.1 * python312-32bit 3.12.9-2.1 * python312-curses 3.12.9-2.1 * python312-dbm 3.12.9-2.1 * python312-idle 3.12.9-2.1 * python312-tk 3.12.9-2.1 * python312-x86-64-v3 3.12.9-2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-1795.html . An important advisory for openSUSE Tumbleweed's python312 package addressing a moderate security issue identified as CVE-2025-1795.. update, solves, vulnerability, installed, python312-3, media. . LinuxSecurity.com Team
An update that solves 10 vulnerabilities can now be installed.. # MozillaThunderbird-128.8.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:14853-1 Rating: moderate Cross-References: * CVE-2024-43097 * CVE-2025-1930 * CVE-2025-1931 * CVE-2025-1932 * CVE-2025-1933 * CVE-2025-1934 * CVE-2025-1935 * CVE-2025-1936 * CVE-2025-1937 * CVE-2025-1938 CVSS scores: * CVE-2024-43097 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-43097 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-1930 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H * CVE-2025-1930 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-1931 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2025-1931 ( SUSE ): 7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-1932 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H * CVE-2025-1932 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-1933 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2025-1933 ( SUSE ): 7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-1934 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-1934 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-1935 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-1935 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-1936 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-1936 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-1937 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-1937 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-1938 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-1938 ( SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves 10 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the MozillaThunderbird-128.8.0-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * MozillaThunderbird 128.8.0-1.1 * MozillaThunderbird-openpgp-librnp 128.8.0-1.1 * MozillaThunderbird-translations-common 128.8.0-1.1 * MozillaThunderbird-translations-other 128.8.0-1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-43097.html * https://www.suse.com/security/cve/CVE-2025-1930.html * https://www.suse.com/security/cve/CVE-2025-1931.html * https://www.suse.com/security/cve/CVE-2025-1932.html * https://www.suse.com/security/cve/CVE-2025-1933.html * https://www.suse.com/security/cve/CVE-2025-1934.html * https://www.suse.com/security/cve/CVE-2025-1935.html * https://www.suse.com/security/cve/CVE-2025-1936.html * https://www.suse.com/security/cve/CVE-2025-1937.html * https://www.suse.com/security/cve/CVE-2025-1938.html . Crucial patch release for Mozilla Thunderbird tackling numerous vulnerabilities on openSUSE Tumbleweed, reinforcing overall system safety.. Mozilla Thunderbird, OpenSUSE Tumbleweed, Security Update, Software Security. . Severity: Important. LinuxSecurity.com Team
Update to 133.0.6943.126 CVE-2025-0999: Heap buffer overflow in V8 CVE-2025-1426: Heap buffer overflow in GPU CVE-2025-1006: Use after free in Network. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-acbfdd26a1 2025-02-24 01:20:35.562450+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 41 Version : 133.0.6943.126 Release : 1.fc41 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 133.0.6943.126 CVE-2025-0999: Heap buffer overflow in V8 CVE-2025-1426: Heap buffer overflow in GPU CVE-2025-1006: Use after free in Network -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 19 2025 Than Ngo - 133.0.6943.126-1 - Update to 133.0.6943.126 * CVE-2025-0999: Heap buffer overflow in V8 * CVE-2025-1426: Heap buffer overflow in GPU * CVE-2025-1006: Use after free in Network -------------------------------------------------------------------------------- References: [ 1 ] Bug #2346759 - CVE-2025-0999 chromium: From CVEorg collector [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2346759 [ 2 ] Bug #2346761 - CVE-2025-1426 chromium: From CVEorg collector [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2346761 [ 3 ] Bug #2346763 - CVE-2025-1006 chromium: From CVEorg collector [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2346763 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-acbfdd26a1' at thecommand line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
