Update to 133.0.6943.126 CVE-2025-0999: Heap buffer overflow in V8 CVE-2025-1426: Heap buffer overflow in GPU CVE-2025-1006: Use after free in Network
Comment
Archive for February, 2025
132 results.
This update addresses a null pointer dereferencing issue that could cause the session for a client that sent specially-crafted commands to the server to crash (not the sessions of other clients).
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Update to 3.12.9
The newest upstream commit Security fix for CVE-2025-26603
Libtasn1 could be made to crash if it received specially crafted network traffic.
GnuTLS could be made to consume resources if it decoded specially crafted certificates.
Python could allow Server-Side Request Forgery attacks.
Several security issues were fixed in WebKitGTK.
Several security issues were fixed in OpenSSL.
The 6.12.15 stable kernel update contains a number of important fixes across the tree. The 6.12.14 stable kernel update contains a number of important fixes across the tree.
Includes CVE fixes.
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in libsndfile.
Automatic update for bootc-1.1.5-1.fc41. Changelog for bootc * Mon Feb 10 2025 Packit
OpenSSH could be made to bypass the server identity check.
Libtasn1 could be made to crash if it received specially crafted network traffic.
Atril could be made to crash or run programs as your login if it opened a specially crafted file.
Several security issues were fixed in OpenSSH.
The Qualys Threat Research Unit (TRU) discovered that the OpenSSH client is vulnerable to a machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (disabled by default).
Bing Shi reported a flaw in GnuTLS, a library implementing the TLS and SSL protocols. Inefficient processing of certificates containing numerous names or name constraints may result in a denial of service.
Several security issues were fixed in Intel Microcode.
Update to upstream 2.1-48. 20250211 Addition of 06-bf-06/0x07 microcode (in intel-ucode/06-97-02) at revision 0x38; Addition of 06-bf-07/0x07 microcode (in intel-ucode/06-97-02) at revision 0x38; Addition of 06-bf-06/0x07 microcode (in intel-ucode/06-97-05) at revision 0x38; Addition of 06-bf-07/0x07 microcode (in intel-ucode/06-97-05) at revision 0x38;
Update to 133.0.6943.98 CVE-2025-0995: Use after free in V8 CVE-2025-0996: Inappropriate implementation in Browser UI CVE-2025-0997: Use after free in Navigation CVE-2025-0998: Out of bounds memory access in V8
Update to 133.0.6943.98 CVE-2025-0995: Use after free in V8 CVE-2025-0996: Inappropriate implementation in Browser UI CVE-2025-0997: Use after free in Navigation CVE-2025-0998: Out of bounds memory access in V8
Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Bugfix: in the ngx_http_mp4_module.
Latest upstream release. It adds support for tiles and fixes reading images generated by iOS 18+. See https://github.com/strukturag/libheif/releases for more details about the changes since 1.17.6. NOTE: heif-convert tool was renamed to heif-dec. How to test:
Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Bugfix: in the ngx_http_mp4_module.
This year is set to be transformative for WordPress, yet many decision-makers risk overlooking the immense opportunities ahead. Our new “WordPress in 2025” report highlights why WordPress should be a cornerstone of your long-term strategy. Stay ahead of the curve—read the report now to see how WordPress can drive growth and innovation for your business in the […]