dr_libs-0^20241216git660795b-3.el10_1
FEDORA-EPEL-2026-86f8917aae
Packages in this update:
- dr_libs-0^20241216git660795b-3.el10_1
Backport the fix for CVE-2026-29022
Aggregator
USN-8060-6: Linux kernel (AWS FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- MMC subsystem;
(CVE-2022-49267, CVE-2025-21780)
USN-8060-5: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- MMC subsystem;
(CVE-2022-49267, CVE-2025-21780)
dr_libs-0^20241216git660795b-3.el10_2
FEDORA-EPEL-2026-04b0cd43d5
Packages in this update:
- dr_libs-0^20241216git660795b-3.el10_2
Backport the fix for CVE-2026-29022
dr_libs-0^20241216git660795b-3.el10_3
FEDORA-EPEL-2026-140aefd33c
Packages in this update:
- dr_libs-0^20241216git660795b-3.el10_3
Backport the fix for CVE-2026-29022
python3.12-3.12.13-1.fc43
FEDORA-2026-ac5dd35f2d
Packages in this update:
- python3.12-3.12.13-1.fc43
Update to 3.12.13
python3.12-3.12.13-1.fc42
FEDORA-2026-3ebfc12a16
Packages in this update:
- python3.12-3.12.13-1.fc42
Update to 3.12.13
Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367
python3.12-3.12.13-1.fc44
FEDORA-2026-05d833765a
Packages in this update:
- python3.12-3.12.13-1.fc44
Update to 3.12.13
Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367
dr_libs-0^20241216git660795b-4.fc42
FEDORA-2026-2350c6fd8c
Packages in this update:
- dr_libs-0^20241216git660795b-4.fc42
Backport the fix for CVE-2026-29022
strongswan-6.0.4-2.fc43
FEDORA-2026-6888affe44
Packages in this update:
- strongswan-6.0.4-2.fc43
Update to address CVE-2025-9615 and CVE-2025-62291
python-lxml-html-clean-0.4.4-1.fc42
FEDORA-2026-154efc6066
Packages in this update:
- python-lxml-html-clean-0.4.4-1.fc42
Security update for python-lxml-html-clean
python-lxml-html-clean-0.4.4-1.fc44
FEDORA-2026-f46fc594f3
Packages in this update:
- python-lxml-html-clean-0.4.4-1.fc44
Security update for python-lxml-html-clean
python-lxml-html-clean-0.4.4-1.fc43
FEDORA-2026-fdded962b2
Packages in this update:
- python-lxml-html-clean-0.4.4-1.fc43
Security update for python-lxml-html-clean
xq-1.4.0-2.el10_3
FEDORA-EPEL-2026-8a5d339569
Packages in this update:
- xq-1.4.0-2.el10_3
Update to 1.4.0
xq-1.4.0-2.el10_1
FEDORA-EPEL-2026-830cb46951
Packages in this update:
- xq-1.4.0-2.el10_1
Update to 1.4.0
xq-1.4.0-2.el10_2
FEDORA-EPEL-2026-a96c428ab5
Packages in this update:
- xq-1.4.0-2.el10_2
Update to 1.4.0
xq-1.4.0-2.fc42
FEDORA-2026-3481aa745b
Packages in this update:
- xq-1.4.0-2.fc42
Update to 1.4.0
xq-1.4.0-2.fc43
FEDORA-2026-f8e0af09af
Packages in this update:
- xq-1.4.0-2.fc43
Update to 1.4.0
xq-1.4.0-2.el9
FEDORA-EPEL-2026-dcca0faa1b
Packages in this update:
- xq-1.4.0-2.el9
Update to 1.4.0
USN-8062-2: curl vulnerabilities
USN-8062-1 fixed vulnerabilities in curl. This update provides the
corresponding update for CVE-2025-14017, CVE-2025-15079, and CVE-2025-15224
for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04
LTS.
Original advisory details:
It was discovered that curl incorrectly handled cookies when redirected
from secure to insecure connections. An attacker could possibly use this
issue to cause a denial of service, or obtain sensitive information.
This issue only affected Ubuntu 25.10. (CVE-2025-9086)
Calvin Ruocco discovered that curl did not properly handle WebSocket
communications under certain circumstances. A malicious server could
possibly use this issue to poison proxy caches with malicious content.
This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10.
(CVE-2025-10148)
Stanislav Fort discovered that wcurl did not properly handle URLs with
certain encoded characters. If a user were tricked into processing
a specially crafted URL, an attacker could possibly use this issue to
write files outside the intended directory. This issue only affected
Ubuntu 25.10. (CVE-2025-11563)
Stanislav Fort discovered that curl did not properly validate pinned
public keys under certain circumstances. A remote attacker could
possibly use this issue to perform a machine-in-the-middle attack. This
issue only affected Ubuntu 25.10.(CVE-2025-13034)
Stanislav Fort discovered that curl did not properly manage TLS options
when performing LDAP over TLS transfers in multi-threaded environments.
Under certain circumstances, certificate verification could be
unintentionally and unknowingly disabled. (CVE-2025-14017)
It was discovered that curl incorrectly handled Oauth2 bearer tokens
when following redirects. A remote attacker could possibly use this
issue to obtain authentication credentials. (CVE-2025-14524)
Stanislav Fort discovered that curl did not properly validate TLS
certificates when reusing connections. A remote attacker could possibly
use this issue to bypass expected certificate verification. This issue
only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-14819)
Harry Sintonen discovered that curl did not properly validate SSH host
keys when performing SSH-based file transfers. This issue could lead to
unintended bypass of custom known_hosts file. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-15079)
Harry Sintonen discovered that curl built with libssh did not properly
handle authentication when performing SSH-based file transfers. This
could result in unintended authentication operations. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-15224)