Multiple security issues were discovered in the Rails web framework which could result cross-site scripting, information disclosure, denial of service or bypass of content security policies.
Comment
Archive for March, 2025
75 results.
An out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files was discovered in FreeType, which may result in the execution of arbitrary code when processing specially crafted fonts.
FreeType could be made to crash or run programs if it opened a specially crafted font file.
Several security issues were fixed in X.Org X Server.
Update to upstream 20250311: amdgpu: many firmware updates qcom: Update gpu firmwares for qcs8300 chipset add firmware for qat_420xx devices amdgpu: DMCUB updates for various ASICs
patchlevel 1202 Security fix for CVE-2025-29768
Alexander Tan discovered that the OpenSAML C++ library was susceptible to forging of signed SAML messages. For additional details please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20250313.txt
patchlevel 1202 Security fix for CVE-2025-29768
Latest maintenance release from 7.1 branch. Changelog: https://github.com/FFmpeg/FFmpeg/blob/n7.1.1/Changelog . Contains backported fix for CVE-2025-22921.
Update to 134.0.6998.88 High CVE-2025-1920: Type Confusion in V8 High CVE-2025-2135: Type Confusion in V8 Medium CVE-2025-2136: Use after free in Inspector Medium CVE-2025-2137: Out of bounds read in V8
deadlock potential with VT-d and legacy PCI device pass-through [XSA-467, CVE-2025-1713]
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service or HTTP request smuggling.
Several security issues were fixed in the Linux kernel.
Changes with Apache Traffic Server 9.2.9 #12071 – Fix chunked pipelined requests #12075 – Fix send 100 Continue optimization for GET #12077 – Fix intercept plugin ignoring ACL #12079 – ACL combination tests for 9.2.x
Update to 128.8.0 https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/ https://www.thunderbird.net/en-US/thunderbird/128.8.0esr/releasenotes/
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in the Linux kernel.
Fixes for xorg-x11-server CVEs.
Unbundle libxml.
USN-7343-1 introduced a regression in Jinja2.
Several security issues were fixed in UnRAR.
Several security issues were fixed in RAR.
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Several security issues were fixed in Netatalk.
USN-7299-2 caused a regression in X.Org X Server.
Vyper ver. 0.4.1 Another one small fix Fix for a few known issues
Update to 128.8.0 https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/ https://www.thunderbird.net/en-US/thunderbird/128.8.0esr/releasenotes/
Several security issues were fixed in the Linux kernel.