Aggregator

Michał Majchrowicz discovered that Vim's zip plugin could overwrite arbitrary files. An attacker could possibly use this issue to delete sensitive data or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-35177) It was discovered that Vim's netbeans interface did not properly sanitize certain strings. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2026-39881)

FEDORA-2026-cf660bc96a Packages in this update:

• forgejo-runner-12.7.3-2.fc43

Update description:

Update vendor dependencies to fix: * CVE-2026-33762 * CVE-2026-33817 * CVE-2026-34165

FEDORA-EPEL-2026-a534b99d27 Packages in this update:

• openvpn-2.7.3-1.el10_1

Update description:

Update to upstream 2.7.3 release

Update to upstream 2.7.2 release CVE-2026-40215 CVE-2026-35058

FEDORA-EPEL-2026-07552e95ef Packages in this update:

• openvpn-2.7.3-1.el10_2

Update description:

Update to upstream 2.7.3 release

Update to upstream 2.7.2 release CVE-2026-40215 CVE-2026-35058

FEDORA-EPEL-2026-5560315e97 Packages in this update:

• openvpn-2.7.3-1.el10_3

Update description:

Update to upstream 2.7.3 release

Update to upstream 2.7.2 release CVE-2026-40215 CVE-2026-35058

It was discovered that authd incorrectly assigned the primary group ID to users under certain conditions. A local attacker could possibly use this issue to achieve privilege escalation, or gain unauthorized access to files belonging to other users.

FEDORA-2026-086acf3001 Packages in this update:

• openvpn-2.7.3-1.fc44

Update description:

Update to upstream 2.7.3 release

Update to upstream 2.7.2 release CVE-2026-40215 CVE-2026-35058

FEDORA-2026-e6a4814a4d Packages in this update:

• squid-7.5-1.fc43

Update description:

• new version 7.5
• security update

FEDORA-2026-c0590bd498 Packages in this update:

• squid-7.5-1.fc44

Update description:

• new version 7.5
• security update

FEDORA-2026-0174d1953a Packages in this update:

• xorg-x11-server-Xwayland-24.1.11-1.fc42

Update description:

Update to xwayland 24.1.11

Update to xwayland 24.1.10, CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, CVE-2026-34003

Version:next-20260427 (linux-next) Released:2026-04-27

Version:7.0.2 (stable) Released:2026-04-27 Source:linux-7.0.2.tar.xz PGP Signature:linux-7.0.2.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-7.0.2

Version:6.18.25 (longterm) Released:2026-04-27 Source:linux-6.18.25.tar.xz PGP Signature:linux-6.18.25.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.18.25

Version:6.12.84 (longterm) Released:2026-04-27 Source:linux-6.12.84.tar.xz PGP Signature:linux-6.12.84.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.84

Version:6.6.136 (longterm) Released:2026-04-27 Source:linux-6.6.136.tar.xz PGP Signature:linux-6.6.136.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.136

FEDORA-EPEL-2026-59a9d512a4 Packages in this update:

• mbedtls-3.6.6-1.el10_3

Update description:

• Update to 3.6.6

Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.6

FEDORA-EPEL-2026-ba79b9dff1 Packages in this update:

• mbedtls-3.6.6-1.el10_2

Update description:

• Update to 3.6.6

Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.6

FEDORA-EPEL-2026-479c1d4133 Packages in this update:

• mbedtls-3.6.6-1.el10_1

Update description:

• Update to 3.6.6

Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.6

FEDORA-2026-8409145c11 Packages in this update:

• libgcrypt-1.11.1-4.fc43

Update description:

Fix CVE-2026-41989 (#2461782)

FEDORA-2026-9a79c58afd Packages in this update:

• libgcrypt-1.12.2-1.fc44

Update description:

New upstream release (#2458643) fixing CVE-2026-41989 (#2461782)