Aggregator

kernel-7.1.3-201.fc44

1 hour 18 minutes ago
FEDORA-2026-e8e294a7fa Packages in this update:
  • kernel-7.1.3-201.fc44
Update description:

The 7.1.3-101/201 builds contain an important security update for XFS filesystem users.

kernel-7.1.3-101.fc43

1 hour 18 minutes ago
FEDORA-2026-085c9e92a4 Packages in this update:
  • kernel-7.1.3-101.fc43
Update description:

The 7.1.3-101/201 builds contain an important security update for XFS filesystem users.

perl-HTTP-Date-6.08-1.fc43

2 hours 12 minutes ago
FEDORA-2026-b1bdb7c518 Packages in this update:
  • perl-HTTP-Date-6.08-1.fc43
Update description:

Changes:

6.08 2026-07-09 02:04:21Z

- [SECURITY] Reject input longer than 64 characters in parse_date() to prevent quadratic regex backtracking (a denial of service) on hostile date strings. Fixes CVE-2026-14741. (Olaf Alders)

6.07 2026-06-25 15:12:09Z

- Add test with Time::Zone (GH#25) (Michal Josef Špaček) - Add test with bad Time::Zone string (GH#26) (Michal Josef Špaček) - Add tests with negative time (GH#26) (Michal Josef Špaček) - Replace all instances of \d with [0-9] in regular expressions to reject non-ASCII Unicode digits, with a regression test (GH#27) (Robert Rothenberg) - Reject malformed ISO 8601 timezones with a doubled colon (GH#31) (Olaf Alders) - Document day/month/year ordering for numeric dates (GH#32) (Olaf Alders)

perl-HTTP-Date-6.08-1.fc44

2 hours 12 minutes ago
FEDORA-2026-8cec3cbf5b Packages in this update:
  • perl-HTTP-Date-6.08-1.fc44
Update description:

Changes:

6.08 2026-07-09 02:04:21Z

- [SECURITY] Reject input longer than 64 characters in parse_date() to prevent quadratic regex backtracking (a denial of service) on hostile date strings. Fixes CVE-2026-14741. (Olaf Alders)

6.07 2026-06-25 15:12:09Z

- Add test with Time::Zone (GH#25) (Michal Josef Špaček) - Add test with bad Time::Zone string (GH#26) (Michal Josef Špaček) - Add tests with negative time (GH#26) (Michal Josef Špaček) - Replace all instances of \d with [0-9] in regular expressions to reject non-ASCII Unicode digits, with a regression test (GH#27) (Robert Rothenberg) - Reject malformed ISO 8601 timezones with a doubled colon (GH#31) (Olaf Alders) - Document day/month/year ordering for numeric dates (GH#32) (Olaf Alders)

USN-8535-1: PipeWire vulnerabilities

17 hours 39 minutes ago
It was discovered that PipeWire accepted unbounded Content-Length values in its RAOP module. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2026-14324) It was discovered that PipeWire performed multiple unbounded stack allocations in its PulseAudio protocol server. A local attacker could possibly use this issue to cause a denial of service. (CVE-2026-14330)

USN-8534-1: LibreOffice vulnerabilities

18 hours 29 minutes ago
It was discovered that LibreOffice incorrectly handled importing DXF drawings. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-6039) It was discovered that LibreOffice incorrectly handled certain ODF number formats. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-6040) It was discovered that LibreOffice incorrectly handled importing EMF+ graphics. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-6045) It was discovered that LibreOffice incorrectly handled importing PPT presentations. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-8356) It was discovered that LibreOffice Calc incorrectly handled compiling certain formulas. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possily execute arbitrary code. (CVE-2026-8357) It was discovered that LibreOffice Calc incorrectly handled importing spreadsheet tracked changes. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-8358)