Backport fixes from v1.127.1
Comment
Archive for April, 2025
152 results.
Update to 135.0.7049.52 High CVE-2025-3066: Use after free in Navigations Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs Medium CVE-2025-3068: Inappropriate implementation in Intents Medium CVE-2025-3069: Inappropriate implementation in Extensions
A security vulnerability was found in Tomcat 10, a Java based web server and servlet engine. A malicious user was able to view security sensitive files and/or inject content into those files when writes were enabled for the default servlet (disabled by default) and support for partial PUT was enabled
Jetty 9 is a Java based web server and servlet engine. Several security vulnerabilities have been discovered which may allow remote attackers to cause a denial of service by repeatedly sending crafted requests which can trigger OutofMemory errors and exhaust the server’s memory.
Several security issues were fixed in the Linux kernel.
Upgrade to 2.48.0: Move tile rendering to worker threads when rendering with the GPU. Fix preserve-3D intersection rendering. Added new function for creating Promise objects to the JavaScriptCore GLib API. The MediaRecorder backend gained WebM support (requires at least GStreamer
Several security issues were fixed in the Linux kernel.
Debian: DSA-5892-1: atop
Apr03
It was discovered that Atop, a monitor tool for system resources and process activity, always tried to connect to the port of atopgpud (an additional daemon gathering GPU statistics not shipped in Debian) while performing insufficient sanitising of the data read from this
Ubuntu 7414-1: XZ Utils
Apr03
XZ Utils could be made to crash or run programs if it opened a specially crafted file.
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the stable distribution (bookworm), these problems have been fixed in
Ubuntu 7412-1: GnuPG
Apr03
GnuPG could be made to corrupt a keyring.
Ubuntu 7411-1: OpenVPN
Apr03
OpenVPN could be made to crash if it received specially crafted network traffic.
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in the Linux kernel.
Ubuntu 7409-1: RubySAML
Apr03
Several security issues were fixed in ruby-saml.
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Updated to latest upstream (137.0)
31.0.2 release RHBZ#2345769 RHBZ#2345775 RHBZ#2350414
Security fix for CVE-2025-30472
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing.
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in the Linux kernel.
New upstream release v0.0.30 see: https://github.com/coreos/zincati/releases/tag/v0.0.30
Updated to latest upstream (137.0)
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in the Linux kernel.
Update DokuWiki to release 2024-02-06b “Kaos”, update dependencies accordingly
Update DokuWiki to release 2024-02-06b “Kaos”, update dependencies accordingly