Aggregator

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - InfiniBand drivers; - Media drivers; - Network drivers; - Pin controllers subsystem; - AFS file system; - F2FS file system; - Tracing infrastructure; - Memory management; - Appletalk network protocol; - Netfilter; (CVE-2022-49026, CVE-2022-49390, CVE-2024-47691, CVE-2024-49935, CVE-2024-50067, CVE-2024-50095, CVE-2024-50196, CVE-2024-53090, CVE-2024-53218, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018)

FEDORA-2026-39e035a84c Packages in this update:

• mariadb10.11-10.11.15-1.fc43

Update description:

MariaDB 10.11.15

Release notes: https://mariadb.com/docs/release-notes/community-server/10.11/10.11.15

FEDORA-2026-28b0f7bd35 Packages in this update:

• wget2-2.2.1-1.fc42

Update description:

New version 2.2.1

FEDORA-2026-de1a91fe79 Packages in this update:

• wget2-2.2.1-1.fc43

Update description:

New version 2.2.1

It was discovered that GLib incorrectly handled escaping URI strings. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-13601) It was discovered that GLib incorrectly parsed certain GVariants. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-14087) It was discovered that GLib incorrectly parsed certain long invalid ISO 8601 timestamps. An attacker could possibly use this issue to cause GLib to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-3360) It was discovered that GLib incorrectly handled GString memory operations. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2025-6052) It was discovered that GLib incorrectly handled creating temporary files. An attacker could possibly use this issue to access unauthorized data. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.04. (CVE-2025-7039)

FEDORA-EPEL-2026-cccbda720c Packages in this update:

• seamonkey-2.53.23-1.el8

Update description:

Update to 2.53.23

FEDORA-EPEL-2026-cecc10e473 Packages in this update:

• seamonkey-2.53.23-1.el9

Update description:

Update to 2.53.23

FEDORA-2026-51d2cb6e19 Packages in this update:

• seamonkey-2.53.23-1.fc42

Update description:

Update to 2.53.23

FEDORA-2026-f54e4ee85a Packages in this update:

• seamonkey-2.53.23-1.fc43

Update description:

Update to 2.53.23

FEDORA-2026-a9dc8509e9 Packages in this update:

• libpng-1.6.53-1.fc42

Update description:

fixes several security issues

Version:next-20260106 (linux-next) Released:2026-01-06

FEDORA-2026-1e3425e7ea Packages in this update:

• libpcap-1.10.6-1.fc42

Update description:

New version 1.10.6

FEDORA-2026-274010c760 Packages in this update:

• libpcap-1.10.6-1.fc43

Update description:

New version 1.10.6

FEDORA-EPEL-2026-315f806da8 Packages in this update:

• ntfs-3g-system-compression-1.1-1.el8

Update description:

Update to v1.1

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

FEDORA-2026-004192d79d Packages in this update:

• chezmoi-2.69.0-1.fc43

Update description:

Update to 2.69.0

FEDORA-2026-13b4dbe546 Packages in this update:

• composer-2.9.3-1.fc42

Update description: Version 2.9.3 - 2025-12-30

• Security: Fixed ANSI sequence injection (GHSA-59pp-r3rg-353g / CVE-2025-67746)
• Fixed COMPOSER_NO_SECURITY_BLOCKING env var not being respected for updates done via the install command, and added --no-security-blocking flag to install as well (#12677)
• Fixed update --lock / update mirrors not working when locked packages contain vulnerabilities (#12645)
• Fixed client-certificate authentication implementation (#12667)
• Fixed php-ext schema not being validated in ValidatingArrayLoader (#12694)
• Fixed crash when --bump-after-update is used and the lock file is disabled (#12660)
• Fixed support for SecureTransport + LibreSSL on macOS (#12615)
• Fixed display of reasons for why advisories are ignored (#12668)
• Fixed compatibility issues when git has log.showSignature enabled (#12666)
• Fixed curl downloader not retrying when a timeout (err 28) failure occurs (#12662)
• Fixed EventDispatcher requiring a full Composer instance to function (#12629)

FEDORA-2026-0b03072979 Packages in this update:

• composer-2.9.3-1.fc43

Update description: Version 2.9.3 - 2025-12-30

• Security: Fixed ANSI sequence injection (GHSA-59pp-r3rg-353g / CVE-2025-67746)
• Fixed COMPOSER_NO_SECURITY_BLOCKING env var not being respected for updates done via the install command, and added --no-security-blocking flag to install as well (#12677)
• Fixed update --lock / update mirrors not working when locked packages contain vulnerabilities (#12645)
• Fixed client-certificate authentication implementation (#12667)
• Fixed php-ext schema not being validated in ValidatingArrayLoader (#12694)
• Fixed crash when --bump-after-update is used and the lock file is disabled (#12660)
• Fixed support for SecureTransport + LibreSSL on macOS (#12615)
• Fixed display of reasons for why advisories are ignored (#12668)
• Fixed compatibility issues when git has log.showSignature enabled (#12666)
• Fixed curl downloader not retrying when a timeout (err 28) failure occurs (#12662)
• Fixed EventDispatcher requiring a full Composer instance to function (#12629)

FEDORA-EPEL-2026-13503a8eac Packages in this update:

• composer-2.9.3-1.el9

Update description: Version 2.9.3 - 2025-12-30

• Security: Fixed ANSI sequence injection (GHSA-59pp-r3rg-353g / CVE-2025-67746)
• Fixed COMPOSER_NO_SECURITY_BLOCKING env var not being respected for updates done via the install command, and added --no-security-blocking flag to install as well (#12677)
• Fixed update --lock / update mirrors not working when locked packages contain vulnerabilities (#12645)
• Fixed client-certificate authentication implementation (#12667)
• Fixed php-ext schema not being validated in ValidatingArrayLoader (#12694)
• Fixed crash when --bump-after-update is used and the lock file is disabled (#12660)
• Fixed support for SecureTransport + LibreSSL on macOS (#12615)
• Fixed display of reasons for why advisories are ignored (#12668)
• Fixed compatibility issues when git has log.showSignature enabled (#12666)
• Fixed curl downloader not retrying when a timeout (err 28) failure occurs (#12662)
• Fixed EventDispatcher requiring a full Composer instance to function (#12629)

FEDORA-EPEL-2026-bc7502f16e Packages in this update:

• composer-2.9.3-1.el10_2

Update description: Version 2.9.3 - 2025-12-30

• Security: Fixed ANSI sequence injection (GHSA-59pp-r3rg-353g / CVE-2025-67746)
• Fixed COMPOSER_NO_SECURITY_BLOCKING env var not being respected for updates done via the install command, and added --no-security-blocking flag to install as well (#12677)
• Fixed update --lock / update mirrors not working when locked packages contain vulnerabilities (#12645)
• Fixed client-certificate authentication implementation (#12667)
• Fixed php-ext schema not being validated in ValidatingArrayLoader (#12694)
• Fixed crash when --bump-after-update is used and the lock file is disabled (#12660)
• Fixed support for SecureTransport + LibreSSL on macOS (#12615)
• Fixed display of reasons for why advisories are ignored (#12668)
• Fixed compatibility issues when git has log.showSignature enabled (#12666)
• Fixed curl downloader not retrying when a timeout (err 28) failure occurs (#12662)
• Fixed EventDispatcher requiring a full Composer instance to function (#12629)