6 hours 18 minutes ago
FEDORA-2026-7fa12630d5
Packages in this update:
Update description:
fdf6afc update to 3.7b fixes rhbz#2498485
CHANGES FROM 3.7a TO 3.7b
- Fix so that the end of a synchronized update again triggers a redraw.
CHANGES FROM 3.7 TO 3.7a
-
Fix crash in break-pane when no name is provided.
-
Scrollbar options are now cached rather than being looked up for every redraw
(issue 5298).
-
Only forbid #( in names, allow #[, empty names, : and .
6 hours 18 minutes ago
FEDORA-2026-f5dd9fb83f
Packages in this update:
Update description:
fdf6afc update to 3.7b fixes rhbz#2498485
CHANGES FROM 3.7a TO 3.7b
- Fix so that the end of a synchronized update again triggers a redraw.
CHANGES FROM 3.7 TO 3.7a
-
Fix crash in break-pane when no name is provided.
-
Scrollbar options are now cached rather than being looked up for every redraw
(issue 5298).
-
Only forbid #( in names, allow #[, empty names, : and .
6 hours 54 minutes ago
Xianrui Dong discovered that libheif had an out-of-bounds read in its
HEIF sequence track parser. An attacker could possibly use this issue
to cause a denial of service or obtain sensitive information. This issue
only affected Ubuntu 26.04 LTS. (CVE-2026-47254)
Junyi Liu discovered that libheif had a null pointer dereference in its
image tiling interface. An attacker could possibly use this issue to
cause a denial of service. (CVE-2026-47709)
Calvin Young and Enoch Chow discovered that libheif had an integer
overflow in its inline mask size calculation. An attacker could
possibly use this issue to cause a denial of service or obtain sensitive
information. (CVE-2026-47714)
Ariel Koren discovered that libheif had an integer underflow in its
grid image tile coordinate transform. An attacker could possibly use
this issue to cause a denial of service or obtain sensitive information.
(CVE-2026-48029)
It was discovered that libheif had a missing bound check in its HEIF
sequence parser, allowing unbounded heap allocation. An attacker could
possibly use this issue to cause a denial of service. (CVE-2026-50142)
7 hours 5 minutes ago
Harry Sintonen discovered that curl incorrectly handled credentials when
following HTTP redirects in conjunction with .netrc files. An attacker
could possibly use this issue to obtain sensitive information. This issue
only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS.
(CVE-2024-11053)
Hiroki Kurosawa discovered that curl incorrectly handled OCSP stapling
responses. A remote attacker could possibly use this issue to obtain
sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu
18.04 LTS. (CVE-2024-8096)
Joshua Rogers discovered that curl had a use-after-free vulnerability when
resetting and cleaning up HTTP/2 stream handles. An attacker could possibly
use this issue to cause a denial of service or execute arbitrary code. This
issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10.
(CVE-2026-10536)
Quac Tran and Ngoc Hieu discovered that curl incorrectly reused connections
when switching authentication methods to the same host. An attacker could
possibly use this issue to obtain sensitive information or perform
unauthorized actions. This issue only affected Ubuntu 20.04 LTS.
(CVE-2026-5545)
Osama Hamad discovered that curl incorrectly reused SMB connections when
the target share differed between transfers. An attacker could possibly use
this issue to obtain sensitive information. This issue only affected Ubuntu
16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2026-5773)
Muhamad Arga Reksapati discovered that curl incorrectly forwarded Digest
proxy authentication credentials to a different proxy host. An attacker
could possibly use this issue to obtain sensitive information. This issue
only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2026-7168)
It was discovered that curl incorrectly skipped SSH host verification
options when using schemeless URLs with --proto-default. An attacker could
possibly use this issue to perform machine-in-the-middle attacks. This
issue only affected Ubuntu 25.04 and Ubuntu 25.10. (CVE-2026-12064)
It was discovered that curl did not enforce an upper bound on memory
allocated for unacknowledged WebSocket PING frames. A remote attacker could
possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 25.10. (CVE-2026-11586)
It was discovered that curl could stall indefinitely when a malicious
HTTP/3 server sent a continuous stream of empty UDP datagrams. A remote
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 25.10. (CVE-2026-11352)
It was discovered that curl could incorrectly continue trusting a native
platform CA store after an application switched the handle to use custom CA
material. An attacker could possibly use this issue to obtain sensitive
information. This issue only affected Ubuntu 25.10. (CVE-2026-11564)
7 hours 25 minutes ago
FEDORA-2026-9ab663dcd4
Packages in this update:
Update description:
CVE fixes: CVE-2026-12610 CVE-2026-14474 CVE-2026-14476
- rhbz#2494777: CVE-2026-12610 sssd: Use-after-free crash in SSSD' 'sssd_pam' process
- rhbz#2497650: CVE-2026-14476 sssd: sssd: GPO cache path traversal via unsanitized
gPCFileSysPath allows Kerberos authentication bypass
- rhbz#2497651: CVE-2026-14474 sssd: sssd: sudo LDAP provider searches entire directory
tree for sudoRole objects by default, enabling privilege escalation
8 hours 21 minutes ago
FEDORA-2026-5acfb0243b
Packages in this update:
Update description:
CVE fixes: CVE-2026-12610 CVE-2026-14474 CVE-2026-14476
- rhbz#2494777: CVE-2026-12610 sssd: Use-after-free crash in SSSD' 'sssd_pam' process
- rhbz#2497650: CVE-2026-14476 sssd: sssd: GPO cache path traversal via unsanitized
gPCFileSysPath allows Kerberos authentication bypass
- rhbz#2497651: CVE-2026-14474 sssd: sssd: sudo LDAP provider searches entire directory
tree for sudoRole objects by default, enabling privilege escalation
10 hours 5 minutes ago
Version:next-20260709 (linux-next)
Released:2026-07-09
11 hours 8 minutes ago
It was discovered that Python did not use sufficient entropy for Expat
hash-flooding protection in the xml.parsers.expat and xml.etree.ElementTree
modules. An attacker could use this to cause a denial of service via a
crafted XML document.
