INFOSEC – Basic

[Linux Security]

OS: Suse

SUSE: 2025:0833-2 important: the Linux Kernel Security Advisory Updates

* bsc#1208995 * bsc#1220946 * bsc#1225742 * bsc#1232472 * bsc#1232919

SUSE: 2025:0201-2 important: the Linux Kernel Security Advisory Updates

* bsc#1170891 * bsc#1173139 * bsc#1185010 * bsc#1190358 * bsc#1190428

SUSE: 2025:0577-2 important: the Linux Kernel Security Advisory Updates

* bsc#1194869 * bsc#1216813 * bsc#1223384 * bsc#1225736 * bsc#1226848

SUSE Security Advisory 2025:0833-1 Critical Issue in Kernel Identified

* bsc#1208995 * bsc#1220946 * bsc#1225742 * bsc#1232472 * bsc#1232919

OS: CentOS

CentOS 7 CESA-2024-1498 Moderate Advisory: Thunderbird Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:1498

CentOS 7 CESA-2024-1486 Critical: Firefox Security Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:1486

CentOS 7 CESA-2024-1249 Important: Kernel Critical Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:1249

CentOS 7 CESA-2024-0957 Critical Thunderbird Security Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:0957

Exploit-DB.com

[webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)

[webapps] reNgine 2.2.0 - Command Injection (Authenticated)
reNgine 2.2.0 - Command Injection (Authenticated)

[webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
dizqueTV 1.5.3 - Remote Code Execution (RCE)

[webapps] openSIS 9.1 - SQLi (Authenticated)
openSIS 9.1 - SQLi (Authenticated)

OS: Slackware

Debian 12.1: 2025-078-02 urgent: firefox security update

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues.

Slackware 15.0: 2025-063-01 critical: mozilla-firefox security update

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues.

Slackware 15.0: 2025-057-01 critical: emacs shell injection threat

New emacs packages are available for Slackware 15.0 and -current to fix security issues.

Slackware 15.0: 2025-056-02 critical: Tigervnc buffer overflow

New tigervnc packages are available for Slackware 15.0 and -current to fix security issues.

OS: Debian LTS

Debian LTS: DLA-4084-1: libmodbus Security Advisory Updates

Two separate issues where identified and have now been adressed in libmodbus. For one of the problems multiple CVE identifiers have been allocated to the same issue and all of them are mentioned below.

Debian 11: DLA-4083-1 critical: squid DoS and memory errors

Several security vulnerabilities have been discovered in Squid, a full featured web proxy cache. CVE-2024-25111

Debian 11: DLA-4082-1 critical: ruby2.7 DoS and ReDoS issues

Ruby a popular language was affected by multiple vulnerabilities CVE-2025-27219

Debian 11: DLA-4080-1 moderate: libaws insecure defaults with GnuTLS

AdaCore released a security advisory for "Insecure defaults in AWS.Client when linked with GnuTLS". The debian package of libaws is built with GnuTLS and the reproducer included in the advisory was used to confirm the (previous version of)

OS: Debian

Debian: DSA-5876-1 critical: thunderbird DoS & code execution issues

Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the stable distribution (bookworm), these problems have been fixed in

Debian DSA-5875-1: chromium critical updates on code execution threat

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

Debian Bookworm: DSA-5874-1 moderate: firefox-esr code execution

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

Debian Bookworm: DSA-5873-1 moderate: libreoffice arbitrary commands

Amel Bouziane-Leblond discovered that insufficient validation of "vnd.libreoffice.command" URI schemes could result in the execution of arbitrary macro commands.

OS: Scientific

Scientific Linux 7 SLSA-2023:6885 Critical: Python TLS Handshake Bypass

python: TLS handshake bypass (CVE-2023-40217) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6885 SL7 srpm python-0:2.7.5-94.el7_9.src x86_64 python-0:2.7.5-94.el7_9.x86_64 i386 python-libs-0:2.7.5-94.el7_9.i686 - Scientific Linux Development Team

SciLinux: SLSA-2023:6886 Critical: Plexus-Archiver File Creation Risk

plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6886 SL7 srpm plexus-archiver-0:2.4.2-6.el7_9.src noarch plexus-archiver-0:2.4.2-6.el7_9.noarch - Scientific Linux Development Team

Scientific Linux 7 Advisory SLSA-2023:5691 Critical DoS in BIND

bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:5691 SL7 srpm bind-32:9.11.4-26.P2.el7_9.15.src i386 bind-export-libs-32:9.11.4-26.P2.el7_9.15.i686 x86_64 bind-export-libs-32:9.11.4-26.P2.el7_9.15.x86_64 noarch bind-license-32:9.11.4-26.P2.el7_9.15.noarch - Scie [More...]

