Aggregator

dotnet10.0-10.0.110-1.fc44

1 hour 11 minutes ago
FEDORA-2026-f738966fc9 Packages in this update:
  • dotnet10.0-10.0.110-1.fc44
Update description:

Update to .NET SDK 10.0.110 and Runtime 10.0.10

Fixes: CVE-2026-47300,CVE-2026-47302,CVE-2026-47303,CVE-2026-47304,CVE-2026-50524,CVE-2026-50525,CVE-2026-50526,CVE-2026-50527,CVE-2026-50528,CVE-2026-50646,CVE-2026-50648,CVE-2026-50649,CVE-2026-50650,CVE-2026-50651,CVE-2026-50659,CVE-2026-56158,CVE-2026-57108

Release Notes:

dotnet10.0-10.0.110-1.fc43

1 hour 11 minutes ago
FEDORA-2026-d9817786d6 Packages in this update:
  • dotnet10.0-10.0.110-1.fc43
Update description:

Update to .NET SDK 10.0.110 and Runtime 10.0.10

Fixes: CVE-2026-47300,CVE-2026-47302,CVE-2026-47303,CVE-2026-47304,CVE-2026-50524,CVE-2026-50525,CVE-2026-50526,CVE-2026-50527,CVE-2026-50528,CVE-2026-50646,CVE-2026-50648,CVE-2026-50649,CVE-2026-50650,CVE-2026-50651,CVE-2026-50659,CVE-2026-56158,CVE-2026-57108

Release Notes:

USN-8557-1: Authlib vulnerabilities

4 hours 37 minutes ago
Jay Neiva and Mauro Carrillo discovered that Authlib did not properly validate cryptographic keys embedded in JWT headers. An attacker could possibly use this issue to forge trusted tokens, resulting in authentication and authorization bypass. (CVE-2026-27962) Jay Neiva and Mauro Carrillo discovered that Authlib incorrectly handled RSA1_5 encrypted tokens. An attacker could possibly use this issue to recover sensitive encrypted information, resulting in information disclosure. (CVE-2026-28490) Jay Neiva and Mauro Carrillo discovered that Authlib did not properly reject unsupported cryptographic algorithms when validating OpenID Connect ID tokens. An attacker could possibly use this issue to bypass token integrity checks, resulting in authentication bypass. (CVE-2026-28498) Johnny Deuss discovered that Authlib did not provide cross-site request forgery protection for the OAuth cache feature in its Starlette integration. An attacker could possibly use this issue to perform unauthorized OAuth actions, resulting in cross-site request forgery. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-41425)

USN-8556-1: Ruby vulnerabilities

8 hours 27 minutes ago
It was discovered that the Net::IMAP client in Ruby did not properly sanitize Symbol arguments passed to IMAP commands. A remote attacker controlling a malicious IMAP server, or able to influence command arguments, could use this to inject arbitrary IMAP commands via CRLF sequences. (CVE-2026-42258) It was discovered that the Zlib::GzipReader in Ruby did not correctly ensure sufficient buffer capacity in the zstream_buffer_ungets function. An attacker could use this to craft a gzip stream that, when processed, could cause a buffer overflow, resulting in memory corruption and possibly arbitrary code execution. (CVE-2026-27820)

USN-8555-1: Ubuntu Advantage Tools (pro client) vulnerabilities

9 hours 22 minutes ago
Bilal Teke discovered that Ubuntu Advantage Tools exposed the Pro bearer token in command-line arguments when validating APT credentials. A local attacker could possibly use this issue to obtain sensitive information and gain unauthorized access to Ubuntu Pro repositories. (CVE-2026-9494) Frederick Jerusha discovered that Ubuntu Advantage Tools did not properly validate data received from the contract server when writing APT source files. An attacker could possibly use this issue to inject arbitrary APT configuration and execute arbitrary code. (CVE-2026-11386) Mateusz Gierblinski discovered that Ubuntu Advantage Tools did not properly handle symbolic links when collecting diagnostic logs. A local attacker could possibly use this issue to obtain sensitive information from files owned by the administrator. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-12391)

USN-8554-1: NTFS-3G vulnerabilities

10 hours 36 minutes ago
It was discovered that NTFS-3G had a heap buffer overflow when reading certain NTFS images. A local attacker could possibly use this issue to execute arbitrary code. (CVE-2026-42616) It was discovered that NTFS-3G had multiple heap buffer overflows when processing certain NTFS images. A local attacker could possibly use these issues to execute arbitrary code. (CVE-2026-42617, CVE-2026-42618, CVE-2026-46569, CVE-2026-46570, CVE-2026-46572, CVE-2026-56135) It was discovered that NTFS-3G had out-of-bounds reads when processing certain NTFS images. A local attacker could possibly use these issues to obtain sensitive information. (CVE-2026-46571, CVE-2026-56136)

wget1-1.25.0-4.fc44

13 hours 47 minutes ago
FEDORA-2026-1b91a2f126 Packages in this update:
  • wget1-1.25.0-4.fc44
Update description:

Fix for CVE-2026-15146, CVE-2026-58470, CVE-2026-58471, CVE-2026-58472

wget1-1.25.0-3.fc43

13 hours 47 minutes ago
FEDORA-2026-7bbb52b49d Packages in this update:
  • wget1-1.25.0-3.fc43
Update description:

Fix for CVE-2026-15146, CVE-2026-58470, CVE-2026-58471, CVE-2026-58472

dotnet9.0-9.0.119-1.fc44

23 hours 37 minutes ago
FEDORA-2026-d6b061ad69 Packages in this update:
  • dotnet9.0-9.0.119-1.fc44
Update description:

Update to .NET SDK 9.0.119 and Runtime 9.0.18

Fixes: CVE-2026-47300,CVE-2026-47302,CVE-2026-47303,CVE-2026-47304,CVE-2026-50524,CVE-2026-50525,CVE-2026-50526,CVE-2026-50527,CVE-2026-50528,CVE-2026-50646,CVE-2026-50648,CVE-2026-50649,CVE-2026-50650,CVE-2026-50651,CVE-2026-50659,CVE-2026-56158,CVE-2026-57108

Release Notes:

dotnet9.0-9.0.119-1.fc43

23 hours 37 minutes ago
FEDORA-2026-3afd9d89f4 Packages in this update:
  • dotnet9.0-9.0.119-1.fc43
Update description:

Update to .NET SDK 9.0.119 and Runtime 9.0.18

Fixes: CVE-2026-47300,CVE-2026-47302,CVE-2026-47303,CVE-2026-47304,CVE-2026-50524,CVE-2026-50525,CVE-2026-50526,CVE-2026-50527,CVE-2026-50528,CVE-2026-50646,CVE-2026-50648,CVE-2026-50649,CVE-2026-50650,CVE-2026-50651,CVE-2026-50659,CVE-2026-56158,CVE-2026-57108

Release Notes: