10 hours 24 minutes ago
Aaron Rainbolt discovered that the cautious-launcher utility in the
mailcap package did not properly restrict the execution of certain
file types. An attacker could use this issue to escape a sandboxed
application and execute arbitrary code on the host operating system.
13 hours 24 minutes ago
Version:next-20260708 (linux-next)
Released:2026-07-08
13 hours 32 minutes ago
It was discovered that ClamAV incorrectly handled certain PE files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2026-20213, CVE-2026-20214,
CVE-2026-20217)
It was discovered that ClamAV incorrectly handled certain 7z archive
files. A remote attacker could possibly use this issue to cause ClamAV to
crash, resulting in a denial of service. (CVE-2026-20215)
It was discovered that ClamAV incorrectly handled extraction limits for
certain InstallShield archives. A remote attacker could possibly use this
issue to cause ClamAV to use excessive resources, leading to a denial of
service. (CVE-2026-20216)
It was discovered that ClamAV incorrectly handled certain ALZ archive
files. A remote attacker could possibly use this issue to cause ClamAV to
crash, resulting in a denial of service. (CVE-2026-20243)
It was discovered that ClamAV incorrectly handled certain DMG files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2026-20244)
13 hours 50 minutes ago
It was discovered that Apache HTTP Server's mod_ldap module incorrectly
handled memory when processing per-directory configurations. An attacker
could use this issue to cause the server to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2026-29167)
It was discovered that Apache HTTP Server's mod_proxy_ftp module
incorrectly handled HTML generation for FTP directory listings. A remote
attacker could possibly use this issue to inject arbitrary web script or
HTML. (CVE-2026-29170)
It was discovered that Apache HTTP Server's mod_proxy_html module
incorrectly handled certain content from an untrusted backend. A remote
attacker could possibly use this issue to cause Apache HTTP Server to
crash, resulting in a denial of service. (CVE-2026-34355)
It was discovered that Apache HTTP Server incorrectly handled
ProxyPassReverseCookie directives with a malicious backend server. A remote
attacker could possibly use this issue to cause Apache HTTP Server to
crash, resulting in a denial of service. (CVE-2026-34356)
It was discovered that Apache HTTP Server's mod_dav_fs module incorrectly
handled certain path operations. An authenticated user could possibly use
this issue to manipulate trusted WebDAV property databases or cause a
denial of service. (CVE-2026-42535)
It was discovered that Apache HTTP Server's mod_xml2enc module incorrectly
handled certain content from an untrusted backend. A remote attacker could
possibly use this issue to cause Apache HTTP Server to crash, resulting in
a denial of service. (CVE-2026-42536)
It was discovered that Apache HTTP Server incorrectly handled response
headers when multiple content languages were configured. A remote attacker
could possibly use this issue to obtain sensitive information.
(CVE-2026-43951)
It was discovered that Apache HTTP Server incorrectly restricted certain
file functions in expressions within .htaccess files. A local attacker with
.htaccess write access could possibly use this issue to obtain sensitive
information. (CVE-2026-44119)
It was discovered that Apache HTTP Server's mod_ssl module incorrectly
handled OCSP responses from an attacker-controlled server. A remote
attacker could possibly use this issue to obtain sensitive information or
cause a denial of service. (CVE-2026-44185)
It was discovered that Apache HTTP Server's mod_proxy_ftp module
incorrectly handled responses from an attacker-controlled backend FTP
server. A remote attacker could possibly use this issue to cause Apache
HTTP Server to stop responding, resulting in a denial of service.
(CVE-2026-44186)
It was discovered that Apache HTTP Server incorrectly handled crafted
regular expressions in the server configuration. An attacker could possibly
use this issue to execute arbitrary code or cause a denial of service.
