[ GLSA 202511-01 ] UDisks: Multiple Vulnerabilities
[ GLSA 202511-02 ] WebKitGTK+: Multiple Vulnerabilities
[ GLSA 202511-03 ] qtsvg: Multiple Vulnerabilities
[ GLSA 202511-04 ] Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities
[ GLSA 202511-05 ] redict, redis: Multiple Vulnerabilities
[ GLSA 202511-01 ] UDisks: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202511-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: UDisks: Multiple Vulnerabilities
Date: November 24, 2025
Bugs: #827863, #962126
ID: 202511-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in UDisks, the worst of
which can lead to execution of arbitrary code.
Background
==========
UDisks provides a daemon, tools and libraries to access and manipulate
disks, storage devices and technologies.
Affected packages
=================
Package Vulnerable Unaffected
------------- ------------ ------------
sys-fs/udisks < 2.10.2 >= 2.10.2
Description
===========
Multiple vulnerabilities have been discovered in UDisks. Please review
the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All UDisks users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-fs/udisks-2.10.2"
References
==========
[ 1 ] CVE-2021-3802
https://nvd.nist.gov/vuln/detail/CVE-2021-3802
[ 2 ] CVE-2025-8067
https://nvd.nist.gov/vuln/detail/CVE-2025-8067
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202511-01
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202511-02 ] WebKitGTK+: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202511-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: WebKitGTK+: Multiple Vulnerabilities
Date: November 24, 2025
Bugs: #938026, #941276, #951739, #961021
ID: 202511-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in WebKitGTK+, the worst
of which can lead to execution of arbitary code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from hybrid
HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
Package Vulnerable Unaffected
------------------- ------------ -------------
net-libs/webkit-gtk < 2.48.5:4.1 >= 2.48.5:4.1
< 2.48.5:6 >= 2.48.5:6
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.48.5:4.1" ">=net-libs/webkit-gtk-2.48.5:6"
References
==========
[ 1 ] CVE-2024-40857
https://nvd.nist.gov/vuln/detail/CVE-2024-40857
[ 2 ] CVE-2024-40866
https://nvd.nist.gov/vuln/detail/CVE-2024-40866
[ 3 ] CVE-2024-44185
https://nvd.nist.gov/vuln/detail/CVE-2024-44185
[ 4 ] CVE-2024-44187
https://nvd.nist.gov/vuln/detail/CVE-2024-44187
[ 5 ] CVE-2024-44192
https://nvd.nist.gov/vuln/detail/CVE-2024-44192
[ 6 ] CVE-2024-44244
https://nvd.nist.gov/vuln/detail/CVE-2024-44244
[ 7 ] CVE-2024-44296
https://nvd.nist.gov/vuln/detail/CVE-2024-44296
[ 8 ] CVE-2024-54467
https://nvd.nist.gov/vuln/detail/CVE-2024-54467
[ 9 ] CVE-2024-54551
https://nvd.nist.gov/vuln/detail/CVE-2024-54551
[ 10 ] CVE-2025-24201
https://nvd.nist.gov/vuln/detail/CVE-2025-24201
[ 11 ] CVE-2025-24208
https://nvd.nist.gov/vuln/detail/CVE-2025-24208
[ 12 ] CVE-2025-24209
https://nvd.nist.gov/vuln/detail/CVE-2025-24209
[ 13 ] CVE-2025-24213
https://nvd.nist.gov/vuln/detail/CVE-2025-24213
[ 14 ] CVE-2025-24216
https://nvd.nist.gov/vuln/detail/CVE-2025-24216
[ 15 ] CVE-2025-24264
https://nvd.nist.gov/vuln/detail/CVE-2025-24264
[ 16 ] CVE-2025-30427
https://nvd.nist.gov/vuln/detail/CVE-2025-30427
[ 17 ] CVE-2025-31273
https://nvd.nist.gov/vuln/detail/CVE-2025-31273
[ 18 ] CVE-2025-31278
https://nvd.nist.gov/vuln/detail/CVE-2025-31278
[ 19 ] CVE-2025-43211
https://nvd.nist.gov/vuln/detail/CVE-2025-43211
[ 20 ] CVE-2025-43212
