Aggregator

FEDORA-2026-2b07c67f06 Packages in this update:

• linux-firmware-20260519-1.fc44

Update description:

Update to 20260519:

• ASoC: tas2783: Add Firmware files for tas2783A projects
• add firmware for MT7927 WiFi device
• Add HP ISH firmware for Intel Panther Lake systems
• ti: Add PCM6240 firmware with multiple audio profiles support
• qcom: add CDSP firmware for shikra platform
• amdgpu: updates for various ASICs
• qcom: update ADSP firmware for x1e80100 platform
• qcom: Add cdsp1r.jsn for sa8775p platform
• Add firmware for Lontium LT9611C
• xe: Update GUC to v70.65.0 for LNL, BMG, PTL
• rtl_bt: Add missing rtl8761a_config.bin for RTL8761AU
• Add Dell ISH firmware 581.7783.0 for Intel Panther Lake systems.
• qcom: update ADSP firmware for x1e80100 platform
• linux-firmware:Add firmware for Lontium LT7911EXC bridge
• qcom/x1e80100/dell: mark that qcom/NOTICE.txt is applicable too
• qcom: Update CDSP firmware for Kaanapali platform
• qcom: vpu: add Gen2 firmware binary for Agatti
• amdgpu: DMCUB updates for various ASICs
• Add firmware file for Intel BlazarIGfp2/BlazarIW/ScorpiusGfp2
• Update firmware file for Intel BlazarI/BlazarU/BlazarU-HrPGfP/Scorpius core
• qcom: Update ADSP firmware for Glymur platform
• mediatek MT7925: update bluetooth firmware to 20260414153243
• update firmware for MT7925 WiFi device
• Revert "Update firmware file for Intel Quasar core"
• qcom: Add gpdspr.jsn for qcs8300 platform
• ath12k: QCC2072 hw1.0: add to WLAN.COL.1.0.c2-00074-QCACOLSWPL_V1_TO_SILICONZ-1
• ath12k: QCC2072 hw1.0: add board-2.bin
• ath12k: IPQ5424 hw1.0: add to WLAN.WBE.1.6-01275-QCAHKSWPL_SILICONZ-1
• ath12k: IPQ5424 hw1.0: add board-2.bin
• qcom: Update ADSP firmware for Kaanapali platform
• cirrus: cs35l56: Add firmware for Cirrus Amps for some Lenovo laptops (17aa235c 17aa235d)
• QCA: Update Bluetooth WCN6856 firmware 2.1.0-00665 to 2.1.0-00666
• amdgpu: DMCUB updates for DCN36
• Update AMD cpu microcode
• powervr: update Imagination Rogue firmware images
• qcom: Update ADSP firmware for Kaanapali platform
• i915: Xe3LPD DMC v2.34
• i915: Xe3LPD_3002 DMC v2.29
• qcom: Update ADSP firmware for QCM6490 platform
• firmware/amdgpu: Update DMCUB fw to Release 0.1.55.0
• mediatek: vpu: drop old sym link

FEDORA-2026-49dc95b509 Packages in this update:

• evince-48.1-2.fc42

Update description:

Fix command injection CVE-2026-46529

FEDORA-2026-aea94fcc1c Packages in this update:

• evince-48.1-5.fc44

Update description:

Fix command injection CVE-2026-46529

FEDORA-2026-d29bd1ad07 Packages in this update:

• evince-48.1-2.fc43

Update description:

Fix command injection CVE-2026-46529

It was discovered that Highlight.js used plain JavaScript objects for internal language name lookups, making them susceptible to prototype pollution attacks. An attacker could use this to cause a denial of service or unexpected application behaviour.

FEDORA-2026-93281f2f96 Packages in this update:

• rrdtool-1.9.0-8.fc42

Update description:

This is an update backporting some safety checks from the rrdtool-1.10.0.

FEDORA-2026-111ad9560f Packages in this update:

• rrdtool-1.9.0-8.fc43

Update description:

This is an update backporting some safety checks from the rrdtool-1.10.0.

FEDORA-2026-87a8048005 Packages in this update:

• rrdtool-1.9.0-11.fc44

Update description:

This is an update backporting some safety checks from the rrdtool-1.10.0.

FEDORA-2026-37298d3095 Packages in this update:

• libsoup3-3.6.6-3.fc43

Update description:

Patch for CVE-2026-5119

FEDORA-EPEL-2026-f6cbd2d252 Packages in this update:

• rust-astral_async_http_range_reader-0.11.0-2.el10_3
• rust-astral_async_zip-0.0.18~rc4-2.el10_3
• rust-astral-tokio-tar-0.6.2-1.el10_3
• uv-0.11.15-1.el10_3

Update description:

Update uv to 0.11.5, fixing GHSA-3cv2-h65g-fgmm and GHSA-4gg8-gxpx-9rph.

FEDORA-2026-f8487121bd Packages in this update:

• python-uv-build-0.11.15-1.fc43
• rust-astral_async_http_range_reader-0.11.0-2.fc43
• rust-astral_async_zip-0.0.18~rc4-2.fc43
• rust-astral-tokio-tar-0.6.2-1.fc43
• uv-0.11.15-1.fc43

Update description:

Update uv and python-uv-build to 0.11.5, fixing GHSA-3cv2-h65g-fgmm and GHSA-4gg8-gxpx-9rph.

