Aggregator

USN-8345-1: GDAL vulnerability

1 week 1 day ago
It was discovered that the vendored LibTIFF in GDAL incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code.

libre-4.8.1-1.el10_3

1 week 2 days ago
FEDORA-EPEL-2026-39d9295352 Packages in this update:
  • libre-4.8.1-1.el10_3
Update description: libre v4.8.1 (2026-05-28)

libre-4.8.1-1.fc43

1 week 2 days ago
FEDORA-2026-bfba5a213d Packages in this update:
  • libre-4.8.1-1.fc43
Update description: libre v4.8.1 (2026-05-28)

libre-4.8.1-1.el9

1 week 2 days ago
FEDORA-EPEL-2026-e3f844d4d5 Packages in this update:
  • libre-4.8.1-1.el9
Update description: libre v4.8.1 (2026-05-28)

libre-4.8.1-1.el8

1 week 2 days ago
FEDORA-EPEL-2026-035f48b183 Packages in this update:
  • libre-4.8.1-1.el8
Update description: libre v4.8.1 (2026-05-28)

libre-4.8.1-1.el10_2

1 week 2 days ago
FEDORA-EPEL-2026-fdfd52de3c Packages in this update:
  • libre-4.8.1-1.el10_2
Update description: libre v4.8.1 (2026-05-28)

libre-4.8.1-1.fc44

1 week 2 days ago
FEDORA-2026-837d6ef455 Packages in this update:
  • libre-4.8.1-1.fc44
Update description: libre v4.8.1 (2026-05-28)

USN-8341-1: OpenJDK 26 vulnerabilities

1 week 2 days ago
Thomas Beckers discovered that the JAXP component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. (CVE-2026-22016) It was discovered that the Networking component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2026-34282) It was discovered that the JSSE component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2026-22021) It was discovered that the JGSS component of OpenJDK 26 did not correctly authenticate certain APIs. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-22013) It was discovered that the 2D component of OpenJDK 26 did not correctly handle certain integer arithmetic. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to obtain sensitive information. (CVE-2026-23865) It was discovered that the Libraries component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to modify data. (CVE-2026-22008) It was discovered that the Libraries component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2026-22018) Ken Pyle discovered that the Security component of OpenJDK 26 did not correctly authenticate certain APIs. A local attacker could possibly use this issue to obtain sensitive information. (CVE-2026-22007, CVE-2026-34268) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2026-04-21

USN-8344-1: pip vulnerabilities

1 week 2 days ago
It was discovered that pip incorrectly handled TLS certificate verification in session connections. If a session was first used with certificate verification disabled, subsequent requests to the same host would also skip verification regardless of the session's current settings. A remote attacker could possibly use this issue to perform a machine-in-the-middle attack and expose sensitive information. (CVE-2024-35195) It was discovered that pip's bundled urllib3 library did not limit the number of decompression steps when processing HTTP responses. A remote attacker could possibly use this issue to cause pip to consume excessive resources, leading to a denial of service. (CVE-2025-66418) It was discovered that pip's bundled urllib3 library improperly handled streaming decompression of highly compressed data. A remote attacker could possibly use this issue to cause pip to consume excessive resources, leading to a denial of service. (CVE-2025-66471)

USN-8229-2: sed vulnerability

1 week 2 days ago
USN-8229-1 fixed a vulnerability in sed. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Michał Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local attacker could possibly use this issue to overwrite arbitrary files.

strongswan-6.0.6-1.el8

1 week 2 days ago
FEDORA-EPEL-2026-2d8dd834d8 Packages in this update:
  • strongswan-6.0.6-1.el8
Update description:

Update to 6.0.6 to fix a bunch of security issues: CVE-2026-25075, CVE-2026-35328, CVE-2026-35329, CVE-2026-35330, CVE-2026-35331, CVE-2026-35332, CVE-2026-35333, CVE-2026-35334, CVE-2026-25075, CVE-2025-9615, CVE-2025-62291

USN-8343-1: multipart vulnerability

1 week 2 days ago
It was discovered that multipart had an ambiguous regular expression alternation when handling certain HTTP header values. A remote attacker could possibly use this issue to cause multipart to use excessive resources, leading to a denial of service.