(CVE-2026-44631)
It was discovered that Apache HTTP Server's mod_http2 module had a
use-after-free vulnerability when file handles were exhausted. A remote
attacker could possibly use this issue to cause Apache HTTP Server to
crash, resulting in a denial of service. (CVE-2026-48913)
14 hours 24 minutes ago
FEDORA-2026-6d5a7be3b9
Packages in this update:
- rust-cargo-rpmstatus-0.2.5-2.fc43
Update description:
Update to 0.2.5 (with dependency updates only), and further update some dependencies. Particularly, quick-xml 0.41 fixes RUSTSEC-2026-0194 and RUSTSEC-2026-0195.
16 hours 3 minutes ago
FEDORA-2026-5e3ab17662
Packages in this update:
- rust-opendal-0.55.0-2.fc43
Update description:
Update quick-xml to 0.41 (RUSTSEC-2026-0194, RUSTSEC-2026-0195)
16 hours 11 minutes ago
FEDORA-2026-08f5aab9ed
Packages in this update:
- rust-cargo-rpmstatus-0.2.5-2.fc44
Update description:
Update to 0.2.5 (with dependency updates only), and further update some dependencies. Particularly, quick-xml 0.41 fixes RUSTSEC-2026-0194 and RUSTSEC-2026-0195.
16 hours 12 minutes ago
16 hours 17 minutes ago
FEDORA-2026-e465328a8d
Packages in this update:
- rust-opendal-0.55.0-2.fc44
Update description:
Update quick-xml to 0.41 (RUSTSEC-2026-0194, RUSTSEC-2026-0195)
18 hours 39 minutes ago
FEDORA-2026-7bf2937528
Packages in this update:
- mingw-glib2-2.88.2-2.fc44
Update description:
Backport fix for CVE-2026-58016.
Update to glib-2.88.2.
18 hours 39 minutes ago
FEDORA-2026-8e39f35701
Packages in this update:
- mingw-glib2-2.86.5-2.fc43
Update description:
Backport fix for CVE-2026-58016.
Update to glib-2.86.5.
19 hours 4 minutes ago
FEDORA-2026-9fdda5018f
Packages in this update:
Update description:
1.650 bump - Fix CVE-2026-14739, CVE-2026-14740 and CVE-2026-14380
19 hours 4 minutes ago
FEDORA-2026-71d7e4d1da
Packages in this update:
Update description:
1.650 bump - Fix CVE-2026-14739, CVE-2026-14740 and CVE-2026-14380
19 hours 19 minutes ago
FEDORA-2026-46c4892063
Packages in this update:
- python-pillow-12.3.0-1.fc44
Update description:
Fix CVE-2026-55380, CVE-2026-54060, CVE-2026-54059, CVE-2026-55379, CVE-2026-55798
19 hours 19 minutes ago
FEDORA-2026-d86f55c21a
Packages in this update:
- python-pillow-11.3.0-9.fc43
Update description:
Fix CVE-2026-55380, CVE-2026-54060, CVE-2026-54059, CVE-2026-55379, CVE-2026-55798
19 hours 37 minutes ago
FEDORA-2026-377015b34b
Packages in this update:
Update description:
pam_userdb: fix password comparison timing leak
21 hours 10 minutes ago
FEDORA-2026-9db41d0ada
Packages in this update:
- python-safetensors-0.8.0-2.fc45
- rust-safetensors-0.8.0-1.fc45
Update description:
Update safetensors to 0.8.0 and build the Python extension using PyO3 0.29, which fixes RUSTSEC-2026-0176 and RUSTSEC-2026-0177.
23 hours 7 minutes ago
FEDORA-2026-18ea3f47f8
Packages in this update:
Update description:
libXfont2 2.0.8 (CVE-2026-56001, CVE-2026-56002, CVE-2026-56003)
23 hours 18 minutes ago
FEDORA-2026-43652cd5e8
Packages in this update:
Update description:
libXfont2 2.0.8 (CVE-2026-56001, CVE-2026-56002, CVE-2026-56003)
23 hours 39 minutes ago