The nginx development team reports:
+++ +This update fixes the SSL session reuse vulnerability.
+
Qt qtwebengine-chromium repo reports:
+++ +Backports for 9 security bugs in Chromium:
++
+- CVE-2024-12693: Out of bounds memory access in V8
+- CVE-2024-12694: Use after free in Compositing
+- CVE-2025-0436: Integer overflow in Skia
+- CVE-2025-0437: Out of bounds read in Metrics
+- CVE-2025-0438: Stack buffer overflow in Tracing
+- CVE-2025-0441: Inappropriate implementation in Fenced Frames
+- CVE-2025-0443: Insufficient data validation in Extensions
+- CVE-2025-0447: Inappropriate implementation in Navigation
+- CVE-2025-0611: Object corruption in V8
+
Chrome Releases reports:
+++ +This update includes 2 security fixes:
++
+- [384844003] Medium CVE-2025-0762: Use after free in DevTools. Reported by Sakana.S on 2024-12-18
+
Dendrite team reports:
+++ +This is a security release, gomatrixserverlib was vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions.
+
In some cases, the ktrace facility will log the contents of + kernel structures to userspace. In one such case, ktrace dumps a + variable-sized sockaddr to userspace. There, the full sockaddr is + copied, even when it is shorter than the full size. This can result + in up to 14 uninitialized bytes of kernel memory being copied out + to userspace.
+It is possible for an unprivileged userspace program to leak + 14 bytes of a kernel heap allocation to userspace.
+ +When etcupdate encounters conflicts while merging files, it + saves a version containing conflict markers in /var/db/etcupdate/conflicts. + This version does not preserve the mode of the input file, and is + world-readable. This applies to files that would normally have + restricted visibility, such as /etc/master.passwd.
+An unprivileged local user may be able to read encrypted root + and user passwords from the temporary master.passwd file created + in /var/db/etcupdate/conflicts. This is possible only when conflicts + within the password file arise during an update, and the unprotected + file is deleted when conflicts are resolved.
+ +In order to export a file system via NFS, the file system must + define a file system identifier (FID) for all exported files. Each + FreeBSD file system implements operations to translate between FIDs + and vnodes, the kernel's in-memory representation of files. These + operations are VOP_VPTOFH(9) and VFS_FHTOVP(9).
+On 64-bit systems, the implementation of VOP_VPTOFH() in the + cd9660, tarfs and ext2fs filesystems overflows the destination FID + buffer by 4 bytes, a stack buffer overflow.
+A NFS server that exports a cd9660, tarfs, or ext2fs file system + can be made to panic by mounting and accessing the export with an + NFS client. Further exploitation (e.g., bypassing file permission + checking or remote kernel code execution) is potentially possible, + though this has not been demonstrated. In particular, release + kernels are compiled with stack protection enabled, and some instances + of the overflow are caught by this mechanism, causing a panic.
+ +A logic error in the ssh(1) ObscureKeystrokeTiming feature (on + by default) rendered this feature ineffective.
+A passive observer could detect which network packets contain + real keystrokes, and infer the specific characters being transmitted + from packet timing.
+ +Golang reports:
+++ +This update include security fixes:
++
+- CVE-2024-45338: Non-linear parsing of case-insensitive content
+