11日 水曜日、友引

+ RHSA-2025:8756 Important: thunderbird security update

https://access.redhat.com/errata/RHSA-2025:8756

CVE-2025-3875

CVE-2025-3877

CVE-2025-3909

CVE-2025-3932

CVE-2025-4918

CVE-2025-4919

CVE-2025-5263

CVE-2025-5264

CVE-2025-5266

CVE-2025-5267

CVE-2025-5268

CVE-2025-5269

+ RHSA-2025:8743 Moderate: kernel security update

https://access.redhat.com/errata/RHSA-2025:8743

CVE-2022-49395

+ RHSA-2025:8676 Moderate: libxslt security update

https://access.redhat.com/errata/RHSA-2025:8676

CVE-2023-40403

+ RHSA-2025:8667 Moderate: grafana security update

https://access.redhat.com/errata/RHSA-2025:8667

CVE-2025-22871

+ RHSA-2025:8655 Moderate: glibc security update

https://access.redhat.com/errata/RHSA-2025:8655

CVE-2025-4802

+ RHSA-2025:8643 Important: kernel security update

https://access.redhat.com/errata/RHSA-2025:8643

CVE-2025-21920

CVE-2025-21926

CVE-2025-21997

CVE-2025-22055

CVE-2025-37785

CVE-2025-37943

+ Google Chrome 137.0.7151.103/.104, 136.0.7103.168 released

https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html

https://chromereleases.googleblog.com/2025/06/extended-stable-updates-for-desktop_10.html

+ Mozilla Foundation Security Advisory 2025-47 Security Vulnerabilities fixed in Firefox 139.0.4

https://www.mozilla.org/en-US/security/advisories/mfsa2025-47/

CVE-2025-49709

CVE-2025-49710

+ Mozilla Foundation Security Advisory 2025-50 Security Vulnerabilities fixed in Thunderbird 139.0.2

https://www.mozilla.org/en-US/security/advisories/mfsa2025-50/

CVE-2025-5986

+ Mozilla Foundation Security Advisory 2025-49 Security Vulnerabilities fixed in Thunderbird 128.11.1

https://www.mozilla.org/en-US/security/advisories/mfsa2025-49/

CVE-2025-5986

+ Mozilla Thunderbird 139.0.2, 128.11.1 released

https://www.thunderbird.net/en-US/thunderbird/139.0.2/releasenotes/

https://www.thunderbird.net/en-US/thunderbird/128.11.1esr/releasenotes/

+ Apache Tomcat 11.0.8, 10.1.42, 9.0.106 released

https://tomcat.apache.org/tomcat-11.0-doc/changelog.html#Tomcat_11.0.8_(markt)

https://tomcat.apache.org/tomcat-10.1-doc/changelog.html#Tomcat_10.1.42_(schultz)

https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.106_(remm)

+ FreeBSD 14.3-RELEASE released

https://www.freebsd.org/releases/14.3R/announce/

+ Current:VU#806555 A Vulnerability in UEFI Applications allows for secure boot bypass via misused NVRAM variable

https://www.kb.cert.org/vuls/id/806555

CVE-2025-3052

+ VU#282450 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation

https://www.kb.cert.org/vuls/id/282450

CVE-2025-2884

+ Current:VU#211341 A vulnerability in Insyde H2O UEFI application allows for digital certificate injection via NVRAM variable

https://www.kb.cert.org/vuls/id/211341

CVE-2025-4275

+ Microsoft Excel Local Code Execution Vulnerability

https://cxsecurity.com/issue/WLB-2025060009

CVE-2025-27751