Aggregator

USN-8179-1: Linux kernel vulnerabilities

Ubuntu Security Advisories
4 days 9 hours ago
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcode causing loss of integrity and confidentiality. (CVE-2024-36347) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Network block device driver; - Bluetooth drivers; - Character device driver; - TPM device driver; - Clock framework and drivers; - Data acquisition framework and drivers; - Hardware crypto device drivers; - GPU drivers; - Hardware monitoring drivers; - InfiniBand drivers; - Input Device core drivers; - IOMMU subsystem; - IRQ chip drivers; - Macintosh device drivers; - Multiple devices driver; - Media drivers; - Network drivers; - Mellanox network drivers; - STMicroelectronics network drivers; - Ethernet team driver; - MediaTek network drivers; - NVME drivers; - PA-RISC drivers; - Chrome hardware platform drivers; - x86 platform drivers; - Voltage and Current Regulator drivers; - SCSI subsystem; - SPI subsystem; - Media Oriented Systems Transport (MOST) driver; - Realtek RTL8723BS SDIO drivers; - TCM subsystem; - USB Host Controller drivers; - USB Type-C Connector System Software Interface driver; - Backlight driver; - Watchdog drivers; - BFS file system; - BTRFS file system; - Ext4 file system; - F2FS file system; - FUSE (File system in Userspace); - HFS+ file system; - File systems infrastructure; - Journaling layer for block devices (JBD2); - Network file system (NFS) client; - File system notification infrastructure; - NTFS3 file system; - OCFS2 file system; - SMB network file system; - BPF subsystem; - Ethernet bridge; - io_uring subsystem; - Locking primitives; - Scheduler infrastructure; - Shadow Call Stack mechanism; - Tracing infrastructure; - Memory management; - CAIF protocol; - Ceph Core library; - Networking core; - Ethtool driver; - Handshake API; - HSR network protocol; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Multipath TCP; - Netfilter; - NET/ROM layer; - NFC subsystem; - Open vSwitch; - Rose network layer; - Network traffic control; - Network sockets; - Sun RPC protocol; - Integrity Measurement Architecture(IMA) framework; - Key management; - Simplified Mandatory Access Control Kernel framework; - FireWire sound drivers; - HD-audio driver; - Turtle Beach Wavefront ALSA driver; - STMicroelectronics SoC drivers; - USB sound devices; - KVM subsystem; (CVE-2024-57795, CVE-2025-22022, CVE-2025-22111, CVE-2025-38022, CVE-2025-38234, CVE-2025-40164, CVE-2025-40325, CVE-2025-68206, CVE-2025-68254, CVE-2025-68255, CVE-2025-68256, CVE-2025-68257, CVE-2025-68258, CVE-2025-68259, CVE-2025-68261, CVE-2025-68263, CVE-2025-68264, CVE-2025-68265, CVE-2025-68266, CVE-2025-68291, CVE-2025-68325, CVE-2025-68332, CVE-2025-68335, CVE-2025-68336, CVE-2025-68337, CVE-2025-68344, CVE-2025-68345, CVE-2025-68346, CVE-2025-68347, CVE-2025-68349, CVE-2025-68354, CVE-2025-68362, CVE-2025-68363, CVE-2025-68364, CVE-2025-68366, CVE-2025-68367, CVE-2025-68369, CVE-2025-68371, CVE-2025-68372, CVE-2025-68374, CVE-2025-68378, CVE-2025-68379, CVE-2025-68380, CVE-2025-68724, CVE-2025-68727, CVE-2025-68728, CVE-2025-68732, CVE-2025-68733, CVE-2025-68740, CVE-2025-68741, CVE-2025-68742, CVE-2025-68744, CVE-2025-68746, CVE-2025-68753, CVE-2025-68755, CVE-2025-68756, CVE-2025-68757, CVE-2025-68758, CVE-2025-68759, CVE-2025-68763, CVE-2025-68764, CVE-2025-68765, CVE-2025-68766, CVE-2025-68767, CVE-2025-68769, CVE-2025-68770, CVE-2025-68771, CVE-2025-68772, CVE-2025-68773, CVE-2025-68774, CVE-2025-68775, CVE-2025-68776, CVE-2025-68777, CVE-2025-68778, CVE-2025-68780, CVE-2025-68782, CVE-2025-68783, CVE-2025-68785, CVE-2025-68786, CVE-2025-68787, CVE-2025-68788, CVE-2025-68794, CVE-2025-68795, CVE-2025-68796, CVE-2025-68797, CVE-2025-68798, CVE-2025-68799, CVE-2025-68800, CVE-2025-68801, CVE-2025-68804, CVE-2025-68806, CVE-2025-68808, CVE-2025-68809, CVE-2025-68810, CVE-2025-68811, CVE-2025-68813, CVE-2025-68814, CVE-2025-68815, CVE-2025-68816, CVE-2025-68817, CVE-2025-68818, CVE-2025-68819, CVE-2025-68820, CVE-2025-68821, CVE-2025-71064, CVE-2025-71065, CVE-2025-71066, CVE-2025-71067, CVE-2025-71068, CVE-2025-71069, CVE-2025-71071, CVE-2025-71072, CVE-2025-71075, CVE-2025-71077, CVE-2025-71078, CVE-2025-71079, CVE-2025-71081, CVE-2025-71082, CVE-2025-71083, CVE-2025-71084, CVE-2025-71085, CVE-2025-71086, CVE-2025-71087, CVE-2025-71088, CVE-2025-71089, CVE-2025-71091, CVE-2025-71093, CVE-2025-71094, CVE-2025-71095, CVE-2025-71096, CVE-2025-71097, CVE-2025-71098, CVE-2025-71101, CVE-2025-71102, CVE-2025-71104, CVE-2025-71105, CVE-2025-71107, CVE-2025-71108, CVE-2025-71109, CVE-2025-71111, CVE-2025-71112, CVE-2025-71113, CVE-2025-71114, CVE-2025-71116, CVE-2025-71118, CVE-2025-71119, CVE-2025-71120, CVE-2025-71121, CVE-2025-71122, CVE-2025-71123, CVE-2025-71125, CVE-2025-71126, CVE-2025-71127, CVE-2025-71130, CVE-2025-71131, CVE-2025-71132, CVE-2025-71133, CVE-2025-71135, CVE-2025-71136, CVE-2025-71137, CVE-2025-71138, CVE-2025-71140, CVE-2025-71141, CVE-2025-71143, CVE-2025-71144, CVE-2025-71147, CVE-2025-71148, CVE-2025-71149, CVE-2025-71150, CVE-2025-71151, CVE-2025-71153, CVE-2025-71154, CVE-2026-23209)

