Aggregator

USN-8490-2: Linux kernel (Real-time) vulnerabilities

1 hour ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; - STMicroelectronics network drivers; - Network drivers; - NVME drivers; - SCSI subsystem; - USB over IP driver; - File systems infrastructure; - Ext4 file system; - Network file system (NFS) server daemon; - SMB network file system; - Kernel thread helper (kthread); - IPv6 networking; - Tracing infrastructure; - Kernel exit() syscall; - Scatterlist API; - B.A.T.M.A.N. meshing protocol; - Ethernet bridge; - Ceph Core library; - IPv4 networking; - Multipath TCP; - Netfilter; - RxRPC session sockets; - SMC sockets; - X.25 network layer; (CVE-2026-22984, CVE-2026-23272, CVE-2026-23278, CVE-2026-23392, CVE-2026-23427, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455, CVE-2026-31402, CVE-2026-31418, CVE-2026-31436, CVE-2026-31448, CVE-2026-31478, CVE-2026-31607, CVE-2026-31635, CVE-2026-31637, CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668, CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-31718, CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071, CVE-2026-43083, CVE-2026-43114, CVE-2026-43117, CVE-2026-43125, CVE-2026-43186, CVE-2026-43197, CVE-2026-43304, CVE-2026-43341, CVE-2026-43376, CVE-2026-43378, CVE-2026-43383, CVE-2026-43384, CVE-2026-43402, CVE-2026-43406, CVE-2026-43407, CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45898, CVE-2026-45988, CVE-2026-46039, CVE-2026-46043, CVE-2026-46115, CVE-2026-46119, CVE-2026-46135, CVE-2026-46185, CVE-2026-46195, CVE-2026-46243, CVE-2026-46244, CVE-2026-46266, CVE-2026-46289, CVE-2026-46316, CVE-2026-46325)

USN-8490-1: Linux kernel vulnerabilities

1 hour 3 minutes ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; - STMicroelectronics network drivers; - Network drivers; - NVME drivers; - SCSI subsystem; - USB over IP driver; - File systems infrastructure; - Ext4 file system; - Network file system (NFS) server daemon; - SMB network file system; - Kernel thread helper (kthread); - IPv6 networking; - Tracing infrastructure; - Kernel exit() syscall; - Scatterlist API; - B.A.T.M.A.N. meshing protocol; - Ethernet bridge; - Ceph Core library; - IPv4 networking; - Multipath TCP; - Netfilter; - RxRPC session sockets; - SMC sockets; - X.25 network layer; (CVE-2026-22984, CVE-2026-23272, CVE-2026-23278, CVE-2026-23392, CVE-2026-23427, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455, CVE-2026-31402, CVE-2026-31418, CVE-2026-31436, CVE-2026-31448, CVE-2026-31478, CVE-2026-31607, CVE-2026-31635, CVE-2026-31637, CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668, CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-31718, CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071, CVE-2026-43083, CVE-2026-43114, CVE-2026-43117, CVE-2026-43125, CVE-2026-43186, CVE-2026-43197, CVE-2026-43304, CVE-2026-43341, CVE-2026-43376, CVE-2026-43378, CVE-2026-43383, CVE-2026-43384, CVE-2026-43402, CVE-2026-43406, CVE-2026-43407, CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45898, CVE-2026-45988, CVE-2026-46039, CVE-2026-46043, CVE-2026-46115, CVE-2026-46119, CVE-2026-46135, CVE-2026-46185, CVE-2026-46195, CVE-2026-46243, CVE-2026-46244, CVE-2026-46266, CVE-2026-46289, CVE-2026-46316, CVE-2026-46325)

chromium-150.0.7871.124-1.el10_3

3 hours 50 minutes ago
FEDORA-EPEL-2026-012b021e70 Packages in this update:
  • chromium-150.0.7871.124-1.el10_3
Update description:

Update to 150.0.7871.124

* CVE-2026-15764: Use after free in Ozone * CVE-2026-15765: Use after free in Ozone * CVE-2026-15766: Uninitialized Use in Skia * CVE-2026-15767: Heap buffer overflow in libyuv * CVE-2026-15768: Insufficient policy enforcement in HTML-in-Canvas * CVE-2026-15769: Insufficient validation of untrusted input in Linux Toolkit Theming * CVE-2026-15770: Uninitialized Use in V8 * CVE-2026-15771: Insufficient validation of untrusted input in Media * CVE-2026-15772: Use after free in GPU * CVE-2026-15773: Use after free in Core * CVE-2026-15774: Use after free in Skia * CVE-2026-15775: Insufficient policy enforcement in V8 * CVE-2026-15776: Type Confusion in V8 * CVE-2026-15777: Use after free in UI * CVE-2026-15778: Insufficient validation of untrusted input in Navigation

chromium-150.0.7871.124-1.el10_2

3 hours 50 minutes ago
FEDORA-EPEL-2026-3bd3da0297 Packages in this update:
  • chromium-150.0.7871.124-1.el10_2
Update description:

