osslsigncode-2.12-1.fc42
FEDORA-2026-ab67a4d8b3
Packages in this update:
- osslsigncode-2.12-1.fc42
See commit history
Aggregator
osslsigncode-2.12-1.el9
FEDORA-EPEL-2026-5cd59d2965
Packages in this update:
- osslsigncode-2.12-1.el9
See commit history
osslsigncode-2.12-1.fc43
FEDORA-2026-3c6cc85b52
Packages in this update:
- osslsigncode-2.12-1.fc43
See commit history
USN-8003-1: CRaC JDK 21 vulnerabilities
It was discovered that the RMI component of CRaC JDK 21 would establish
RMI TCP endpoint connections to a remote host without setting an
endpoint identification algorithm. An unauthenticated remote attacker
could possibly use this issue to steal sensitive information.
(CVE-2026-21925)
Mingijung discovered that the AWT and JavaFX componenets of CRaC JDK 21
could run programs if Desktop.browse() was supplied a filename as a
URI. An unauthenticated remote attacker could possibly use this issue
to execute arbitrary code. (CVE-2026-21932)
Zhihui Chen discovered that the Networking component of CRaC JDK 21
was suceptible to a CRLF injection vulnerability via the HttpServer
class. An unauthenticated remote attacker could possibly use this
issue to modify files or leak sensitive information. (CVE-2026-21933)
Ireneusz Pastusiak discovered that the Security component of CRaC JDK
21 failed to verify provided URIs point to a legitimate source when
AIA is enabled. An unauthenticated remote attacker could possibly
use this issue to redirect users to malicious hosts.
(CVE-2026-21945)
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2026-01-20
USN-8002-1: OpenJDK 21 vulnerabilities
It was discovered that the RMI component of OpenJDK 21 would establish
RMI TCP endpoint connections to a remote host without setting an
endpoint identification algorithm. An unauthenticated remote attacker
could possibly use this issue to steal sensitive information.
(CVE-2026-21925)
Mingijung discovered that the AWT and JavaFX componenets of OpenJDK 21
could run programs if Desktop.browse() was supplied a filename as a
URI. An unauthenticated remote attacker could possibly use this issue
to execute arbitrary code. (CVE-2026-21932)
Zhihui Chen discovered that the Networking component of OpenJDK 21
was suceptible to a CRLF injection vulnerability via the HttpServer
class. An unauthenticated remote attacker could possibly use this
issue to modify files or leak sensitive information. (CVE-2026-21933)
Ireneusz Pastusiak discovered that the Security component of OpenJDK 21
failed to verify provided URIs point to a legitimate source when
AIA is enabled. An unauthenticated remote attacker could possibly
use this issue to redirect users to malicious hosts.
(CVE-2026-21945)
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2026-01-20
USN-8001-1: OpenJDK 11 vulnerabilities
It was discovered that the RMI component of OpenJDK 11 would establish
RMI TCP endpoint connections to a remote host without setting an
endpoint identification algorithm. An unauthenticated remote attacker
could possibly use this issue to steal sensitive information.
(CVE-2026-21925)
Mingijung discovered that the AWT and JavaFX componenets of OpenJDK 11
could run programs if Desktop.browse() was supplied a filename as a
URI. An unauthenticated remote attacker could possibly use this issue
to execute arbitrary code. (CVE-2026-21932)
Zhihui Chen discovered that the Networking component of OpenJDK 11
was suceptible to a CRLF injection vulnerability via the HttpServer
class. An unauthenticated remote attacker could possibly use this
issue to modify files or leak sensitive information. (CVE-2026-21933)
Ireneusz Pastusiak discovered that the Security component of OpenJDK 11
failed to verify provided URIs point to a legitimate source when
AIA is enabled. An unauthenticated remote attacker could possibly
use this issue to redirect users to malicious hosts.
