Aggregator

FEDORA-2026-2fef29d32a Packages in this update:

• bpfman-0.5.4-4.fc43

Update description:

Fix CVE-2026-31812: Bump quinn-proto to 0.11.14 - Closes rhbz#2446359

Version:next-20260311 (linux-next) Released:2026-03-11

FEDORA-2026-0523662d59 Packages in this update:

• bpfman-0.5.4-6.fc45

Update description:

Automatic update for bpfman-0.5.4-6.fc45.

Changelog * Wed Mar 11 2026 Daniel Mellado <dmellado@fedoraproject.org> - 0.5.4-6 - Fix CVE-2026-31812: Bump quinn-proto to 0.11.14 - Closes rhbz#2446359

Zhicheng Chen discovered that curl could incorrectly reuse the wrong connection for Negotiate-authenticated HTTP or HTTPS requests. This could result in the use of credentials from a different connection, contrary to expectations. (CVE-2026-1965) It was discovered that curl incorrectly leaked OAuth2 bearer tokens when following a redirect. This could result in tokens being sent to the wrong host, contrary to expectations. (CVE-2026-3783) Muhamad Arga Reksapati discovered that curl incorrectly reused existing HTTP proxy connections even if the request used different credentials. This could result in the use of incorrect credentials, contrary to expectations. (CVE-2026-3784) Daniel Wade discovered that curl incorrectly handled certain memory operations when doing a second SMB request to the same host. An attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 25.10. (CVE-2026-3805) Yihang Zhou discovered that curl incorrectly reused .netrc file credentials when following redirects. This could result in the use of credentials for a different host, contrary to expectations. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-0167)

It was discovered that libpng did not properly handle memory when processing certain PNG files. An attacker could possibly use this issue to cause libpng to crash, resulting in a denial of service, or disclose sensitive information. (CVE-2025-64505) Joshua Inscoe discovered that libpng did not properly handle memory when processing certain PNG files. An attacker could possibly use this issue to cause libpng to crash, resulting in a denial of service, disclose sensitive information, or execute arbitrary code. (CVE-2026-25646)

It was discovered that GeoPandas incorrectly handled certain input. An attacker could possibly use this issue to perform SQL injection attacks.

FEDORA-EPEL-2026-108ee839c4 Packages in this update:

• wordpress-6.9.3-1.el10_2

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4

FEDORA-2026-d8dab3284b Packages in this update:

• wordpress-6.9.3-1.fc43

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4

FEDORA-EPEL-2026-f5c7dc5bca Packages in this update:

• wordpress-6.9.3-1.el10_1

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4

FEDORA-EPEL-2026-299b865866 Packages in this update:

• wordpress-6.9.3-1.el10_3

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4

FEDORA-2026-e53e7de687 Packages in this update:

• wordpress-6.9.3-1.fc44

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4

FEDORA-2026-30aaa038c8 Packages in this update:

• wordpress-6.9.3-1.fc42

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4

FEDORA-EPEL-2026-79019fe4ae Packages in this update:

• wordpress-6.9.3-1.el9

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4

FEDORA-2026-62f9125c65 Packages in this update:

• aqualung-2.0-6.fc44
• mac-12.50-1.fc44

Update description:

Latest Monkey's Audio Codec release. Changelog: https://monkeysaudio.com/versionhistory.html . Fixes CVE-2025-61043.

Version:next-20260310 (linux-next) Released:2026-03-10

Michael Randrianantenaina discovered that GIMP incorrectly handled certain malformed ICO files. An attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2025-5473) Seungho Kim discovered that GIMP incorrectly handled certain memory operations when running the despeckle plugin. An attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2025-6035)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - MMC subsystem; (CVE-2022-49267, CVE-2025-21780)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; (CVE-2025-22037, CVE-2025-37899)

FEDORA-2026-beac8e1f11 Packages in this update:

• dnf5-5.2.18.0-2.fc42

Update description:

This release fixes CVE-2026-3836 (a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client.

FEDORA-2026-4e264a94a4 Packages in this update:

• dnf5-5.2.18.0-2.fc43

Update description:

This release fixes CVE-2026-3836 (a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client.