* bsc#1235206 * bsc#1235574 * bsc#1236559 * bsc#1236734 . # Security update for grafana Announcement ID: SUSE-SU-2025:0622-1 Release Date: 2025-02-21T10:59:57Z Rating: important References: * bsc#1235206 * bsc#1235574 * bsc#1236559 * bsc#1236734 Cross-References: * CVE-2024-11741 * CVE-2024-28180 * CVE-2024-45339 * CVE-2025-21613 CVSS scores: * CVE-2024-11741 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-11741 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-11741 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-28180 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-28180 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-28180 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-45339 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-45339 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-45339 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-21613 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21613 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear * CVE-2025-21613 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Desktop 12 * SUSE Linux Enterprise Desktop 12 SP1 * SUSE Linux Enterprise Desktop 12 SP2 * SUSE Linux Enterprise Desktop 12 SP3 * SUSE Linux Enterprise Desktop 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSELinux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 * SUSE Manager Client Tools for SLE 12 An update that solves four vulnerabilities can now be installed. ## Description: This update for grafana fixes the following issues: grafana was updated from version 10.4.13 to 10.4.15: * Security issues fixed: * CVE-2024-45339: Fixed vulnerability when creating log files (bsc#1236559) * CVE-2024-11741: Fixed the Grafana Alerting VictorOps integration (bsc#1236734) * CVE-2025-21613: Removed vulnerable library github.com/go-git/go-git/v5 (bsc#1235574) * CVE-2024-28180: Fixed improper handling of highly compressed data (bsc#1235206) * Other bugs fixed and changes: * Alerting: Do not fetch Orgs if the user is authenticated by apikey/sa or render key * Added provisioning directories * Use /bin/bash in wrapper scripts ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 12 zypper in -t patch SUSE-SLE-Manager-Tools-12-2025-622=1 ## Package List: * SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64) * grafana-10.4.15-1.71.1 ## References: * https://www.suse.com/security/cve/CVE-2024-11741.html * https://www.suse.com/security/cve/CVE-2024-28180.html * https://www.suse.com/security/cve/CVE-2024-45339.html *https://www.suse.com/security/cve/CVE-2025-21613.html * https://bugzilla.suse.com/show_bug.cgi?id=1235206 * https://bugzilla.suse.com/show_bug.cgi?id=1235574 * https://bugzilla.suse.com/show_bug.cgi?id=1236559 * https://bugzilla.suse.com/show_bug.cgi?id=1236734 . Address major security risks within Grafana following the recent SUSE advisory to enhance system resilience.. SUSE Linux Desktop, Grafana Security Update, Important Patch, Security Fix. . Severity: Important. LinuxSecurity.com Team
Redis' Lua library commands may lead to remote code execution. (CVE-2024-46981) Redis allows denial-of-service due to malformed ACL selectors. (CVE-2024-51741) . MGASA-2025-0033 - Updated redis packages fix security vulnerabilities Publication date: 03 Feb 2025 URL: https://advisories.mageia.org/MGASA-2025-0033.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-46981, CVE-2024-51741 Redis' Lua library commands may lead to remote code execution. (CVE-2024-46981) Redis allows denial-of-service due to malformed ACL selectors. (CVE-2024-51741) References: - https://bugs.mageia.org/show_bug.cgi?id=33924 - https://lists.fedoraproject.org/archives/list/
* bsc#1229221 Cross-References: * CVE-2024-42353 . # Security update for python-WebOb Announcement ID: SUSE-SU-2024:2970-1 Rating: moderate References: * bsc#1229221 Cross-References: * CVE-2024-42353 CVSS scores: * CVE-2024-42353 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for python-WebOb fixes the following issues: * CVE-2024-42353: Fixed open redirect via WebOb's Response object in Location header (bsc#1229221) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-2970=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2970=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-WebOb-1.8.7-150400.11.6.1 * openSUSE Leap 15.6 (noarch) * python311-WebOb-1.8.7-150400.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-42353.html * https://bugzilla.suse.com/show_bug.cgi?id=1229221 . A security patch for Python-WebOb resolves a critical open redirect vulnerability affecting openSUSE Leap 15.4 and 15.6. Ensure patch is applied swiftly.. python-WebOb Security Advisory, openSUSE Update, software security risk. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.