Aggregator
USN-8503-1: ncurses vulnerability
docker-compose-5.3.0-1.fc43
- docker-compose-5.3.0-1.fc43
Update to release v5.3.0
clamav-1.4.5-1.el8
- clamav-1.4.5-1.el8
1.4.5, fixes for multiple CVEs https://github.com/Cisco-Talos/clamav/releases/tag/clamav-1.4.5
clamav-1.4.5-1.el9
- clamav-1.4.5-1.el9
1.4.5, fixes for multiple CVEs https://github.com/Cisco-Talos/clamav/releases/tag/clamav-1.4.5
opkssh-0.15.0-2.el10_2
- opkssh-0.15.0-2.el10_2
Update to opkssh 0.15.0.
This release fixes several CVEs in bundled/vendored dependencies:
- CVE-2026-39835: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
- CVE-2026-39833: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation
- CVE-2026-27145: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries (fixed via the Go toolchain used to build this package)
opkssh-0.15.0-2.el10_3
- opkssh-0.15.0-2.el10_3
Update to opkssh 0.15.0.
This release fixes several CVEs in bundled/vendored dependencies:
- CVE-2026-39835: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
- CVE-2026-39833: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation
- CVE-2026-27145: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries (fixed via the Go toolchain used to build this package)
opkssh-0.15.0-2.fc44
- opkssh-0.15.0-2.fc44
Update to opkssh 0.15.0.
This release fixes several CVEs in bundled/vendored dependencies:
- CVE-2026-39829: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters
- CVE-2026-39835: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
- CVE-2026-39833: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation
- CVE-2026-27145: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries (fixed via the Go toolchain used to build this package)
opkssh-0.15.0-2.fc43
- opkssh-0.15.0-2.fc43
Update to opkssh 0.15.0.
This release fixes several CVEs in bundled/vendored dependencies:
- CVE-2026-39829: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters
- CVE-2026-39835: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
- CVE-2026-39833: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation
- CVE-2026-27145: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries (fixed via the Go toolchain used to build this package)
perl-HTML-Gumbo-0.19-1.fc44
- perl-HTML-Gumbo-0.19-1.fc44
This package provides the Perl module HTML::Gumbo. Versions before 0.19 disclose heap memory via type confusion.
Support for the <template> element was added to libgumbo 0.10.0 in 2015, but the walk_tree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen() over-reads the heap block that the pointer addresses.</template>
perl-HTML-Gumbo-0.19-1.fc43
- perl-HTML-Gumbo-0.19-1.fc43
This package provides the Perl module HTML::Gumbo. Versions before 0.19 disclose heap memory via type confusion.
Support for the <template> element was added to libgumbo 0.10.0 in 2015, but the walk_tree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen() over-reads the heap block that the pointer addresses.</template>
docker-compose-5.3.0-1.fc45
- docker-compose-5.3.0-1.fc45
Automatic update for docker-compose-5.3.0-1.fc45.
Changelog * Thu Jul 2 2026 Bradley G Smith <bradley.g.smith@gmail.com> - 5.3.0-1 - Update to release v5.3.0 - Resolves: rhbz#2496535 - Resolves CVE-2026-53492: rhbz#2496550 - Resolves CVE-2026-47262: rhbz#2496433 - Upstream note: This release introduces native support for init containers. - Additional upstream fixes and new featuresclamav-1.4.5-1.el10_3
- clamav-1.4.5-1.el10_3
1.4.5 https://github.com/Cisco-Talos/clamav/releases/tag/clamav-1.4.5
clamav-1.4.5-1.fc43
- clamav-1.4.5-1.fc43
Fixes for multiple CVEs https://github.com/Cisco-Talos/clamav/releases/tag/clamav-1.4.5
clamav-1.4.5-1.fc44
- clamav-1.4.5-1.fc44
Fixes for multiple CVEs https://github.com/Cisco-Talos/clamav/releases/tag/clamav-1.4.5
mingw-glib2-2.88.2-1.fc44
- mingw-glib2-2.88.2-1.fc44
Update to glib-2.88.2.
mingw-glib2-2.86.5-1.fc43
- mingw-glib2-2.86.5-1.fc43
Update to glib-2.86.5.
prometheus-3.13.0-1.fc43
- prometheus-3.13.0-1.fc43
Update to 3.13.0
prometheus-3.13.0-1.fc44
- prometheus-3.13.0-1.fc44
Update to 3.13.0