Domain Name Validation Bypass with Apple Native Certificate Validation

In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated in applications that are both using RAND_bytes() and doing fork() operations. This only affects applications explicitly calling RAND_bytes() after fork() and does not affect any internal TLS operations. Although RAND_bytes() documentation in OpenSSL calls out not being safe for use with fork() without first calling RAND_poll(), an additional code change was also made in wolfSSL to make RAND_bytes() behave similar to OpenSSL after a fork() call without calling RAND_poll(). Now the Hash-DRBG used gets reseeded after detecting running in a new process. If making use of RAND_bytes() and calling fork() we recommend updating to the latest version of wolfSSL. Thanks to Per Allansson from Appgate for the report.

Gdk‑pixbuf: heap‑buffer‑overflow in gdk‑pixbuf

on-headers vulnerable to http response header manipulation

mruby nregs codegen.c scope_new heap-based overflow

HDF5 H5FSsection.c H5FS__sect_link_size heap-based overflow

HDF5 H5FL.c H5FL__malloc memory leak

HDF5 H5FScache.c H5FS__sinfo_serialize_node_cb heap-based overflow

Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()

Integer Truncation on SQLite

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.

In GnuPG through 2.4.8, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.

irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()

mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()

NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags

crypto: starfive - Correctly handle return of sg_nents_for_len

wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()

backlight: led-bl: Add devlink to supplier LEDs

drm/vgem-fence: Fix potential deadlock on release