Aggregator

haveged-1.9.22-1.fc43

5 days 1 hour ago
FEDORA-2026-5d9b0e2c17 Packages in this update:
  • haveged-1.9.22-1.fc43
Update description:

Update to 1.9.22 — fix systemd sandboxing: add ReadWritePaths=/dev/shm for semaphore creation

Backport fix for CVE-2026-41054: privilege escalation via command socket

haveged-1.9.22-1.fc42

5 days 1 hour ago
FEDORA-2026-8fa79f47e1 Packages in this update:
  • haveged-1.9.22-1.fc42
Update description:

Update to 1.9.22 — fix systemd sandboxing: add ReadWritePaths=/dev/shm for semaphore creation

Backport fix for CVE-2026-41054: privilege escalation via command socket

USN-8293-1: Bind vulnerabilities

5 days 2 hours ago
Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. (CVE-2026-3039) Shuhan Zhang discovered that Bind incorrectly handled self-pointed glue records. A remote attacker could possibly use this issue to use Bind in denial of service amplification attacks against other systems. (CVE-2026-3592) Naresh Kandula Parmar discovered that Bind incorrectly handled memory in the DNS-over-HTTPS implementation. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-3593) It was discovered that Bind incorrectly handled DNS messages whose class was not IN. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2026-5946) Naoki Wakamatsu discovered that Bind incorrectly handled SIG(0) validation during a query flood. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-5947) Billy Baraja discovered that Bind had an unbounded resend loop in the resolver. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. (CVE-2026-5950)

kernel-7.0.9-205.fc44

5 days 3 hours ago
FEDORA-2026-66bba52149 Packages in this update:
  • kernel-7.0.9-205.fc44
Update description:

The 7.0.9-105/205 stable kernel updates contain a couple if important security fixes.

kernel-7.0.9-105.fc43

5 days 3 hours ago
FEDORA-2026-94731f4ace Packages in this update:
  • kernel-7.0.9-105.fc43
Update description:

The 7.0.9-105/205 stable kernel updates contain a couple if important security fixes.

bind-9.18.49-1.fc43 bind-dyndb-ldap-11.11-13.fc43

5 days 3 hours ago
FEDORA-2026-b626e83a45 Packages in this update:
  • bind-9.18.49-1.fc43
  • bind-dyndb-ldap-11.11-13.fc43
Update description: Update to 9.18.49 (rhbz#2480121) Security Fixes: Feature Changes:
  • Fix CPU spikes and slow queries when cache approaches memory limit.
Bug Fixes:
  • Fix named crash when processing SIG records in dynamic updates.
  • Fix rndc modzone behavior for a zone in named.conf.
  • Fix zone verification of NSEC3 signed zones.
  • Prevent a crash when using both dns64 and filter-aaaa.
  • Fixed an assertion failure when processing catalog zones.
  • Prevent malicious DNSSEC zones from exhausting validator CPU.
  • Fix rndc-confgen aborting on HMAC-SHA-384/512 keys above 512 bits.
  • Prevent crafted queries from degrading RRL performance.
  • Fix a bug in allow-query/allow-transfer catalog zone custom properties.
  • Fix a memory leak issue in catalog zones.
  • Fix suppressed missing-glue check in named-checkzone.
  • Reject record sets too large to serve in DNS.

Source: https://downloads.isc.org/isc/bind9/9.18.49/doc/arm/html/notes.html#notes-for-bind-9-18-49

bind-9.18.49-1.fc44 bind-dyndb-ldap-11.11-15.fc44

5 days 3 hours ago
FEDORA-2026-411248c8d9 Packages in this update:
  • bind-9.18.49-1.fc44
  • bind-dyndb-ldap-11.11-15.fc44
Update description: Update to 9.18.49 (rhbz#2480121) Security Fixes: Feature Changes:
  • Fix CPU spikes and slow queries when cache approaches memory limit.
Bug Fixes:
  • Fix named crash when processing SIG records in dynamic updates.
  • Fix rndc modzone behavior for a zone in named.conf.
  • Fix zone verification of NSEC3 signed zones.
  • Prevent a crash when using both dns64 and filter-aaaa.
  • Fixed an assertion failure when processing catalog zones.
  • Prevent malicious DNSSEC zones from exhausting validator CPU.
  • Fix rndc-confgen aborting on HMAC-SHA-384/512 keys above 512 bits.
  • Prevent crafted queries from degrading RRL performance.
  • Fix a bug in allow-query/allow-transfer catalog zone custom properties.
  • Fix a memory leak issue in catalog zones.
  • Fix suppressed missing-glue check in named-checkzone.
  • Reject record sets too large to serve in DNS.

Source: https://downloads.isc.org/isc/bind9/9.18.49/doc/arm/html/notes.html#notes-for-bind-9-18-49

perl-Sereal-Decoder-4.018-2.el9

5 days 5 hours ago
FEDORA-EPEL-2026-78a69d7632 Packages in this update:
  • perl-Sereal-Decoder-4.018-2.el9
Update description:

This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer.

perl-Sereal-Decoder-4.018-2.el8

5 days 5 hours ago
FEDORA-EPEL-2026-9c8dc0ea44 Packages in this update:
  • perl-Sereal-Decoder-4.018-2.el8
Update description:

This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer.

USN-8292-1: libarchive vulnerabilities

5 days 6 hours ago
It was discovered that libarchive incorrectly handled certain RAR archives. An attacker could possibly use this issue to cause an out-of-bounds read via a crafted RAR archive, leading to sensitive memory disclosure. (CVE-2026-4424) It was discovered that libarchive incorrectly handled certain ISO files. An attacker could possibly use this issue to cause incorrect memory allocation via a crafted ISO file, leading to a denial of service. (CVE-2026-4426) It was discovered that libarchive incorrectly handled block pointer allocation in zisofs on 32-bit systems. An attacker could possibly use this issue to cause a heap buffer overflow via a crafted ISO9660 image, possibly leading to arbitrary code execution. (CVE-2026-5121)

docker-compose-5.1.4-1.fc42

5 days 7 hours ago
FEDORA-2026-d275a6eaac Packages in this update:
  • docker-compose-5.1.4-1.fc42
Update description:
  • Update to release v5.1.4
  • Resolves: rhbz#2480186
  • Upstream fixes
  • Update to release v5.1.3
  • Resolves rhbz#2458697
  • Resolves CVE-2026-33747: rhbz#2452188, rhbz#2452199
  • Resolves CVE-2026-33748: rhbz#2453089
  • Upstream fixes

USN-8290-1: Path-to-Regexp vulnerability

5 days 9 hours ago
It was discovered that Path-to-Regexp incorrectly handled route patterns containing multiple named parameters separated by non-delimiter characters such as hyphens. An attacker could possibly use this issue to cause a denial of service via catastrophic backtracking in the generated regular expressions.