https://nvd.nist.gov/vuln/detail/CVE-2025-43212
[ 21 ] CVE-2025-43216
https://nvd.nist.gov/vuln/detail/CVE-2025-43216
[ 22 ] CVE-2025-43227
https://nvd.nist.gov/vuln/detail/CVE-2025-43227
[ 23 ] CVE-2025-43228
https://nvd.nist.gov/vuln/detail/CVE-2025-43228
[ 24 ] CVE-2025-43240
https://nvd.nist.gov/vuln/detail/CVE-2025-43240
[ 25 ] CVE-2025-43265
https://nvd.nist.gov/vuln/detail/CVE-2025-43265
[ 26 ] WSA-2025-0002
https://webkitgtk.org/security/WSA-2025-0002.html
[ 27 ] WSA-2025-0003
https://webkitgtk.org/security/WSA-2025-0003.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202511-02
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202511-03 ] qtsvg: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202511-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: qtsvg: Multiple Vulnerabilities
Date: November 24, 2025
Bugs: #915998, #963710
ID: 202511-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in qtsvg, the worst of
which could lead to execution of arbitrary code.
Background
==========
qtsvg is a SVG rendering library for the Qt framework.
Affected packages
=================
Package Vulnerable Unaffected
------------ ------------ ------------
dev-qt/qtsvg < 6.9.3 >= 6.9.3
Description
===========
Multiple vulnerabilities have been discovered in qtsvg. Please review
the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All qtsvg users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-qt/qtsvg-6.9.3"
References
==========
[ 1 ] CVE-2023-45872
https://nvd.nist.gov/vuln/detail/CVE-2023-45872
[ 2 ] CVE-2025-10728
https://nvd.nist.gov/vuln/detail/CVE-2025-10728
[ 3 ] CVE-2025-10729
https://nvd.nist.gov/vuln/detail/CVE-2025-10729
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202511-03
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202511-04 ] Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202511-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities
Date: November 24, 2025
Bugs: #961477, #961834, #962051, #963024, #963638, #963959, #964335
ID: 202511-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in Chromium and its
derivatives, the worst of which can lead to remote code execution.
Background
==========
Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web. Google
Chrome is one fast, simple, and secure browser for all your devices.
Microsoft Edge is a browser that combines a minimal design with
sophisticated technology to make the web faster, safer, and easier.
Opera is a fast and secure web browser.
Affected packages
=================
Package Vulnerable Unaffected
------------------------- ---------------- -----------------
www-client/chromium < 141.0.7390.107 >= 141.0.7390.107
www-client/google-chrome < 141.0.7390.107 >= 141.0.7390.107
www-client/microsoft-edge < 141.0.3537.71 >= 141.0.3537.71
www-client/opera < 122.0.5643.142 >= 122.0.5643.142
Description
===========
Multiple vulnerabilities have been discovered in Chromium and its
derivatives. Please review the CVE identifiers referenced below for
details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
ll Google Chrome users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/google-chrome-141.0.7390.107"
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-141.0.7390.107"
All Microsoft Edge users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-141.0.3537.71 "
All Oprea users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/opera-122.0.5643.142"
References
==========
[ 1 ] CVE-2025-8879
https://nvd.nist.gov/vuln/detail/CVE-2025-8879
[ 2 ] CVE-2025-8880
