Aggregator

USN-8015-3: Linux kernel (FIPS) vulnerabilities

Ubuntu Security Advisories
14 hours 3 minutes ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; - io_uring subsystem; (CVE-2025-38561, CVE-2025-39698, CVE-2025-40019)

chromium-144.0.7559.132-1.fc42

Fedora Security Advisories
15 hours 59 minutes ago
FEDORA-2026-e900558e56 Packages in this update:
  • chromium-144.0.7559.132-1.fc42
Update description:

Update to 144.0.7559.132

* CVE-2026-1861: Heap buffer overflow in libvpx * CVE-2026-1862: Type Confusion in V8

chromium-144.0.7559.132-1.fc43

Fedora Security Advisories
15 hours 59 minutes ago
FEDORA-2026-db342a4417 Packages in this update:
  • chromium-144.0.7559.132-1.fc43
Update description:

Update to 144.0.7559.132

* CVE-2026-1861: Heap buffer overflow in libvpx * CVE-2026-1862: Type Confusion in V8

chromium-144.0.7559.132-1.el10_2

Fedora Security Advisories
15 hours 59 minutes ago
FEDORA-EPEL-2026-5d567587ed Packages in this update:
  • chromium-144.0.7559.132-1.el10_2
Update description:

Update to 144.0.7559.132

* CVE-2026-1861: Heap buffer overflow in libvpx * CVE-2026-1862: Type Confusion in V8

chromium-144.0.7559.132-1.el10_1

Fedora Security Advisories
15 hours 59 minutes ago
FEDORA-EPEL-2026-f8fd439c99 Packages in this update:
  • chromium-144.0.7559.132-1.el10_1
Update description:

Update to 144.0.7559.132

* CVE-2026-1861: Heap buffer overflow in libvpx * CVE-2026-1862: Type Confusion in V8

chromium-144.0.7559.132-1.el9

Fedora Security Advisories
15 hours 59 minutes ago
FEDORA-EPEL-2026-6b12c1c86e Packages in this update:
  • chromium-144.0.7559.132-1.el9
Update description:

Update to 144.0.7559.132

* CVE-2026-1861: Heap buffer overflow in libvpx * CVE-2026-1862: Type Confusion in V8

USN-7988-3: Linux kernel vulnerabilities

Ubuntu Security Advisories
1 day 12 hours ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; - NVME drivers; - File systems infrastructure; - Timer subsystem; - Memory management; - Packet sockets; (CVE-2022-48986, CVE-2024-27078, CVE-2024-49959, CVE-2024-50195, CVE-2024-56606, CVE-2024-56756, CVE-2025-39993)

USN-8018-1: Python vulnerabilities

Ubuntu Security Advisories
1 day 13 hours ago
Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this issue to inject arbitrary headers into email messages. This issue only affected python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12, python3.13, and python3.14 packages. (CVE-2025-11468) Jacob Walls, Shai Berger, and Natalia Bidart discovered that Python inefficiently parsed XML input with quadratic complexity. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-12084) It was discovered that Python incorrectly parsed malicious plist files. An attacker could possibly use this issue to cause Python to use excessive resources, leading to a denial of service. This issue only affected python3.5, python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12, python3.13, and python3.14 packages. (CVE-2025-13837) Omar Hasan discovered that Python incorrectly parsed URL mediatypes. An attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2025-15282) Omar Hasan discovered that Python incorrectly parsed malicious IMAP inputs. An attacker could possibly use this issue to inject arbitrary IMAP commands. (CVE-2025-15366) Omar Hasan discovered that Python incorrectly parsed malicious POP3 inputs. An attacker could possibly use this issue to inject arbitrary POP3 commands. (CVE-2025-15367) Omar Hasan discovered that Python incorrectly parsed malicious HTTP cookie headers. An attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2026-0672) Omar Hasan discovered that Python incorrectly parsed malicious HTTP header names and values. An attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2026-0865)

USN-8017-1: GLib vulnerabilities

Ubuntu Security Advisories
1 day 18 hours ago
It was discovered that GLib incorrectly parsed large Base64 data. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-1484) It was discovered that GLib incorrectly parsed certain treemagic files. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-1485) It was discovered that GLib incorrectly handled Unicode case conversion. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-1489)

nginx-1.28.2-1.fc42 nginx-mod-brotli-1.0.0~rc-6.fc42 nginx-mod-fancyindex-0.5.2-15.fc42 nginx-mod-headers-more-0.39-6.fc42 nginx-mod-modsecurity-1.0.4-7.fc42 nginx-mod-naxsi-1.6-14.fc42 nginx-mod-vts-0.2.4-6.fc42

Fedora Security Advisories
2 days ago
FEDORA-2026-0b8cc86e5b Packages in this update:
  • nginx-1.28.2-1.fc42
  • nginx-mod-brotli-1.0.0~rc-6.fc42
  • nginx-mod-fancyindex-0.5.2-15.fc42
  • nginx-mod-headers-more-0.39-6.fc42
  • nginx-mod-modsecurity-1.0.4-7.fc42
  • nginx-mod-naxsi-1.6-14.fc42
  • nginx-mod-vts-0.2.4-6.fc42
Update description:

nginx-mod-fancyindex:

  • Rebuild for 1.28.2

nginx-mod-headers-more:

  • Rebuild for 1.28.2

nginx-mod-brotli:

  • Rebuild for 1.28.2

nginx-mod-modsecurity:

  • Rebuild for 1.28.2

nginx-mod-vts:

  • Rebuild for 1.28.2

nginx-mod-naxsi:

  • Rebuild for 1.28.2

nginx:

  • Update to 1.28.2
  • fixes CVE-2026-1642
  • move log directory to nginx-filesystem subpackage (PR#20)
  • delete Maxim Dounin's key, it's no longer listed on the nginx website