Scientific Linux SLSA-2023:5615 Moderate Security Issue in libssh2

libssh2: use-of-uninitialized-value in _libssh2_transport_read (CVE-2020-22218) --- This content is derived from https://access.redhat.com/errata/RHSA-2 023:5615 SL7 srpm libssh2-0:1.8.0-4.el7_9.1.src i386 libssh2-0:1.8.0-4.el7_9.1.i686 x86_64 libssh2-0:1.8.0-4.el7_9.1.x86_64 noarch libssh2-docs-0:1.8.0- 4.el7_9.1.noarch - Scientific Linux Development Team

OS: Mageia

Mageia 9 Advisory: 2025-0091 high: chromium-browser UI issues

High CVE-2025-1914: Out of bounds read in V8. Medium CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools. Medium CVE-2025-1916: Use after free in Profiles. Medium CVE-2025-1917: Inappropriate Implementation in Browser UI.

Mageia 9: MGASA-2025-0090 moderate: gpac out-of-bounds read

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. (CVE-2023-5520) Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. (CVE-2024-0321) Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

Mageia 9 MGASA-2025-0089 critical: vim code execution risk

Potential code execution with tar.vim and special crafted tar files. References: - https://bugs.mageia.org/show_bug.cgi?id=34057 - https://www.openwall.com/lists/oss-security/2025/03/02/1

Mageia 9: MGASA-2025-0088 erlang SSH packet size security issue

SSH SFTP packet size not verified properly in Erlang OTP. (CVE-2025-26618) References: - https://bugs.mageia.org/show_bug.cgi?id=34067

OS: Arch

Arch Linux: 202501-1 Critical: rsync Multiple Issues Advisory

The package rsync before version 3.4.0-1 is vulnerable to multiple issues including arbitrary code execution, arbitrary file upload, information disclosure and privilege escalation.

Arch Linux: ASA-202410-1: oath-toolkit high severity privilege escalation

The package oath-toolkit before version 2.6.12-1 is vulnerable to privilege escalation.

Arch Linux: 202407-1 High: OpenSSH Authentication Bypass Issue

The package openssh before version 9.8p1-1 is vulnerable to authentication bypass.

Arch Linux: 202403-1 Critical xz Arbitrary Code Execution

The package xz before version 5.6.1-2 is vulnerable to arbitrary code execution.

OS: Redhat

Red Hat: RHSA-2023-5538-01 Important: libvpx Heap Overflow and Crash

An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Red Hat Enterprise Linux 8.2 RHSA-2023-5527 Important: Bind DoS Risk

An update for bind is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Enterprise Linux 8.2 RHSA-2023-5534-01 Important: libvpx Issues

An update for libvpx is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Important Advisory RHSA-2023-5539-01 for libvpx Crash and Heap Overflow

An update for libvpx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

OS: Gentoo

Gentoo: GLSA 202502-01 Warning: OpenSSH Security Flaws, Access Risk

Multiple vulnerabilities have been found in OpenSSH, the worst of which could allow a remote attacker to gain unauthorized access.

Gentoo PHP Security Advisory GLSA-202501-11 High: Code Execution Risk

Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to arbitrary code execution.

Gentoo: GLSA-202501-10 High: Mozilla Firefox Arbitrary Code Exec

Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.

Gentoo: GLSA-202501-09 critical: QtWebEngine multiple issues

Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution.

OS: Fedora

Fedora 41 python-jinja2 Security Advisory FEDORA-2025-cd7f5876b2 critical

Version 3.1.6 Released 2025-03-05 The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks.

Fedora 42: 2025-5b272a55b8 critical: tree-sitter update

Update to tree-sitter 0.25.2 and emacs 30.1.

Fedora 42: rizin 2025-5b272a55b8 critical: update tree-sitter and emacs

Update to tree-sitter 0.25.2 and emacs 30.1.

Fedora 42 neovim update FEDORA-2025-5b272a55b8 critical: software update

Update to tree-sitter 0.25.2 and emacs 30.1.