Aggregator

Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-2640) Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-32629) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - NVME drivers; (CVE-2026-23112, CVE-2026-23273)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - NVME drivers; - Netfilter; (CVE-2026-23112, CVE-2026-23231, CVE-2026-23273)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - BTRFS file system; - Sun RPC protocol; - XFRM subsystem; (CVE-2022-49033, CVE-2024-27388, CVE-2024-49938, CVE-2024-50008, CVE-2024-50142)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - NVME drivers; - IPv4 networking; (CVE-2024-50304, CVE-2026-23112, CVE-2026-23209)

Takuya Aramaki discovered that Smarty did not properly escape JavaScript code. An attacker could possibly use this issue to conduct a cross-site scripting attack.

FEDORA-2026-db3618772b Packages in this update:

• kernel-6.19.14-106.fc42

Update description:

The 6.19.14-106 kernel build contains additional mitigations for new code paths in fragnesia, and a couple of other security updates without fancy names or CVEs assigned yet.

FEDORA-2026-346fbec5d5 Packages in this update:

• kernel-7.0.9-202.fc44

Update description:

The 7.0.9-102/202 stable kernel builds contain additional mitigations for new code paths in fragnesia, and a couple of other security updates without fancy names or CVEs assigned yet.

The 7.0.9 stable kernel update contains a number of important fixes across the tree.

FEDORA-2026-88a1fb9418 Packages in this update:

• kernel-7.0.9-102.fc43

Update description:

The 7.0.9-102/202 stable kernel builds contain additional mitigations for new code paths in fragnesia, and a couple of other security updates without fancy names or CVEs assigned yet.

The 7.0.9 stable kernel update contains a number of important fixes across the tree.

FEDORA-EPEL-2026-11687f6ef5 Packages in this update:

• rust-astral-tokio-tar-0.6.2-1.el9

Update description:

Update to version 0.6.2; Fixes RHBZ#2479647; Fixes GHSA-3cv2-h65g-fgmm

FEDORA-2026-b1d51e524d Packages in this update:

• postfix-3.9.11-1.fc42

Update description:

This is an update fixing CVE-2026-43964.

FEDORA-2026-e9fc21d7e2 Packages in this update:

• postfix-3.10.10-1.fc43

Update description:

This is an update fixing CVE-2026-43964.

FEDORA-2026-5cf8cc5f32 Packages in this update:

• postfix-3.10.10-1.fc44

Update description:

This is an update fixing CVE-2026-43964.

FEDORA-2026-a5176717a9 Packages in this update:

• pcs-0.12.2-2.fc45

Update description:

Automatic update for pcs-0.12.2-2.fc45.

Changelog * Fri May 15 2026 Michal Pospíšil <mpospisi@redhat.com> - 0.12.2-2 - Updated standalone web UI and HA Cluster Management Cockpit application to pcs-web-ui 0.1.24.3 (see CHANGELOG_WUI.md) Resolves: rhbz#2454042 - Fixed a crash when running pcs resource|stonith list Resolves: rhbz#2458608 - Fixed order of resources in sets when listing configuration of constraints Resolves: rhbz#2461143

FEDORA-2026-d420bebe72 Packages in this update:

• pcs-0.12.2-2.fc44

Update description:

• Updated standalone web UI and HA Cluster Management Cockpit application to pcs-web-ui 0.1.24.3 (see CHANGELOG_WUI.md)
• Fixed a crash when running pcs resource|stonith list
• Fixed order of resources in sets when listing configuration of constraints

FEDORA-2026-c0f7d885ee Packages in this update:

• pcs-0.12.2-2.fc43

Update description:

• Updated standalone web UI and HA Cluster Management Cockpit application to pcs-web-ui 0.1.24.3 (see CHANGELOG_WUI.md)
• Fixed a crash when running pcs resource|stonith list
• Fixed order of resources in sets when listing configuration of constraints

Version:next-20260518 (linux-next) Released:2026-05-18

FEDORA-EPEL-2026-2c8580b72a Packages in this update:

• perl-Crypt-DSA-1.17-29.el9

Update description:

This update fixes a couple of security issues:

• Replace two arg open (CVE-2026-8704)
• Replace use of rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)

FEDORA-EPEL-2026-7dcb3efd8b Packages in this update:

• perl-Crypt-DSA-1.17-29.el8

Update description:

This update fixes a couple of security issues:

• Replace two arg open (CVE-2026-8704)
• Replace use of rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)

FEDORA-2026-96eeb03b88 Packages in this update:

• dovecot-2.4.4-1.fc44

Update description:

• CVE-2026-27851: lib-var-expand: Safe filter marks all following pipelines safe.
• CVE-2026-33603: auth: CRAM-SHA-*-PLUS channel binding could be faked. MITM attacker with a certificate trusted by the client could have bypassed the requirement for channel binding.
• CVE-2026-40020: IMAP folders can be shared-spammed to everyone.
• CVE-2026-42006: An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete.
• indexer-worker, quota-status, script-login, program-client-local: Root privileges are now dropped permanently before serving requests.
• indexer-worker: Default restart_request_count changed to 1 to work correctly after permanent root privilege drop.
• lmtp: Add back service_extra_groups=$SET:default_internal_group that was incorrectly removed in v2.4.3.
• master: inet_listener_reuse_port has been replaced by service_reuse_port. The new setting properly pre-creates all listener sockets at startup and assigns one unique socket per process. Using this allows evenly distributing incoming connections to login processes.