39 minutes 27 seconds ago
FEDORA-2026-3805ba3721
Packages in this update:
- python-black-26.5.1-1.fc44
- python-lsp-black-2.0.0-17.fc44
- python-pytokens-0.4.1-4.fc44
Update description:
Upgrade to 26.5.1, solves serious vulnerabilities such as:
- CVE-2026-31900
- CVE-2026-32274
1 hour 51 minutes ago
FEDORA-2026-32d5a3d450
Packages in this update:
Update description:
Ruby 4.0.6 is released. This new ruby contains several security fixes in net-snmp.
1 hour 54 minutes ago
FEDORA-2026-7f499e0362
Packages in this update:
Update description:
Ruby 4.0.6 is released.
2 hours 14 minutes ago
It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw is known as Fragnesia. A local attacker could use this to escalate
privileges, or possibly escape a container. (CVE-2026-43503)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SCSI subsystem;
- Thermal drivers;
- USB over IP driver;
- File systems infrastructure;
- Ext4 file system;
- Network file system (NFS) server daemon;
- SMB network file system;
- Tracing infrastructure;
- B.A.T.M.A.N. meshing protocol;
- Ceph Core library;
- DCCP (Datagram Congestion Control Protocol);
- IPv4 networking;
- IPv6 networking;
- Netfilter;
- RxRPC session sockets;
- X.25 network layer;
(CVE-2021-47117, CVE-2021-47202, CVE-2023-52646, CVE-2024-56643,
CVE-2026-23455, CVE-2026-31402, CVE-2026-31607, CVE-2026-31637,
CVE-2026-31659, CVE-2026-31685, CVE-2026-43011, CVE-2026-43037,
CVE-2026-43038, CVE-2026-43383, CVE-2026-43407, CVE-2026-43414,
CVE-2026-45988, CVE-2026-46119, CVE-2026-46243)
2 hours 41 minutes ago
FEDORA-2026-1133c0078b
Packages in this update:
Update description:
Update to 3.29.0
2 hours 42 minutes ago
FEDORA-2026-a9bfa4361b
Packages in this update:
Update description:
Update to 3.29.0
3 hours 9 minutes ago
FEDORA-2026-045e6f85c6
Packages in this update:
Update description:
New upstream stable version 1.24.3
3 hours 22 minutes ago
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- RISC-V architecture;
- Cryptographic API;
- InfiniBand drivers;
- IOMMU subsystem;
- Network drivers;
- STMicroelectronics network drivers;
- NVME drivers;
- x86 platform drivers;
- SCSI subsystem;
- SPI subsystem;
- TCM subsystem;
- USB over IP driver;
- File systems infrastructure;
- HFS+ file system;
- Network file system (NFS) server daemon;
- SMB network file system;
- IPv6 networking;
- Tracing infrastructure;
- Timer subsystem;
- B.A.T.M.A.N. meshing protocol;
- Bluetooth subsystem;
- Ethernet bridge;
- Ceph Core library;
- IPv4 networking;
- MAC80211 subsystem;
- Multipath TCP;
- Netfilter;
- RxRPC session sockets;
- SMC sockets;
- Sun RPC protocol;
- X.25 network layer;
- AMD SoC Alsa drivers;
- KVM subsystem;
(CVE-2022-48816, CVE-2023-53673, CVE-2025-37778, CVE-2025-37822,
CVE-2025-37924, CVE-2025-38201, CVE-2025-40082, CVE-2025-68214,
CVE-2025-68263, CVE-2025-71089, CVE-2025-71220, CVE-2025-71222,
CVE-2025-71224, CVE-2026-23176, CVE-2026-23180, CVE-2026-23182,
CVE-2026-23190, CVE-2026-23193, CVE-2026-23198, CVE-2026-23202,
CVE-2026-23206, CVE-2026-23216, CVE-2026-23256, CVE-2026-23257,
CVE-2026-23258, CVE-2026-23262, CVE-2026-23272, CVE-2026-23278,
CVE-2026-23428, CVE-2026-23450, CVE-2026-23455, CVE-2026-31402,
CVE-2026-31418, CVE-2026-31478, CVE-2026-31607, CVE-2026-31637,
CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668,
CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-43011,
CVE-2026-43037, CVE-2026-43038, CVE-2026-43071, CVE-2026-43114,
CVE-2026-43117, CVE-2026-43185, CVE-2026-43186, CVE-2026-43304,
CVE-2026-43341, CVE-2026-43383, CVE-2026-43406, CVE-2026-43407,
CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45988,
CVE-2026-46043, CVE-2026-46119, CVE-2026-46135, CVE-2026-46195,
CVE-2026-46243)
5 hours 26 minutes ago
FEDORA-2026-bc152c9ff6
Packages in this update:
Update description:
Latest wireshark version includes fixes for the following CVEs:
CVE-2026-15163
CVE-2026-15164
CVE-2026-15165
CVE-2026-15166
CVE-2026-15167
CVE-2026-15168
CVE-2026-15169
CVE-2026-15170
CVE-2026-15171
CVE-2026-15172
CVE-2026-15173
CVE-2026-15174
5 hours 55 minutes ago
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- Cryptographic API;
- DMA engine subsystem;
- InfiniBand drivers;
- STMicroelectronics network drivers;
- Network drivers;
- NVME drivers;
- SCSI subsystem;
- USB over IP driver;
- File systems infrastructure;
- Ext4 file system;
- Network file system (NFS) server daemon;
- SMB network file system;
- Kernel thread helper (kthread);
- IPv6 networking;
- Tracing infrastructure;
- Kernel exit() syscall;
- Scatterlist API;
- B.A.T.M.A.N. meshing protocol;
- Ethernet bridge;
- Ceph Core library;
- IPv4 networking;
- Multipath TCP;
- Netfilter;
- RxRPC session sockets;
- SMC sockets;
- X.25 network layer;
(CVE-2026-22984, CVE-2026-23272, CVE-2026-23278, CVE-2026-23392,
CVE-2026-23427, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455,
CVE-2026-31402, CVE-2026-31418, CVE-2026-31436, CVE-2026-31448,
CVE-2026-31478, CVE-2026-31607, CVE-2026-31635, CVE-2026-31637,
CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668,
CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-31718,
CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071,
CVE-2026-43083, CVE-2026-43114, CVE-2026-43117, CVE-2026-43125,
CVE-2026-43185, CVE-2026-43186, CVE-2026-43197, CVE-2026-43304,
CVE-2026-43341, CVE-2026-43376, CVE-2026-43378, CVE-2026-43383,
CVE-2026-43384, CVE-2026-43402, CVE-2026-43406, CVE-2026-43407,
CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45898,
CVE-2026-45988, CVE-2026-46039, CVE-2026-46043, CVE-2026-46115,
CVE-2026-46119, CVE-2026-46135, CVE-2026-46185, CVE-2026-46195,
CVE-2026-46243, CVE-2026-46244, CVE-2026-46266, CVE-2026-46289,
CVE-2026-46316, CVE-2026-46325)
6 hours 8 minutes ago
FEDORA-2026-51c2920764
Packages in this update:
Update description:
- New upstream release (152.0.6)
6 hours 8 minutes ago
FEDORA-2026-365cce949c
Packages in this update:
Update description:
- New upstream release (152.0.6)
6 hours 25 minutes ago
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- Cryptographic API;
- DMA engine subsystem;
- InfiniBand drivers;
- STMicroelectronics network drivers;
- Network drivers;
- NVME drivers;
- SCSI subsystem;
- USB over IP driver;
- File systems infrastructure;
- Ext4 file system;
- Network file system (NFS) server daemon;
- SMB network file system;
- Kernel thread helper (kthread);
- IPv6 networking;
- Tracing infrastructure;
- Kernel exit() syscall;
- Scatterlist API;
- B.A.T.M.A.N. meshing protocol;
- Ethernet bridge;
- Ceph Core library;
- IPv4 networking;
- Multipath TCP;
- Netfilter;
- RxRPC session sockets;
- SMC sockets;
- X.25 network layer;
(CVE-2026-22984, CVE-2026-23272, CVE-2026-23278, CVE-2026-23392,
CVE-2026-23427, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455,
CVE-2026-31402, CVE-2026-31418, CVE-2026-31436, CVE-2026-31448,
CVE-2026-31478, CVE-2026-31607, CVE-2026-31635, CVE-2026-31637,
CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668,
CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-31718,
CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071,
CVE-2026-43083, CVE-2026-43114, CVE-2026-43117, CVE-2026-43125,
CVE-2026-43185, CVE-2026-43186, CVE-2026-43197, CVE-2026-43304,
CVE-2026-43341, CVE-2026-43376, CVE-2026-43378, CVE-2026-43383,
CVE-2026-43384, CVE-2026-43402, CVE-2026-43406, CVE-2026-43407,
CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45898,
CVE-2026-45988, CVE-2026-46039, CVE-2026-46043, CVE-2026-46115,
CVE-2026-46119, CVE-2026-46135, CVE-2026-46185, CVE-2026-46195,
CVE-2026-46243, CVE-2026-46244, CVE-2026-46266, CVE-2026-46289,
CVE-2026-46316, CVE-2026-46325)
10 hours 22 minutes ago
