This release contains fixes for the following vulnerabilities:
-
- CVE-2020-26154: libproxy: sending more than 102400 bytes in PAC without a Content-Length present could result in buffer overflow
-
- CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password
- CVE-2024-10963: pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass
-
- CVE-2024-9287: python: Virtual environment (venv) activation scripts don’t quote paths
- CVE-2024-11168: python: Improper validation of IPv6 and IPvFuture addresses
-
- CVE-2024-10976: postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes
- CVE-2024-10978: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID
- CVE-2024-10979: postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code
-
- CVE-2024-50612: libsndfile: Segmentation fault error in ogg_vorbis.c:417 vorbis_analysis_wrote()
-
- CVE-2024-6655: gtk3: gtk2: Library injection from CWD
-
- CVE-2024-4032: python: incorrect IPv4 and IPv6 private ranges
- CVE-2024-6232: python: cpython: tarfile: ReDos via excessive backtracking while parsing header values
- CVE-2024-6923: cpython: python: email module doesn’t properly quotes newlines in email headers, allowing header injection
-
- CVE-2024-5742: nano: running
chmodandchownon the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file
- CVE-2024-5742: nano: running
-
- CVE-2024-45490: libexpat: Negative Length Parsing Vulnerability in libexpat
- CVE-2024-45491: libexpat: Integer Overflow or Wraparound
- CVE-2024-45492: libexpat: integer overflow
-
- CVE-2024-5535: openssl: SSL_select_next_proto buffer overread
-
- CVE-2023-48161: giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function
- CVE-2024-21208: JDK: HTTP client improper handling of maxHeaderSize (8328286)
- CVE-2024-21210: JDK: Array indexing integer overflow (8328544)
- CVE-2024-21217: JDK: Unbounded allocation leads to out-of-memory error (8331446)
- CVE-2024-21235: JDK: Integer conversion error leads to incorrect range check (8332644)
-
- CVE-2024-7006: libtiff: NULL pointer dereference in tif_dirinfo.c
-
- CVE-2024-3596: freeradius: forgery attack
-
- CVE-2019-12900: bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).
-
- CVE-2024-50602: libexpat: expat: DoS via XML_ResumeParser
-
- CVE-2024-52530: libsoup: HTTP request smuggling via stripping null bytes from the ends of header names
- CVE-2024-52532: libsoup: infinite loop while reading websocket data
-
- CVE-2024-35195: requests: subsequent requests to the same host ignore cert verification
-
- CVE-2024-47175: cups: libppd: remote command injection via attacker controlled data in PPD file
-
- CVE-2024-53580: iperf: Denial of Service in iperf Due to Improper JSON Handling
-
- CVE-2024-3661: DHCP: DHCP routing options can manipulate interface-based VPN traffic
-
- CVE-2024-12085: rsync: Info Leak via Uninitialized Stack Contents
-
- CVE-2024-56326: jinja2: Jinja has a sandbox breakout through indirect reference to format method
-
- CVE-2019-12900: bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).
-
- CVE-2024-1488: unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation
- CVE-2024-8508: unbound: Unbounded name compression could lead to Denial of Service
-
- CVE-2024-52531: libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict
-
- CVE-2020-11023: jquery: Untrusted code execution viatag in HTML passed to DOM manipulation methods
-
- CVE-2022-49043: libxml: use-after-free in xmlXIncludeAddNode
-
- CVE-2024-11187: bind: bind9: Many records in the additional section cause CPU exhaustion
-
- CVE-2025-1094: postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
-
- CVE-2024-12087: rsync: Path traversal vulnerability in rsync
- CVE-2024-12088: rsync: –safe-links option bypass leads to path traversal
- CVE-2024-12747: rsync: Race Condition in rsync Handling Symbolic Links
-
- CVE-2024-56171: libxml2: Use-After-Free in libxml2
- CVE-2025-24928: libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2
-
- CVE-2025-24528: krb5: overflow when calculating ulog block size
-
- CVE-2025-0624: grub2: net: Out-of-bounds write in grub_net_search_config_file()
-
- CVE-2025-27516: jinja2: Jinja sandbox breakout through attr filter selecting format method
-
- CVE-2025-27363: freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and variable font files
-
- CVE-2024-55549: libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList)
- CVE-2025-24855: libxslt: Use-After-Free in libxslt numbers.c
-
- CVE-2025-0395: glibc: buffer overflow in the GNU C Library’s assert()
-
- CVE-2025-21587: openjdk: Better TLS connection support (Oracle CPU 2025-04)
- CVE-2025-30691: openjdk: Improve compiler transformations (Oracle CPU 2025-04)
- CVE-2025-30698: openjdk: Enhance Buffered Image handling (Oracle CPU 2025-04)
-
- CVE-2024-8176: libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat
-
- CVE-2024-12133: libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS
Comments
Please sign in to leave a comment.