Aggregator

FEDORA-2026-7b2964fc42 Packages in this update:

• pspp-2.1.1-5.fc43

Update description:

Fix several low-priority CVEs

Build with new Gnulib

FEDORA-2026-e153173659 Packages in this update:

• pspp-2.1.1-5.fc44

Update description:

Fix several low-priority CVEs

Build with new Gnulib

It was discovered that Roundcube Webmail did not properly sanitize certain HTML elements within the e-mail body. An attacker could possibly use this issue to cause a cross-site scripting attack. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-4068, CVE-2016-4069) It was discovered that Roundcube Webmail did not properly handle certain configuration parameters. An attacker could possibly use this issue to execute arbitrary code. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-9920) It was discovered that Roundcube Webmail did not properly sanitize CSS styles within SVG documents. An attacker could possibly use this issue to cause a cross-site scripting attack. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2017-6820) It was discovered that Roundcube Webmail did not properly restrict exec call in certain drivers of the password plugin. An authenticated user could possibly use this issue to perform arbitrary password resets. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2017-8114) It was discovered that Roundcube Webmail did not properly set file permissions within the Enigma plugin. An attacker could possibly use this issue to exfiltrate GPG private keys via network connectivity. (CVE-2018-1000071) It was discovered that Roundcube Webmail did not properly handle GnuPG MDC integrity-protection warnings. An attacker could possibly use this issue to obtain sensitive information from encrypted communications. (CVE-2018-19205) It was discovered that Roundcube Webmail did not properly sanitize and tags within HTML attachments. An attacker could possibly use this issue to cause a cross-site scripting attack. (CVE-2018-19206) It was discovered that Roundcube Webmail did not properly handle partially encrypted multipart messages. An attacker could possibly use this issue to cause leaking of the plaintext of encrypted messages via an email reply. (CVE-2019-10740) It was discovered that Roundcube Webmail did not properly sanitize a certain parameter within the archive plugin. An attacker could possibly use this issue to perform an IMAP injection attack. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2018-9846)

Version:next-20260330 (linux-next) Released:2026-03-30

It was discovered that pyasn1 could exhaust system resources when attempting to decode a malformed certificate. An attacker could possibly use this to cause a denial of service. (CVE-2026-23490) Kevin Tu discovered that pyasn1 could exhaust system resources via uncontrolled recursion when attempting to decode malicously-crafted certificates. An attacker could possibly use this to cause a denial of service. (CVE-2026-30922)

FEDORA-2026-5e16254ca6 Packages in this update:

• gst-devtools-1.26.11-1.fc42
• gst-editing-services-1.26.11-1.fc42
• gstreamer1-1.26.11-1.fc42
• gstreamer1-doc-1.26.11-1.fc42
• gstreamer1-plugin-libav-1.26.11-1.fc42
• gstreamer1-plugins-bad-free-1.26.11-1.fc42
• gstreamer1-plugins-base-1.26.11-1.fc42
• gstreamer1-plugins-good-1.26.11-1.fc42
• gstreamer1-plugins-ugly-free-1.26.11-1.fc42
• gstreamer1-rtsp-server-1.26.11-1.fc42
• gstreamer1-vaapi-1.26.11-1.fc42
• python-gstreamer1-1.26.11-1.fc42

Update description:

1.26.11

FEDORA-2026-6ff3ef2d32 Packages in this update:

• goose-1.23.2-8.fc44

Update description:

Update goose to fix fedora#2449678

FEDORA-2026-a45f438402 Packages in this update:

• goose-1.23.2-7.fc43

Update description:

Update goose to fix fedora#2449678

FEDORA-2026-f0293b845e Packages in this update:

• rauc-1.15.2-1.fc43

Update description:

version bumped from 1.15.1 to 1.15.2

FEDORA-2026-17dbeca425 Packages in this update:

• rauc-1.15.2-1.fc44

Update description:

version bumped from 1.15.1 to 1.15.2

FEDORA-2026-e77ad9d792 Packages in this update:

• gst-devtools-1.26.11-1.fc43
• gst-editing-services-1.26.11-1.fc43
• gstreamer1-1.26.11-1.fc43
• gstreamer1-doc-1.26.11-1.fc43
• gstreamer1-plugin-libav-1.26.11-1.fc43
• gstreamer1-plugins-bad-free-1.26.11-1.fc43
• gstreamer1-plugins-base-1.26.11-1.fc43
• gstreamer1-plugins-good-1.26.11-1.fc43
• gstreamer1-plugins-ugly-free-1.26.11-1.fc43
• gstreamer1-rtsp-server-1.26.11-1.fc43
• gstreamer1-vaapi-1.26.11-1.fc43
• python-gstreamer1-1.26.11-1.fc43

Update description:

1.26.11

It was discovered that PyJWT did not validate the critical header parameter, contrary to the RFC specification expectations. A remote attacker could possibly use this issue to bypass certain authentication checks and restrictions.

FEDORA-EPEL-2026-01ea52d899 Packages in this update:

• kea-2.6.5-1.el9

Update description:

• New version 2.6.5
• Fixes CVE-2026-3608 (rhbz#2452134)

FEDORA-2026-66f19b11e0 Packages in this update:

• kea-3.0.3-1.fc42

Update description:

• New version 3.0.3 (rhbz#2451141)
• Fixes CVE-2026-3608 (rhbz#2451621)

FEDORA-2026-04263e2a5b Packages in this update:

• kea-3.0.3-1.fc43

Update description:

• New version 3.0.3 (rhbz#2451141)
• Fixes CVE-2026-3608 (rhbz#2451621)

FEDORA-2026-2b21a4dafe Packages in this update:

• kea-3.0.3-1.fc44

Update description:

• New version 3.0.3 (rhbz#2451141)
• Fixes CVE-2026-3608 (rhbz#2451621)

FEDORA-2026-11e168602c Packages in this update:

• kea-3.0.3-1.fc45

Update description:

Automatic update for kea-3.0.3-1.fc45.

Changelog * Thu Mar 26 2026 Martin Osvald <mosvald@redhat.com> - 3.0.3-1 - New version 3.0.3 (rhbz#2451141) - Fixes CVE-2026-3608 (rhbz#2451621)

It was discovered that GStreamer Good Plugins incorrectly handled certain X-QDM RTP payloads. A remote attacker could use this issue to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code.

It was discovered that GStreamer Base Plugins incorrectly handled certain AVI media files. A remote attacker could use this issue to cause GStreamer Base Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code.

It was discovered that pyasn1 incorrectly handled recursion when decoding ASN.1 data. An attacker could use this issue to cause pyasn1 to consume resources, leading to a denial of service._