Aggregator

FEDORA-2026-e0e9d0d54a Packages in this update:

• apt-3.1.15-2.fc42
• python-apt-3.1.0-1.fc42

Update description:

Update to latest upstream release apt 3.1.15 and python-apt 3.1.0, also fix a security issue in python-apt

Update to latest upstream release apt 3.1.15

FEDORA-2026-1c47e433df Packages in this update:

• apt-3.1.15-2.fc43
• python-apt-3.1.0-1.fc43

Update description:

Update to latest upstream release apt 3.1.15 and python-apt 3.1.0

Update to latest upstream release apt 3.1.15, also fix build problem with previous release

Version:6.19.2 (stable) Released:2026-02-16 Source:linux-6.19.2.tar.xz PGP Signature:linux-6.19.2.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.19.2

Version:6.18.12 (stable) Released:2026-02-16 Source:linux-6.18.12.tar.xz PGP Signature:linux-6.18.12.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.18.12

Version:6.12.73 (longterm) Released:2026-02-16 Source:linux-6.12.73.tar.xz PGP Signature:linux-6.12.73.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.73

Version:6.6.126 (longterm) Released:2026-02-16 Source:linux-6.6.126.tar.xz PGP Signature:linux-6.6.126.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.126

Version:next-20260216 (linux-next) Released:2026-02-16

It was discovered that alsa-lib incorrectly handled the topology mixer control decoder. A local attacker could use a specially crafted topology file to cause alsa-lib to crash, resulting in a denial of service, or possibly execute arbitrary code.

FEDORA-2026-6b5abf91a9 Packages in this update:

• thunderbird-147.0-2.fc43

Update description:

Update to latest upstream version.

FEDORA-2026-6ca1769cc2 Packages in this update:

• thunderbird-147.0-6.fc42

Update description:

Update to latest upstream version.

Tim Scheckenbach discovered that GnuTLS incorrectly handled malicious certificates containing a large number of name constraints and subject alternative names. A remote attacker could possibly use this issue to cause GnuTLS to consume resources, resulting in a denial of service. (CVE-2025-14831) Luigino Camastra discovered that GnuTLS incorrectly handled certain PKCS11 token labels. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2025-9820)

FEDORA-2026-de8c9d7b6f Packages in this update:

• rsync-3.4.1-5.fc42

Update description:

Updating tests

Fix for CVE-2025-10158

It was discovered that FreeRDP incorrectly handled memory under certain circumstances, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-23948) It was discovered that FreeRDP did not correctly validate the size of certain variables, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected FreeRDP3 in Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-24491) It was discovered that FreeRDP did not correctly validate the size of certain variables, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-24675, CVE-2026-24679, CVE-2026-24682) It was discovered that FreeRDP had a use after free vulnerability under certain circumstances. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2026-24676, CVE-2026-24681) It was discovered that FreeRDP did not correctly validate the size of certain variables, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 25.10. (CVE-2026-24677) It was discovered that FreeRDP had a use after free vulnerability under certain circumstances. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 25.10. (CVE-2026-24678) It was discovered that FreeRDP had a use after free vulnerability under certain circumstances. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected FreeRDP3 in Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-24680) It was discovered that FreeRDP had a use after free vulnerability under certain circumstances. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-24683, CVE-2026-24684)

Version:6.18.11 (stable) Released:2026-02-16 Source:linux-6.18.11.tar.xz PGP Signature:linux-6.18.11.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.18.11

Version:6.12.72 (longterm) Released:2026-02-16 Source:linux-6.12.72.tar.xz PGP Signature:linux-6.12.72.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.72

Version:6.6.125 (longterm) Released:2026-02-16 Source:linux-6.6.125.tar.xz PGP Signature:linux-6.6.125.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.125

Version:6.19.1 (stable) Released:2026-02-16 Source:linux-6.19.1.tar.xz PGP Signature:linux-6.19.1.tar.sign Patch:full ChangeLog:ChangeLog-6.19.1

USN-8022-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that Expat incorrectly handled the initialization of parsers for external entities. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-24515) It was discovered that Expat incorrectly handled integer calculations when allocating memory for XML tags. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-25210)

USN 8025-1 fixed a vulnerability in .NET. This update provides the corresponding fix for Ubuntu 24.04 LTS. Original advisory details: Kevin Jones discovered that the System.Security.Cryptography.Cose component in .NET did not properly handle certain missing special elements in input data. An attacker could possibly use this issue to bypass security checks and gain unauthorized access or perform data manipulation.