1 week ago
FEDORA-2026-146d86eefc
Packages in this update:
Update description:
The 7.0.10-101/201 stable kernel updates contain a number of important fixes across the tree.
1 week ago
Version:next-20260527 (linux-next)
Released:2026-05-27
1 week ago
It was discovered that tgt incorrectly tried to achieve entropy by calling
rand without srand. An attacker could possibly use this issue to make tgt
generate an identical sequence of challenges, resulting in authentication
bypass.
1 week ago
It was discovered that Apache Tika incorrectly handled XML external
entities when parsing XFA content in PDF files. An attacker could possibly
use this issue to obtain sensitive information or send malicious requests
to internal resources or third-party servers.
1 week ago
FEDORA-2026-f2c746ff8e
Packages in this update:
- perl-Crypt-Argon2-0.031-1.fc43
- perl-Dist-Build-0.028-1.fc43
- perl-ExtUtils-Builder-0.020-1.fc43
- perl-ExtUtils-Builder-Compiler-0.036-1.fc43
Update description:
Update to 0.031 #2477035 #2481131 fixes CVE-2026-8463
1 week ago
It was discovered that Postorius did not properly escape HTML in message
subjects when rendering the Held messages pop-up. An attacker could
possibly use this issue to inject arbitrary HTML, resulting in exposure
of sensitive information.
1 week ago
It was discovered that Apache Commons BeanUtils incorrectly allowed
access to the declaredClass property of Java enum objects when handling
externally supplied property paths. An attacker could possibly use this
issue to execute arbitrary code.
1 week ago
It was discovered that Papers incorrectly handled PDF /GoToR actions. If a
user were tricked into opening a specially crafted PDF file, an attacker
could use this issue to manipulate command lines and possibly execute
arbitrary code.
1 week ago
It was discovered that Memcached's SASL password database authentication
had a timing side channel when handling username and password data. A
remote attacker could possibly use this issue to obtain sensitive
information.
1 week ago
It was discovered that Libgcrypt incorrectly handled crafted ECDH
ciphertext. An attacker could possibly use this issue to cause Libgcrypt to
crash, resulting in a denial of service. (CVE-2026-41989)
It was discovered that Libgcrypt incorrectly handled Dilithium signing. An
attacker could possibly use this issue to cause Libgcrypt to crash,
resulting in a denial of service. This issue only affected Ubuntu 26.04
LTS. (CVE-2026-41990)
1 week ago
It was discovered that libcaca incorrectly handled certain malformed files.
An attacker could use this issue to cause libcaca to crash, resulting in a
denial of service, or possibly execute arbitrary code.
1 week ago
FEDORA-2026-dafdad8fd3
Packages in this update:
- perl-Crypt-Argon2-0.031-1.fc44
- perl-Dist-Build-0.028-1.fc44
- perl-ExtUtils-Builder-0.020-1.fc44
- perl-ExtUtils-Builder-Compiler-0.036-1.fc44
Update description:
Update to 0.031 #2477035 #2481131 fixes CVE-2026-8463
1 week ago
It was discovered that GStreamer Good Plugins incorrectly handled certain
MP4 audio tracks. An attacker could possibly use this issue to cause
GStreamer Good Plugins to crash, resulting in a denial of service.
1 week 1 day ago
It was discovered that MediaWiki incorrectly handled group membership
visibility in the OATHAuth extension. An authenticated attacker could
use this issue to determine if other users had two-factor authentication
enabled. (CVE-2026-34087)
It was discovered that MediaWiki incorrectly handled suppressed log entry
titles in the RecentChanges list. An unauthenticated attacker could use
this issue to view titles of deleted or suppressed pages that should be hidden.
(CVE-2026-34088)
It was discovered that MediaWiki incorrectly handled resource loading timing
information. An attacker could use this issue to determine if certain pages
existed on a wiki. (CVE-2026-34092)
1 week 1 day ago
It was discovered that Expat, vendored in Ayttm, incorrectly handled
certain files. An attacker could possibly use this issue to cause a crash
or execute arbitrary code.
1 week 1 day ago
It was discovered that Expat, vendored in XML-RPC, incorrectly handled
certain files. An attacker could possibly use this issue to cause a crash
or execute arbitrary code.
1 week 1 day ago
1 week 1 day ago
1 week 1 day ago
1 week 1 day ago