2 weeks 4 days ago
FEDORA-2026-3736e2ff1a
Packages in this update:
- chromium-144.0.7559.59-1.fc42
Update description:
Update to 144.0.7559.59
* CVE-2026-0899: Out of bounds memory access in V8
* CVE-2026-0900: Inappropriate implementation in V8
* CVE-2026-0901: Inappropriate implementation in Blink
* CVE-2026-0902: Inappropriate implementation in V8
* CVE-2026-0903: Insufficient validation of untrusted input in Downloads
* CVE-2026-0904: Incorrect security UI in Digital Credentials
* CVE-2026-0905: Insufficient policy enforcement in Network
* CVE-2026-0906: Incorrect security UI
* CVE-2026-0907: Incorrect security UI in Split View
* CVE-2026-0908: Use after free in ANGLE
2 weeks 4 days ago
FEDORA-EPEL-2026-ba3b30fe06
Packages in this update:
- chromium-144.0.7559.59-1.el10_2
Update description:
Update to 144.0.7559.59
* CVE-2026-0899: Out of bounds memory access in V8
* CVE-2026-0900: Inappropriate implementation in V8
* CVE-2026-0901: Inappropriate implementation in Blink
* CVE-2026-0902: Inappropriate implementation in V8
* CVE-2026-0903: Insufficient validation of untrusted input in Downloads
* CVE-2026-0904: Incorrect security UI in Digital Credentials
* CVE-2026-0905: Insufficient policy enforcement in Network
* CVE-2026-0906: Incorrect security UI
* CVE-2026-0907: Incorrect security UI in Split View
* CVE-2026-0908: Use after free in ANGLE
2 weeks 4 days ago
FEDORA-2026-c7954c45b7
Packages in this update:
- perl-HarfBuzz-Shaper-0.032-2.fc43
Update description:
Upgrade to upstream 0.032 to fix CVE-2026-22693.
2 weeks 4 days ago
FEDORA-2026-55dfa04750
Packages in this update:
- perl-HarfBuzz-Shaper-0.032-1.fc42
Update description:
Upgrade to upstream 0.032.
2 weeks 5 days ago
USN-7916-1 fixed a vulnerability in python-apt. The update had a
PEP 440 incompatible version. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Julian Andres Klode discovered that python-apt incorrectly handled
deb822 configuration files. An attacker could use this issue to cause
python-apt to crash, resulting in a denial of service.
2 weeks 5 days ago
Version:next-20260115 (linux-next)
Released:2026-01-15
2 weeks 5 days ago
2 weeks 5 days ago
It was discovered that the libpng simplified API incorrectly processed
palette PNG images with partial transparency and gamma correction. If a
user or automated system were tricked into opening a specially crafted PNG
file, an attacker could use this issue to cause libpng to crash, resulting
in a denial of service. (CVE-2025-66293)
Petr Simecek, Stanislav Fort and Pavel Kohout discovered that the libpng
simplified API incorrectly processed interlaced 16-bit PNGs with 8-bit
output format and non-minimal row strides. If a user or automated system
were tricked into opening a specially crafted PNG file, an attacker could
use this issue to cause libpng to crash, resulting in a denial of service.
(CVE-2026-22695)
Cosmin Truta discovered that the libpng simplified API incorrectly handled
invalid row strides. If a user or automated system were tricked into
opening a specially crafted PNG file, an attacker could use this issue to
cause libpng to crash, resulting in a denial of service. (CVE-2026-22801)
2 weeks 5 days ago
It was discovered that cpp-httplib did not correctly handle HTTP headers.
A remote attacker could possibly use this issue to bypass authorization
and impersonate users.
2 weeks 5 days ago
FEDORA-2026-f6fadfed32
Packages in this update:
Update description:
Resolve CVE-2025-14242
2 weeks 5 days ago
FEDORA-2026-67442bdd84
Packages in this update:
Update description:
Resolve CVE-2025-14242
2 weeks 5 days ago
It was discovered that Erlang incorrectly validated peer certificates
when incorrect extended key usage was presented. A remote attacker could
possibly use this issue to bypass SSL key usage restrictions.
2 weeks 5 days ago
FEDORA-2026-bac983cf83
Packages in this update:
Update description:
Backport security fix for CVE-2026-22693 (fix RHBZ#2429278)
2 weeks 5 days ago
FEDORA-2026-b38fe572ef
Packages in this update:
Update description:
Backport security fix for CVE-2026-22693 (fix RHBZ#2429288)
2 weeks 5 days ago
FEDORA-2026-9af71a53ce
Packages in this update:
Update description:
Update to 1.59.0
2 weeks 6 days ago
FEDORA-EPEL-2026-cf3b9d64bd
Packages in this update:
Update description:
Update to 1.72.1
2 weeks 6 days ago
FEDORA-2026-a193f1698f
Packages in this update:
Update description:
Update to 3.20.2
2 weeks 6 days ago
FEDORA-2026-79f923d917
Packages in this update:
Update description:
Update to 3.20.2
2 weeks 6 days ago
It was discovered that Rack incorrectly handled certain query parameters.
An attacker could possibly use this issue to cause a limited denial of
service. This issue was only addressed in Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2025-59830)
It was discovered that Rack did not properly handle certain multipart
form data. An attacker could possibly use this issue to cause memory
exhaustion, leading to a denial of service. This issue was only addressed
in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10.
(CVE-2025-61770, CVE-2025-61772)
It was discovered that Rack did not properly handle certain form fields.
An attacker could possibly use this issue to cause memory exhaustion,
leading to a denial of service. This issue was only addressed in Ubuntu
22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-61771)
It was discovered that Rack did not properly handle certain headers. An
attacker could possibly use this issue to bypass proxy access
restrictions and obtain sensitive information. (CVE-2025-61780)
Tomoya Yamashita discovered that Rack did not properly manage memory
under certain circumstances. An attacker could possibly use this issue to
cause memory exhaustion, leading to a denial of service. This issue was
only addressed in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS
and Ubuntu 25.10. (CVE-2025-61919)
2 weeks 6 days ago
FEDORA-2026-7069f6c1c8
Packages in this update:
Update description:
Backport fix for CVE-2025-11277.
