Aggregator

Version:next-20260205 (linux-next) Released:2026-02-05

It was discovered that GLib incorrectly parsed large Base64 data. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-1484) It was discovered that GLib incorrectly parsed certain treemagic files. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-1485) It was discovered that GLib incorrectly handled Unicode case conversion. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-1489)

FEDORA-2026-0b8cc86e5b Packages in this update:

• nginx-1.28.2-1.fc42
• nginx-mod-brotli-1.0.0~rc-6.fc42
• nginx-mod-fancyindex-0.5.2-15.fc42
• nginx-mod-headers-more-0.39-6.fc42
• nginx-mod-modsecurity-1.0.4-7.fc42
• nginx-mod-naxsi-1.6-14.fc42
• nginx-mod-vts-0.2.4-6.fc42

Update description:

nginx-mod-fancyindex:

• Rebuild for 1.28.2

nginx-mod-headers-more:

• Rebuild for 1.28.2

nginx-mod-brotli:

• Rebuild for 1.28.2

nginx-mod-modsecurity:

• Rebuild for 1.28.2

nginx-mod-vts:

• Rebuild for 1.28.2

nginx-mod-naxsi:

• Rebuild for 1.28.2

nginx:

• Update to 1.28.2
• fixes CVE-2026-1642
• move log directory to nginx-filesystem subpackage (PR#20)
• delete Maxim Dounin's key, it's no longer listed on the nginx website

FEDORA-2026-cd0705c6a7 Packages in this update:

• nginx-1.28.2-1.fc43
• nginx-mod-brotli-1.0.0~rc-6.fc43
• nginx-mod-fancyindex-0.5.2-15.fc43
• nginx-mod-headers-more-0.39-6.fc43
• nginx-mod-modsecurity-1.0.4-7.fc43
• nginx-mod-naxsi-1.6-14.fc43
• nginx-mod-vts-0.2.4-6.fc43

Update description:

nginx-mod-naxsi:

• Rebuild for 1.28.2

nginx-mod-brotli:

• Rebuild for 1.28.2

nginx-mod-fancyindex:

• Rebuild for 1.28.2

nginx-mod-modsecurity:

• Rebuild for 1.28.2

nginx-mod-headers-more:

• Rebuild for 1.28.2

nginx-mod-vts:

• Rebuild for 1.28.2

nginx:

• Update to 1.28.2
• fixes CVE-2026-1642
• move log directory to nginx-filesystem subpackage (PR#20)
• delete Maxim Dounin's key, it's no longer listed on the nginx website

FEDORA-2026-ce174cdc78 Packages in this update:

• vultr-cli-3.8.0-1.fc44

Update description:

Automatic update for vultr-cli-3.8.0-1.fc44.

Changelog * Wed Feb 4 2026 Major Hayden <major@redhat.com> - 3.8.0-1 - Update to 3.8.0 - Fixes CVE-2025-11065: go-viper/mapstructure updated to v2.4.0 - Resolves: rhbz#2390882, rhbz#2399729, rhbz#2397062

FEDORA-2026-a84e0ad039 Packages in this update:

• linux-sgx-2.26-34.fc43

Update description:

Update nodejs modules used by pccs daemon for CVE-2026-23745, CVE-2026-23950, CVE-2026-24842, CVE-2025-13465, CVE-2025-15284. Remove Fedora override of default pccs daemon port. Remove redundant dep on mpa_registration from pccs. Add system scriptlets for pccs server. Port to pycryptography & pyasn1. Fix tracebacks in keyring code.

FEDORA-EPEL-2026-5e10141457 Packages in this update:

• openbao-2.5.0-1.el8

Update description:

Update to upstream openbao-2.5.0. Also fixes CVE-2025-58189, CVE-2025-61723, CVE-2025-61725, CVE-2025-58183, CVE-2025-58185, CVE-2025-58188 on epel-8.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; - io_uring subsystem; (CVE-2025-38561, CVE-2025-39698, CVE-2025-40019)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SPI subsystem; - SMB network file system; - io_uring subsystem; (CVE-2025-38561, CVE-2025-39698, CVE-2025-40019, CVE-2025-68746)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; (CVE-2025-38561, CVE-2025-40019)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; (CVE-2025-38561, CVE-2025-40019)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; - io_uring subsystem; (CVE-2025-38561, CVE-2025-39698, CVE-2025-40019)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Unix domain sockets; (CVE-2025-40019, CVE-2025-40214)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; (CVE-2025-38561, CVE-2025-40019)

Version:next-20260204 (linux-next) Released:2026-02-04

It was discovered that GitHub CLI could behave unexpectedly if users downloaded a malicious GitHub Actions workflow artifact through gh run download. An attacker could possibly use this issue to create or overwrite files in unintended directories. (CVE-2024-54132) It was discovered that GitHub CLI could behave unexpectedly when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. An attacker could possibly use this issue to gather authentication tokens. (CVE-2024-53858)