Aggregator

python-django5-5.2.16-1.fc43

6 hours 39 minutes ago
FEDORA-2026-fbb9501b22 Packages in this update:
  • python-django5-5.2.16-1.fc43
Update description:

Update python-django5 to version 5.2.16

Fixes three low-severity CVEs

  • CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response
  • CVE-2026-53877: Heap buffer over-read in GDALRaster
  • CVE-2026-53878: Header injection possibility since DomainNameValidator accepted newlines in input

python-django5-5.2.16-1.fc44

6 hours 39 minutes ago
FEDORA-2026-595d35a4d1 Packages in this update:
  • python-django5-5.2.16-1.fc44
Update description:

Update python-django5 to version 5.2.16

Fixes three low-severity CVEs

  • CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response
  • CVE-2026-53877: Heap buffer over-read in GDALRaster
  • CVE-2026-53878: Header injection possibility since DomainNameValidator accepted newlines in input

moby-engine-29.6.2-1.fc45

6 hours 45 minutes ago
FEDORA-2026-3a690a88c2 Packages in this update:
  • moby-engine-29.6.2-1.fc45
Update description:

Automatic update for moby-engine-29.6.2-1.fc45.

Changelog * Thu Jul 16 2026 Bradley G Smith <bradley.g.smith@gmail.com> - 29.6.2-1 - Update to release v29.6.2 - Resolves: rhbz#2496437 - Upstream security fixes - - GHSA-hw3h-2gp9-cxpv - - GHSA-qx3x-mv6r-52p6 - - GHSA-32pv-7hq5-qhwq - - GHSA-g2h8-426c-7976 - - GHSA-388v-wmr2-g2v2 * Thu Jul 16 2026 Fedora Release Engineering <releng@fedoraproject.org> - 29.6.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_45_Mass_Rebuild

dotnet10.0-10.0.110-1.fc44

7 hours 47 minutes ago
FEDORA-2026-f738966fc9 Packages in this update:
  • dotnet10.0-10.0.110-1.fc44
Update description:

Update to .NET SDK 10.0.110 and Runtime 10.0.10

Fixes: CVE-2026-47300,CVE-2026-47302,CVE-2026-47303,CVE-2026-47304,CVE-2026-50524,CVE-2026-50525,CVE-2026-50526,CVE-2026-50527,CVE-2026-50528,CVE-2026-50646,CVE-2026-50648,CVE-2026-50649,CVE-2026-50650,CVE-2026-50651,CVE-2026-50659,CVE-2026-56158,CVE-2026-57108

Release Notes:

dotnet10.0-10.0.110-1.fc43

7 hours 47 minutes ago
FEDORA-2026-d9817786d6 Packages in this update:
  • dotnet10.0-10.0.110-1.fc43
Update description:

Update to .NET SDK 10.0.110 and Runtime 10.0.10

Fixes: CVE-2026-47300,CVE-2026-47302,CVE-2026-47303,CVE-2026-47304,CVE-2026-50524,CVE-2026-50525,CVE-2026-50526,CVE-2026-50527,CVE-2026-50528,CVE-2026-50646,CVE-2026-50648,CVE-2026-50649,CVE-2026-50650,CVE-2026-50651,CVE-2026-50659,CVE-2026-56158,CVE-2026-57108

Release Notes:

USN-8477-2: tar regression

8 hours 52 minutes ago
USN-8477-1 fixed a vulnerability in tar. The update introduced a regression that could cause tar to fail to extract certain valid files. This update fixes the problem. Original advisory details: It was discovered that tar incorrectly handled certain crafted archive files. An attacker could possibly use this to inject hidden files with attacker-controlled content, bypassing pre-extraction inspection mechanisms.

USN-8557-1: Authlib vulnerabilities

11 hours 13 minutes ago
Jay Neiva and Mauro Carrillo discovered that Authlib did not properly validate cryptographic keys embedded in JWT headers. An attacker could possibly use this issue to forge trusted tokens, resulting in authentication and authorization bypass. (CVE-2026-27962) Jay Neiva and Mauro Carrillo discovered that Authlib incorrectly handled RSA1_5 encrypted tokens. An attacker could possibly use this issue to recover sensitive encrypted information, resulting in information disclosure. (CVE-2026-28490) Jay Neiva and Mauro Carrillo discovered that Authlib did not properly reject unsupported cryptographic algorithms when validating OpenID Connect ID tokens. An attacker could possibly use this issue to bypass token integrity checks, resulting in authentication bypass. (CVE-2026-28498) Johnny Deuss discovered that Authlib did not provide cross-site request forgery protection for the OAuth cache feature in its Starlette integration. An attacker could possibly use this issue to perform unauthorized OAuth actions, resulting in cross-site request forgery. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-41425)

USN-8556-1: Ruby vulnerabilities

15 hours 3 minutes ago
It was discovered that the Net::IMAP client in Ruby did not properly sanitize Symbol arguments passed to IMAP commands. A remote attacker controlling a malicious IMAP server, or able to influence command arguments, could use this to inject arbitrary IMAP commands via CRLF sequences. (CVE-2026-42258) It was discovered that the Zlib::GzipReader in Ruby did not correctly ensure sufficient buffer capacity in the zstream_buffer_ungets function. An attacker could use this to craft a gzip stream that, when processed, could cause a buffer overflow, resulting in memory corruption and possibly arbitrary code execution. (CVE-2026-27820)

USN-8555-1: Ubuntu Advantage Tools (pro client) vulnerabilities

15 hours 58 minutes ago
Bilal Teke discovered that Ubuntu Advantage Tools exposed the Pro bearer token in command-line arguments when validating APT credentials. A local attacker could possibly use this issue to obtain sensitive information and gain unauthorized access to Ubuntu Pro repositories. (CVE-2026-9494) Frederick Jerusha discovered that Ubuntu Advantage Tools did not properly validate data received from the contract server when writing APT source files. An attacker could possibly use this issue to inject arbitrary APT configuration and execute arbitrary code. (CVE-2026-11386) Mateusz Gierblinski discovered that Ubuntu Advantage Tools did not properly handle symbolic links when collecting diagnostic logs. A local attacker could possibly use this issue to obtain sensitive information from files owned by the administrator. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-12391)

USN-8554-1: NTFS-3G vulnerabilities

17 hours 13 minutes ago
It was discovered that NTFS-3G had a heap buffer overflow when reading certain NTFS images. A local attacker could possibly use this issue to execute arbitrary code. (CVE-2026-42616) It was discovered that NTFS-3G had multiple heap buffer overflows when processing certain NTFS images. A local attacker could possibly use these issues to execute arbitrary code. (CVE-2026-42617, CVE-2026-42618, CVE-2026-46569, CVE-2026-46570, CVE-2026-46572, CVE-2026-56135) It was discovered that NTFS-3G had out-of-bounds reads when processing certain NTFS images. A local attacker could possibly use these issues to obtain sensitive information. (CVE-2026-46571, CVE-2026-56136)

wget1-1.25.0-4.fc44

20 hours 23 minutes ago
FEDORA-2026-1b91a2f126 Packages in this update:
  • wget1-1.25.0-4.fc44
Update description:

Fix for CVE-2026-15146, CVE-2026-58470, CVE-2026-58471, CVE-2026-58472