Aggregator

spoofdpi-1.5.3-1.fc45

1 hour 54 minutes ago
FEDORA-2026-b382f3a576 Packages in this update:
  • spoofdpi-1.5.3-1.fc45
Update description:

Automatic update for spoofdpi-1.5.3-1.fc45.

Changelog * Tue Jul 14 2026 Emir Akdag <infraw.linux@proton.me> - 1.5.3-1 - Update spoofdpi to 1.5.3 - Update to 1.5.3 to fix CVE-2026-27145 - Add missing license for go-localereader - Fix build directory case sensitivity issue - Resolves: rhbz#2494220, rhbz#2494389

USN-8538-1: alsa-lib vulnerability

4 hours 23 minutes ago
It was discovered that alsa-lib incorrectly handled certain ALSA configuration text. An attacker could use this issue to cause alsa-lib to crash, resulting in a denial of service, or possibly execute arbitrary code.

USN-8537-1: httplib2 vulnerability

4 hours 29 minutes ago
It was discovered that httplib2 performed unbounded decompression of HTTP response bodies when the server used gzip or deflate Content-Encoding. A remote attacker could possibly use this issue to cause httplib2 to use excessive resources, leading to a denial of service.

USN-8536-1: MariaDB vulnerabilities

4 hours 41 minutes ago
It was discovered that MariaDB did not properly validate parameters supplied by a joiner node during a State Snapshot Transfer using the mariabackup method. An attacker could possibly use this issue to execute arbitrary shell commands on the donor node. (CVE-2026-44168) It was discovered that MariaDB did not properly enforce the SHOW CREATE ROUTINE privilege when a user obtained access to a stored routine via a role. An authenticated user could possibly use this issue to obtain sensitive information. (CVE-2026-44169) It was discovered that MariaDB's mbstream utility did not properly validate paths when unpacking archives. An attacker could possibly use this issue to write files outside of the intended target directory. (CVE-2026-44171) It was discovered that MariaDB's mysql_real_escape_string() function incorrectly handled the big5 character set. An attacker could possibly use this issue to perform SQL injection attacks. (CVE-2026-44172) It was discovered that MariaDB did not properly check the FILE privilege when the FROM clause of a SELECT ... INTO OUTFILE or SELECT ... INTO DUMPFILE statement contained only subqueries. An authenticated user could possibly use this issue to write files to unintended locations. (CVE-2026-44173) It was discovered that MariaDB did not properly validate parameters supplied by a joiner node during a State Snapshot Transfer using the rsync method. An attacker could possibly use this issue to execute arbitrary shell commands on the donor node. (CVE-2026-48163) It was discovered that MariaDB allowed a high-privileged user to set certain Galera system variables to values containing shell commands, which were then executed by the server process. An authenticated user could possibly use this issue to execute arbitrary shell commands. (CVE-2026-48165) It was discovered that MariaDB executed shell commands embedded in the name of a joiner node when wsrep_notify_cmd was enabled. A remote attacker could possibly use this issue to execute arbitrary shell commands. (CVE-2026-49261)

perl-YAML-Syck-1.47-1.el9

5 hours 57 minutes ago
FEDORA-EPEL-2026-57e759c14c Packages in this update:
  • perl-YAML-Syck-1.47-1.el9
Update description:

This update addresses four libsyck memory-safety CVEs reachable from the default YAML::Syck::Load() path on untrusted input with no special flags:

  • CVE-2026-57075 (CWE-125): Out-of-bounds read in the base64 decoder caused by signed-char indexing of the decode table on !!binary input
  • CVE-2026-57076 (CWE-416): Use-after-free of an anchor key string shared between the node and the anchors table
  • CVE-2026-57077 (CWE-125): One-byte out-of-bounds read in the lexer newline scan during block-scalar parsing (incomplete-fix follow-on to CVE-2025-11683)
  • CVE-2026-13713 (CWE-416/CWE-415): Use-after-free / double-free of an anchor node on anchor redefinition, a remote-crash DoS from a 7-byte input

There are also a few other bug-fixes included.

