FFmpeg could be made to crash if it opened a specially crafted file.
Comment
Archive for November, 2025
137 results.
upgraded to 0.25.3 fixes open bugs, CVEs, etc
Backport security fix for GHSA-wf5f-4jwr-ppcp / CVE-2025-64512
upstream bugfix/security release
Backport security fix for GHSA-wf5f-4jwr-ppcp / CVE-2025-64512
upgraded to 0.25.3 fixes open bugs, CVEs, etc
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the oldstable distribution (bookworm), these problems have been fixed
Update to 142.0.7444.162 * High CVE-2025-13042: Inappropriate implementation in V8
Update to 9.21.14 (rhbz#2394406) Security Fixes: DNSSEC validation fails if matching but invalid DNSKEY is found. (CVE-2025-8677) Address various spoofing attacks. (CVE-2025-40778) Cache-poisoning due to weak pseudo-random number generator. (CVE-2025-40780)
Keane O’Kelley discovered several vulnerabilities in lasso, a library implementing Liberty Alliance and SAML protocols, which could result in denial of service or the execution of arbitrary code.
Update to 1.10.7
Update to v1.7.29
Update to v0.25.2 CVE-2025-58183; Resolves: rhbz#2412529 CVE-2025-58188; Resolves: rhbz#2412380, rhbz#2411476, rhbz#2410945 CVE-2025-58185; Resolves: rhbz#2410578, rhbz#2410299, rhbz#2410013 CVE-2025-61723; Resolves: rhbz#2409627, rhbz#2409349, rhbz#2409065
Update to 2.53.22
It was discovered that LXD, a system container and virtual machine manager, is prone to a local privilege escalation vulnerability if unprivileged users are allowed to access LXD through lxd-user.
A vulnerability was discovered in the ec2tokens and s3tokens APIs of Keystone, the OpenStack identity service, which may result in authorisation bypass or privilege escalation if /v3/ec2tokens or /v3/s3tokens are reachable by unauthenticated clients.
The system could be made to expose sensitive information.
Several security issues were fixed in the Linux kernel.
A security issue was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Update to Rack 2.2.21
Update to WebKitGTK 2.50.1: Improve text rendering performance. Fix audio playback broken on instagram. Fix rendering of layers with fractional transforms. Fix several crashes and rendering issues.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy.
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in Bind.
Update to 142.0.7444.134 * High CVE-2025-12725: Out of bounds write in WebGPU * High CVE-2025-12726: Inappropriate implementation in Views * High CVE-2025-12727: Inappropriate implementation in V8 * Medium CVE-2025-12728: Inappropriate implementation in Omnibox
Upgrade to Ruby 3.4.7. Fix URI Credential Leakage Bypass previous fixes. Resolves: CVE-2025-61594 Fix REXML denial of service. Resolves: rhbz#2396204
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Two security issues were discovered in sudo-rs, a Rust-based implemention of sudo (and su), which could result in the local disclosure of partially typed passwords or an authentication bypass in some targetpw/rootpw configurations.
This is the October 2025 release of .NET 8. Release Notes: SDK: https://github.com/dotnet/core/blob/main/release- notes/8.0/8.0.21/8.0.121.md Runtime: https://github.com/dotnet/core/blob/main/release-
Update to WebKitGTK 2.50.1: Improve text rendering performance. Fix audio playback broken on instagram. Fix rendering of layers with fractional transforms. Fix several crashes and rendering issues.