(CVE-2026-21945)
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2026-01-20
USN-8000-1: OpenJDK 8 vulnerabilities
It was discovered that the RMI component of OpenJDK 8 would establish
RMI TCP endpoint connections to a remote host without setting an
endpoint identification algorithm. An unauthenticated remote attacker
could possibly use this issue to steal sensitive information.
(CVE-2026-21925)
Mingijung discovered that the AWT and JavaFX componenets of OpenJDK 8
could run programs if Desktop.browse() was supplied a filename as a
URI. An unauthenticated remote attacker could possibly use this issue
to execute arbitrary code. (CVE-2026-21932)
Zhihui Chen discovered that the Networking component of OpenJDK 8
was suceptible to a CRLF injection vulnerability via the HttpServer
class. An unauthenticated remote attacker could possibly use this
issue to modify files or leak sensitive information. (CVE-2026-21933)
Ireneusz Pastusiak discovered that the Security component of OpenJDK 8
failed to verify provided URIs point to a legitimate source when
AIA is enabled. An unauthenticated remote attacker could possibly
use this issue to redirect users to malicious hosts.
(CVE-2026-21945)
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2026-01-20
next-20260202: linux-next
Version:next-20260202 (linux-next)
Released:2026-02-02
USN-7994-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 8.0.45 in Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
Ubuntu 25.10 has been updated to MySQL 8.4.8.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-45.html
https://dev.mysql.com/doc/relnotes/mysql/8.4/en/news-8-4-8.html
https://www.oracle.com/security-alerts/cpujan2026.html
USN-7993-1: libpng vulnerabilities
It was discovered that libpng incorrectly handled memory when processing
certain malformed PNG files. If a user or automated system were tricked
into opening a specially crafted PNG file, an attacker could use this issue
to cause libpng to crash, resulting in a denial of service.
USN-7992-1: Inetutils vulnerability
Kyu Neushwaistein discovered that telnetd in Inetutils incorrectly handled
certain environment variables. A remote attacker could use this issue to
bypass authentication and open a session as an administrator.
open-vm-tools-13.0.10-2.fc43
FEDORA-2026-55bb6efd14
Packages in this update:
- open-vm-tools-13.0.10-2.fc43
Update to 13.0.10.
open-vm-tools-13.0.10-2.fc42
FEDORA-2026-33c6aa1881
Packages in this update:
- open-vm-tools-13.0.10-2.fc42
Update to 13.0.10.
USN-7991-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code.
openssl3-3.5.5-1.1.el8
FEDORA-EPEL-2026-96a07a6444
Packages in this update:
- openssl3-3.5.5-1.1.el8
Rebased openssl3 to the latest c9s openssl for the latest round of CVEs
6.19-rc8: mainline
Version:6.19-rc8 (mainline)
Released:2026-02-01
Source:linux-6.19-rc8.tar.gz
Patch:full (incremental)
cef-144.0.11^chromium144.0.7559.109-2.fc43
FEDORA-2026-792b1b7bbd
Packages in this update:
- cef-144.0.11^chromium144.0.7559.109-2.fc43
Update to Chromium 144.0.7559.109
- CVE-2026-1504: Inappropriate implementation in Background Fetch API
cef-144.0.11^chromium144.0.7559.109-2.fc42
FEDORA-2026-24ed079b30
Packages in this update:
- cef-144.0.11^chromium144.0.7559.109-2.fc42
Update to Chromium 144.0.7559.109
- CVE-2026-1504: Inappropriate implementation in Background Fetch API
node-exporter-1.10.2-3.el9
FEDORA-EPEL-2026-58b60068fc
Packages in this update:
- node-exporter-1.10.2-3.el9
Update to 1.10.2
Update was blocked by a ppc64 issue, but a workaround has been found.
node-exporter-1.10.2-3.el10_1
FEDORA-EPEL-2026-c702846a3a
Packages in this update:
- node-exporter-1.10.2-3.el10_1
Update to 1.10.2
Update was blocked by a ppc64 issue, but a workaround has been found.