Aggregator

kryoptic-1.5.0-2.fc43 pyOpenSSL-26.0.0-1.fc43 python-cryptography-46.0.5-1.fc43 rust-asn1-0.22.0-1.fc43 rust-asn1_derive-0.22.0-1.fc43 rust-cryptoki-0.12.0-2.fc43 rust-cryptoki-sys-0.5.0-2.fc43 rust-wycheproof-0.6.0-1.fc43

Fedora Security Advisories
6 days 7 hours ago
FEDORA-2026-9d5b9f45ec Packages in this update:
  • kryoptic-1.5.0-2.fc43
  • pyOpenSSL-26.0.0-1.fc43
  • python-cryptography-46.0.5-1.fc43
  • rust-asn1-0.22.0-1.fc43
  • rust-asn1_derive-0.22.0-1.fc43
  • rust-cryptoki-0.12.0-2.fc43
  • rust-cryptoki-sys-0.5.0-2.fc43
  • rust-wycheproof-0.6.0-1.fc43
Update description:
  • Update pyOpenSSL to v26.0.0 (security update)
  • Update python-cryptography to v46.0.5 (dependency of pyOpenSSL 26)
  • Update rust-asn1 to 0.22 (dependency of python-cryptography)
  • Update kryoptic to v1.5 (required for rust-asn1 bump to 0.22)

The security status of this update is only for pyOpenSSL.

localsearch-3.10.2-2.fc43

Fedora Security Advisories
6 days 7 hours ago
FEDORA-2026-ba6641558a Packages in this update:
  • localsearch-3.10.2-2.fc43
Update description:

Add a patch for several CVEs:

  • CVE-2026-1764 - Heap Buffer Overflow in GNOME localsearch MP3 Extractor
  • CVE-2026-1765 - Heap Buffer Overflow in GNOME localsearch MP3 Extractor (TXXX Tags)
  • CVE-2026-1766 - Heap Buffer Overflow in GNOME localsearch MP3 Extractor (ID3v2.3 COMM Tags)
  • CVE-2026-1767 - Heap Buffer Overflow in GNOME localsearch MP3 Extractor

glib2-2.86.4-2.fc43

Fedora Security Advisories
6 days 10 hours ago
FEDORA-2026-5637749c07 Packages in this update:
  • glib2-2.86.4-2.fc43
Update description:

Add patch for CVE-2026-0988 (Integer overflow in g_buffered_input_stream_peek() leads to segmentation fault)

USN-8103-2: Exiv2 regression

Ubuntu Security Advisories
6 days 13 hours ago
USN-8103-1 fixed vulnerabilities in Exiv2. The update caused a regression for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Exiv2 did not correctly handle reading certain buffers. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-18771) Wen Cheng discovered that Exiv2 did not correctly handle certain memory allocation. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-18899) It was discovered that Exiv2 did not correctly handle writing certain metadata. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2025-54080) It was discovered that Exiv2 did not correctly handle parsing certain metadata. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-55304) It was discovered that Exiv2 did not correctly handle parsing certain images. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2026-25884) It was discovered that Exiv2 did not correctly handle previewing certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-27596) It was discovered that Exiv2 did not correctly handle certain integer arithmetic. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-27631)

roundcubemail-1.7~rc5-1.fc44

Fedora Security Advisories
6 days 14 hours ago
FEDORA-2026-9b0f520716 Packages in this update:
  • roundcubemail-1.7~rc5-1.fc44
Update description:

Version 1.7-rc5

  • Password: Add nt-binary hashing method (#10096)
  • Fix URL matching for domain names with port numbers (#10105)
  • Fix PHP fatal error when using IMAP cache (#10102)
  • Fix Postgres connection using IPv6 address (#10104)
  • Fix bug where rel=stylesheet part of a <link> could get removed
  • Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler
  • Security: Fix bug where a password could get changed without providing the old password
  • Security: Fix IMAP Injection + CSRF bypass in mail search
  • Security: Fix remote image blocking bypass via various SVG animate attributes
  • Security: Fix remote image blocking bypass via a crafted body background attribute
  • Security: Fix fixed position mitigation bypass via use of !important
  • Security: Fix XSS issue in a HTML attachment preview
  • Security: Fix SSRF + Information Disclosure via stylesheet links to a local network hosts

roundcubemail-1.6.14-1.el10_2

Fedora Security Advisories
6 days 14 hours ago
FEDORA-EPEL-2026-95071cd05c Packages in this update:
  • roundcubemail-1.6.14-1.el10_2
Update description:

Version 1.6.14

  • Fix Postgres connection using IPv6 address (#10104)
  • Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler
  • Security: Fix bug where a password could get changed without providing the old password
  • Security: Fix IMAP Injection + CSRF bypass in mail search
  • Security: Fix remote image blocking bypass via various SVG animate attributes
  • Security: Fix remote image blocking bypass via a crafted body background attribute
  • Security: Fix fixed position mitigation bypass via use of !important
  • Security: Fix XSS issue in a HTML attachment preview
  • Security: Fix SSRF + Information Disclosure via stylesheet links to a local network hosts

roundcubemail-1.6.14-1.fc42

Fedora Security Advisories
6 days 14 hours ago
FEDORA-2026-c283cce7fd Packages in this update:
  • roundcubemail-1.6.14-1.fc42
Update description:

Version 1.6.14

  • Fix Postgres connection using IPv6 address (#10104)
  • Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler
  • Security: Fix bug where a password could get changed without providing the old password
  • Security: Fix IMAP Injection + CSRF bypass in mail search
  • Security: Fix remote image blocking bypass via various SVG animate attributes
  • Security: Fix remote image blocking bypass via a crafted body background attribute
  • Security: Fix fixed position mitigation bypass via use of !important
  • Security: Fix XSS issue in a HTML attachment preview
  • Security: Fix SSRF + Information Disclosure via stylesheet links to a local network hosts

roundcubemail-1.6.14-1.fc43

Fedora Security Advisories
6 days 14 hours ago
FEDORA-2026-2decd38070 Packages in this update:
  • roundcubemail-1.6.14-1.fc43
Update description:

Version 1.6.14

  • Fix Postgres connection using IPv6 address (#10104)
  • Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler
  • Security: Fix bug where a password could get changed without providing the old password
  • Security: Fix IMAP Injection + CSRF bypass in mail search
  • Security: Fix remote image blocking bypass via various SVG animate attributes
  • Security: Fix remote image blocking bypass via a crafted body background attribute
  • Security: Fix fixed position mitigation bypass via use of !important
  • Security: Fix XSS issue in a HTML attachment preview
  • Security: Fix SSRF + Information Disclosure via stylesheet links to a local network hosts