Aggregator

dotnet9.0-9.0.119-1.fc44

7 hours 31 minutes ago
FEDORA-2026-d6b061ad69 Packages in this update:
  • dotnet9.0-9.0.119-1.fc44
Update description:

Update to .NET SDK 9.0.119 and Runtime 9.0.18

Fixes: CVE-2026-47300,CVE-2026-47302,CVE-2026-47303,CVE-2026-47304,CVE-2026-50524,CVE-2026-50525,CVE-2026-50526,CVE-2026-50527,CVE-2026-50528,CVE-2026-50646,CVE-2026-50648,CVE-2026-50649,CVE-2026-50650,CVE-2026-50651,CVE-2026-50659,CVE-2026-56158,CVE-2026-57108

Release Notes:

dotnet9.0-9.0.119-1.fc43

7 hours 31 minutes ago
FEDORA-2026-3afd9d89f4 Packages in this update:
  • dotnet9.0-9.0.119-1.fc43
Update description:

Update to .NET SDK 9.0.119 and Runtime 9.0.18

Fixes: CVE-2026-47300,CVE-2026-47302,CVE-2026-47303,CVE-2026-47304,CVE-2026-50524,CVE-2026-50525,CVE-2026-50526,CVE-2026-50527,CVE-2026-50528,CVE-2026-50646,CVE-2026-50648,CVE-2026-50649,CVE-2026-50650,CVE-2026-50651,CVE-2026-50659,CVE-2026-56158,CVE-2026-57108

Release Notes:

USN-8553-1: .NET vulnerabilities

13 hours 1 minute ago
Artur Stetsko discovered that the .NET did not properly validate authentication data. An attacker could possibly use this issue to elevate privileges. (CVE-2026-47300) Levi Broderick discovered that .NET did not properly handle XML encryption during parsing. An attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. (CVE-2026-47302) Pham Quang Minh discovered that .NET did not properly parse authentication data. An attacker could possibly use this issue to bypass authentication and elevate privileges. (CVE-2026-47303) Levi Broderick discovered that .NET did not properly verify cryptographic signatures during XML encryption. An attacker could possibly use this issue to bypass security features over a network and access encrypted data. (CVE-2026-47304) It was discovered that .NET did not properly validate input during TLS handshakes. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. (CVE-2026-50524) Levi Broderick discovered that .NET did not properly handle resource allocation during XML encryption. An attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. (CVE-2026-50525) Siwei Li discovered that .NET did not properly handle link resolution before file access during the container image build process. A local attacker could possibly use this issue to inject resources that could be incorporated into container images built by other users on the same machine. (CVE-2026-50526) Levi Broderick discovered that .NET did not properly handle memory while performing XML encryption. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. (CVE-2026-50527) Henrique Pereira discovered that .NET did not properly handle authorization checks during TLS/SSL connections. An attacker could possibly use this issue to bypass authorization checks during secure communications. (CVE-2026-50528) It was discovered that .NET did not properly handle resource allocation during XML encryption. An attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. (CVE-2026-50648) Miha Zupan discovered that .NET did not properly limit resource allocation when handling HTTP/2 requests. An attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. (CVE-2026-50651) It was discovered that the .NET SMTP client did not properly handle the encoding or escaping of output. An attacker could possibly use this issue to spoof messages during message routing. (CVE-2026-50659) It was discovered that .NET did not properly validate resource types when parsing X.509 certificates. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. (CVE-2026-57108)

cryptlib-3.4.9.3-1.fc43

13 hours 19 minutes ago
FEDORA-2026-47575c76a5 Packages in this update:
  • cryptlib-3.4.9.3-1.fc43
Update description:

A third update after 3.4.9 to prepare for deprecation of obsolete algorithms and attributes in the upcoming 3.5 release.

cryptlib-3.4.9.3-1.fc44

13 hours 19 minutes ago
FEDORA-2026-e4349a03b1 Packages in this update:
  • cryptlib-3.4.9.3-1.fc44
Update description:

A third update after 3.4.9 to prepare for deprecation of obsolete algorithms and attributes in the upcoming 3.5 release.

USN-8551-1: Tomcat vulnerabilities

16 hours ago
It was discovered that Tomcat incorrectly handled authorization when multiple method constraints defined the same HTTP method. A remote attacker could possibly use this issue to bypass authorization restrictions. (CVE-2026-43515) It was discovered that the Tomcat number guess example application did not properly sanitize user-supplied input. An attacker could possibly use this issue to inject malicious scripts, resulting in cross-site scripting. (CVE-2026-50229) It was discovered that Tomcat incorrectly evaluated rewrite valve conditions in certain configurations. An attacker could possibly use this issue to bypass rewrite rules, resulting in unauthorized access. (CVE-2026-53404) It was discovered that Tomcat incorrectly omitted certain authorization information when logging the effective web.xml configuration. An attacker could possibly use this issue to hide authorization constraints, resulting in reduced auditability. (CVE-2026-55276)

USN-8549-1: idna vulnerability

16 hours 29 minutes ago
It was discovered that idna did not properly reject oversized inputs before performing expensive processing. An attacker could possibly use this issue to cause idna to consume significant resources, leading to a denial of service.

ruby-4.0.6-36.fc44

17 hours 44 minutes ago
FEDORA-2026-32d5a3d450 Packages in this update:
  • ruby-4.0.6-36.fc44
Update description:

Ruby 4.0.6 is released. This new ruby contains several security fixes in net-snmp.

USN-8548-1: Linux kernel vulnerabilities

18 hours 8 minutes ago
It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43503) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SCSI subsystem; - Thermal drivers; - USB over IP driver; - File systems infrastructure; - Ext4 file system; - Network file system (NFS) server daemon; - SMB network file system; - Tracing infrastructure; - B.A.T.M.A.N. meshing protocol; - Ceph Core library; - DCCP (Datagram Congestion Control Protocol); - IPv4 networking; - IPv6 networking; - Netfilter; - RxRPC session sockets; - X.25 network layer; (CVE-2021-47117, CVE-2021-47202, CVE-2023-52646, CVE-2024-56643, CVE-2026-23455, CVE-2026-31402, CVE-2026-31607, CVE-2026-31637, CVE-2026-31659, CVE-2026-31685, CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43383, CVE-2026-43407, CVE-2026-43414, CVE-2026-45988, CVE-2026-46119, CVE-2026-46243)