Aggregator

USN-8341-1: OpenJDK 26 vulnerabilities

1 week 1 day ago
Thomas Beckers discovered that the JAXP component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. (CVE-2026-22016) It was discovered that the Networking component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2026-34282) It was discovered that the JSSE component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2026-22021) It was discovered that the JGSS component of OpenJDK 26 did not correctly authenticate certain APIs. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-22013) It was discovered that the 2D component of OpenJDK 26 did not correctly handle certain integer arithmetic. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to obtain sensitive information. (CVE-2026-23865) It was discovered that the Libraries component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to modify data. (CVE-2026-22008) It was discovered that the Libraries component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2026-22018) Ken Pyle discovered that the Security component of OpenJDK 26 did not correctly authenticate certain APIs. A local attacker could possibly use this issue to obtain sensitive information. (CVE-2026-22007, CVE-2026-34268) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2026-04-21

USN-8344-1: pip vulnerabilities

1 week 1 day ago
It was discovered that pip incorrectly handled TLS certificate verification in session connections. If a session was first used with certificate verification disabled, subsequent requests to the same host would also skip verification regardless of the session's current settings. A remote attacker could possibly use this issue to perform a machine-in-the-middle attack and expose sensitive information. (CVE-2024-35195) It was discovered that pip's bundled urllib3 library did not limit the number of decompression steps when processing HTTP responses. A remote attacker could possibly use this issue to cause pip to consume excessive resources, leading to a denial of service. (CVE-2025-66418) It was discovered that pip's bundled urllib3 library improperly handled streaming decompression of highly compressed data. A remote attacker could possibly use this issue to cause pip to consume excessive resources, leading to a denial of service. (CVE-2025-66471)

USN-8229-2: sed vulnerability

1 week 1 day ago
USN-8229-1 fixed a vulnerability in sed. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Michał Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local attacker could possibly use this issue to overwrite arbitrary files.

strongswan-6.0.6-1.el8

1 week 1 day ago
FEDORA-EPEL-2026-2d8dd834d8 Packages in this update:
  • strongswan-6.0.6-1.el8
Update description:

Update to 6.0.6 to fix a bunch of security issues: CVE-2026-25075, CVE-2026-35328, CVE-2026-35329, CVE-2026-35330, CVE-2026-35331, CVE-2026-35332, CVE-2026-35333, CVE-2026-35334, CVE-2026-25075, CVE-2025-9615, CVE-2025-62291

USN-8343-1: multipart vulnerability

1 week 1 day ago
It was discovered that multipart had an ambiguous regular expression alternation when handling certain HTTP header values. A remote attacker could possibly use this issue to cause multipart to use excessive resources, leading to a denial of service.

USN-8339-1: OpenJDK 25 vulnerabilities

1 week 1 day ago
Thomas Beckers discovered that the JAXP component of OpenJDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. (CVE-2026-22016) It was discovered that the Networking component of OpenJDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2026-34282) It was discovered that the JSSE component of OpenJDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2026-22021) It was discovered that the JGSS component of OpenJDK 25 did not correctly authenticate certain APIs. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-22013) It was discovered that the 2D component of OpenJDK 25 did not correctly handle certain integer arithmetic. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to obtain sensitive information. (CVE-2026-23865) It was discovered that the Libraries component of OpenJDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to modify data. (CVE-2026-22008) It was discovered that the Libraries component of OpenJDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2026-22018) Ken Pyle discovered that the Security component of OpenJDK 25 did not correctly authenticate certain APIs. A local attacker could possibly use this issue to obtain sensitive information. (CVE-2026-22007, CVE-2026-34268) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2026-04-21

perl-Cpanel-JSON-XS-4.41-1.el8

1 week 1 day ago
FEDORA-EPEL-2026-395b39d32e Packages in this update:
  • perl-Cpanel-JSON-XS-4.41-1.el8
Update description:

This update addresses a number of bugs including these security issues:

  • Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
  • Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)

perl-Cpanel-JSON-XS-4.41-1.el9

1 week 1 day ago
FEDORA-EPEL-2026-06873e634a Packages in this update:
  • perl-Cpanel-JSON-XS-4.41-1.el9
Update description:

This update addresses a number of bugs including these security issues:

  • Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
  • Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)

perl-Cpanel-JSON-XS-4.41-1.fc43

1 week 1 day ago
FEDORA-2026-d88c7fac8c Packages in this update:
  • perl-Cpanel-JSON-XS-4.41-1.fc43
Update description:

This update addresses a number of bugs including these security issues:

  • Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
  • Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)

perl-Cpanel-JSON-XS-4.41-1.el10_3

1 week 1 day ago
FEDORA-EPEL-2026-b3c7c438c4 Packages in this update:
  • perl-Cpanel-JSON-XS-4.41-1.el10_3
Update description:

This update addresses a number of bugs including these security issues:

  • Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
  • Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)

perl-Cpanel-JSON-XS-4.41-1.el10_2

1 week 1 day ago
FEDORA-EPEL-2026-4aaa6e0ce5 Packages in this update:
  • perl-Cpanel-JSON-XS-4.41-1.el10_2
Update description:

This update addresses a number of bugs including these security issues:

  • Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
  • Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)

perl-Cpanel-JSON-XS-4.41-1.fc44

1 week 1 day ago
FEDORA-2026-0a82e80353 Packages in this update:
  • perl-Cpanel-JSON-XS-4.41-1.fc44
Update description:

This update addresses a number of bugs including these security issues:

  • Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
  • Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)

USN-8340-1: LibreOffice vulnerability

1 week 1 day ago
Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code.