GNU C Library could be made to crash or run programs if it received specially crafted input.
Comment
Archive for February, 2025
132 results.
Update to 20240116.3 Fix potential integer overflow in hash container create/resize
Update to 1.17.3 Fixes CVE-2024-0134 or GHSA-7jm9-xpwx-v999 Fixes CVE-2024-0135 or GHSA-9v84-cc9j-pxr6, CVE-2024-0136 or GHSA- vcfp-63cx-4h59, and CVE-2024-0137 or GHSA-frhw-w3wm-6cw4
Add code to deal with sched_setattr() not being exported in glibc 2.41 Address CVE-2024-54159 denial of services via symlink attack
New ASPA support is now always compiled in and available if enable-aspa is set. The aspa Cargo feature has been removed. (#990) If merging mutliple ASPA objects for a single customer ASN results in more than 16,380 provider ASNs, the ASPA is dropped. (Note that ASPA objects with more
Security fix for CVE-2023-52892, CVE-2024-27354
update to 1.33.0
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the stable distribution (bookworm), these problems have been fixed in
Updated to latest upstream (135.0)
Fix CVE-2025-0781
January CPU 2025
Fix CVE-2025-0781
GNU C Library could be made to crash or run programs if it received specially crafted input.
Several security issues were fixed in Ruby.
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Several security issues were fixed in CKEditor.
Fix for CVE-2025-0781
Fix for CVE-2025-0781
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
OpenJDK 23 could be made to expose sensitive information over the network.
OpenJDK 21 could be made to expose sensitive information over the network.
OpenJDK 17 could be made to expose sensitive information over the network.
OpenJDK 11 could be made to expose sensitive information over the network.
USN-7096-1 caused some minor regressions in OpenJDK 8.
A system authentication measure could be bypassed.
This release contains a number of small improvements and bugfixes, including mitigations for the LOW severity vulnerability CVE-2025-24356. Bugfixes Add mitigations for fast-reconnect amplification attacks When receiving a data packet from an unknown IP address/port combination, fastd
Rebuilt against golang-x-net 0.33.0 for CVE-2024-45338
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in the Linux kernel.