Aggregator

FEDORA-2026-bf741e26e4 Packages in this update:

• python-ujson-5.12.0-1.fc43

Update description:

Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling.

FEDORA-2026-5725d633ec Packages in this update:

• python-ujson-5.12.0-1.fc44

Update description:

Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling.

FEDORA-2026-965f164001 Packages in this update:

• systemd-258.6-1.fc43

Update description:

• A bunch of bugfixes
• More sanitization for invalid values received from hardware and firmware

FEDORA-2026-0cde3e4697 Packages in this update:

• systemd-259.4-1.fc44

Update description:

• A bunch of bugfixes
• More sanitization for invalid values received from hardware and firmware

It was discovered that Sudo incorrectly checked return codes when dropping privileges to run the mailer. A local attacker could possibly use this issue to escalate privileges.

It was discovered that the util-linux su utility did not drop capabilities when being used with the --pty option. While not a security issue by itself, a local attacker could possibly use the su tool to exploit vulnerabilities in other applications.

FEDORA-2026-cb86172c17 Packages in this update:

• python3.6-3.6.15-54.fc44

Update description:

Rebuilt for improvements of %python_wheel_inject_sbom in python-rpm-macros-3.14-11.

Security fix for CVE-2025-12084

USN-8090-1 fixed vulnerabilities in OpenSSH. This update provides the corresponding updates for Ubuntu 20.04 LTS. Original advisory details: Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly handled disconnecting clients. In non-default configurations where the GSSAPIKeyExchange setting is enabled, a remote attacker could use this issue to cause OpenSSH to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-3497) David Leadbeater discovered that OpenSSH incorrectly handled certain control characters in usernames. When untrusted usernames and the ProxyCommand are being used, an attacker could possibly use this issue to execute arbitrary code. (CVE-2025-61984) David Leadbeater discovered that OpenSSH incorrectly handled NULL characters in ssh:// URIs. When the ProxyCommand is being used, an attacker could possibly use this issue to execute arbitrary code. (CVE-2025-61985)

Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly handled disconnecting clients. In non-default configurations where the GSSAPIKeyExchange setting is enabled, a remote attacker could use this issue to cause OpenSSH to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-3497) David Leadbeater discovered that OpenSSH incorrectly handled certain control characters in usernames. When untrusted usernames and the ProxyCommand are being used, an attacker could possibly use this issue to execute arbitrary code. (CVE-2025-61984) David Leadbeater discovered that OpenSSH incorrectly handled NULL characters in ssh:// URIs. When the ProxyCommand is being used, an attacker could possibly use this issue to execute arbitrary code. (CVE-2025-61985)

Version:next-20260312 (linux-next) Released:2026-03-12

Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and Kaan Onarlioglu discovered that servers using Go Networking could hang during shutdown if preempted by a fatal error. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-27664) Arpad Ryszka and Jakob Ackermann discovered that a maliciously crafted stream could cause excessive CPU usage in Go Networking's HPACK decoder. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-41723) Mohammad Thoriq Aziz discovered that Go Networking did not properly sanitize some text nodes. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-3978) Sean Ng discovered an error in Go Networking's HTML tag handling. An attacker could possibly use this to cause a denial of service. (CVE-2025-22872) Guido Vranken and Jakub Ciolek discovered that a maliciously crafted HTML document could exhaust system resources on servers using Go Networking. An attacker could possibly use this to cause a denial of service. (CVE-2025-47911) Guido Vranken discovered that a maliciously crafted HTML document could put servers using Go Networking into an infinite loop. An attacker could possibly use this to cause a denial of service. (CVE-2025-58190)

Ionut Lalu discovered that go-git incorrectly handled certain specially crafted Git server responses. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-49568, CVE-2025-21614) Ionut Lalu discovered that go-git incorrectly handled file system paths when using the ChrootOS implementation. A remote attacker could possibly use this issue to perform a path traversal and create or modify arbitrary files, leading to remote code execution. (CVE-2023-49569) It was discovered that go-git did not properly sanitize arguments when invoking git-upload-pack using the file transport protocol. An attacker could possibly use this issue to inject arbitrary flag values when interacting with local Git repositories. (CVE-2025-21613) It was discovered that go-git did not properly verify integrity checks for pack and index files. An attacker could possibly use this issue to cause go-git to process corrupted repository data, resulting in unexpected errors or an incorrect repository state. (CVE-2026-25934)

It was discovered that python-cryptography incorrectly handled subgroup validation for SECT curves. A remote attacker could use this issue to perform a subgroup attack and possibly recover the least significant bits of private keys.

Version:6.19.7 (stable) Released:2026-03-12 Source:linux-6.19.7.tar.xz PGP Signature:linux-6.19.7.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.19.7

Version:6.18.17 (longterm) Released:2026-03-12 Source:linux-6.18.17.tar.xz PGP Signature:linux-6.18.17.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.18.17

FEDORA-EPEL-2026-439d2b09db Packages in this update:

• wordpress-6.9.4-1.el10_1

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4
• WordPress 6.9.4 Release

FEDORA-EPEL-2026-7fdbeef41b Packages in this update:

• wordpress-6.9.4-1.el9

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4
• WordPress 6.9.4 Release

FEDORA-2026-bf984d4931 Packages in this update:

• wordpress-6.9.4-1.fc44

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4
• WordPress 6.9.4 Release

FEDORA-2026-5774d46593 Packages in this update:

• wordpress-6.9.4-1.fc43

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4
• WordPress 6.9.4 Release

FEDORA-2026-675dd9b166 Packages in this update:

• wordpress-6.9.4-1.fc42

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4
• WordPress 6.9.4 Release