Aggregator

openssh-10.2p1-13.fc44

4 hours 2 minutes ago
FEDORA-2026-c9d8542bb3 Packages in this update:
  • openssh-10.2p1-13.fc44
Update description:
  • CVE-2026-59996: Fix remote glob result of ".." causing files to be placed in unintended parent directories when scp performs remote-to-remote copy via the local host
  • CVE-2026-60002: Fix use-after-free in cached hostkey during key re-exchange

openssh-10.0p1-11.fc43

4 hours 2 minutes ago
FEDORA-2026-169fd93089 Packages in this update:
  • openssh-10.0p1-11.fc43
Update description:
  • CVE-2026-59996: Fix remote glob result of ".." causing files to be placed in unintended parent directories when scp performs remote-to-remote copy via the local host
  • CVE-2026-60002: Fix use-after-free in cached hostkey during key re-exchange

moby-engine-29.6.2-1.fc43

4 hours 56 minutes ago
FEDORA-2026-64ca3441c3 Packages in this update:
  • moby-engine-29.6.2-1.fc43
Update description:
  • Update to release v29.6.2
  • Resolves: rhbz#2496437
  • Upstream security fixes
    • GHSA-hw3h-2gp9-cxpv
    • GHSA-qx3x-mv6r-52p6
    • GHSA-32pv-7hq5-qhwq
    • GHSA-g2h8-426c-7976
    • GHSA-388v-wmr2-g2v2

USN-8490-2: Linux kernel (Real-time) vulnerabilities

8 hours 30 minutes ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; - STMicroelectronics network drivers; - Network drivers; - NVME drivers; - SCSI subsystem; - USB over IP driver; - File systems infrastructure; - Ext4 file system; - Network file system (NFS) server daemon; - SMB network file system; - Kernel thread helper (kthread); - IPv6 networking; - Tracing infrastructure; - Kernel exit() syscall; - Scatterlist API; - B.A.T.M.A.N. meshing protocol; - Ethernet bridge; - Ceph Core library; - IPv4 networking; - Multipath TCP; - Netfilter; - RxRPC session sockets; - SMC sockets; - X.25 network layer; (CVE-2026-22984, CVE-2026-23272, CVE-2026-23278, CVE-2026-23392, CVE-2026-23427, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455, CVE-2026-31402, CVE-2026-31418, CVE-2026-31436, CVE-2026-31448, CVE-2026-31478, CVE-2026-31607, CVE-2026-31635, CVE-2026-31637, CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668, CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-31718, CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071, CVE-2026-43083, CVE-2026-43114, CVE-2026-43117, CVE-2026-43125, CVE-2026-43186, CVE-2026-43197, CVE-2026-43304, CVE-2026-43341, CVE-2026-43376, CVE-2026-43378, CVE-2026-43383, CVE-2026-43384, CVE-2026-43402, CVE-2026-43406, CVE-2026-43407, CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45898, CVE-2026-45988, CVE-2026-46039, CVE-2026-46043, CVE-2026-46115, CVE-2026-46119, CVE-2026-46135, CVE-2026-46185, CVE-2026-46195, CVE-2026-46243, CVE-2026-46244, CVE-2026-46266, CVE-2026-46289, CVE-2026-46316, CVE-2026-46325)

