Aggregator

strongswan-6.0.6-1.el10_3

1 hour 42 minutes ago
FEDORA-EPEL-2026-9b6d13e4b9 Packages in this update:
  • strongswan-6.0.6-1.el10_3
Update description:

Fixes CVE-2026-35328, CVE-2026-35329, CVE-2026-35330, CVE-2026-35331, CVE-2026-35332, CVE-2026-35333, CVE-2026-35334, CVE-2026-25075, CVE-2025-9615, CVE-2025-62291

USN-8326-1: Foomuuri vulnerabilities

4 hours 13 minutes ago
Matthias Gerstner discovered that Foomuuri's D-Bus service did not properly enforce authorization. An unprivileged local attacker could possibly use this issue to manipulate the firewall configuration, contrary to expectations. (CVE-2025-67603) Matthias Gerstner discovered that Foomuuri's D-Bus service did not properly validate interface names. A local attacker could possibly use this issue to manipulate the firewall configuration in unintended ways. (CVE-2025-67858)

kernel-7.0.10-201.fc44

5 hours 51 minutes ago
FEDORA-2026-bc20b091a8 Packages in this update:
  • kernel-7.0.10-201.fc44
Update description:

The 7.0.10-101/201 stable kernel updates contain a number of important fixes across the tree.

kernel-7.0.10-101.fc43

5 hours 51 minutes ago
FEDORA-2026-146d86eefc Packages in this update:
  • kernel-7.0.10-101.fc43
Update description:

The 7.0.10-101/201 stable kernel updates contain a number of important fixes across the tree.

USN-8325-1: tgt vulnerability

6 hours 56 minutes ago
It was discovered that tgt incorrectly tried to achieve entropy by calling rand without srand. An attacker could possibly use this issue to make tgt generate an identical sequence of challenges, resulting in authentication bypass.

USN-8324-1: Apache Tika vulnerabilities

7 hours 46 minutes ago
It was discovered that Apache Tika incorrectly handled XML external entities when parsing XFA content in PDF files. An attacker could possibly use this issue to obtain sensitive information or send malicious requests to internal resources or third-party servers.

USN-8323-1: Postorius vulnerability

8 hours 29 minutes ago
It was discovered that Postorius did not properly escape HTML in message subjects when rendering the Held messages pop-up. An attacker could possibly use this issue to inject arbitrary HTML, resulting in exposure of sensitive information.

USN-8321-1: Papers vulnerability

8 hours 54 minutes ago
It was discovered that Papers incorrectly handled PDF /GoToR actions. If a user were tricked into opening a specially crafted PDF file, an attacker could use this issue to manipulate command lines and possibly execute arbitrary code.

USN-8319-1: Libgcrypt vulnerabilities

9 hours 25 minutes ago
It was discovered that Libgcrypt incorrectly handled crafted ECDH ciphertext. An attacker could possibly use this issue to cause Libgcrypt to crash, resulting in a denial of service. (CVE-2026-41989) It was discovered that Libgcrypt incorrectly handled Dilithium signing. An attacker could possibly use this issue to cause Libgcrypt to crash, resulting in a denial of service. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-41990)

USN-8315-1: MediaWiki vulnerabilities

13 hours 18 minutes ago
It was discovered that MediaWiki incorrectly handled group membership visibility in the OATHAuth extension. An authenticated attacker could use this issue to determine if other users had two-factor authentication enabled. (CVE-2026-34087) It was discovered that MediaWiki incorrectly handled suppressed log entry titles in the RecentChanges list. An unauthenticated attacker could use this issue to view titles of deleted or suppressed pages that should be hidden. (CVE-2026-34088) It was discovered that MediaWiki incorrectly handled resource loading timing information. An attacker could use this issue to determine if certain pages existed on a wiki. (CVE-2026-34092)