Aggregator

It was discovered that FreeRDP incorrectly handled memory under certain circumstances, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-23948) It was discovered that FreeRDP did not correctly validate the size of certain variables, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected FreeRDP3 in Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-24491) It was discovered that FreeRDP did not correctly validate the size of certain variables, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-24675, CVE-2026-24679, CVE-2026-24682) It was discovered that FreeRDP had a use after free vulnerability under certain circumstances. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2026-24676, CVE-2026-24681) It was discovered that FreeRDP did not correctly validate the size of certain variables, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 25.10. (CVE-2026-24677) It was discovered that FreeRDP had a use after free vulnerability under certain circumstances. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 25.10. (CVE-2026-24678) It was discovered that FreeRDP had a use after free vulnerability under certain circumstances. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected FreeRDP3 in Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-24680) It was discovered that FreeRDP had a use after free vulnerability under certain circumstances. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-24683, CVE-2026-24684)

Version:6.18.11 (stable) Released:2026-02-16 Source:linux-6.18.11.tar.xz PGP Signature:linux-6.18.11.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.18.11

Version:6.12.72 (longterm) Released:2026-02-16 Source:linux-6.12.72.tar.xz PGP Signature:linux-6.12.72.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.72

Version:6.6.125 (longterm) Released:2026-02-16 Source:linux-6.6.125.tar.xz PGP Signature:linux-6.6.125.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.125

Version:6.19.1 (stable) Released:2026-02-16 Source:linux-6.19.1.tar.xz PGP Signature:linux-6.19.1.tar.sign Patch:full ChangeLog:ChangeLog-6.19.1

USN-8022-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that Expat incorrectly handled the initialization of parsers for external entities. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-24515) It was discovered that Expat incorrectly handled integer calculations when allocating memory for XML tags. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-25210)

USN 8025-1 fixed a vulnerability in .NET. This update provides the corresponding fix for Ubuntu 24.04 LTS. Original advisory details: Kevin Jones discovered that the System.Security.Cryptography.Cose component in .NET did not properly handle certain missing special elements in input data. An attacker could possibly use this issue to bypass security checks and gain unauthorized access or perform data manipulation.

FEDORA-2026-0d673fa503 Packages in this update:

• python-pillow-11.1.0-3.fc42

Update description:

Backport fix for CVE-2026-25990.

FEDORA-2026-9f517a7495 Packages in this update:

• python-pillow-11.3.0-7.fc43

Update description:

Backport fix for CVE-2026-25990.

FEDORA-2026-c06fd97a53 Packages in this update:

• mupdf-1.27.1-4.fc43
• python-PyMuPDF-1.27.1-2.fc43
• qpdfview-0.5.0-25.fc43
• zathura-pdf-mupdf-0.4.4-9.fc43

Update description:

mupdf 1.27.1 and dependencies

FEDORA-2026-168ebcb4a8 Packages in this update:

• libpng-1.6.55-1.fc42

Update description:

Version 1.6.54 [January 12, 2026] Fixed CVE-2026-22695 (medium severity): Heap buffer over-read in png_image_read_direct_scaled. Fixed CVE-2026-22801 (medium severity): Integer truncation causing heap buffer over-read in png_image_write_*.

Version 1.6.55 [February 9, 2026] Fixed CVE-2026-25646 (high severity): Heap buffer overflow in png_set_quantize.

FEDORA-2026-a9ae661fa2 Packages in this update:

• libpng-1.6.55-1.fc43

Update description:

Version 1.6.54 [January 12, 2026] Fixed CVE-2026-22695 (medium severity): Heap buffer over-read in png_image_read_direct_scaled. Fixed CVE-2026-22801 (medium severity): Integer truncation causing heap buffer over-read in png_image_write_*.

Version 1.6.55 [February 9, 2026] Fixed CVE-2026-25646 (high severity): Heap buffer overflow in png_set_quantize.

Version:next-20260213 (linux-next) Released:2026-02-13

FEDORA-2026-4366b8d2d8 Packages in this update:

• mupdf-1.26.3-5.fc42

Update description:

fix CVE-2026-25556 (rhbz#2437973)

FEDORA-2026-1771771381 Packages in this update:

• rsync-3.4.1-4.fc42

Update description:

Fix for CVE-2025-10158

FEDORA-2026-77de001ef5 Packages in this update:

• rsync-3.4.1-5.fc43

Update description:

Fix for CVE-2025-10158

FEDORA-2026-086a367966 Packages in this update:

• python-uv-build-0.10.2-1.fc42
• rust-ambient-id-0.0.10-1.fc42
• uv-0.10.2-1.fc42