USN-8490-1: Linux kernel vulnerabilities

8 hours 33 minutes ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; - STMicroelectronics network drivers; - Network drivers; - NVME drivers; - SCSI subsystem; - USB over IP driver; - File systems infrastructure; - Ext4 file system; - Network file system (NFS) server daemon; - SMB network file system; - Kernel thread helper (kthread); - IPv6 networking; - Tracing infrastructure; - Kernel exit() syscall; - Scatterlist API; - B.A.T.M.A.N. meshing protocol; - Ethernet bridge; - Ceph Core library; - IPv4 networking; - Multipath TCP; - Netfilter; - RxRPC session sockets; - SMC sockets; - X.25 network layer; (CVE-2026-22984, CVE-2026-23272, CVE-2026-23278, CVE-2026-23392, CVE-2026-23427, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455, CVE-2026-31402, CVE-2026-31418, CVE-2026-31436, CVE-2026-31448, CVE-2026-31478, CVE-2026-31607, CVE-2026-31635, CVE-2026-31637, CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668, CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-31718, CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071, CVE-2026-43083, CVE-2026-43114, CVE-2026-43117, CVE-2026-43125, CVE-2026-43186, CVE-2026-43197, CVE-2026-43304, CVE-2026-43341, CVE-2026-43376, CVE-2026-43378, CVE-2026-43383, CVE-2026-43384, CVE-2026-43402, CVE-2026-43406, CVE-2026-43407, CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45898, CVE-2026-45988, CVE-2026-46039, CVE-2026-46043, CVE-2026-46115, CVE-2026-46119, CVE-2026-46135, CVE-2026-46185, CVE-2026-46195, CVE-2026-46243, CVE-2026-46244, CVE-2026-46266, CVE-2026-46289, CVE-2026-46316, CVE-2026-46325)

chromium-150.0.7871.124-1.el10_3

11 hours 21 minutes ago
FEDORA-EPEL-2026-012b021e70 Packages in this update:
  • chromium-150.0.7871.124-1.el10_3
Update description:

Update to 150.0.7871.124

* CVE-2026-15764: Use after free in Ozone * CVE-2026-15765: Use after free in Ozone * CVE-2026-15766: Uninitialized Use in Skia * CVE-2026-15767: Heap buffer overflow in libyuv * CVE-2026-15768: Insufficient policy enforcement in HTML-in-Canvas * CVE-2026-15769: Insufficient validation of untrusted input in Linux Toolkit Theming * CVE-2026-15770: Uninitialized Use in V8 * CVE-2026-15771: Insufficient validation of untrusted input in Media * CVE-2026-15772: Use after free in GPU * CVE-2026-15773: Use after free in Core * CVE-2026-15774: Use after free in Skia * CVE-2026-15775: Insufficient policy enforcement in V8 * CVE-2026-15776: Type Confusion in V8 * CVE-2026-15777: Use after free in UI * CVE-2026-15778: Insufficient validation of untrusted input in Navigation

chromium-150.0.7871.124-1.el10_2

11 hours 21 minutes ago
FEDORA-EPEL-2026-3bd3da0297 Packages in this update:
  • chromium-150.0.7871.124-1.el10_2
Update description:

Update to 150.0.7871.124

* CVE-2026-15764: Use after free in Ozone * CVE-2026-15765: Use after free in Ozone * CVE-2026-15766: Uninitialized Use in Skia * CVE-2026-15767: Heap buffer overflow in libyuv * CVE-2026-15768: Insufficient policy enforcement in HTML-in-Canvas * CVE-2026-15769: Insufficient validation of untrusted input in Linux Toolkit Theming * CVE-2026-15770: Uninitialized Use in V8 * CVE-2026-15771: Insufficient validation of untrusted input in Media * CVE-2026-15772: Use after free in GPU * CVE-2026-15773: Use after free in Core * CVE-2026-15774: Use after free in Skia * CVE-2026-15775: Insufficient policy enforcement in V8 * CVE-2026-15776: Type Confusion in V8 * CVE-2026-15777: Use after free in UI * CVE-2026-15778: Insufficient validation of untrusted input in Navigation

chromium-150.0.7871.124-1.fc43

11 hours 21 minutes ago
FEDORA-2026-32e3e23696 Packages in this update:
  • chromium-150.0.7871.124-1.fc43
Update description:

Update to 150.0.7871.124

* CVE-2026-15764: Use after free in Ozone * CVE-2026-15765: Use after free in Ozone * CVE-2026-15766: Uninitialized Use in Skia * CVE-2026-15767: Heap buffer overflow in libyuv * CVE-2026-15768: Insufficient policy enforcement in HTML-in-Canvas * CVE-2026-15769: Insufficient validation of untrusted input in Linux Toolkit Theming * CVE-2026-15770: Uninitialized Use in V8 * CVE-2026-15771: Insufficient validation of untrusted input in Media * CVE-2026-15772: Use after free in GPU * CVE-2026-15773: Use after free in Core * CVE-2026-15774: Use after free in Skia * CVE-2026-15775: Insufficient policy enforcement in V8 * CVE-2026-15776: Type Confusion in V8 * CVE-2026-15777: Use after free in UI * CVE-2026-15778: Insufficient validation of untrusted input in Navigation

chromium-150.0.7871.124-1.el9

11 hours 21 minutes ago
FEDORA-EPEL-2026-72397f334b Packages in this update:
  • chromium-150.0.7871.124-1.el9
Update description:

Update to 150.0.7871.124

* CVE-2026-15764: Use after free in Ozone * CVE-2026-15765: Use after free in Ozone * CVE-2026-15766: Uninitialized Use in Skia * CVE-2026-15767: Heap buffer overflow in libyuv * CVE-2026-15768: Insufficient policy enforcement in HTML-in-Canvas * CVE-2026-15769: Insufficient validation of untrusted input in Linux Toolkit Theming * CVE-2026-15770: Uninitialized Use in V8 * CVE-2026-15771: Insufficient validation of untrusted input in Media * CVE-2026-15772: Use after free in GPU * CVE-2026-15773: Use after free in Core * CVE-2026-15774: Use after free in Skia * CVE-2026-15775: Insufficient policy enforcement in V8 * CVE-2026-15776: Type Confusion in V8 * CVE-2026-15777: Use after free in UI * CVE-2026-15778: Insufficient validation of untrusted input in Navigation

chromium-150.0.7871.124-1.fc44

11 hours 21 minutes ago
FEDORA-2026-7437330b17 Packages in this update:
  • chromium-150.0.7871.124-1.fc44
Update description:

Update to 150.0.7871.124

* CVE-2026-15764: Use after free in Ozone * CVE-2026-15765: Use after free in Ozone * CVE-2026-15766: Uninitialized Use in Skia * CVE-2026-15767: Heap buffer overflow in libyuv * CVE-2026-15768: Insufficient policy enforcement in HTML-in-Canvas * CVE-2026-15769: Insufficient validation of untrusted input in Linux Toolkit Theming * CVE-2026-15770: Uninitialized Use in V8 * CVE-2026-15771: Insufficient validation of untrusted input in Media * CVE-2026-15772: Use after free in GPU * CVE-2026-15773: Use after free in Core * CVE-2026-15774: Use after free in Skia * CVE-2026-15775: Insufficient policy enforcement in V8 * CVE-2026-15776: Type Confusion in V8 * CVE-2026-15777: Use after free in UI * CVE-2026-15778: Insufficient validation of untrusted input in Navigation

moby-engine-29.6.2-1.fc44

14 hours 31 minutes ago
FEDORA-2026-70a4eeeab8 Packages in this update:
  • moby-engine-29.6.2-1.fc44
Update description:
  • Update to release v29.6.2
  • Resolves: rhbz#2496437
  • Upstream security fixes
    • GHSA-hw3h-2gp9-cxpv
    • GHSA-qx3x-mv6r-52p6
    • GHSA-32pv-7hq5-qhwq
    • GHSA-g2h8-426c-7976
    • GHSA-388v-wmr2-g2v2

python-django5-5.2.16-1.fc43

20 hours 22 minutes ago
FEDORA-2026-fbb9501b22 Packages in this update:
  • python-django5-5.2.16-1.fc43
Update description:

Update python-django5 to version 5.2.16

Fixes three low-severity CVEs

  • CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response
  • CVE-2026-53877: Heap buffer over-read in GDALRaster
  • CVE-2026-53878: Header injection possibility since DomainNameValidator accepted newlines in input