Aggregator

It was discovered that wlc did not correctly handle SSL verification. An attacker could possibly use this issue to access sensitive resources. (CVE-2026-22250) It was discovered that wlc did not correctly handle API keys. An attacker could possibly use this issue to leak API keys to a malicious server. (CVE-2026-22251)

Stanislav Fort, Petr Šimeček, and Hamza discovered that OpenSSL incorrectly validated PBMAC1 parameters when doing PKCS#12 MAC verification. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-11187) Stanislav Fort discovered that OpenSSL incorrectly parsed CMS AuthEnvelopedData messages. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-15467) Stanislav Fort discovered that OpenSSL incorrectly handled memory in the SSL_CIPHER_find() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-15468) Stanislav Fort discovered that the OpenSSL "openssl dgst" command line tool incorrectly truncated data to 16MB. An attacker could posibly use this issue to hide unauthenticated data beyond the 16MB limit. This issue only affected Ubuntu 25.10. (CVE-2025-15469) Tomas Dulka and Stanislav Fort discovered that OpenSSL incorrectly handled memory with TLS 1.3 connections using certificate compression. An attacker could possibly use this issue to consume resources, leading to a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-66199) Petr Simecek and Stanislav Fort discovered that OpenSSL incorrectly handled memory when writing large data into a BIO chain. An attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2025-68160) Stanislav Fort discovered that the OpenSSL OCB API could incorrectly leave final partial blocks unencrypted and unauthenticated. An attacker could possibly use this issue to read or tamper with the affected final bytes. (CVE-2025-69418) Stanislav Fort discovered that OpenSSL incorrectly handled the PKCS12_get_friendlyname() utf-8 conversion. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69419) Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in the TS_RESP_verify_response() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69420) Luigino Camastra discovered that OpenSSL incorrectly handled memory in the PKCS12_item_decrypt_d2i_ex function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69421) Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in PKCS#12 parsing. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-22795) Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in the PKCS7_digest_from_attributes() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-22796)

Version:next-20260127 (linux-next) Released:2026-01-27

FEDORA-2026-9bb4c555f1 Packages in this update:

• openssl-3.2.6-3.fc42

Update description:

Don't crash on parsing PKCS#12 without MAC Resolves: CVE-2025-11187 Resolves: CVE-2025-15467 Resolves: CVE-2025-69419

FEDORA-2026-5f7d0a5656 Packages in this update:

• openssl-3.5.4-2.fc43

Update description:

Resolves: CVE-2025-15467 Resolves: CVE-2025-15468 Resolves: CVE-2025-15469 Resolves: CVE-2025-66199 Resolves: CVE-2025-68160 Resolves: CVE-2025-69418 Resolves: CVE-2025-69420 Resolves: CVE-2025-69421 Resolves: CVE-2025-69419 Resolves: CVE-2026-22795 Resolves: CVE-2026-22796 Resolves: CVE-2025-11187

FEDORA-EPEL-2026-58d7d41403 Packages in this update:

• java-latest-openjdk-26.0.0.0.32-0.0.1.ea.el8

Update description:

January 2026 annual updates

FEDORA-EPEL-2026-5e00b7a772 Packages in this update:

• java-latest-openjdk-26.0.0.0.32-0.0.1.ea.el10_2
• java-latest-openjdk-portable-26.0.0.0.32-0.1.ea.rolling.el8

Update description:

January 2026 annual updates

FEDORA-EPEL-2026-a6d429d59c Packages in this update:

• java-latest-openjdk-26.0.0.0.32-0.0.1.ea.el9

Update description:

January 2026 annual updates

FEDORA-2026-5c70cd99f4 Packages in this update:

• java-21-openjdk-21.0.10.0.7-2.fc43
• java-25-openjdk-25.0.2.0.10-2.fc43
• java-latest-openjdk-26.0.0.0.32-0.0.1.ea.fc43

Update description:

January 2026 annual updates

January 2026 security update

FEDORA-2026-1ad57632f2 Packages in this update:

• java-21-openjdk-21.0.10.0.7-2.fc42
• java-25-openjdk-25.0.2.0.10-2.fc42
• java-latest-openjdk-26.0.0.0.32-0.0.1.ea.fc42

Update description:

January 2026 annual updates

January 2026 security update

FEDORA-EPEL-2026-5e2a143387 Packages in this update:

• python-python-multipart-0.0.22-1.el10_2

Update description:

Security fix for CVE-2026-24486 / GHSA-wp53-j4wj-2cfg.

0.0.22 (2026-01-25)

• Drop directory path from filename in File

FEDORA-EPEL-2026-a6032e771d Packages in this update:

• yarnpkg-1.22.22-16.el10_2

Update description:

Update vendor bundle, fixes CVE-2025-13465.

FEDORA-EPEL-2026-f542ecf2f3 Packages in this update:

• yarnpkg-1.22.22-16.el9

Update description:

Update vendor bundle, fixes CVE-2025-13465.

It was discovered that jaraco.context incorrectly handled certain zip file paths. An attacker could possibly use this issue to extract arbitrary files outside of the intented extraction directory.

FEDORA-2026-2809f801f3 Packages in this update:

• yarnpkg-1.22.22-16.fc42

Update description:

Regenerate vendor tarball. Fixes CVE-2025-13465.

FEDORA-2026-a75abb3f2b Packages in this update:

• yarnpkg-1.22.22-16.fc43

Update description:

Regenerate vendor tarball. Fixes CVE-2025-13465.

FEDORA-2026-3062e10d87 Packages in this update:

• pgadmin4-9.11-3.fc42

Update description:

Regenerate vendor tarball. Fixes CVE-2025-13465.

FEDORA-2026-4e47f4d911 Packages in this update:

• pgadmin4-9.11-3.fc43

Update description:

Regenerate vendor tarball. Fixes CVE-2025-13465.

FEDORA-2026-8c25940d05 Packages in this update:

• phpunit12-12.5.8-1.fc42

Update description: Version 12.5.8 - 2026-01-27 Changed

• To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs

Version 12.5.7 - 2026-01-24 Fixed

• #6362: Manually instantiated test doubles are broken since PHPUnit 11.2
• #6470: Infinite recursion in Count::getCountOf() for unusal implementations of Iterator or IteratorAggregate

Version 12.5.6 - 2026-01-16 Changed

• Reverted a change that caused a build failure for the PHP project's nightly community job

Version 12.5.5 - 2026-01-15 Deprecated

• #6461: any() matcher (soft deprecation)

Fixed

• #6470: Mocking a class with a property hook setter accepting more types than the property results in a fatal error

FEDORA-2026-470a48f838 Packages in this update:

• phpunit12-12.5.8-1.fc43

Update description: Version 12.5.8 - 2026-01-27 Changed

• To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs

Version 12.5.7 - 2026-01-24 Fixed

• #6362: Manually instantiated test doubles are broken since PHPUnit 11.2
• #6470: Infinite recursion in Count::getCountOf() for unusal implementations of Iterator or IteratorAggregate

Version 12.5.6 - 2026-01-16 Changed

• Reverted a change that caused a build failure for the PHP project's nightly community job

Version 12.5.5 - 2026-01-15 Deprecated

• #6461: any() matcher (soft deprecation)

Fixed

• #6470: Mocking a class with a property hook setter accepting more types than the property results in a fatal error