3 hours 47 minutes ago
It was discovered that Sudo incorrectly checked return codes when dropping
privileges to run the mailer. A local attacker could possibly use this
issue to escalate privileges.
3 hours 54 minutes ago
It was discovered that the util-linux su utility did not drop capabilities
when being used with the --pty option. While not a security issue by
itself, a local attacker could possibly use the su tool to exploit
vulnerabilities in other applications.
4 hours 31 minutes ago
FEDORA-2026-cb86172c17
Packages in this update:
Update description:
Rebuilt for improvements of %python_wheel_inject_sbom in python-rpm-macros-3.14-11.
Security fix for CVE-2025-12084
5 hours 22 minutes ago
USN-8090-1 fixed vulnerabilities in OpenSSH. This update provides the
corresponding updates for Ubuntu 20.04 LTS.
Original advisory details:
Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly
handled disconnecting clients. In non-default configurations where the
GSSAPIKeyExchange setting is enabled, a remote attacker could use this
issue to cause OpenSSH to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-3497)
David Leadbeater discovered that OpenSSH incorrectly handled certain
control characters in usernames. When untrusted usernames and the
ProxyCommand are being used, an attacker could possibly use this issue to
execute arbitrary code. (CVE-2025-61984)
David Leadbeater discovered that OpenSSH incorrectly handled NULL
characters in ssh:// URIs. When the ProxyCommand is being used, an attacker
could possibly use this issue to execute arbitrary code. (CVE-2025-61985)
5 hours 38 minutes ago
Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly
handled disconnecting clients. In non-default configurations where the
GSSAPIKeyExchange setting is enabled, a remote attacker could use this
issue to cause OpenSSH to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-3497)
David Leadbeater discovered that OpenSSH incorrectly handled certain
control characters in usernames. When untrusted usernames and the
ProxyCommand are being used, an attacker could possibly use this issue to
execute arbitrary code. (CVE-2025-61984)
David Leadbeater discovered that OpenSSH incorrectly handled NULL
characters in ssh:// URIs. When the ProxyCommand is being used, an attacker
could possibly use this issue to execute arbitrary code. (CVE-2025-61985)
6 hours 5 minutes ago
Version:next-20260312 (linux-next)
Released:2026-03-12
7 hours 26 minutes ago
Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and
Kaan Onarlioglu discovered that servers using Go Networking could hang
during shutdown if preempted by a fatal error. An attacker could possibly
use this to cause a denial of service. This issue only affected Ubuntu
22.04 LTS. (CVE-2022-27664)
Arpad Ryszka and Jakob Ackermann discovered that a maliciously crafted
stream could cause excessive CPU usage in Go Networking's HPACK decoder. An
attacker could possibly use this to cause a denial of service. This issue
only affected Ubuntu 22.04 LTS. (CVE-2022-41723)
Mohammad Thoriq Aziz discovered that Go Networking did not properly
sanitize some text nodes. An attacker could possibly use this to execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-3978)
Sean Ng discovered an error in Go Networking's HTML tag handling. An
attacker could possibly use this to cause a denial of service.
(CVE-2025-22872)
Guido Vranken and Jakub Ciolek discovered that a maliciously crafted HTML
document could exhaust system resources on servers using Go Networking. An
attacker could possibly use this to cause a denial of service.
(CVE-2025-47911)
Guido Vranken discovered that a maliciously crafted HTML document could put
servers using Go Networking into an infinite loop. An attacker could
possibly use this to cause a denial of service. (CVE-2025-58190)
8 hours 1 minute ago
Ionut Lalu discovered that go-git incorrectly handled certain specially
crafted Git server responses. An attacker could possibly use this issue to
cause a denial of service. (CVE-2023-49568, CVE-2025-21614)
Ionut Lalu discovered that go-git incorrectly handled file system paths
when using the ChrootOS implementation. A remote attacker could possibly
use this issue to perform a path traversal and create or modify arbitrary
files, leading to remote code execution. (CVE-2023-49569)
It was discovered that go-git did not properly sanitize arguments when
invoking git-upload-pack using the file transport protocol. An attacker
could possibly use this issue to inject arbitrary flag values when
interacting with local Git repositories. (CVE-2025-21613)
It was discovered that go-git did not properly verify integrity checks for
pack and index files. An attacker could possibly use this issue to cause
go-git to process corrupted repository data, resulting in unexpected errors
or an incorrect repository state. (CVE-2026-25934)
9 hours 38 minutes ago
It was discovered that python-cryptography incorrectly handled subgroup
validation for SECT curves. A remote attacker could use this issue to
perform a subgroup attack and possibly recover the least significant bits
of private keys.
12 hours 36 minutes ago
12 hours 37 minutes ago
17 hours 13 minutes ago
FEDORA-EPEL-2026-439d2b09db
Packages in this update:
Update description:
Upstream announcements:
17 hours 13 minutes ago
FEDORA-EPEL-2026-7fdbeef41b
Packages in this update:
Update description:
Upstream announcements:
17 hours 13 minutes ago
FEDORA-2026-bf984d4931
Packages in this update:
Update description:
Upstream announcements:
17 hours 13 minutes ago
FEDORA-2026-5774d46593
Packages in this update:
Update description:
Upstream announcements:
17 hours 13 minutes ago
FEDORA-2026-675dd9b166
Packages in this update:
Update description:
Upstream announcements:
17 hours 13 minutes ago
FEDORA-EPEL-2026-6d9113a8af
Packages in this update:
Update description:
Upstream announcements:
17 hours 13 minutes ago
FEDORA-EPEL-2026-c7993fe121
Packages in this update:
Update description:
Upstream announcements:
19 hours 3 minutes ago
FEDORA-2026-c47c476fdd
Packages in this update:
Update description:
Update to 1.73.3; Fixes: RHBZ#2426392, RHBZ#2415186
19 hours 5 minutes ago
FEDORA-2026-a00f52ac25
Packages in this update:
Update description:
Update to 1.73.3; Fixes: RHBZ#2426392, RHBZ#2415186