Aggregator

FEDORA-2026-3b0e5b457d Packages in this update:

• cpp-httplib-0.30.1-5.fc42

Update description:

https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-h934-98h4-j43q

FEDORA-2026-e50e41fcea Packages in this update:

• cpp-httplib-0.30.1-5.fc43

Update description: Update to 0.30.1

• Denial of service (DOS) using zip bomb (CVE-2026-22776)
• CRLF injection in http headers (CVE-2026-21428)
• Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust (CVE-2025-66577)

https://github.com/yhirose/cpp-httplib/releases/tag/v0.30.1

USN-7927-1 fixed vulnerabilities in urllib3. The update for CVE-2025-66471 introduced a regression in urllib3 when decompressing zstd data. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Illia Volochii discovered that urllib3 did not limit the steps in a decompression chain. An attacker could possibly use this issue to cause urllib3 to use excessive resources, causing a denial of service. (CVE-2025-66418) Rui Xi discovered that urllib3 incorrectly handled highly compressed data. An attacker could possibly use this issue to cause urllib3 to use excessive resources, causing a denial of service. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-66471) For the brotli encoding, the fix for CVE-2025-66471 requires an additional security update in the brotli package.

FEDORA-2026-de370822e0 Packages in this update:

• firefox-147.0-1.fc43

Update description:

• New upstream release (147.0)

FEDORA-2026-0136a5ab4e Packages in this update:

• firefox-147.0-1.fc42

Update description:

• New upstream release (147.0)

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

FEDORA-2026-009cb3c02a Packages in this update:

• mingw-python3-3.11.14-5.fc43

Update description:

Backport proposed fix for CVE-2025-13836.

FEDORA-2026-01a62f2cfd Packages in this update:

• mingw-python3-3.11.14-5.fc42

Update description:

Backport proposed fix for CVE-2025-13836.

FEDORA-2026-00347cea5e Packages in this update:

• mingw-libxslt-1.1.43-4.fc42

Update description:

Backport fix for CVE-2025-11731 and proposed fix for CVE-2025-10911

FEDORA-2026-84be018d47 Packages in this update:

• mingw-libxslt-1.1.43-4.fc43

Update description:

Backport fix for CVE-2025-11731 and proposed fix for CVE-2025-10911

FEDORA-2026-4ed69f3065 Packages in this update:

• mingw-libtasn1-4.21.0-1.fc42

Update description:

Update to 4.21.0, fixes CVE-2025-13151.

FEDORA-2026-0dfbd2a5e2 Packages in this update:

• mingw-libtasn1-4.21.0-1.fc43

Update description:

Update to 4.21.0, fixes CVE-2025-13151.

FEDORA-2026-f677c523ec Packages in this update:

• mariadb11.8-11.8.5-1.fc42

Update description:

MariaDB 11.8.5

Release notes: https://mariadb.com/docs/release-notes/community-server/11.8/11.8.5

FEDORA-2026-297c251448 Packages in this update:

• mariadb11.8-11.8.5-1.fc43

Update description:

MariaDB 11.8.5

Release notes: https://mariadb.com/docs/release-notes/community-server/11.8/11.8.5

Jakub Ciolek discovered that the Go Cryptography module included in Google Guest Agent did not validate GSSAPI authentication requests during SSH operations. An attacker could possibly use this issue to cause a denial of service.

Version:next-20260113 (linux-next) Released:2026-01-13

FEDORA-EPEL-2026-0917b799fe Packages in this update:

• libicu67-67.1-10.1.el10_2

Update description:

Backport upstream fix for CVE-2025-5222.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - InfiniBand drivers; - Media drivers; - Network drivers; - Pin controllers subsystem; - AFS file system; - F2FS file system; - Tracing infrastructure; - Memory management; - Appletalk network protocol; - Netfilter; (CVE-2022-49026, CVE-2022-49390, CVE-2024-47691, CVE-2024-49935, CVE-2024-50067, CVE-2024-50095, CVE-2024-50196, CVE-2024-53090, CVE-2024-53218, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018)

USN-7927-1 fixed vulnerabilities in urllib3. The update for CVE-2025-66471 introduced a regression in the zstd decompression component inside urllib3. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Illia Volochii discovered that urllib3 did not limit the steps in a decompression chain. An attacker could possibly use this issue to cause urllib3 to use excessive resources, causing a denial of service. (CVE-2025-66418) Rui Xi discovered that urllib3 incorrectly handled highly compressed data. An attacker could possibly use this issue to cause urllib3 to use excessive resources, causing a denial of service. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-66471) For the brotli encoding, the fix for CVE-2025-66471 requires an additional security update in the brotli package.

It was discovered that urllib3 incorrectly handled decompression during HTTP redirects. An attacker could possibly use this issue to cause urllib3 to use excessive resources, causing a denial of service.