Aggregator

proftpd-1.3.9a-2.fc45

Fedora Security Advisories
1 week 1 day ago
FEDORA-2026-c8173d7dcd Packages in this update:
  • proftpd-1.3.9a-2.fc45
Update description:

Automatic update for proftpd-1.3.9a-2.fc45.

Changelog * Mon May 11 2026 Paul Howarth <paul@city-fan.org> - 1.3.9a-2 - Additional escaping for avoidance of SQL injection issues with %{note:...} and %{env:...}; these are on top of the existing fix for CVE-2026-42167 in 1.3.9a - Fix for SQL Injection in mod_wrap2_sql via reverse DNS hostname (CVE-2026-44331, rhbz#2466899, https://github.com/proftpd/proftpd/issues/2057)

USN-8268-1: Dnsmasq vulnerabilities

Ubuntu Security Advisories
1 week 1 day ago
Andrew S. Fasano, Royce M, and Hugo Martinez Ray discovered that Dnsmasq did not allocate the necessary space to store domain names in some contexts. An attacker could possibly use this issue to write out-of-bounds, and could cause a denial of service or execute arbitrary code. (CVE-2026-2291) Royce M discovered that Dnsmasq could loop infinitely due to erroneously missing the window header. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-4890) Royce M discovered that a maliciously crafted packet could cause Dnsmasq to report a negative length. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-4891) Royce M and Asim Viladi Oglu Manizada discovered that certain configurations of Dnsmasq could write over the DHCPv6 CLID buffer within a privileged helper. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-4892) Royce M discovered that certain configurations of Dnsmasq could bypass internal bounds checks. An attacker could possibly use this issue to permit malformed packets, and could cause a denial of service. (CVE-2026-4893) Hugo Martinez discovered that Dnsmasq did not check the rdlen element of a record. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-5172)

dnsmasq-2.92rel2-9.fc45

Fedora Security Advisories
1 week 1 day ago
FEDORA-2026-e58a6acf77 Packages in this update:
  • dnsmasq-2.92rel2-9.fc45
Update description:

Automatic update for dnsmasq-2.92rel2-9.fc45.

Changelog * Tue May 12 2026 Petr Menšík <pemensik@redhat.com> - 2.92rel2-9 - Update to 2.92rel2 (rhbz#2469245) * Mon Apr 20 2026 Petr Menšík <pemensik@redhat.com> - 2.92-8 - Fix 1 byte extra write byte in DHCP reply (rhbz#2459196) * Mon Feb 16 2026 Petr Menšík <pemensik@redhat.com> - 2.92-7 - Add optional build support for libasan * Wed Feb 11 2026 Petr Menšík <<pemensik@redhat.com>> - 2.92-6 - Do not fail hard on inotify socket or watch failure * Thu Jan 22 2026 Petr Menšík <<pemensik@redhat.com>> - 2.92-5 - Do not fail validation if signature owner name does not match (rbhz#2421820)

rust-nu-0.99.1-17.fc43

Fedora Security Advisories
1 week 1 day ago
FEDORA-2026-b00a9673c8 Packages in this update:
  • rust-nu-0.99.1-17.fc43
Update description:

Rebuild with version 0.10.79 of the openssl crate which includes fixes for the following security issues: