ChangeLog for: 2025-06-24 20:42:23
a/btrfs-progs-6.15-x86_64-1.txz: Upgraded.
a/cryptsetup-2.8.0-x86_64-1.txz: Upgraded.
a/util-linux-2.41.1-x86_64-1.txz: Upgraded.
l/libssh-0.11.2-x86_64-1.txz: Upgraded.
This update fixes security issues:
Write beyond bounds in binary to base64 conversion.
Use of uninitialized variable in privatekey_from_file().
Likely read beyond bounds in sftp server handle management.
Double free in functions exporting keys.
ssh_kdf() returns a success code on certain failures.
Likely read beyond bounds in sftp server message decoding.
Invalid return code for chacha20 poly1305 with OpenSSL.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2025-4877
https://www.cve.org/CVERecord?id=CVE-2025-4878
https://www.cve.org/CVERecord?id=CVE-2025-5318
https://www.cve.org/CVERecord?id=CVE-2025-5351
https://www.cve.org/CVERecord?id=CVE-2025-5372
https://www.cve.org/CVERecord?id=CVE-2025-5449
https://www.cve.org/CVERecord?id=CVE-2025-5987
(* Security fix *)
l/mujs-1.3.7-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-140.0esr-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements, and moves to the new
Firefox 140 ESR branch. See the release notes for details about some of the
new features.
For more information, see:
https://www.mozilla.org/en-US/firefox/140.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2025-51
https://www.cve.org/CVERecord?id=CVE-2025-6424
https://www.cve.org/CVERecord?id=CVE-2025-6425
https://www.cve.org/CVERecord?id=CVE-2025-6426
https://www.cve.org/CVERecord?id=CVE-2025-6427
https://www.cve.org/CVERecord?id=CVE-2025-6428
https://www.cve.org/CVERecord?id=CVE-2025-6429
https://www.cve.org/CVERecord?id=CVE-2025-6430
https://www.cve.org/CVERecord?id=CVE-2025-6431
https://www.cve.org/CVERecord?id=CVE-2025-6432
https://www.cve.org/CVERecord?id=CVE-2025-6433
https://www.cve.org/CVERecord?id=CVE-2025-6434
https://www.cve.org/CVERecord?id=CVE-2025-6435
https://www.cve.org/CVERecord?id=CVE-2025-6436
(* Security fix *)