tigervnc-1.16.2-2.fc42

Fedora Security Advisories
4 days 16 hours ago
FEDORA-2026-0b633ecc7c Packages in this update:
  • tigervnc-1.16.2-2.fc42
Update description:

Update to xserver 21.1.22, CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, CVE-2026-34003

tigervnc-1.16.2-2.fc43

Fedora Security Advisories
4 days 16 hours ago
FEDORA-2026-492e92b32d Packages in this update:
  • tigervnc-1.16.2-2.fc43
Update description:

Update to xserver 21.1.22, CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, CVE-2026-34003

rpki-client-9.8-1.el10_3

Fedora Security Advisories
5 days ago
FEDORA-EPEL-2026-d987e77392 Packages in this update:
  • rpki-client-9.8-1.el10_3
Update description: rpki-client 9.8
  • Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling.
  • Fixed an accounting issue in HTTP gzip compression detection.
  • Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings.
  • Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22.
  • Ensure that a repository timeout correctly stops repository processing.
  • Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7's .ccr files and vice versa.
  • Fixed an issue in the parser for the locally configured constraints.
  • A malicious RRDP Publication Server can cause a NULL dereference.
  • A malicious RPKI Publication Server can cause an incorrect error exit.

rpki-client-9.8-1.fc42

Fedora Security Advisories
5 days ago
FEDORA-2026-f7b4693f9d Packages in this update:
  • rpki-client-9.8-1.fc42
Update description: rpki-client 9.8
  • Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling.
  • Fixed an accounting issue in HTTP gzip compression detection.
  • Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings.
  • Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22.
  • Ensure that a repository timeout correctly stops repository processing.
  • Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7's .ccr files and vice versa.
  • Fixed an issue in the parser for the locally configured constraints.
  • A malicious RRDP Publication Server can cause a NULL dereference.
  • A malicious RPKI Publication Server can cause an incorrect error exit.

rpki-client-9.8-1.el9

Fedora Security Advisories
5 days ago
FEDORA-EPEL-2026-fa0a18146b Packages in this update:
  • rpki-client-9.8-1.el9
Update description: rpki-client 9.8
  • Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling.
  • Fixed an accounting issue in HTTP gzip compression detection.
  • Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings.
  • Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22.
  • Ensure that a repository timeout correctly stops repository processing.
  • Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7's .ccr files and vice versa.
  • Fixed an issue in the parser for the locally configured constraints.
  • A malicious RRDP Publication Server can cause a NULL dereference.
  • A malicious RPKI Publication Server can cause an incorrect error exit.