Update to 150.0.7871.124

* CVE-2026-15764: Use after free in Ozone * CVE-2026-15765: Use after free in Ozone * CVE-2026-15766: Uninitialized Use in Skia * CVE-2026-15767: Heap buffer overflow in libyuv * CVE-2026-15768: Insufficient policy enforcement in HTML-in-Canvas * CVE-2026-15769: Insufficient validation of untrusted input in Linux Toolkit Theming * CVE-2026-15770: Uninitialized Use in V8 * CVE-2026-15771: Insufficient validation of untrusted input in Media * CVE-2026-15772: Use after free in GPU * CVE-2026-15773: Use after free in Core * CVE-2026-15774: Use after free in Skia * CVE-2026-15775: Insufficient policy enforcement in V8 * CVE-2026-15776: Type Confusion in V8 * CVE-2026-15777: Use after free in UI * CVE-2026-15778: Insufficient validation of untrusted input in Navigation

chromium-150.0.7871.124-1.fc43

3 hours 50 minutes ago
FEDORA-2026-32e3e23696 Packages in this update:
  • chromium-150.0.7871.124-1.fc43
Update description:

Update to 150.0.7871.124

* CVE-2026-15764: Use after free in Ozone * CVE-2026-15765: Use after free in Ozone * CVE-2026-15766: Uninitialized Use in Skia * CVE-2026-15767: Heap buffer overflow in libyuv * CVE-2026-15768: Insufficient policy enforcement in HTML-in-Canvas * CVE-2026-15769: Insufficient validation of untrusted input in Linux Toolkit Theming * CVE-2026-15770: Uninitialized Use in V8 * CVE-2026-15771: Insufficient validation of untrusted input in Media * CVE-2026-15772: Use after free in GPU * CVE-2026-15773: Use after free in Core * CVE-2026-15774: Use after free in Skia * CVE-2026-15775: Insufficient policy enforcement in V8 * CVE-2026-15776: Type Confusion in V8 * CVE-2026-15777: Use after free in UI * CVE-2026-15778: Insufficient validation of untrusted input in Navigation

chromium-150.0.7871.124-1.el9

3 hours 50 minutes ago
FEDORA-EPEL-2026-72397f334b Packages in this update:
  • chromium-150.0.7871.124-1.el9
Update description:

Update to 150.0.7871.124

* CVE-2026-15764: Use after free in Ozone * CVE-2026-15765: Use after free in Ozone * CVE-2026-15766: Uninitialized Use in Skia * CVE-2026-15767: Heap buffer overflow in libyuv * CVE-2026-15768: Insufficient policy enforcement in HTML-in-Canvas * CVE-2026-15769: Insufficient validation of untrusted input in Linux Toolkit Theming * CVE-2026-15770: Uninitialized Use in V8 * CVE-2026-15771: Insufficient validation of untrusted input in Media * CVE-2026-15772: Use after free in GPU * CVE-2026-15773: Use after free in Core * CVE-2026-15774: Use after free in Skia * CVE-2026-15775: Insufficient policy enforcement in V8 * CVE-2026-15776: Type Confusion in V8 * CVE-2026-15777: Use after free in UI * CVE-2026-15778: Insufficient validation of untrusted input in Navigation

chromium-150.0.7871.124-1.fc44

3 hours 50 minutes ago
FEDORA-2026-7437330b17 Packages in this update:
  • chromium-150.0.7871.124-1.fc44
Update description:

Update to 150.0.7871.124

* CVE-2026-15764: Use after free in Ozone * CVE-2026-15765: Use after free in Ozone * CVE-2026-15766: Uninitialized Use in Skia * CVE-2026-15767: Heap buffer overflow in libyuv * CVE-2026-15768: Insufficient policy enforcement in HTML-in-Canvas * CVE-2026-15769: Insufficient validation of untrusted input in Linux Toolkit Theming * CVE-2026-15770: Uninitialized Use in V8 * CVE-2026-15771: Insufficient validation of untrusted input in Media * CVE-2026-15772: Use after free in GPU * CVE-2026-15773: Use after free in Core * CVE-2026-15774: Use after free in Skia * CVE-2026-15775: Insufficient policy enforcement in V8 * CVE-2026-15776: Type Confusion in V8 * CVE-2026-15777: Use after free in UI * CVE-2026-15778: Insufficient validation of untrusted input in Navigation

moby-engine-29.6.2-1.fc44

7 hours 1 minute ago
FEDORA-2026-70a4eeeab8 Packages in this update:
  • moby-engine-29.6.2-1.fc44
Update description:
  • Update to release v29.6.2
  • Resolves: rhbz#2496437
  • Upstream security fixes
    • GHSA-hw3h-2gp9-cxpv
    • GHSA-qx3x-mv6r-52p6
    • GHSA-32pv-7hq5-qhwq
    • GHSA-g2h8-426c-7976
    • GHSA-388v-wmr2-g2v2

python-django5-5.2.16-1.fc43

12 hours 52 minutes ago
FEDORA-2026-fbb9501b22 Packages in this update:
  • python-django5-5.2.16-1.fc43
Update description:

Update python-django5 to version 5.2.16

Fixes three low-severity CVEs

  • CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response
  • CVE-2026-53877: Heap buffer over-read in GDALRaster
  • CVE-2026-53878: Header injection possibility since DomainNameValidator accepted newlines in input

python-django5-5.2.16-1.fc44

12 hours 52 minutes ago
FEDORA-2026-595d35a4d1 Packages in this update:
  • python-django5-5.2.16-1.fc44
Update description:

Update python-django5 to version 5.2.16

Fixes three low-severity CVEs

  • CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response
  • CVE-2026-53877: Heap buffer over-read in GDALRaster
  • CVE-2026-53878: Header injection possibility since DomainNameValidator accepted newlines in input

moby-engine-29.6.2-1.fc45

12 hours 57 minutes ago
FEDORA-2026-3a690a88c2 Packages in this update:
  • moby-engine-29.6.2-1.fc45
Update description:

Automatic update for moby-engine-29.6.2-1.fc45.

Changelog * Thu Jul 16 2026 Bradley G Smith <bradley.g.smith@gmail.com> - 29.6.2-1 - Update to release v29.6.2 - Resolves: rhbz#2496437 - Upstream security fixes - - GHSA-hw3h-2gp9-cxpv - - GHSA-qx3x-mv6r-52p6 - - GHSA-32pv-7hq5-qhwq - - GHSA-g2h8-426c-7976 - - GHSA-388v-wmr2-g2v2 * Thu Jul 16 2026 Fedora Release Engineering <releng@fedoraproject.org> - 29.6.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_45_Mass_Rebuild

dotnet10.0-10.0.110-1.fc44

14 hours ago
FEDORA-2026-f738966fc9 Packages in this update:
  • dotnet10.0-10.0.110-1.fc44
Update description:

Update to .NET SDK 10.0.110 and Runtime 10.0.10

Fixes: CVE-2026-47300,CVE-2026-47302,CVE-2026-47303,CVE-2026-47304,CVE-2026-50524,CVE-2026-50525,CVE-2026-50526,CVE-2026-50527,CVE-2026-50528,CVE-2026-50646,CVE-2026-50648,CVE-2026-50649,CVE-2026-50650,CVE-2026-50651,CVE-2026-50659,CVE-2026-56158,CVE-2026-57108

Release Notes:

dotnet10.0-10.0.110-1.fc43

14 hours ago
FEDORA-2026-d9817786d6 Packages in this update:
  • dotnet10.0-10.0.110-1.fc43
Update description:

Update to .NET SDK 10.0.110 and Runtime 10.0.10

Fixes: CVE-2026-47300,CVE-2026-47302,CVE-2026-47303,CVE-2026-47304,CVE-2026-50524,CVE-2026-50525,CVE-2026-50526,CVE-2026-50527,CVE-2026-50528,CVE-2026-50646,CVE-2026-50648,CVE-2026-50649,CVE-2026-50650,CVE-2026-50651,CVE-2026-50659,CVE-2026-56158,CVE-2026-57108

Release Notes:

USN-8477-2: tar regression

15 hours 5 minutes ago
USN-8477-1 fixed a vulnerability in tar. The update introduced a regression that could cause tar to fail to extract certain valid files. This update fixes the problem. Original advisory details: It was discovered that tar incorrectly handled certain crafted archive files. An attacker could possibly use this to inject hidden files with attacker-controlled content, bypassing pre-extraction inspection mechanisms.

USN-8557-1: Authlib vulnerabilities

17 hours 26 minutes ago
Jay Neiva and Mauro Carrillo discovered that Authlib did not properly validate cryptographic keys embedded in JWT headers. An attacker could possibly use this issue to forge trusted tokens, resulting in authentication and authorization bypass. (CVE-2026-27962) Jay Neiva and Mauro Carrillo discovered that Authlib incorrectly handled RSA1_5 encrypted tokens. An attacker could possibly use this issue to recover sensitive encrypted information, resulting in information disclosure. (CVE-2026-28490) Jay Neiva and Mauro Carrillo discovered that Authlib did not properly reject unsupported cryptographic algorithms when validating OpenID Connect ID tokens. An attacker could possibly use this issue to bypass token integrity checks, resulting in authentication bypass. (CVE-2026-28498) Johnny Deuss discovered that Authlib did not provide cross-site request forgery protection for the OAuth cache feature in its Starlette integration. An attacker could possibly use this issue to perform unauthorized OAuth actions, resulting in cross-site request forgery. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-41425)