perl-YAML-Syck-1.47-1.el10_3

5 hours 57 minutes ago
FEDORA-EPEL-2026-22c2f092d6 Packages in this update:
  • perl-YAML-Syck-1.47-1.el10_3
Update description:

This update addresses four libsyck memory-safety CVEs reachable from the default YAML::Syck::Load() path on untrusted input with no special flags:

  • CVE-2026-57075 (CWE-125): Out-of-bounds read in the base64 decoder caused by signed-char indexing of the decode table on !!binary input
  • CVE-2026-57076 (CWE-416): Use-after-free of an anchor key string shared between the node and the anchors table
  • CVE-2026-57077 (CWE-125): One-byte out-of-bounds read in the lexer newline scan during block-scalar parsing (incomplete-fix follow-on to CVE-2025-11683)
  • CVE-2026-13713 (CWE-416/CWE-415): Use-after-free / double-free of an anchor node on anchor redefinition, a remote-crash DoS from a 7-byte input

There are also a few other bug-fixes included.

perl-YAML-Syck-1.47-1.fc44

5 hours 57 minutes ago
FEDORA-2026-2139aa7dce Packages in this update:
  • perl-YAML-Syck-1.47-1.fc44
Update description:

This update addresses four libsyck memory-safety CVEs reachable from the default YAML::Syck::Load() path on untrusted input with no special flags:

  • CVE-2026-57075 (CWE-125): Out-of-bounds read in the base64 decoder caused by signed-char indexing of the decode table on !!binary input
  • CVE-2026-57076 (CWE-416): Use-after-free of an anchor key string shared between the node and the anchors table
  • CVE-2026-57077 (CWE-125): One-byte out-of-bounds read in the lexer newline scan during block-scalar parsing (incomplete-fix follow-on to CVE-2025-11683)
  • CVE-2026-13713 (CWE-416/CWE-415): Use-after-free / double-free of an anchor node on anchor redefinition, a remote-crash DoS from a 7-byte input

There are also a few other bug-fixes included.

perl-YAML-Syck-1.47-1.fc43

5 hours 57 minutes ago
FEDORA-2026-c8484f1afb Packages in this update:
  • perl-YAML-Syck-1.47-1.fc43
Update description:

This update addresses four libsyck memory-safety CVEs reachable from the default YAML::Syck::Load() path on untrusted input with no special flags:

  • CVE-2026-57075 (CWE-125): Out-of-bounds read in the base64 decoder caused by signed-char indexing of the decode table on !!binary input
  • CVE-2026-57076 (CWE-416): Use-after-free of an anchor key string shared between the node and the anchors table
  • CVE-2026-57077 (CWE-125): One-byte out-of-bounds read in the lexer newline scan during block-scalar parsing (incomplete-fix follow-on to CVE-2025-11683)
  • CVE-2026-13713 (CWE-416/CWE-415): Use-after-free / double-free of an anchor node on anchor redefinition, a remote-crash DoS from a 7-byte input

There are also a few other bug-fixes included.

perl-YAML-Syck-1.47-1.el10_2

5 hours 57 minutes ago
FEDORA-EPEL-2026-8b5b8778ee Packages in this update:
  • perl-YAML-Syck-1.47-1.el10_2
Update description:

This update addresses four libsyck memory-safety CVEs reachable from the default YAML::Syck::Load() path on untrusted input with no special flags:

  • CVE-2026-57075 (CWE-125): Out-of-bounds read in the base64 decoder caused by signed-char indexing of the decode table on !!binary input
  • CVE-2026-57076 (CWE-416): Use-after-free of an anchor key string shared between the node and the anchors table
  • CVE-2026-57077 (CWE-125): One-byte out-of-bounds read in the lexer newline scan during block-scalar parsing (incomplete-fix follow-on to CVE-2025-11683)
  • CVE-2026-13713 (CWE-416/CWE-415): Use-after-free / double-free of an anchor node on anchor redefinition, a remote-crash DoS from a 7-byte input

There are also a few other bug-fixes included.

kernel-7.1.3-201.fc44

8 hours 11 minutes ago
FEDORA-2026-e8e294a7fa Packages in this update:
  • kernel-7.1.3-201.fc44
Update description:

The 7.1.3-101/201 builds contain an important fix for XFS filesystem users.