1 week 2 days ago
FEDORA-2026-cb86172c17
Packages in this update:
Update description:
Rebuilt for improvements of %python_wheel_inject_sbom in python-rpm-macros-3.14-11.
Security fix for CVE-2025-12084
1 week 2 days ago
USN-8090-1 fixed vulnerabilities in OpenSSH. This update provides the
corresponding updates for Ubuntu 20.04 LTS.
Original advisory details:
Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly
handled disconnecting clients. In non-default configurations where the
GSSAPIKeyExchange setting is enabled, a remote attacker could use this
issue to cause OpenSSH to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-3497)
David Leadbeater discovered that OpenSSH incorrectly handled certain
control characters in usernames. When untrusted usernames and the
ProxyCommand are being used, an attacker could possibly use this issue to
execute arbitrary code. (CVE-2025-61984)
David Leadbeater discovered that OpenSSH incorrectly handled NULL
characters in ssh:// URIs. When the ProxyCommand is being used, an attacker
could possibly use this issue to execute arbitrary code. (CVE-2025-61985)
1 week 2 days ago
Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly
handled disconnecting clients. In non-default configurations where the
GSSAPIKeyExchange setting is enabled, a remote attacker could use this
issue to cause OpenSSH to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-3497)
David Leadbeater discovered that OpenSSH incorrectly handled certain
control characters in usernames. When untrusted usernames and the
ProxyCommand are being used, an attacker could possibly use this issue to
execute arbitrary code. (CVE-2025-61984)
David Leadbeater discovered that OpenSSH incorrectly handled NULL
characters in ssh:// URIs. When the ProxyCommand is being used, an attacker
could possibly use this issue to execute arbitrary code. (CVE-2025-61985)
1 week 2 days ago
Version:next-20260312 (linux-next)
Released:2026-03-12
1 week 2 days ago
Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and
Kaan Onarlioglu discovered that servers using Go Networking could hang
during shutdown if preempted by a fatal error. An attacker could possibly
use this to cause a denial of service. This issue only affected Ubuntu
22.04 LTS. (CVE-2022-27664)
Arpad Ryszka and Jakob Ackermann discovered that a maliciously crafted
stream could cause excessive CPU usage in Go Networking's HPACK decoder. An
attacker could possibly use this to cause a denial of service. This issue
only affected Ubuntu 22.04 LTS. (CVE-2022-41723)
Mohammad Thoriq Aziz discovered that Go Networking did not properly
sanitize some text nodes. An attacker could possibly use this to execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-3978)
Sean Ng discovered an error in Go Networking's HTML tag handling. An
attacker could possibly use this to cause a denial of service.
(CVE-2025-22872)
Guido Vranken and Jakub Ciolek discovered that a maliciously crafted HTML
document could exhaust system resources on servers using Go Networking. An
attacker could possibly use this to cause a denial of service.
(CVE-2025-47911)
Guido Vranken discovered that a maliciously crafted HTML document could put
servers using Go Networking into an infinite loop. An attacker could
possibly use this to cause a denial of service. (CVE-2025-58190)
1 week 2 days ago
Ionut Lalu discovered that go-git incorrectly handled certain specially
crafted Git server responses. An attacker could possibly use this issue to
cause a denial of service. (CVE-2023-49568, CVE-2025-21614)
Ionut Lalu discovered that go-git incorrectly handled file system paths
when using the ChrootOS implementation. A remote attacker could possibly
use this issue to perform a path traversal and create or modify arbitrary
files, leading to remote code execution. (CVE-2023-49569)
It was discovered that go-git did not properly sanitize arguments when
invoking git-upload-pack using the file transport protocol. An attacker
could possibly use this issue to inject arbitrary flag values when
interacting with local Git repositories. (CVE-2025-21613)
It was discovered that go-git did not properly verify integrity checks for
pack and index files. An attacker could possibly use this issue to cause
go-git to process corrupted repository data, resulting in unexpected errors
or an incorrect repository state. (CVE-2026-25934)
1 week 2 days ago
It was discovered that python-cryptography incorrectly handled subgroup
validation for SECT curves. A remote attacker could use this issue to
perform a subgroup attack and possibly recover the least significant bits
of private keys.
1 week 2 days ago
1 week 2 days ago
1 week 2 days ago
FEDORA-EPEL-2026-439d2b09db
Packages in this update:
Update description:
Upstream announcements:
1 week 2 days ago
FEDORA-EPEL-2026-7fdbeef41b
Packages in this update:
Update description:
Upstream announcements:
1 week 2 days ago
FEDORA-2026-bf984d4931
Packages in this update:
Update description:
Upstream announcements:
1 week 2 days ago
FEDORA-2026-5774d46593
Packages in this update:
Update description:
Upstream announcements:
1 week 2 days ago
FEDORA-2026-675dd9b166
Packages in this update:
Update description:
Upstream announcements:
1 week 2 days ago
FEDORA-EPEL-2026-6d9113a8af
Packages in this update:
Update description:
Upstream announcements:
1 week 2 days ago
FEDORA-EPEL-2026-c7993fe121
Packages in this update:
Update description:
Upstream announcements:
1 week 2 days ago
It was discovered that FreeType did not correctly handle certain integer
arithmetic. An attacker could possibly use this issue to leak sensitive
information.
1 week 2 days ago
FEDORA-2026-c47c476fdd
Packages in this update:
Update description:
Update to 1.73.3; Fixes: RHBZ#2426392, RHBZ#2415186
1 week 2 days ago
FEDORA-2026-a00f52ac25
Packages in this update:
Update description:
Update to 1.73.3; Fixes: RHBZ#2426392, RHBZ#2415186
1 week 2 days ago
FEDORA-EPEL-2026-a16c1151d2
Packages in this update:
Update description:
Update to 1.73.3; Fixes: RHBZ#2426392, RHBZ#2415186
