Aggregator

It was discovered that systemd-nspawn incorrectly handled certain optional configuration files. A local attacker could possibly use this issue to escape to the host system and execute arbitrary code. (CVE-2026-40226) It was discovered that systemd-resolved incorrectly validated DNSSEC records for signed domains. An attacker could possibly use this issue to manipulate DNS records. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-7008)

It was discovered that poppler incorrectly handled certain malformed PDF tiling patterns in the Splash backend. An attacker could possibly use this issue to execute arbitrary code, obtain sensitive information, or cause a denial of service.

It was discovered that Pillow incorrectly handled large glyph advance values in fonts. An attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service. (CVE-2026-42308) It was discovered that Pillow incorrectly handled nested coordinate lists in certain APIs. An attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-42309) It was discovered that Pillow incorrectly handled certain malformed PDF files. An attacker could possibly use this issue to cause Pillow to use excessive resources, leading to a denial of service. (CVE-2026-42310) It was discovered that Pillow incorrectly handled certain malformed PSD files. An attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service, or to execute arbitrary code. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-42311)

It was discovered that nginx incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nginx to consume excessive resources, resulting in a denial of service.

It was discovered that libjxl did not properly handle certain crafted PBM images. An attacker could possibly use this issue to cause libjxl to crash, resulting in a denial of service, or execute arbitrary code.

FEDORA-EPEL-2026-ad8e45665d Packages in this update:

• openslide-3.4.1-20.el8

Update description:

Fix arbitrary memory write with crafted Ventana BIF file (CVE-2026-48977).

FEDORA-EPEL-2026-ec3d774387 Packages in this update:

• openslide-3.4.1-20.el9

Update description:

Fix arbitrary memory write with crafted Ventana BIF file (CVE-2026-48977).

FEDORA-EPEL-2026-1ee658d973 Packages in this update:

• openslide-4.0.0-8.el10_3

Update description:

Fix arbitrary memory write with crafted Ventana BIF file (CVE-2026-48977).

FEDORA-2026-3c93ea23b5 Packages in this update:

• openslide-4.0.0-14.fc43

Update description:

Fix arbitrary memory write with crafted Ventana BIF file (CVE-2026-48977).

FEDORA-2026-e31dda6e44 Packages in this update:

• openslide-4.0.0-14.fc44

Update description:

Fix arbitrary memory write with crafted Ventana BIF file (CVE-2026-48977).

FEDORA-2026-45190a3b6b Packages in this update:

• ack-3.10.0-1.fc43

Update description:

Update to version 3.10.0

FEDORA-2026-bb708e11d7 Packages in this update:

• ack-3.10.0-1.fc44

Update description:

Update to version 3.10.0

Version:7.1-rc7 (mainline) Released:2026-06-07 Source:linux-7.1-rc7.tar.gz Patch:full (incremental)

FEDORA-2026-6f3d11bdc6 Packages in this update:

• hugo-0.162.1-1.fc43

Update description:

Update to 0.162.1 (rhbz#2455512)

FEDORA-2026-7fe2bb8a08 Packages in this update:

• hugo-0.162.1-1.fc44

Update description:

Update to 0.162.1 (rhbz#2455512)

FEDORA-2026-80333f8f56 Packages in this update:

• perl-Mojo-JWT-1.02-1.fc44

Update description:

This release of Mojo::JWT Improves the security of decode to prevent timing side-channel attacks in symmetric signatures