6 hours 39 minutes ago
FEDORA-2026-fbb9501b22
Packages in this update:
- python-django5-5.2.16-1.fc43
Update description:
Update python-django5 to version 5.2.16
Fixes three low-severity CVEs
- CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response
- CVE-2026-53877: Heap buffer over-read in GDALRaster
- CVE-2026-53878: Header injection possibility since DomainNameValidator accepted newlines in input
6 hours 39 minutes ago
FEDORA-2026-595d35a4d1
Packages in this update:
- python-django5-5.2.16-1.fc44
Update description:
Update python-django5 to version 5.2.16
Fixes three low-severity CVEs
- CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response
- CVE-2026-53877: Heap buffer over-read in GDALRaster
- CVE-2026-53878: Header injection possibility since DomainNameValidator accepted newlines in input
6 hours 45 minutes ago
FEDORA-2026-3a690a88c2
Packages in this update:
- moby-engine-29.6.2-1.fc45
Update description:
Automatic update for moby-engine-29.6.2-1.fc45.
Changelog
* Thu Jul 16 2026 Bradley G Smith <
bradley.g.smith@gmail.com> - 29.6.2-1
- Update to release v29.6.2
- Resolves: rhbz#2496437
- Upstream security fixes
- - GHSA-hw3h-2gp9-cxpv
- - GHSA-qx3x-mv6r-52p6
- - GHSA-32pv-7hq5-qhwq
- - GHSA-g2h8-426c-7976
- - GHSA-388v-wmr2-g2v2
* Thu Jul 16 2026 Fedora Release Engineering <
releng@fedoraproject.org> - 29.6.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_45_Mass_Rebuild
7 hours 47 minutes ago
FEDORA-2026-f738966fc9
Packages in this update:
- dotnet10.0-10.0.110-1.fc44
Update description:
Update to .NET SDK 10.0.110 and Runtime 10.0.10
Fixes: CVE-2026-47300,CVE-2026-47302,CVE-2026-47303,CVE-2026-47304,CVE-2026-50524,CVE-2026-50525,CVE-2026-50526,CVE-2026-50527,CVE-2026-50528,CVE-2026-50646,CVE-2026-50648,CVE-2026-50649,CVE-2026-50650,CVE-2026-50651,CVE-2026-50659,CVE-2026-56158,CVE-2026-57108
Release Notes:
7 hours 47 minutes ago
FEDORA-2026-d9817786d6
Packages in this update:
- dotnet10.0-10.0.110-1.fc43
Update description:
Update to .NET SDK 10.0.110 and Runtime 10.0.10
Fixes: CVE-2026-47300,CVE-2026-47302,CVE-2026-47303,CVE-2026-47304,CVE-2026-50524,CVE-2026-50525,CVE-2026-50526,CVE-2026-50527,CVE-2026-50528,CVE-2026-50646,CVE-2026-50648,CVE-2026-50649,CVE-2026-50650,CVE-2026-50651,CVE-2026-50659,CVE-2026-56158,CVE-2026-57108
Release Notes:
8 hours 52 minutes ago
USN-8477-1 fixed a vulnerability in tar. The update introduced a regression
that could cause tar to fail to extract certain valid files.
This update fixes the problem.
Original advisory details:
It was discovered that tar incorrectly handled certain crafted archive files.
An attacker could possibly use this to inject hidden files with
attacker-controlled content, bypassing pre-extraction inspection mechanisms.
10 hours 5 minutes ago
FEDORA-2026-d085110cf3
Packages in this update:
Update description:
4.5.1 Release
10 hours 24 minutes ago
FEDORA-2026-cfbf964c2e
Packages in this update:
Update description:
updated to 4.7.2, fixes security issues
10 hours 25 minutes ago
FEDORA-2026-feac063d56
Packages in this update:
Update description:
updated to 4.7.2, fixes security issues
11 hours 13 minutes ago
Jay Neiva and Mauro Carrillo discovered that Authlib did not properly
validate cryptographic keys embedded in JWT headers. An attacker could
possibly use this issue to forge trusted tokens, resulting in
authentication and authorization bypass. (CVE-2026-27962)
Jay Neiva and Mauro Carrillo discovered that Authlib incorrectly handled
RSA1_5 encrypted tokens. An attacker could possibly use this issue to
recover sensitive encrypted information, resulting in information
disclosure. (CVE-2026-28490)
Jay Neiva and Mauro Carrillo discovered that Authlib did not properly
reject unsupported cryptographic algorithms when validating OpenID
Connect ID tokens. An attacker could possibly use this issue to bypass
token integrity checks, resulting in authentication bypass.
