1 week 2 days ago
It was discovered that the vendored LibTIFF in QT WebEngine incorrectly
handled memory when parsing malformed TIFF image metadata. An attacker
could possibly use this issue to cause a denial of service, obtain
sensitive information, or execute arbitrary code.
1 week 2 days ago
It was discovered that the vendored LibTIFF in Texmaker incorrectly
handled memory when parsing malformed TIFF image metadata. An attacker
could possibly use this issue to cause a denial of service, obtain
sensitive information, or execute arbitrary code.
1 week 2 days ago
It was discovered that the vendored LibTIFF in GDAL incorrectly handled
memory when parsing malformed TIFF image metadata. An attacker could
possibly use this issue to cause a denial of service, obtain sensitive
information, or execute arbitrary code.
1 week 2 days ago
FEDORA-EPEL-2026-39d9295352
Packages in this update:
Update description:
libre v4.8.1 (2026-05-28)
- fmt/pl: add pl_strip_html()
- sys/fs: add getpwuid fallback for fs_gethome
- tls: remove unused include rsa.h
- ice: check source address of incoming application packets
- websock: Fix integer overflow in websock_decode() masked frame check
1 week 2 days ago
FEDORA-2026-bfba5a213d
Packages in this update:
Update description:
libre v4.8.1 (2026-05-28)
- fmt/pl: add pl_strip_html()
- sys/fs: add getpwuid fallback for fs_gethome
- tls: remove unused include rsa.h
- ice: check source address of incoming application packets
- websock: Fix integer overflow in websock_decode() masked frame check
1 week 2 days ago
FEDORA-EPEL-2026-e3f844d4d5
Packages in this update:
Update description:
libre v4.8.1 (2026-05-28)
- fmt/pl: add pl_strip_html()
- sys/fs: add getpwuid fallback for fs_gethome
- tls: remove unused include rsa.h
- ice: check source address of incoming application packets
- websock: Fix integer overflow in websock_decode() masked frame check
1 week 2 days ago
FEDORA-EPEL-2026-035f48b183
Packages in this update:
Update description:
libre v4.8.1 (2026-05-28)
- fmt/pl: add pl_strip_html()
- sys/fs: add getpwuid fallback for fs_gethome
- tls: remove unused include rsa.h
- ice: check source address of incoming application packets
- websock: Fix integer overflow in websock_decode() masked frame check
1 week 2 days ago
FEDORA-EPEL-2026-fdfd52de3c
Packages in this update:
Update description:
libre v4.8.1 (2026-05-28)
- fmt/pl: add pl_strip_html()
- sys/fs: add getpwuid fallback for fs_gethome
- tls: remove unused include rsa.h
- ice: check source address of incoming application packets
- websock: Fix integer overflow in websock_decode() masked frame check
1 week 2 days ago
FEDORA-2026-837d6ef455
Packages in this update:
Update description:
libre v4.8.1 (2026-05-28)
- fmt/pl: add pl_strip_html()
- sys/fs: add getpwuid fallback for fs_gethome
- tls: remove unused include rsa.h
- ice: check source address of incoming application packets
- websock: Fix integer overflow in websock_decode() masked frame check
1 week 2 days ago
FEDORA-2026-e0f378428e
Packages in this update:
- python-starlette-0.52.1-2.fc43
Update description:
Backport fix for CVE-2026-48710
1 week 2 days ago
Thomas Beckers discovered that the JAXP component of OpenJDK 26 did not
correctly authenticate certain APIs. A remote unauthenticated attacker
could possibly use this issue to gain unauthorized access to sensitive
information. (CVE-2026-22016)
It was discovered that the Networking component of OpenJDK 26 did not
correctly authenticate certain APIs. A remote unauthenticated attacker
could possibly use this issue to cause a denial of service.
(CVE-2026-34282)
It was discovered that the JSSE component of OpenJDK 26 did not correctly
authenticate certain APIs. A remote unauthenticated attacker could
possibly use this issue to cause a denial of service. (CVE-2026-22021)
It was discovered that the JGSS component of OpenJDK 26 did not correctly
authenticate certain APIs. A remote attacker could possibly use this issue
to obtain sensitive information. (CVE-2026-22013)
It was discovered that the 2D component of OpenJDK 26 did not correctly
handle certain integer arithmetic. If a user or automated system were
tricked into opening a specially crafted file, an attacker could
possibly use this issue to obtain sensitive information. (CVE-2026-23865)
It was discovered that the Libraries component of OpenJDK 26 did not
correctly authenticate certain APIs. A remote unauthenticated attacker
could possibly use this issue to modify data. (CVE-2026-22008)
It was discovered that the Libraries component of OpenJDK 26 did not
correctly authenticate certain APIs. A remote unauthenticated attacker
could possibly use this issue to cause a denial of service.
(CVE-2026-22018)
Ken Pyle discovered that the Security component of OpenJDK 26 did not
correctly authenticate certain APIs. A local attacker could possibly
use this issue to obtain sensitive information.
(CVE-2026-22007, CVE-2026-34268)
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2026-04-21
1 week 2 days ago
It was discovered that pip incorrectly handled TLS certificate
verification in session connections. If a session was first used with
certificate verification disabled, subsequent requests to the same host
would also skip verification regardless of the session's current settings.
A remote attacker could possibly use this issue to perform a machine-in-the-middle
attack and expose sensitive information. (CVE-2024-35195)
It was discovered that pip's bundled urllib3 library did not limit the
number of decompression steps when processing HTTP responses. A remote
attacker could possibly use this issue to cause pip to consume excessive resources,
leading to a denial of service. (CVE-2025-66418)
It was discovered that pip's bundled urllib3 library improperly
handled streaming decompression of highly compressed data. A remote
attacker could possibly use this issue to cause pip to consume excessive resources,
leading to a denial of service. (CVE-2025-66471)
1 week 2 days ago
FEDORA-2026-3bce8d3f11
Packages in this update:
- python-starlette-0.52.1-2.fc44
Update description:
Backport fix for CVE-2026-48710
1 week 2 days ago
FEDORA-EPEL-2026-688571a474
Packages in this update:
- nextcloud-33.0.4-1.el10_2
Update description:
33.0.4 Release
1 week 2 days ago
FEDORA-2026-e187104307
Packages in this update:
Update description:
33.0.4 Release
1 week 2 days ago
FEDORA-EPEL-2026-a0b50bf0a0
Packages in this update:
- nextcloud-33.0.4-1.el10_3
Update description:
33.0.4 Release
1 week 2 days ago
FEDORA-2026-30881a5be7
Packages in this update:
Update description:
33.0.4 Release
1 week 2 days ago
USN-8229-1 fixed a vulnerability in sed. This update provides the
corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
Michał Majchrowicz and Marcin Wyczechowski discovered that sed
incorrectly handled symbolic links when performing in-place edits.
A local attacker could possibly use this issue to overwrite
arbitrary files.
1 week 2 days ago
It was discovered that Vim did not properly handle backticks in tag
filenames. An attacker could possibly use this issue to execute
arbitrary commands.
1 week 2 days ago
FEDORA-EPEL-2026-2d8dd834d8
Packages in this update:
Update description:
Update to 6.0.6 to fix a bunch of security issues: CVE-2026-25075, CVE-2026-35328, CVE-2026-35329, CVE-2026-35330, CVE-2026-35331, CVE-2026-35332, CVE-2026-35333, CVE-2026-35334, CVE-2026-25075, CVE-2025-9615, CVE-2025-62291
