Aggregator

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - MMC subsystem; - Network drivers; - USB Device Class drivers; - BTRFS file system; - HFS+ file system; - XFRM subsystem; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Simplified Mandatory Access Control Kernel framework; (CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659, CVE-2024-49927, CVE-2024-56548, CVE-2024-56581, CVE-2024-56593, CVE-2025-21704, CVE-2025-40215)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - MMC subsystem; - Network drivers; - USB Device Class drivers; - BTRFS file system; - HFS+ file system; - XFRM subsystem; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Simplified Mandatory Access Control Kernel framework; (CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659, CVE-2024-49927, CVE-2024-56548, CVE-2024-56581, CVE-2024-56593, CVE-2025-21704, CVE-2025-40215)

FEDORA-EPEL-2026-37ef30e238 Packages in this update:

• python-ujson-5.8.0-2.el9

Update description:

Backport fixes for CVE-2026-32874 and CVE-2026-32875

FEDORA-2026-8c07fcde49 Packages in this update:

• rubygem-json-2.13.2-2.fc43

Update description:

This new updates backports a fix for a format string injection vulnerability in JSON.parse, which is now assigned as CVE-2026-33210

FEDORA-EPEL-2026-74a1834691 Packages in this update:

• bcftools-1.23.1-1.el8
• htslib-1.23.1-1.el8
• samtools-1.23.1-1.el8

Update description:

Update to 1.23.1

FEDORA-EPEL-2026-52be5354a0 Packages in this update:

• perl-YAML-Syck-1.37-1.el9

Update description:

YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.

FEDORA-EPEL-2026-de60bba45b Packages in this update:

• perl-YAML-Syck-1.37-1.el10_2

Update description:

YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.

FEDORA-EPEL-2026-e7f8f46758 Packages in this update:

• perl-YAML-Syck-1.37-1.el10_3

Update description:

YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.

FEDORA-2026-3572f7e01c Packages in this update:

• perl-YAML-Syck-1.37-1.fc43

Update description:

YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.

FEDORA-2026-a8d89d8ae2 Packages in this update:

• perl-YAML-Syck-1.37-1.fc44

Update description:

YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.

FEDORA-2026-d226775800 Packages in this update:

• perl-YAML-Syck-1.37-1.fc42

Update description:

YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.

USN-8105-1 fixed vulnerabilities in FreeRDP. The update introduced a regression which could cause FreeRDP to crash. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that FreeRDP incorrectly handled certain RDP packets. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.

FEDORA-2026-cb321bebb5 Packages in this update:

• bcftools-1.23.1-1.fc44
• htslib-1.23.1-1.fc44
• samtools-1.23.1-1.fc44

Update description:

Update to 1.23.1

FEDORA-2026-3b06345bf2 Packages in this update:

• bcftools-1.23.1-1.fc43
• htslib-1.23.1-1.fc43
• samtools-1.23.1-1.fc43

Update description:

Update to 1.23.1

FEDORA-2026-1fc0d39acd Packages in this update:

• bcftools-1.23.1-1.fc42
• htslib-1.23.1-1.fc42
• samtools-1.23.1-1.fc42

Update description:

Update to 1.23.1

It was discovered that OpenStack Glance was incorrectly validating the IP addresses and the redirect destination URL when downloading or importing images from a remote source. An attacker could possibly use this issue to perform server-side request forgery and obtain sensitive information.

Version:6.19.9 (stable) Released:2026-03-19 Source:linux-6.19.9.tar.xz PGP Signature:linux-6.19.9.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.19.9

FEDORA-2026-f029d04054 Packages in this update:

• libsoup3-3.6.6-2.fc43

Update description:

Add patch for CVE-2026-1539 (Also remove Proxy-Authorization header on cross origin redirect)

FEDORA-2026-55dabf3975 Packages in this update:

• libsoup3-3.6.6-6.fc44

Update description:

Add patch for CVE-2026-1539 (Also remove Proxy-Authorization header on cross origin redirect)

Version:6.18.19 (longterm) Released:2026-03-19 Source:linux-6.18.19.tar.xz PGP Signature:linux-6.18.19.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.18.19