1. Go: The package is susceptible to directory traversal (CVE-2025-22873). Users are advised to upgrade to version 2:1.24.3-1 to mitigate this low-severity issue.
2. Freetype2: This package has a high-severity arbitrary code execution vulnerability (CVE-2025-27363). Users should update to version 2.13.3-3.
3. Python-Django: A medium-severity denial of service vulnerability (CVE-2025-32873) is present. It is recommended to upgrade to version 5.1.9-1 to resolve this issue.
4. Dropbear: The SSH client has a medium-severity arbitrary command execution vulnerability (CVE-2025-47203). Users should update to version 2025.88-1.
5. NodeJS: Several high-severity vulnerabilities affect both the LTS versions (CVE-2025-23165, CVE-2025-23166, CVE-2025-23167) and the main NodeJS package (CVE-2025-23166). Affected users should upgrade to the respective versions (20.19.2-1 for LTS-Iron and 23.11.1-1 for the main package).
6. WebKitGTK/WPEWebKit: Multiple arbitrary code execution vulnerabilities (CVE-2023-42875, CVE-2023-42970) have been discovered. Users should upgrade to version 2.48.2-1 to address these high-severity issues.
The vulnerabilities can lead to various impacts, such as remote code execution and denial of service, emphasizing the importance of timely updates for maintaining system security.
Extension:
As security threats evolve rapidly, it is crucial for users of Arch Linux and similar distributions to stay vigilant about software updates and advisories. Regularly checking for updates not only protects against known vulnerabilities but also enhances system performance and stability. Additionally, adopting best security practices, such as using firewalls, maintaining backups, and employing intrusion detection systems, can further safeguard systems from potential exploits. Users should consider subscribing to mailing lists or forums specific to their distributions to receive timely notifications about vulnerabilities and patchesGo, Freetype2, Python-Django, Dropbear, NodeJS, WebkitGTK, WPEWebkit updates for ArchLinux
ArchLinux has received updates that include multiple security patches for various components, such as go, freetype2, python-django, dropbear, nodejs-lts-iron, webkitgtk-6.0, webkit2gtk-4.1, and wpewebkit:
[ASA-202505-12] go: directory traversal
[ASA-202505-11] freetype2: arbitrary code execution
[ASA-202505-10] python-django: denial of service
[ASA-202505-9] dropbear: arbitrary command execution
[ASA-202505-8] nodejs-lts-iron: multiple issues
[ASA-202505-7] nodejs-lts-jod: denial of service
[ASA-202505-6] nodejs: denial of service
[ASA-202505-5] webkitgtk-6.0: arbitrary code execution
[ASA-202505-4] webkit2gtk-4.1: arbitrary code execution
[ASA-202505-3] webkit2gtk: arbitrary code execution
[ASA-202505-2] wpewebkit: arbitrary code execution
