Aggregator

FEDORA-2026-db1ef256e0 Packages in this update:

• pdns-recursor-5.4.0-1.fc44

Update description:

Update to latest upstream

FEDORA-2026-6d5ed8d82d Packages in this update:

• mingw-LibRaw-0.22.0-3.fc44

Update description:

Backport fixes for CVE-2026-5318 and CVE-2026-5342.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Netfilter; - Network traffic control; (CVE-2026-23060, CVE-2026-23074, CVE-2026-23111)

FEDORA-2026-e54aebce7c Packages in this update:

• pgadmin4-9.14-1.fc44

Update description:

Update to lodash 9.14.

FEDORA-2026-ead60fa20d Packages in this update:

• pgadmin4-9.14-1.fc43

Update description:

Update to lodash 9.14.

FEDORA-2026-5e39475fb3 Packages in this update:

• pgadmin4-9.14-1.fc42

Update description:

Update to lodash 9.14.

FEDORA-EPEL-2026-7bead9ad13 Packages in this update:

• mupdf-1.25.4-5.el10_3

Update description:

fix CVE-2026-3308 (rhbz#2454359)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Netfilter; - Network traffic control; (CVE-2026-23060, CVE-2026-23074, CVE-2026-23111)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - UDF file system; - NFC subsystem; - Network traffic control; (CVE-2024-46777, CVE-2025-21735, CVE-2025-37849, CVE-2026-23060, CVE-2026-23074)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - GPU drivers; - BTRFS file system; - GFS2 file system; - UDF file system; - NFC subsystem; - Network traffic control; (CVE-2021-47142, CVE-2021-47145, CVE-2021-47254, CVE-2024-46777, CVE-2025-21735, CVE-2026-23060, CVE-2026-23074)

FEDORA-2026-b56fe1f040 Packages in this update:

• mupdf-1.26.3-6.fc42

Update description:

fix CVE-2026-3308 (rhbz#2454360)

FEDORA-2026-7a9c0c8c04 Packages in this update:

• mupdf-1.27.1-10.fc43

Update description:

fix CVE-2026-3308 (rhbz#2454361)

FEDORA-2026-0ebdbc98c5 Packages in this update:

• mupdf-1.27.1-10.fc44

Update description:

fix CVE-2026-3308 (rhbz#2454361)

FEDORA-2026-563f85e690 Packages in this update:

• mupdf-1.27.1-10.fc45

Update description:

Automatic update for mupdf-1.27.1-10.fc45.

Changelog * Thu Apr 2 2026 Michael J Gruber <mjg@fedoraproject.org> - 1.27.1-10 - fix CVE-2026-3308 (rhbz#2454361)

Daniel Novomeský discovered that libjxl did not properly manage memory when decoding certain files. An attacker could use this issue to cause libjxl to crash, resulting in denial of service, or possibly execute arbitrary code.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Netfilter; - Network traffic control; (CVE-2026-23060, CVE-2026-23074, CVE-2026-23111)

It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2019-19221) It was discovered that libarchive incorrectly handled certain RAR archive files. If a user or automated system were tricked into processing a specially crafted RAR archive, an attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-20696) It was discovered that libarchive incorrectly handled certain RAR archive files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-5914) It was discovered that libarchive incorrectly handled certain WARC archive files. If a user or automated system were tricked into processing a specially crafted WARC archive, an attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-5916) It was discovered that libarchive incorrectly handled certain file names when handling prefixes and suffixes. An attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-5917) It was discovered that libarchive could read past the end of file streams when processing input to bsdtar. An attacker could possibly use this issue to cause memory corruption or a denial of service. (CVE-2025-5918) It was discovered that libarchive incorrectly handled certain TAR archive files. If a user or automated system were tricked into processing a specially crafted TAR archive, an attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2025-25724) HyungJung Joo discovered that libarchive did not properly limit memory allocation when processing substitution rules in bsdtar. An attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. (CVE-2025-60753) Elhanan Haenel discovered that libarchive could enter an infinite loop when processing crafted RAR5 archives. An attacker could possibly use this issue to cause excessive CPU consumption, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-4111)