(CVE-2026-28498)
Johnny Deuss discovered that Authlib did not provide cross-site request
forgery protection for the OAuth cache feature in its Starlette
integration. An attacker could possibly use this issue to perform
unauthorized OAuth actions, resulting in cross-site request forgery.
This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS.
(CVE-2026-41425)
12 hours 35 minutes ago
12 hours 55 minutes ago
13 hours 44 minutes ago
Version:next-20260716 (linux-next)
Released:2026-07-16
15 hours 3 minutes ago
It was discovered that the Net::IMAP client in Ruby did not properly
sanitize Symbol arguments passed to IMAP commands. A remote attacker
controlling a malicious IMAP server, or able to influence command
arguments, could use this to inject arbitrary IMAP commands via CRLF
sequences. (CVE-2026-42258)
It was discovered that the Zlib::GzipReader in Ruby did not correctly
ensure sufficient buffer capacity in the zstream_buffer_ungets function.
An attacker could use this to craft a gzip stream that, when processed,
could cause a buffer overflow, resulting in memory corruption and possibly
arbitrary code execution. (CVE-2026-27820)
15 hours 58 minutes ago
Bilal Teke discovered that Ubuntu Advantage Tools exposed the Pro bearer
token in command-line arguments when validating APT credentials. A local
attacker could possibly use this issue to obtain sensitive information
and gain unauthorized access to Ubuntu Pro repositories. (CVE-2026-9494)
Frederick Jerusha discovered that Ubuntu Advantage Tools did not properly
validate data received from the contract server when writing APT source
files. An attacker could possibly use this issue to inject arbitrary APT
configuration and execute arbitrary code. (CVE-2026-11386)
Mateusz Gierblinski discovered that Ubuntu Advantage Tools did not
properly handle symbolic links when collecting diagnostic logs. A local
attacker could possibly use this issue to obtain sensitive information
from files owned by the administrator. This issue only affected Ubuntu
16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-12391)
17 hours 13 minutes ago
It was discovered that NTFS-3G had a heap buffer overflow when reading
certain NTFS images. A local attacker could possibly use this issue to
execute arbitrary code. (CVE-2026-42616)
It was discovered that NTFS-3G had multiple heap buffer overflows when
processing certain NTFS images. A local attacker could possibly use these
issues to execute arbitrary code. (CVE-2026-42617, CVE-2026-42618,
CVE-2026-46569, CVE-2026-46570, CVE-2026-46572, CVE-2026-56135)
It was discovered that NTFS-3G had out-of-bounds reads when processing
certain NTFS images. A local attacker could possibly use these issues to
obtain sensitive information. (CVE-2026-46571, CVE-2026-56136)
18 hours 31 minutes ago
FEDORA-2026-8870088088
Packages in this update:
Update description:
fix CVE-2026-7233 (rhbz#2463402)
19 hours 6 minutes ago
FEDORA-2026-d815916e2c
Packages in this update:
Update description:
fix CVE-2026-7233 (rhbz#2463402)
20 hours 3 minutes ago
FEDORA-2026-334a616b71
Packages in this update:
Update description:
Automatic update for mupdf-1.27.2-4.fc45.
Changelog
* Thu Jul 16 2026 Michael J Gruber <
mjg@fedoraproject.org> - 1.27.2-4
- fix CVE-2026-7233 (rhbz#2463402)
20 hours 23 minutes ago
FEDORA-2026-1b91a2f126
Packages in this update:
Update description:
Fix for CVE-2026-15146, CVE-2026-58470, CVE-2026-58471, CVE-2026-58472