30日 金曜日、友引

+ No QUIC certificate pinning with wolfSSL

https://curl.se/docs/CVE-2025-5025.html

CVE-2025-5025

+ QUIC certificate check skip with wolfSSL

https://curl.se/docs/CVE-2025-4947.html

CVE-2025-4947

+ RHSA-2025:8308 Important: firefox security update

https://access.redhat.com/errata/RHSA-2025:8308

CVE-2025-5263

CVE-2025-5264

CVE-2025-5266

CVE-2025-5267

CVE-2025-5268

CVE-2025-5269

+ RHSA-2025:8292 Important: mingw-freetype and spice-client-win security update

https://access.redhat.com/errata/RHSA-2025:8292

CVE-2025-27363

CVE-2025-32050

CVE-2025-32052

CVE-2025-32053

CVE-2025-32906

CVE-2025-32907

CVE-2025-32909

CVE-2025-32910

CVE-2025-32911

CVE-2025-32913

+ RHSA-2025:8293 Important: firefox security update

https://access.redhat.com/errata/RHSA-2025:8293

CVE-2025-5263

CVE-2025-5264

CVE-2025-5266

CVE-2025-5267

CVE-2025-5268

CVE-2025-5269

+ Mozilla Firefox 139.0.1 released

https://www.mozilla.org/en-US/firefox/139.0.1/releasenotes/

+ Apache Tomcat Native 2.0.9 Released

https://tomcat.apache.org/native-doc/miscellaneous/changelog.html

+ UPDATE: JVNVU#91298012 OpenSSL x509アプリケーションにおける、拒否設定の代わりに信頼設定を付加してしまう問題（OpenSSL Security Advisory [22nd May 2025]）

https://jvn.jp/vu/JVNVU91298012/index.html

29日 木曜日、先勝

+ RHSA-2025:8246 Moderate: kernel security update

https://access.redhat.com/errata/RHSA-2025:8246

CVE-2024-43842

+ Google Chrome 136.0.7103.149 released

https://chromereleases.googleblog.com/2025/05/extended-stable-updates-for-desktop.html

+ PostgreSQL JDBC Drivrer 42.7.6 released

https://jdbc.postgresql.org/changelogs/2025-05-28-42/

JVNVU#93832736 Johnson Controls製iSTAR Configuration Utility（ICU）ツールにおける初期化されていない変数の使用の脆弱性

https://jvn.jp/vu/JVNVU93832736/index.html

28日 水曜日、赤口

+ RHSA-2025:8201 Important: gstreamer1-plugins-bad-free security update

https://access.redhat.com/errata/RHSA-2025:8201

CVE-2025-3887

+ RHSA-2025:8132 Important: libsoup security update

https://access.redhat.com/errata/RHSA-2025:8132

CVE-2025-2784

CVE-2025-4948

CVE-2025-32049

CVE-2025-32914

+ RHSA-2025:8197 Moderate: unbound security update

https://access.redhat.com/errata/RHSA-2025:8197

CVE-2024-8508

+ RHSA-2025:8183 Important: gstreamer1-plugins-bad-free security update

https://access.redhat.com/errata/RHSA-2025:8183

CVE-2025-3887

+ RHSA-2025:8142 Moderate: kernel security update

https://access.redhat.com/errata/RHSA-2025:8142

CVE-2025-21964

+ RHSA-2025:8136 Important: python-tornado security update

https://access.redhat.com/errata/RHSA-2025:8136

CVE-2025-47287

+ RHSA-2025:8126 Important: libsoup security update

https://access.redhat.com/errata/RHSA-2025:8126

CVE-2025-2784

CVE-2025-4948

CVE-2025-32049

CVE-2025-32914

+ Google Chrome 137.0.7151.55/56 released

https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html

+ Mozilla Firefox 139.0 released

https://www.mozilla.org/en-US/firefox/139.0/releasenotes/

+ Mozilla Foundation Security Advisory 2025-42 Security Vulnerabilities fixed in Firefox 139

https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/

MFSA-TMP-2025-0001

CVE-2025-5263

CVE-2025-5264

CVE-2025-5265

CVE-2025-5266

CVE-2025-5270

CVE-2025-5271

CVE-2025-5267

CVE-2025-5268

CVE-2025-5272

+ Mozilla Foundation Security Advisory 2025-45 Security Vulnerabilities fixed in Thunderbird 139

https://www.mozilla.org/en-US/security/advisories/mfsa2025-45/

CVE-2025-5262

CVE-2025-5263

CVE-2025-5264

CVE-2025-5265

CVE-2025-5266

CVE-2025-5270

CVE-2025-5271

CVE-2025-5267

CVE-2025-5268

CVE-2025-5272

+ Mozilla Thunderbird 139.0, 128.11.0 released

https://www.thunderbird.net/en-US/thunderbird/139.0/releasenotes/

https://www.thunderbird.net/en-US/thunderbird/128.11.0esr/releasenotes/

+ JVNVU#91298012 OpenSSL x509アプリケーションにおける、拒否設定の代わりに信頼設定を付加してしまう問題（OpenSSL Security Advisory [22nd May 2025]）

https://jvn.jp/vu/JVNVU91298012/index.html