Aggregator

FEDORA-2026-62f9125c65 Packages in this update:

• aqualung-2.0-6.fc44
• mac-12.50-1.fc44

Update description:

Latest Monkey's Audio Codec release. Changelog: https://monkeysaudio.com/versionhistory.html . Fixes CVE-2025-61043.

Version:next-20260310 (linux-next) Released:2026-03-10

Michael Randrianantenaina discovered that GIMP incorrectly handled certain malformed ICO files. An attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2025-5473) Seungho Kim discovered that GIMP incorrectly handled certain memory operations when running the despeckle plugin. An attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2025-6035)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - MMC subsystem; (CVE-2022-49267, CVE-2025-21780)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; (CVE-2025-22037, CVE-2025-37899)

FEDORA-2026-beac8e1f11 Packages in this update:

• dnf5-5.2.18.0-2.fc42

Update description:

This release fixes CVE-2026-3836 (a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client.

FEDORA-2026-4e264a94a4 Packages in this update:

• dnf5-5.2.18.0-2.fc43

Update description:

This release fixes CVE-2026-3836 (a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client.

FEDORA-2026-6072c6888a Packages in this update:

• dnf5-5.4.0.0-2.fc44

Update description:

This release fixes CVE-2026-3836 (a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client.

Update to upstream release 5.4.0.0. Full changelog.

FEDORA-2026-f136c4b06c Packages in this update:

• wireshark-4.6.4-1.fc44

Update description:

New version 6.4.6

FEDORA-2026-aeb63d9dfb Packages in this update:

• kiss-fft-131.2.0-1.fc42

Update description:

Update to 131.2.0

FEDORA-2026-291357abab Packages in this update:

• kiss-fft-131.2.0-1.fc43

Update description:

Update to 131.2.0

FEDORA-2026-ecc754cb95 Packages in this update:

• kiss-fft-131.2.0-1.fc44

Update description:

Update to 131.2.0

Version:next-20260309 (linux-next) Released:2026-03-09

FEDORA-EPEL-2026-53aded8e0e Packages in this update:

• cpp-httplib-0.37.0-1.el9

Update description: Update to 0.37.0 (rhbz#2441656)

• Fixes Denial of Service via crafted HTTP POST request (CVE-2026-29076, rhbz#2445663)

Update to 0.35.0

• Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies (CVE-2026-28435, rhbz#2444638)
• Default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header (CVE-2026-28434, rhbz#2444636)

https://github.com/yhirose/cpp-httplib/compare/v0.32.0...v0.37.0

FEDORA-2026-2c2afa9f9e Packages in this update:

• cpp-httplib-0.37.0-1.fc44

Update description: Update to 0.37.0 (rhbz#2441656)

• Fixes Denial of Service via crafted HTTP POST request (CVE-2026-29076, rhbz#2445663)

Update to 0.35.0

• Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies (CVE-2026-28435, rhbz#2444638)
• Default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header (CVE-2026-28434, rhbz#2444636)

https://github.com/yhirose/cpp-httplib/compare/v0.32.0...v0.37.0

FEDORA-2026-6ed9c65eaf Packages in this update:

• cpp-httplib-0.37.0-1.fc42

Update description: Update to 0.37.0 (rhbz#2441656)

• Fixes Denial of Service via crafted HTTP POST request (CVE-2026-29076, rhbz#2445663)

Update to 0.35.0

• Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies (CVE-2026-28435, rhbz#2444638)
• Default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header (CVE-2026-28434, rhbz#2444636)

https://github.com/yhirose/cpp-httplib/compare/v0.32.0...v0.37.0

FEDORA-2026-c2049f7220 Packages in this update:

• cpp-httplib-0.37.0-1.fc43

Update description: Update to 0.37.0 (rhbz#2441656)

• Fixes Denial of Service via crafted HTTP POST request (CVE-2026-29076, rhbz#2445663)

Update to 0.35.0

• Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies (CVE-2026-28435, rhbz#2444638)
• Default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header (CVE-2026-28434, rhbz#2444636)

https://github.com/yhirose/cpp-httplib/compare/v0.32.0...v0.37.0

FEDORA-EPEL-2026-9612548dcf Packages in this update:

• cpp-httplib-0.37.0-1.el10_3

Update description: Update to 0.37.0 (rhbz#2441656)

• Fixes Denial of Service via crafted HTTP POST request (CVE-2026-29076, rhbz#2445663)

Update to 0.35.0

• Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies (CVE-2026-28435, rhbz#2444638)
• Default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header (CVE-2026-28434, rhbz#2444636)

https://github.com/yhirose/cpp-httplib/compare/v0.32.0...v0.37.0

Kamil Frankowicz discovered that a number of YARA's functions generated memory exceptions when processing specially crafted rules or files. A remote attacker could possibly use these issues to cause YARA to crash, resulting in a denial of service. These issues only affected Ubuntu 16.04 LTS. (CVE-2016-10211, CVE-2017-5923, CVE-2017-5924, CVE-2017-8294, CVE-2017-8929, CVE-2017-9304, CVE-2017-9438, CVE-2017-9465) Jurriaan Bremer discovered that YARA's yr_object_array_set_limit() function could result in a heap buffer overflow when scanning specially crafted .NET files. A remote attacker could possibly use this issue to cause YARA to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-11328) It was discovered that YARA's yr_execute_code() function could cause an out-of-bounds read or write when parsing specially crafted compiled rule files. A remote attacker could possibly use these issues to cause YARA to crash, resulting in a denial of service. These issues only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-12034, CVE-2018-12035) It was discovered that YARA's virtual machine could be escaped in certain instances. A remote attacker could possibly use these issues to execute arbitrary code. These issues only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19974, CVE-2018-19975, CVE-2018-19976) It was discovered that YARA's macho_parse_file() function would generate an out-of-bounds memory access error when parsing a specially crafted Mach-O file. A remote attacker could possibly use this issue to cause YARA to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2019-19648) It was discovered that YARA's macho.c implementation contained several overflow reads, which could be triggered when parsing specially crafted Mach-O files. A remote attacker could possibly use this issue to cause YARA to crash, resulting in a denial of service, or to learn sensitive information. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-3402) It was discovered that YARA's yr_set_configuration() function could trigger a buffer overflow when parsing specially crafted rules. A remote attacker could possibly use this issue to cause YARA to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-45429)