Aggregator

USN-8555-1: Ubuntu Advantage Tools (pro client) vulnerabilities

1 hour 2 minutes ago
Bilal Teke discovered that Ubuntu Advantage Tools exposed the Pro bearer token in command-line arguments when validating APT credentials. A local attacker could possibly use this issue to obtain sensitive information and gain unauthorized access to Ubuntu Pro repositories. (CVE-2026-9494) Frederick Jerusha discovered that Ubuntu Advantage Tools did not properly validate data received from the contract server when writing APT source files. An attacker could possibly use this issue to inject arbitrary APT configuration and execute arbitrary code. (CVE-2026-11386) Mateusz Gierblinski discovered that Ubuntu Advantage Tools did not properly handle symbolic links when collecting diagnostic logs. A local attacker could possibly use this issue to obtain sensitive information from files owned by the administrator. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-12391)

USN-8554-1: NTFS-3G vulnerabilities

2 hours 16 minutes ago
It was discovered that NTFS-3G had a heap buffer overflow when reading certain NTFS images. A local attacker could possibly use this issue to execute arbitrary code. (CVE-2026-42616) It was discovered that NTFS-3G had multiple heap buffer overflows when processing certain NTFS images. A local attacker could possibly use these issues to execute arbitrary code. (CVE-2026-42617, CVE-2026-42618, CVE-2026-46569, CVE-2026-46570, CVE-2026-46572, CVE-2026-56135) It was discovered that NTFS-3G had out-of-bounds reads when processing certain NTFS images. A local attacker could possibly use these issues to obtain sensitive information. (CVE-2026-46571, CVE-2026-56136)

wget1-1.25.0-4.fc44

5 hours 26 minutes ago
FEDORA-2026-1b91a2f126 Packages in this update:
  • wget1-1.25.0-4.fc44
Update description:

Fix for CVE-2026-15146, CVE-2026-58470, CVE-2026-58471, CVE-2026-58472

wget1-1.25.0-3.fc43

5 hours 26 minutes ago
FEDORA-2026-7bbb52b49d Packages in this update:
  • wget1-1.25.0-3.fc43
Update description:

Fix for CVE-2026-15146, CVE-2026-58470, CVE-2026-58471, CVE-2026-58472

dotnet9.0-9.0.119-1.fc44

15 hours 16 minutes ago
FEDORA-2026-d6b061ad69 Packages in this update:
  • dotnet9.0-9.0.119-1.fc44
Update description:

Update to .NET SDK 9.0.119 and Runtime 9.0.18

Fixes: CVE-2026-47300,CVE-2026-47302,CVE-2026-47303,CVE-2026-47304,CVE-2026-50524,CVE-2026-50525,CVE-2026-50526,CVE-2026-50527,CVE-2026-50528,CVE-2026-50646,CVE-2026-50648,CVE-2026-50649,CVE-2026-50650,CVE-2026-50651,CVE-2026-50659,CVE-2026-56158,CVE-2026-57108

Release Notes:

dotnet9.0-9.0.119-1.fc43

15 hours 16 minutes ago
FEDORA-2026-3afd9d89f4 Packages in this update:
  • dotnet9.0-9.0.119-1.fc43
Update description:

Update to .NET SDK 9.0.119 and Runtime 9.0.18

Fixes: CVE-2026-47300,CVE-2026-47302,CVE-2026-47303,CVE-2026-47304,CVE-2026-50524,CVE-2026-50525,CVE-2026-50526,CVE-2026-50527,CVE-2026-50528,CVE-2026-50646,CVE-2026-50648,CVE-2026-50649,CVE-2026-50650,CVE-2026-50651,CVE-2026-50659,CVE-2026-56158,CVE-2026-57108

Release Notes:

USN-8553-1: .NET vulnerabilities

20 hours 47 minutes ago
Artur Stetsko discovered that the .NET did not properly validate authentication data. An attacker could possibly use this issue to elevate privileges. (CVE-2026-47300) Levi Broderick discovered that .NET did not properly handle XML encryption during parsing. An attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. (CVE-2026-47302) Pham Quang Minh discovered that .NET did not properly parse authentication data. An attacker could possibly use this issue to bypass authentication and elevate privileges. (CVE-2026-47303) Levi Broderick discovered that .NET did not properly verify cryptographic signatures during XML encryption. An attacker could possibly use this issue to bypass security features over a network and access encrypted data. (CVE-2026-47304) It was discovered that .NET did not properly validate input during TLS handshakes. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. (CVE-2026-50524) Levi Broderick discovered that .NET did not properly handle resource allocation during XML encryption. An attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. (CVE-2026-50525) Siwei Li discovered that .NET did not properly handle link resolution before file access during the container image build process. A local attacker could possibly use this issue to inject resources that could be incorporated into container images built by other users on the same machine. (CVE-2026-50526) Levi Broderick discovered that .NET did not properly handle memory while performing XML encryption. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. (CVE-2026-50527) Henrique Pereira discovered that .NET did not properly handle authorization checks during TLS/SSL connections. An attacker could possibly use this issue to bypass authorization checks during secure communications. (CVE-2026-50528) It was discovered that .NET did not properly handle resource allocation during XML encryption. An attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. (CVE-2026-50648) Miha Zupan discovered that .NET did not properly limit resource allocation when handling HTTP/2 requests. An attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. (CVE-2026-50651) It was discovered that the .NET SMTP client did not properly handle the encoding or escaping of output. An attacker could possibly use this issue to spoof messages during message routing. (CVE-2026-50659) It was discovered that .NET did not properly validate resource types when parsing X.509 certificates. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. (CVE-2026-57108)

cryptlib-3.4.9.3-1.fc43

21 hours 4 minutes ago
FEDORA-2026-47575c76a5 Packages in this update:
  • cryptlib-3.4.9.3-1.fc43
Update description:

A third update after 3.4.9 to prepare for deprecation of obsolete algorithms and attributes in the upcoming 3.5 release.

cryptlib-3.4.9.3-1.fc44

21 hours 4 minutes ago
FEDORA-2026-e4349a03b1 Packages in this update:
  • cryptlib-3.4.9.3-1.fc44
Update description:

A third update after 3.4.9 to prepare for deprecation of obsolete algorithms and attributes in the upcoming 3.5 release.

USN-8551-1: Tomcat vulnerabilities

23 hours 45 minutes ago
It was discovered that Tomcat incorrectly handled authorization when multiple method constraints defined the same HTTP method. A remote attacker could possibly use this issue to bypass authorization restrictions. (CVE-2026-43515) It was discovered that the Tomcat number guess example application did not properly sanitize user-supplied input. An attacker could possibly use this issue to inject malicious scripts, resulting in cross-site scripting. (CVE-2026-50229) It was discovered that Tomcat incorrectly evaluated rewrite valve conditions in certain configurations. An attacker could possibly use this issue to bypass rewrite rules, resulting in unauthorized access. (CVE-2026-53404) It was discovered that Tomcat incorrectly omitted certain authorization information when logging the effective web.xml configuration. An attacker could possibly use this issue to hide authorization constraints, resulting in reduced auditability. (CVE-2026-55276)