Aggregator

Version:6.12.68 (longterm) Released:2026-01-30 Source:linux-6.12.68.tar.xz PGP Signature:linux-6.12.68.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.68

Version:6.6.122 (longterm) Released:2026-01-30 Source:linux-6.6.122.tar.xz PGP Signature:linux-6.6.122.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.122

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; - NVME drivers; - File systems infrastructure; - Timer subsystem; - Memory management; - Packet sockets; (CVE-2022-48986, CVE-2024-27078, CVE-2024-49959, CVE-2024-50195, CVE-2024-56606, CVE-2024-56756, CVE-2025-39993)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; - NVME drivers; - File systems infrastructure; - Timer subsystem; - Memory management; - Packet sockets; (CVE-2022-48986, CVE-2024-27078, CVE-2024-49959, CVE-2024-50195, CVE-2024-56606, CVE-2024-56756, CVE-2025-39993)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - InfiniBand drivers; - Media drivers; - File systems infrastructure; - Timer subsystem; - Packet sockets; - Network traffic control; (CVE-2021-47485, CVE-2024-49959, CVE-2024-50195, CVE-2024-53164, CVE-2024-56606, CVE-2025-39993)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - InfiniBand drivers; - Media drivers; - File systems infrastructure; - Timer subsystem; - Packet sockets; - Network traffic control; (CVE-2021-47485, CVE-2024-49959, CVE-2024-50195, CVE-2024-53164, CVE-2024-56606, CVE-2025-39993)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Ceph distributed file system; - JFFS2 file system; - Timer subsystem; - USB sound devices; (CVE-2024-26689, CVE-2024-53197, CVE-2024-57850, CVE-2025-38352)

FEDORA-2026-e39149a8a0 Packages in this update:

• xen-4.19.4-2.fc42

Update description:

x86: buffer overrun with shadow paging + tracing [XSA-477, CVE-2025-58150] x86: incomplete IBPB for vCPU isolation [XSA-479, CVE-2026-23553]

FEDORA-2026-847455954a Packages in this update:

• k9s-0.50.18-1.fc43

Update description:

Update to version 0.50.18

FEDORA-2026-2c53d4d272 Packages in this update:

• mingw-glib2-2.84.3-3.fc42

Update description:

Backport fixes for CVE-2026-1484, CVE-2026-1485, CVE-2026-1489.

FEDORA-2026-607c3364fd Packages in this update:

• mingw-glib2-2.86.3-3.fc43

Update description:

Backport fixes for CVE-2026-1484, CVE-2026-1485, CVE-2026-1489.

Version:next-20260129 (linux-next) Released:2026-01-29

Shin Ando discovered that the Xpdf toolkit embedded in TeX Live incorrectly handled memory when decoding certain data streams. An attacker could possibly use this issue to cause TeX Live to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-24106, CVE-2022-24107) It was discovered that TeX Live allowed documents to make arbitrary network requests. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could possibly use this issue to exfiltrate sensitive information, or perform other network-related attacks. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-32668) It was discovered that TeX Live incorrectly handled certain TrueType fonts. If a user or automated system were tricked into opening a specially crafted TrueType font, a remote attacker could use this issue to cause TeX Live to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-25262)

FEDORA-2026-c0124f91bf Packages in this update:

• libgit2-1.9.2-1.fc43

Update description:

Update to version 1.9.2.

Release notes: https://github.com/libgit2/libgit2/releases/tag/v1.9.2

FEDORA-2026-57ba9d6f85 Packages in this update:

• libgit2-1.9.2-1.fc42

Update description:

Update to version 1.9.2.

Release notes: https://github.com/libgit2/libgit2/releases/tag/v1.9.2

FEDORA-2026-844012d662 Packages in this update:

• xen-4.20.2-3.fc43

Update description:

x86: buffer overrun with shadow paging + tracing [XSA-477, CVE-2025-58150] x86: incomplete IBPB for vCPU isolation [XSA-479, CVE-2026-23553]

In the Linux kernel, the following vulnerability has been resolved: e100: Fix possible use after free in e100_xmit_prepare In e100_xmit_prepare(), if we can't map the skb, then return -ENOMEM, so e100_xmit_frame() will return NETDEV_TX_BUSY and the upper layer will resend the skb. In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for real_dev Create a new macsec device but not get reference to real_dev. In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix firmware crash due to invalid peer nss Currently, if the access point receives an association request containing an Extended HE Capabilities Information Element with an invalid MCS-NSS, it triggers a firmware crash. In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix overflow in oa batch buffer By default xe_bb_create_job() appends a MI_BATCH_BUFFER_END to batch buffer, this is not a problem if batch buffer is only used once but oa reuses the batch buffer for the same metric and at each call it appends a MI_BATCH_BUFFER_END, printing the warning below and then overflowing. In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4_process_cb_update() @ses is initialized to NULL. In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Explicitly verify the target vCPU is fully online _prior_ to clamping the index in kvm_get_vcpu(). In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters, leading to an out of bounds memory access. In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan found that ets_class_from_arg() can index an Out- Of-Bound class in ets_class_from_arg() when passed clid of 0. In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check control transfer buffer size before access If the first fragment is shorter than struct usb_cdc_notification, we can't calculate an expected_size. In the Linux kernel, the following vulnerability has been resolved: net: davicom: fix UAF in dm9000_drv_remove dm is netdev private data and it cannot be used after free_netdev() call. In the Linux kernel, the following vulnerability has been resolved: exfat: fix random stack corruption after get_block When get_block is called with a buffer_head allocated on the stack, such as do_mpage_readpage, stack corruption due to buffer_head UAF may occur in the following race condition situation.

David Leadbeater discovered that containerd incorrectly set certain directory path permissions. An attacker could possibly use this issue to achieve unauthorised access to the files. (CVE-2024-25621) It was discovered that containerd did not properly handle the execution of the goroutine of container attach. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-64329)