Update description:

Update uv and python-uv-build to 0.10.2. There are some minor breaking changes in uv; most users should not have to change anything. See https://github.com/astral-sh/uv/blob/0.10.2/CHANGELOG.md for details. There are no breaking changes to python-uv-build.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Nios II architecture; - Sun Sparc architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - Drivers core; - Bus devices; - Hardware random number generator core; - Data acquisition framework and drivers; - CPU frequency scaling framework; - DMA engine subsystem; - GPU drivers; - HW tracing; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - MOST (Media Oriented Systems Transport) drivers; - MTD block device drivers; - Network drivers; - NVME drivers; - PCI subsystem; - Performance monitor drivers; - Pin controllers subsystem; - x86 platform drivers; - PPS (Pulse Per Second) driver; - PWM drivers; - SCSI subsystem; - TCM subsystem; - Userspace I/O drivers; - USB Gadget drivers; - USB Host Controller drivers; - Framebuffer layer; - BTRFS file system; - File systems infrastructure; - Ext4 file system; - Network file system (NFS) server daemon; - NTFS3 file system; - SMB network file system; - padata parallel execution mechanism; - IP tunnels definitions; - Network sockets; - XFRM subsystem; - Control group (cgroup); - Padata parallel execution mechanism; - PID allocator; - Tracing infrastructure; - Memory management; - 9P file system network protocol; - Ethernet bridge; - Ceph Core library; - Networking core; - IPv4 networking; - IPv6 networking; - NFC subsystem; - RF switch subsystem; - SCTP protocol; - Unix domain sockets; - VMware vSockets driver; - Intel ASoC drivers; - USB sound devices; (CVE-2024-53114, CVE-2024-56538, CVE-2024-58011, CVE-2025-21861, CVE-2025-22058, CVE-2025-23143, CVE-2025-38236, CVE-2025-38248, CVE-2025-38584, CVE-2025-39869, CVE-2025-39873, CVE-2025-39876, CVE-2025-39880, CVE-2025-39883, CVE-2025-39885, CVE-2025-39907, CVE-2025-39911, CVE-2025-39913, CVE-2025-39923, CVE-2025-39934, CVE-2025-39937, CVE-2025-39943, CVE-2025-39945, CVE-2025-39949, CVE-2025-39951, CVE-2025-39953, CVE-2025-39955, CVE-2025-39967, CVE-2025-39968, CVE-2025-39969, CVE-2025-39970, CVE-2025-39971, CVE-2025-39972, CVE-2025-39973, CVE-2025-39980, CVE-2025-39985, CVE-2025-39986, CVE-2025-39987, CVE-2025-39988, CVE-2025-39994, CVE-2025-39995, CVE-2025-39996, CVE-2025-39998, CVE-2025-40001, CVE-2025-40006, CVE-2025-40011, CVE-2025-40020, CVE-2025-40021, CVE-2025-40026, CVE-2025-40027, CVE-2025-40029, CVE-2025-40030, CVE-2025-40035, CVE-2025-40042, CVE-2025-40043, CVE-2025-40044, CVE-2025-40048, CVE-2025-40049, CVE-2025-40053, CVE-2025-40055, CVE-2025-40060, CVE-2025-40068, CVE-2025-40070, CVE-2025-40078, CVE-2025-40081, CVE-2025-40085, CVE-2025-40087, CVE-2025-40088, CVE-2025-40092, CVE-2025-40094, CVE-2025-40105, CVE-2025-40106, CVE-2025-40109, CVE-2025-40111, CVE-2025-40112, CVE-2025-40115, CVE-2025-40116, CVE-2025-40118, CVE-2025-40120, CVE-2025-40121, CVE-2025-40124, CVE-2025-40125, CVE-2025-40126, CVE-2025-40127, CVE-2025-40134, CVE-2025-40140, CVE-2025-40153, CVE-2025-40154, CVE-2025-40167, CVE-2025-40171, CVE-2025-40173, CVE-2025-40178, CVE-2025-40179, CVE-2025-40183, CVE-2025-40187, CVE-2025-40188, CVE-2025-40194, CVE-2025-40200, CVE-2025-40204, CVE-2025-40205, CVE-2025-40215, CVE-2025-40219, CVE-2025-40220, CVE-2025-40223, CVE-2025-40231, CVE-2025-40233, CVE-2025-40240, CVE-2025-40243, CVE-2025-40244, CVE-2025-40245, CVE-2025-40346, CVE-2025-40349, CVE-2025-40351, CVE-2025-68249)