rpki-client-9.8-1.el8

Fedora Security Advisories
5 days ago
FEDORA-EPEL-2026-30fa3bab72 Packages in this update:
  • rpki-client-9.8-1.el8
Update description: rpki-client 9.8
  • Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling.
  • Fixed an accounting issue in HTTP gzip compression detection.
  • Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings.
  • Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22.
  • Ensure that a repository timeout correctly stops repository processing.
  • Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7's .ccr files and vice versa.
  • Fixed an issue in the parser for the locally configured constraints.
  • A malicious RRDP Publication Server can cause a NULL dereference.
  • A malicious RPKI Publication Server can cause an incorrect error exit.

rpki-client-9.8-1.fc43

Fedora Security Advisories
5 days ago
FEDORA-2026-27892c9184 Packages in this update:
  • rpki-client-9.8-1.fc43
Update description: rpki-client 9.8
  • Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling.
  • Fixed an accounting issue in HTTP gzip compression detection.
  • Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings.
  • Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22.
  • Ensure that a repository timeout correctly stops repository processing.
  • Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7's .ccr files and vice versa.
  • Fixed an issue in the parser for the locally configured constraints.
  • A malicious RRDP Publication Server can cause a NULL dereference.
  • A malicious RPKI Publication Server can cause an incorrect error exit.

rpki-client-9.8-1.el10_1

Fedora Security Advisories
5 days ago
FEDORA-EPEL-2026-4b1768b6b3 Packages in this update:
  • rpki-client-9.8-1.el10_1
Update description: rpki-client 9.8
  • Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling.
  • Fixed an accounting issue in HTTP gzip compression detection.
  • Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings.
  • Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22.
  • Ensure that a repository timeout correctly stops repository processing.
  • Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7's .ccr files and vice versa.
  • Fixed an issue in the parser for the locally configured constraints.
  • A malicious RRDP Publication Server can cause a NULL dereference.
  • A malicious RPKI Publication Server can cause an incorrect error exit.

rpki-client-9.8-1.el10_2

Fedora Security Advisories
5 days ago
FEDORA-EPEL-2026-861d7dd961 Packages in this update:
  • rpki-client-9.8-1.el10_2
Update description: rpki-client 9.8
  • Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling.
  • Fixed an accounting issue in HTTP gzip compression detection.
  • Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings.
  • Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22.
  • Ensure that a repository timeout correctly stops repository processing.
  • Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7's .ccr files and vice versa.
  • Fixed an issue in the parser for the locally configured constraints.
  • A malicious RRDP Publication Server can cause a NULL dereference.
  • A malicious RPKI Publication Server can cause an incorrect error exit.

rpki-client-9.8-1.fc44

Fedora Security Advisories
5 days ago
FEDORA-2026-879659f6c2 Packages in this update:
  • rpki-client-9.8-1.fc44
Update description: rpki-client 9.8
  • Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling.
  • Fixed an accounting issue in HTTP gzip compression detection.
  • Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings.
  • Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22.
  • Ensure that a repository timeout correctly stops repository processing.
  • Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7's .ccr files and vice versa.
  • Fixed an issue in the parser for the locally configured constraints.
  • A malicious RRDP Publication Server can cause a NULL dereference.
  • A malicious RPKI Publication Server can cause an incorrect error exit.

USN-8145-5: Linux kernel (Azure) vulnerabilities

Ubuntu Security Advisories
5 days 3 hours ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - UDF file system; - NFC subsystem; - Network traffic control; (CVE-2024-46777, CVE-2025-21735, CVE-2025-37849, CVE-2026-23060, CVE-2026-23074)

USN-8176-1: .NET vulnerabilities

Ubuntu Security Advisories
5 days 4 hours ago
Ludvig Pedersen discovered that the System.Security.Cryptography.Xml library in .NET incorrectly handled certain XML inputs. An attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. (CVE-2026-33116, CVE-2026-26171) Ludvig Pedersen and Kevin Jones discovered that the System.Security.Cryptography.Xml library in .NET incorrectly handled certain XML inputs. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. (CVE-2026-32203) Ludvig Pedersen discovered that the System.Net.Mail component in .NET incorrectly handled certain inputs. An attacker could possibly use this issue to perform a network spoofing attack. (CVE-2026-32178)