https://nvd.nist.gov/vuln/detail/CVE-2025-8880
[ 3 ] CVE-2025-8881
https://nvd.nist.gov/vuln/detail/CVE-2025-8881
[ 4 ] CVE-2025-8882
https://nvd.nist.gov/vuln/detail/CVE-2025-8882
[ 5 ] CVE-2025-8901
https://nvd.nist.gov/vuln/detail/CVE-2025-8901
[ 6 ] CVE-2025-9132
https://nvd.nist.gov/vuln/detail/CVE-2025-9132
[ 7 ] CVE-2025-9478
https://nvd.nist.gov/vuln/detail/CVE-2025-9478
[ 8 ] CVE-2025-10500
https://nvd.nist.gov/vuln/detail/CVE-2025-10500
[ 9 ] CVE-2025-10501
https://nvd.nist.gov/vuln/detail/CVE-2025-10501
[ 10 ] CVE-2025-10502
https://nvd.nist.gov/vuln/detail/CVE-2025-10502
[ 11 ] CVE-2025-10585
https://nvd.nist.gov/vuln/detail/CVE-2025-10585
[ 12 ] CVE-2025-11205
https://nvd.nist.gov/vuln/detail/CVE-2025-11205
[ 13 ] CVE-2025-11206
https://nvd.nist.gov/vuln/detail/CVE-2025-11206
[ 14 ] CVE-2025-11207
https://nvd.nist.gov/vuln/detail/CVE-2025-11207
[ 15 ] CVE-2025-11208
https://nvd.nist.gov/vuln/detail/CVE-2025-11208
[ 16 ] CVE-2025-11209
https://nvd.nist.gov/vuln/detail/CVE-2025-11209
[ 17 ] CVE-2025-11210
https://nvd.nist.gov/vuln/detail/CVE-2025-11210
[ 18 ] CVE-2025-11211
https://nvd.nist.gov/vuln/detail/CVE-2025-11211
[ 19 ] CVE-2025-11212
https://nvd.nist.gov/vuln/detail/CVE-2025-11212
[ 20 ] CVE-2025-11213
https://nvd.nist.gov/vuln/detail/CVE-2025-11213
[ 21 ] CVE-2025-11215
https://nvd.nist.gov/vuln/detail/CVE-2025-11215
[ 22 ] CVE-2025-11216
https://nvd.nist.gov/vuln/detail/CVE-2025-11216
[ 23 ] CVE-2025-11219
https://nvd.nist.gov/vuln/detail/CVE-2025-11219
[ 24 ] CVE-2025-11458
https://nvd.nist.gov/vuln/detail/CVE-2025-11458
[ 25 ] CVE-2025-11460
https://nvd.nist.gov/vuln/detail/CVE-2025-11460
[ 26 ] CVE-2025-11756
https://nvd.nist.gov/vuln/detail/CVE-2025-11756
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202511-04
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202511-05 ] redict, redis: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202511-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: redict, redis: Multiple Vulnerabilities
Date: November 24, 2025
Bugs: #940609, #947749, #954265, #959657
ID: 202511-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in redis and redict, the
worst of which could lead to execution of arbitrary code.
Background
==========
Redis is an open source (BSD licensed), in-memory data structure store,
used as a database, cache and message broker.
Affected packages
=================
Package Vulnerable Unaffected
------------- ------------ ------------
dev-db/redict < 7.3.5 >= 7.3.5
dev-db/redis < 8.0.3 >= 8.0.3
Description
===========
Multiple vulnerabilities have been discovered in Redis. Please review
the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Redis users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/redis-8.0.3"
All Redict users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/redict-7.3.5"
References
==========
[ 1 ] CVE-2024-31227
https://nvd.nist.gov/vuln/detail/CVE-2024-31227
[ 2 ] CVE-2024-31228
https://nvd.nist.gov/vuln/detail/CVE-2024-31228
[ 3 ] CVE-2024-31449
https://nvd.nist.gov/vuln/detail/CVE-2024-31449
[ 4 ] CVE-2024-46981
https://nvd.nist.gov/vuln/detail/CVE-2024-46981
[ 5 ] CVE-2024-51741
https://nvd.nist.gov/vuln/detail/CVE-2024-51741
[ 6 ] CVE-2025-21605
https://nvd.nist.gov/vuln/detail/CVE-2025-21605
[ 7 ] CVE-2025-32023
https://nvd.nist.gov/vuln/detail/CVE-2025-32023
[ 8 ] CVE-2025-48367
https://nvd.nist.gov/vuln/detail/CVE-2025-48367
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202511-05
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
