Rocky Linux Updates in ASCG 3.3.0a (OVA)

Brocade ASC-Gateway OVA

0 more products

36216

15 October 2025

15 October 2025

CLOSED

MEDIUM

Varies

Multiple

Brocade Security Advisory ID

BSA-2025-3100

Component

Rocky Linux

 

 

Summary

Multiple Rocky Linux updates applied to Brocade ASCG 3.3.0a

RockyLinux 8: perl [RLSA-2025:11805]

  • perl: Perl threads have a working directory race condition where file operations may target unintended paths (CVE-2025-40909)

RockyLinux 8: libxslt [RLSA-2025:3615]

  • libxslt: Use-After-Free in libxslt numbers.c (CVE-2025-24855)
  • libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList) (CVE-2024-55549)

RockyLinux 8: sqlite [RLSA-2025:12010]

  • sqlite: Integer Truncation in SQLite (CVE-2025-6965)

RockyLinux 8: glibc [RLSA-2025:8686]

  • glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH (CVE-2025-4802)

RockyLinux 8: libblockdev [RLSA-2025:9878]

  • libblockdev: LPE from allow_active to root in libblockdev via udisks (CVE-2025-6019)

RockyLinux 8: libsoup [RLSA-2025:4560]

  • libsoup: Integer overflow in append_param_quoted (CVE-2025-32050)
  • libsoup: Heap buffer overflow in sniff_unknown() (CVE-2025-32052)
  • libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (CVE-2025-32053)
  • libsoup: Out of bounds reads in soup_headers_parse_request() (CVE-2025-32906)
  • libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value (CVE-2025-32911)
  • libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header (CVE-2025-32913)
  • libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server (CVE-2025-46421)
  • libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c (CVE-2025-46420)
  • libsoup: Integer overflow in append_param_quoted [rhel-8.10.z] (CVE-2025-32050)
  • libsoup: Heap buffer overflow in sniff_unknown() [rhel-8.10.z] (CVE-2025-32052)
  • libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() [rhel-8.10.z] (CVE-2025-32053)
  • libsoup: Out of bounds reads in soup_headers_parse_request() [rhel-8.10.z] (CVE-2025-32906)
  • libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value [rhel-8.10.z] (CVE-2025-32911)
  • libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header [rhel-8.10.z] (CVE-2025-32913)
  • libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c [rhel-8.10.z] (CVE-2025-46420)
  • libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server [rhel-8.10.z] (CVE-2025-46421)

RockyLinux 8: libsoup [RLSA-2025:8132]

  • libsoup: Heap buffer over-read in `skip_insignificant_space` when sniffing content (CVE-2025-2784)
  • libsoup: Denial of Service attack to websocket server (CVE-2025-32049)
  • libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process (CVE-2025-32914)
  • libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup (CVE-2025-4948)

RockyLinux 8: libtiff [RLSA-2025:4658]

  • libtiff: Heap-based buffer overflow in tools/pal2rgb.c can lead to denial of service (CVE-2017-17095)

RockyLinux 8: glibc [RLSA-2025:3828]

  • glibc: buffer overflow in the GNU C Library's assert() (CVE-2025-0395)

RockyLinux 8: linux-pam [RLSA-2025:10027]

  • linux-pam: Linux-pam directory Traversal (CVE-2025-6020)

RockyLinux 8: python-setuptools [RLSA-2025:11036]

  • setuptools: Path Traversal Vulnerability in setuptools PackageIndex (CVE-2025-47273)

RockyLinux 8: container-tools [RLSA-2025:10551]

  • podman: podman missing TLS verification (CVE-2025-6032)

RockyLinux 8: lz4 [RLSA-2025:11035]

  • lz4: heap-based buffer overflow in LZ4_write32 (CVE-2019-17543)

RockyLinux 8: freetype [RLSA-2025:3421]

  • freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and variable font files (CVE-2025-27363)

RockyLinux 8: libjpeg-turbo [RLSA-2025:7540]

  • libjpeg-turbo: heap-based buffer over-read in get_rgb_row() in rdppm.c (CVE-2020-13790)

RockyLinux 8: jq [RLSA-2025:10618]

  • jq: jq has signed integer overflow in jv.c:jvp_array_write (CVE-2024-23337)
  • jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt) (CVE-2025-48060)

RockyLinux 8:  libtasn1 [RLSA-2025:4049]

  • libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS (CVE-2024-12133)

RockyLinux 8: libxslt [RLSA-2025:8676]

  • libxslt: Processing web content may disclose sensitive information (CVE-2023-40403)

RockyLinux 8: microcode_ctl [RLSA-2025:10991]

  • microcode_ctl: From CVEorg collector (CVE-2024-28956)
  • Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2024-43420)
  • Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2024-45332)
  • Incorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access (CVE-2025-20012)
  • Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core™ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access (CVE-2025-20623)
  • Incorrect initialization of resource in the branch prediction unit for some Intel(R) Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2025-24495)

RockyLinux 8: krb5 [RLSA-2025:8411]

  • krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions (CVE-2025-3576)

RockyLinux 8: python3-distro [RLSA-2025:8419]

  • python-pymongo: Out-of-bounds read in bson module (CVE-2024-5629)

Solution

  • Security update provided in Brocade ASCG base OS (OVA deployment) 3.3.0a

 

Revision History

Version

Change

Date

1.0

Initial Publication

 October 14, 2025

 

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.