12 hours 6 minutes ago
Eric Su and Samuel Dainard discovered that libsoup incorrectly handled
content with zero-length resources. An attacker could possibly use this
issue to trigger a buffer over-read, resulting in information disclosure
or a denial of service. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and
Ubuntu 26.04 LTS. (CVE-2026-2369)
Kona Arctic discovered that libsoup did not properly protect sensitive
cookies when establishing HTTPS tunnels through an HTTP proxy. An
attacker could possibly use this issue to intercept session cookies,
resulting in session hijacking or user impersonation. (CVE-2026-5119)
13 hours 27 minutes ago
FEDORA-2026-7b7c2b373e
Packages in this update:
Update description:
Ruby 3.4.10 is released. This new version contains severay security bug fixes in zlib, net-imap and erb..
13 hours 34 minutes ago
It was discovered that LibRaw incorrectly handled certain Nikon RAW image
files. An attacker could possibly use this issue to cause LibRaw to crash,
resulting in a denial of service. (CVE-2026-5342)
It was discovered that LibRaw had an integer overflow in its DNG image
loader. An attacker could possibly use this issue to cause LibRaw to
crash, resulting in a denial of service, or execute arbitrary code.
(CVE-2026-20884)
It was discovered that LibRaw incorrectly handled certain X3F thumbnail
data. An attacker could possibly use this issue to cause LibRaw to crash,
resulting in a denial of service, or execute arbitrary code.
(CVE-2026-20889)
It was discovered that LibRaw had a heap-based buffer overflow in its
lossless JPEG image loader. An attacker could possibly use this issue to
cause LibRaw to crash, resulting in a denial of service, or execute
arbitrary code. (CVE-2026-21413)
It was discovered that LibRaw had an integer overflow in its uncompressed
floating-point DNG image loader. An attacker could possibly use this issue
to cause LibRaw to crash, resulting in a denial of service, or execute
arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.04.
(CVE-2026-24450)
It was discovered that LibRaw had a heap-based buffer overflow in its X3F
Huffman decoder. An attacker could possibly use this issue to cause LibRaw
to crash, resulting in a denial of service, or execute arbitrary code.
(CVE-2026-24660)
13 hours 44 minutes ago
It was discovered that Libidn incorrectly handled certain internationalized
domain name strings. An attacker could possibly use this issue to obtain
sensitive information or cause a denial of service.
14 hours 29 minutes ago
It was discovered that Expat used insufficient entropy when generating
hash salt values for its internal hash table. An attacker could use this
to craft an XML document that triggers hash flooding, leading to a
denial of service.
15 hours 38 minutes ago
FEDORA-2026-daa458d11d
Packages in this update:
Update description:
rebase to v2.6.0 to fix CVE-2026-54371
15 hours 38 minutes ago
FEDORA-2026-b85570f8e4
Packages in this update:
Update description:
rebase to v2.6.0 to fix CVE-2026-54371
15 hours 55 minutes ago
FEDORA-2026-c7aafa6056
Packages in this update:
Update description:
Automatic update for attr-2.6.0-1.fc45.
Changelog
* Thu Jul 9 2026 Lukáš Zaoral <
lzaoral@redhat.com> - 2.6.0-1
- rebase to the latest upstream release (rhbz#2494157)
- CVE-2026-54371 - Symlink Traversal Privilege Escalation via getfattr (rhbz#2494172)
- remove a long-overdue workaround for /usr/include/attr/xattr.h
16 hours 33 minutes ago
FEDORA-EPEL-2026-383609569a
Packages in this update:
Update description:
Cumulative bug-fix update, including several buffer overflow fixes.
16 hours 33 minutes ago
FEDORA-2026-2f95481529
Packages in this update:
Update description:
Cumulative bug-fix update, including several buffer overflow fixes.
16 hours 33 minutes ago
FEDORA-EPEL-2026-0823d8f73a
Packages in this update:
Update description:
Cumulative bug-fix update, including several buffer overflow fixes.
16 hours 33 minutes ago
FEDORA-2026-75a8969e55
Packages in this update:
Update description:
Cumulative bug-fix update, including several buffer overflow fixes.