Aggregator

FEDORA-2026-ce174cdc78 Packages in this update:

• vultr-cli-3.8.0-1.fc44

Update description:

Automatic update for vultr-cli-3.8.0-1.fc44.

Changelog * Wed Feb 4 2026 Major Hayden <major@redhat.com> - 3.8.0-1 - Update to 3.8.0 - Fixes CVE-2025-11065: go-viper/mapstructure updated to v2.4.0 - Resolves: rhbz#2390882, rhbz#2399729, rhbz#2397062

FEDORA-2026-a84e0ad039 Packages in this update:

• linux-sgx-2.26-34.fc43

Update description:

Update nodejs modules used by pccs daemon for CVE-2026-23745, CVE-2026-23950, CVE-2026-24842, CVE-2025-13465, CVE-2025-15284. Remove Fedora override of default pccs daemon port. Remove redundant dep on mpa_registration from pccs. Add system scriptlets for pccs server. Port to pycryptography & pyasn1. Fix tracebacks in keyring code.

FEDORA-EPEL-2026-5e10141457 Packages in this update:

• openbao-2.5.0-1.el8

Update description:

Update to upstream openbao-2.5.0. Also fixes CVE-2025-58189, CVE-2025-61723, CVE-2025-61725, CVE-2025-58183, CVE-2025-58185, CVE-2025-58188 on epel-8.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; - io_uring subsystem; (CVE-2025-38561, CVE-2025-39698, CVE-2025-40019)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SPI subsystem; - SMB network file system; - io_uring subsystem; (CVE-2025-38561, CVE-2025-39698, CVE-2025-40019, CVE-2025-68746)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; (CVE-2025-38561, CVE-2025-40019)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; (CVE-2025-38561, CVE-2025-40019)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; - io_uring subsystem; (CVE-2025-38561, CVE-2025-39698, CVE-2025-40019)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Unix domain sockets; (CVE-2025-40019, CVE-2025-40214)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; (CVE-2025-38561, CVE-2025-40019)

Version:next-20260204 (linux-next) Released:2026-02-04

It was discovered that GitHub CLI could behave unexpectedly if users downloaded a malicious GitHub Actions workflow artifact through gh run download. An attacker could possibly use this issue to create or overwrite files in unintended directories. (CVE-2024-54132) It was discovered that GitHub CLI could behave unexpectedly when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. An attacker could possibly use this issue to gather authentication tokens. (CVE-2024-53858)

It was discovered that Emacs could trigger unsafe Lisp macro expansion, when a user invoked elisp-completion-at-point on untrusted Emacs Lisp source code. An attacker could possibly use this issue to execute arbitrary code. (CVE-2024-53920) It was discovered that Emacs did not properly sanitize input when handling certain URI schemes. An attacker could possibly use this issue to execute arbitrary shell commands by tricking a user into opening a specially crafted URL. (CVE-2025-1244)

FEDORA-2026-66cb8ecfc2 Packages in this update:

• python-aiohttp-3.13.3-4.fc43

Update description:

https://github.com/aio-libs/aiohttp/blob/v3.13.3/CHANGES.rst

Several security issues were discovered in the libraries bundled in pip. An attacker could possibly use these issues to perform a variety of attacks, such as denial of service or arbitrary code execution.

Version:next-20260203 (linux-next) Released:2026-02-03

It was discovered that Django exposed timing information when checking passwords. An attacker could possibly use this issue to obtain sensitive information. (CVE-2025-13473) Jiyong Yang discovered that Django incorrectly handled malformed requests with duplicate headers. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2025-14550) Tarek Nakkouch discovered that Django incorrectly parsed raster lookups. An attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-1207) Seokchan Yoon discovered that Django incorrectly handled malformed HTML inputs containing a large amount of unmatched HTML end tags. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-1285) Solomon Kebede discovered that Django incorrectly handled control characters in the dictionary expansion of certain QuerySet methods. An attacker could possibly use this issue to perform SQL injection attacks. (CVE-2026-1287) Solomon Kebede discovered that Django incorrectly handled column alias parsing with dictionary expansion. An attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-1312)