FEDORA-2026-0b1aaac651 Packages in this update:

• python-uv-build-0.11.15-1.fc44
• rust-astral_async_http_range_reader-0.11.0-2.fc44
• rust-astral_async_zip-0.0.18~rc4-2.fc44
• rust-astral-tokio-tar-0.6.2-1.fc44
• uv-0.11.15-1.fc44

Update description:

Update uv and python-uv-build to 0.11.5, fixing GHSA-3cv2-h65g-fgmm and GHSA-4gg8-gxpx-9rph.

FEDORA-2026-588c639071 Packages in this update:

• python-uv-build-0.11.15-1.fc45
• rust-astral_async_http_range_reader-0.11.0-2.fc45
• rust-astral_async_zip-0.0.18~rc4-2.fc45
• uv-0.11.15-1.fc45

Update description:

Update uv and python-uv-build to 0.11.5, fixing ee GHSA-3cv2-h65g-fgmm and GHSA-4gg8-gxpx-9rph.

FEDORA-2026-63ab4e8283 Packages in this update:

• perl-Imager-1.031-1.fc44

Update description:

Imager 1.031 - GIF: fix a heap buffer overflow with attacker controlled data CVE-2026-8454 Imager 1.030 - addtag(): store non-"int" numbers as strings - addtag: improve the regexp used to decide if a value can be stored as an int. - API: i_tags_get_int() - now fails if the value is stored as a string and is out of range for an int.

Version:next-20260519 (linux-next) Released:2026-05-19

Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-2640) Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-32629) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU drivers; - HID subsystem; - Intel Trace Hub HW tracing drivers; - IIO ADC drivers; - IRQ chip drivers; - Modular ISDN driver; - LED subsystem; - UACCE accelerator framework; - Ethernet bonding driver; - Network drivers; - STMicroelectronics network drivers; - Ethernet team driver; - NVME drivers; - PHY drivers; - SLIMbus drivers; - W1 Dallas's 1-wire bus driver; - Xen hypervisor drivers; - BTRFS file system; - Ext4 file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NTFS3 file system; - SMB network file system; - NFC subsystem; - BPF subsystem; - IRQ subsystem; - Memory management; - Bluetooth subsystem; - CAN network layer; - Networking core; - IPv4 networking; - IPv6 networking; - L2TP protocol; - NET/ROM layer; - Network traffic control; - SCTP protocol; - TLS protocol; - XFRM subsystem; - Creative Sound Blaster X-Fi driver; - USB sound devices; (CVE-2023-53421, CVE-2023-53520, CVE-2023-53662, CVE-2023-54207, CVE-2025-38057, CVE-2025-38125, CVE-2025-38232, CVE-2025-38408, CVE-2025-38591, CVE-2025-40149, CVE-2025-40164, CVE-2025-68211, CVE-2025-68340, CVE-2025-68365, CVE-2025-68725, CVE-2025-68817, CVE-2025-71162, CVE-2025-71163, CVE-2025-71185, CVE-2025-71186, CVE-2025-71188, CVE-2025-71190, CVE-2025-71191, CVE-2025-71194, CVE-2025-71196, CVE-2025-71197, CVE-2025-71199, CVE-2026-22997, CVE-2026-22998, CVE-2026-22999, CVE-2026-23001, CVE-2026-23003, CVE-2026-23011, CVE-2026-23026, CVE-2026-23033, CVE-2026-23037, CVE-2026-23038, CVE-2026-23049, CVE-2026-23056, CVE-2026-23058, CVE-2026-23061, CVE-2026-23063, CVE-2026-23064, CVE-2026-23071, CVE-2026-23073, CVE-2026-23075, CVE-2026-23076, CVE-2026-23078, CVE-2026-23080, CVE-2026-23083, CVE-2026-23084, CVE-2026-23085, CVE-2026-23087, CVE-2026-23089, CVE-2026-23090, CVE-2026-23091, CVE-2026-23093, CVE-2026-23095, CVE-2026-23096, CVE-2026-23097, CVE-2026-23098, CVE-2026-23099, CVE-2026-23101, CVE-2026-23103, CVE-2026-23105, CVE-2026-23108, CVE-2026-23112, CVE-2026-23119, CVE-2026-23120, CVE-2026-23121, CVE-2026-23124, CVE-2026-23125, CVE-2026-23128, CVE-2026-23133, CVE-2026-23145, CVE-2026-23146, CVE-2026-23150, CVE-2026-23164, CVE-2026-23167, CVE-2026-23170, CVE-2026-23209, CVE-2026-23273)

Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-2640) Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-32629) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - NVME drivers; (CVE-2026-23112, CVE-2026-23273)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - NVME drivers; - Netfilter; (CVE-2026-23112, CVE-2026-23231, CVE-2026-23273)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - BTRFS file system; - Sun RPC protocol; - XFRM subsystem; (CVE-2022-49033, CVE-2024-27388, CVE-2024-49938, CVE-2024-50008, CVE-2024-50142)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - NVME drivers; - IPv4 networking; (CVE-2024-50304, CVE-2026-23112, CVE-2026-23209)