1 hour 13 minutes ago
FEDORA-EPEL-2026-321e8e0d34
Packages in this update:
- python-ujson-5.12.0-1.el10_3
Update description:
Update to 5.12.0. This release updates the license field in the Python
metadata and fixes a buffer overflow/infinite loop from indent handling.
1 hour 23 minutes ago
FEDORA-2026-0f099ed388
Packages in this update:
- python-ujson-5.12.0-1.fc42
Update description:
Update to 5.12.0. This release updates the license field in the Python
metadata and fixes a buffer overflow/infinite loop from indent handling.
1 hour 36 minutes ago
FEDORA-2026-bf741e26e4
Packages in this update:
- python-ujson-5.12.0-1.fc43
Update description:
Update to 5.12.0. This release updates the license field in the Python
metadata and fixes a buffer overflow/infinite loop from indent handling.
1 hour 54 minutes ago
FEDORA-2026-5725d633ec
Packages in this update:
- python-ujson-5.12.0-1.fc44
Update description:
Update to 5.12.0. This release updates the license field in the Python
metadata and fixes a buffer overflow/infinite loop from indent handling.
12 hours 34 minutes ago
It was discovered that Sudo incorrectly checked return codes when dropping
privileges to run the mailer. A local attacker could possibly use this
issue to escalate privileges.
12 hours 41 minutes ago
It was discovered that the util-linux su utility did not drop capabilities
when being used with the --pty option. While not a security issue by
itself, a local attacker could possibly use the su tool to exploit
vulnerabilities in other applications.
13 hours 18 minutes ago
FEDORA-2026-cb86172c17
Packages in this update:
Update description:
Rebuilt for improvements of %python_wheel_inject_sbom in python-rpm-macros-3.14-11.
Security fix for CVE-2025-12084
14 hours 9 minutes ago
USN-8090-1 fixed vulnerabilities in OpenSSH. This update provides the
corresponding updates for Ubuntu 20.04 LTS.
Original advisory details:
Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly
handled disconnecting clients. In non-default configurations where the
GSSAPIKeyExchange setting is enabled, a remote attacker could use this
issue to cause OpenSSH to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-3497)
David Leadbeater discovered that OpenSSH incorrectly handled certain
control characters in usernames. When untrusted usernames and the
ProxyCommand are being used, an attacker could possibly use this issue to
execute arbitrary code. (CVE-2025-61984)
David Leadbeater discovered that OpenSSH incorrectly handled NULL
characters in ssh:// URIs. When the ProxyCommand is being used, an attacker
could possibly use this issue to execute arbitrary code. (CVE-2025-61985)
14 hours 25 minutes ago
Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly
handled disconnecting clients. In non-default configurations where the
GSSAPIKeyExchange setting is enabled, a remote attacker could use this
issue to cause OpenSSH to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-3497)
David Leadbeater discovered that OpenSSH incorrectly handled certain
control characters in usernames. When untrusted usernames and the
ProxyCommand are being used, an attacker could possibly use this issue to
execute arbitrary code. (CVE-2025-61984)
David Leadbeater discovered that OpenSSH incorrectly handled NULL
characters in ssh:// URIs. When the ProxyCommand is being used, an attacker
could possibly use this issue to execute arbitrary code. (CVE-2025-61985)
14 hours 52 minutes ago
Version:next-20260312 (linux-next)
Released:2026-03-12
16 hours 13 minutes ago
Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and
Kaan Onarlioglu discovered that servers using Go Networking could hang
during shutdown if preempted by a fatal error. An attacker could possibly
use this to cause a denial of service. This issue only affected Ubuntu
22.04 LTS. (CVE-2022-27664)
Arpad Ryszka and Jakob Ackermann discovered that a maliciously crafted
stream could cause excessive CPU usage in Go Networking's HPACK decoder. An
attacker could possibly use this to cause a denial of service. This issue
only affected Ubuntu 22.04 LTS. (CVE-2022-41723)
Mohammad Thoriq Aziz discovered that Go Networking did not properly
sanitize some text nodes. An attacker could possibly use this to execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-3978)
Sean Ng discovered an error in Go Networking's HTML tag handling. An
attacker could possibly use this to cause a denial of service.
(CVE-2025-22872)
Guido Vranken and Jakub Ciolek discovered that a maliciously crafted HTML
document could exhaust system resources on servers using Go Networking. An
attacker could possibly use this to cause a denial of service.
(CVE-2025-47911)
Guido Vranken discovered that a maliciously crafted HTML document could put
servers using Go Networking into an infinite loop. An attacker could
possibly use this to cause a denial of service. (CVE-2025-58190)
16 hours 48 minutes ago
Ionut Lalu discovered that go-git incorrectly handled certain specially
crafted Git server responses. An attacker could possibly use this issue to
cause a denial of service. (CVE-2023-49568, CVE-2025-21614)
Ionut Lalu discovered that go-git incorrectly handled file system paths
when using the ChrootOS implementation. A remote attacker could possibly
use this issue to perform a path traversal and create or modify arbitrary
files, leading to remote code execution. (CVE-2023-49569)
It was discovered that go-git did not properly sanitize arguments when
invoking git-upload-pack using the file transport protocol. An attacker
could possibly use this issue to inject arbitrary flag values when
interacting with local Git repositories. (CVE-2025-21613)
It was discovered that go-git did not properly verify integrity checks for
pack and index files. An attacker could possibly use this issue to cause
go-git to process corrupted repository data, resulting in unexpected errors
or an incorrect repository state. (CVE-2026-25934)
18 hours 25 minutes ago
It was discovered that python-cryptography incorrectly handled subgroup
validation for SECT curves. A remote attacker could use this issue to
perform a subgroup attack and possibly recover the least significant bits
of private keys.
21 hours 23 minutes ago
21 hours 24 minutes ago
1 day 2 hours ago
FEDORA-EPEL-2026-439d2b09db
Packages in this update:
Update description:
Upstream announcements:
1 day 2 hours ago
FEDORA-EPEL-2026-7fdbeef41b
Packages in this update:
Update description:
Upstream announcements:
1 day 2 hours ago
FEDORA-2026-bf984d4931
Packages in this update:
Update description:
Upstream announcements:
1 day 2 hours ago
FEDORA-2026-5774d46593
Packages in this update:
Update description:
Upstream announcements:
1 day 2 hours ago
FEDORA-2026-675dd9b166
Packages in this update:
Update description:
Upstream announcements: