Aggregator

perl-Archive-Tar-3.04-522.fc43

8 hours 18 minutes ago
FEDORA-2026-6988e8f652 Packages in this update:
  • perl-Archive-Tar-3.04-522.fc43
Update description:

Fixed CVE-2026-42496 - Path traversal via crafted symlinks allows arbitrary file access Backported from 3.08

USN-8344-3: pip vulnerability

10 hours 59 minutes ago
USN-8344-1 introduced a regression in pip. This update provides a complete fix for this issue.. We apologize for the inconvenience. Original advisory details: It was discovered that pip's bundled urllib3 library improperly handled streaming decompression of highly compressed data. A remote attacker could possibly use this issue to cause pip to consume excessive resources, leading to a denial of service. (CVE-2025-66471)

USN-8363-2: MySQL vulnerabilities

12 hours 32 minutes ago
USN-8363-1 fixed several vulnerabilities in MySQL. This update provides the corresponding fixes for MySQL on Ubuntu 20.04 LTS. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.46 in Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. Ubuntu 25.10 and Ubuntu 26.04 LTS have been updated to MySQL 8.4.9. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-46.html https://dev.mysql.com/doc/relnotes/mysql/8.4/en/news-8-4-9.html https://www.oracle.com/security-alerts/cpuapr2026.html

USN-8375-1: nginx vulnerabilities

13 hours 4 minutes ago
It was discovered that the nginx ngx_mail_smtp_module module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sent to the authentication server. (CVE-2025-53859) It was discovered that nginx incorrectly handled proxying to upstream TLS servers. An attacker could possibly use this issue to insert plain text data into the response from an upstream proxied server. (CVE-2026-1642) It was discovered that the nginx ngx_mail_auth_http_module module incorrectly handled certain requests. An attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. (CVE-2026-27651) It was discovered that the nginx ngx_http_dav_module module incorrectly handled certain destination URIs. An attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly modify source or destination names outside of the document root. (CVE-2026-27654) It was discovered that the nginx ngx_http_mp4_module module incorrectly handled certain MP4 files. An attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-27784, CVE-2026-32647) It was discovered that the nginx ngx_mail_smtp_module module incorrectly handled certain CRLF sequences. An attacker could possibly use this issue to inject arbitrary SMTP headers. (CVE-2026-28753) It was discovered that nginx contained a use-after-free vulnerability in the ngx_http_ssl_module module when client certificate verification and OCSP validation were enabled. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly modify data in memory. (CVE-2026-40701) It was discovered that nginx did not properly handle certain proxied responses in the ngx_http_charset_module module. A remote attacker could possibly use this issue to obtain sensitive information or cause nginx to crash, resulting in a denial of service. (CVE-2026-42934) It was discovered that the nginx ngx_http_rewrite_module component incorrectly handled certain rewrite directives. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-42945) It was discovered that nginx did not properly process certain SCGI and uWSGI responses. An attacker able to perform a machine-in-the-middle attack could possibly use this issue to obtain sensitive information or cause nginx to crash, resulting in a denial of service. (CVE-2026-42946) It was discovered that nginx incorrectly handled certain rewrite rules in the ngx_http_rewrite_module module. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-9256)

USN-8348-1: GoBGP vulnerabilities

15 hours 25 minutes ago
It was discovered that GoBGP incorrectly handled certain specially crafted BGP UPDATE messages. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. (CVE-2026-37461) Yanlei Wang discovered that GoBGP incorrectly handled certain malformed BGP UPDATE messages containing 4-byte AS attributes. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. (CVE-2026-41643) It was discovered that GoBGP incorrectly handled certain malformed BGP UPDATE messages containing SRv6 L3 Service attributes. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. (CVE-2026-7734) It was discovered that GoBGP incorrectly handled certain malformed BGP UPDATE messages containing Accumulated IGP (AIGP) attributes. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. (CVE-2026-7735) It was discovered that GoBGP incorrectly handled certain malformed Multi- threaded Routing Toolkit (MRT) routing information entries. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. (CVE-2026-7736) It was discovered that GoBGP incorrectly handled certain malformed Multi- threaded Routing Toolkit (MRT) headers. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. (CVE-2026-7737)