17 hours 43 minutes ago
FEDORA-2026-ddde3cf003
Packages in this update:
- fasterxml-oss-parent-75-1.fc45
- jackson-annotations-2.21-6.fc45
- jackson-bom-2.21.5-1.fc45
- jackson-core-2.21.5-1.fc45
- jackson-databind-2.21.5-1.fc45
- jackson-jaxrs-providers-2.21.5-1.fc45
- jackson-modules-base-2.21.5-1.fc45
- jackson-parent-2.21-1.fc45
Update description:
Rebase to 2.21.5 to solve the CVE-2026-54518, CVE-2026-54517, CVE-2026-54516, CVE-2026-54515, CVE-2026-54513, CVE-2026-54512
19 hours 15 minutes ago
It was discovered that Wget mishandled semicolons in the userinfo
subcomponent of a URL. A remote attacker could possibly use this issue
to trick a user into connecting to a different host than intended. This
issue only affected Ubuntu 14.04 LTS. (CVE-2024-38428)
It was discovered that Wget incorrectly handled Metalink documents
containing a whitespace-only URL. A remote attacker could possibly use
this issue to cause a denial of service. This issue only affected Ubuntu
18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu
26.04 LTS. (CVE-2026-58469)
It was discovered that Wget incorrectly handled Content-Range header
values, leading to an integer overflow. A remote attacker could
possibly use this issue to cause download desynchronization.
(CVE-2026-58470)
It was discovered that Wget incorrectly handled character set
conversion of server-supplied filenames. A remote attacker could possibly
use this issue to cause a denial of service or possibly execute arbitrary
code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-58471)
It was discovered that Wget incorrectly handled HTML attributes
requiring entity encoding. A remote attacker could possibly use this issue
to cause a denial of service or possibly execute arbitrary code.
(CVE-2026-58472)
20 hours 38 minutes ago
Yiwei Hou discovered that Dnsmasq incorrectly handled logging of DS or
DNSKEY. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2026-12725)
It was discovered that Dnsmasq incorrectly validated the length of
fixed-length DNS record fields when parsing NS section records. A remote
attacker could possibly use this issue to cause Dnsmasq to read out of
bounds, possibly exposing sensitive information. (CVE-2026-12969)
21 hours 52 minutes ago
USN-8526-1 fixed vulnerabilities in libheif. This update provides the
corresponding updates for CVE-2026-47709 and CVE-2026-47714 in
Ubuntu 24.04 LTS.
Original advisory details:
Junyi Liu discovered that libheif had a null pointer dereference in its
image tiling interface. An attacker could possibly use this issue to
cause a denial of service. (CVE-2026-47709)
Calvin Young and Enoch Chow discovered that libheif had an integer
overflow in its inline mask size calculation. An attacker could
possibly use this issue to cause a denial of service or obtain sensitive
information. (CVE-2026-47714)
22 hours 4 minutes ago
Hirohito Higashi discovered that Vim incorrectly escaped class or trait
names when performing PHP omni-completion. An attacker could possibly
use this issue to trick a user into opening a specially crafted PHP
file and executing arbitrary commands. This issue only affected Ubuntu
22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-59856)
Hirohito Higashi discovered that Vim incorrectly handled sound-folding
of certain words when using a spell file. An attacker could possibly
use this issue to cause Vim to crash, resulting in a denial of service.
(CVE-2026-59857)
It was discovered that Vim incorrectly escaped certain tags file fields
when performing C omni-completion. An attacker could possibly use this
issue to trick a user into opening a specially crafted file and
executing arbitrary commands. (CVE-2026-59858)
22 hours 25 minutes ago
FEDORA-EPEL-2026-b12c038824
Packages in this update:
- ImageMagick-6.9.13.52-1.el9
Update description:
Update to upstream 6.9.13-52