4 days 19 hours ago
FEDORA-EPEL-2026-c313127dd3
Packages in this update:
Update description:
This is an update fixing a pre-authentication information disclosure (CVE-2026-48840).
4 days 19 hours ago
FEDORA-EPEL-2026-c53d2746cf
Packages in this update:
Update description:
This is an update fixing a pre-authentication information disclosure (CVE-2026-48840).
4 days 19 hours ago
It was discovered that sslh did not properly handle symbolic
links when writing its PID file. A local attacker could
possibly use this issue to overwrite arbitrary files.
4 days 19 hours ago
It was discovered that NNCP did not properly sanitize file paths
in packet data during file requesting and file saving operations. A
remote attacker could possibly use this issue to read or write
arbitrary files outside of the intended directory.
4 days 19 hours ago
It was discovered that haveged incorrectly handled credential
checks on its control socket. A local attacker could possibly
use this issue to execute privileged commands.
4 days 19 hours ago
USN-8055-1 fixed a vulnerability in Evolution Data Server. This update
provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu
20.04 LTS.
Original advisory details:
It was discovered that Evolution Data Server incorrectly handled
removing local cache files. An attacker could possibly use this issue
to cause Evolution Data Server to remove arbitrary files.
4 days 19 hours ago
It was discovered that Qt Declarative did not properly validate the
width and height attributes of image tags in the Text component of Qt
Quick. An attacker could possibly use this issue to cause Qt Declarative
to use excessive resources, leading to a denial of service.
4 days 20 hours ago
FEDORA-2026-71b1e9b455
Packages in this update:
Update description:
This is an update fixing a pre-authentication information disclosure (CVE-2026-48840).
4 days 20 hours ago
FEDORA-2026-78bf093219
Packages in this update:
Update description:
This is an update fixing a pre-authentication information disclosure (CVE-2026-48840).
4 days 20 hours ago
It was discovered that GNU SASL did not properly handle certain DIGEST-MD5
tokens. An attacker could possibly use this issue to cause GNU SASL to
crash, resulting in a denial of service.
4 days 20 hours ago
It was discovered that SSSD did not properly handle raw bytes in the PAM
passkey responder. A local attacker could possibly use this issue to cause
the SSSD PAM responder to crash, resulting in a denial of service.
4 days 20 hours ago
FEDORA-EPEL-2026-3a38802c78
Packages in this update:
Update description:
This is an update fixing several security related problems in putty.
4 days 20 hours ago
FEDORA-EPEL-2026-cd5d16450f
Packages in this update:
Update description:
This is an update fixing several security related problems in putty.
4 days 20 hours ago
It was discovered that nginx did not properly validate source addresses in
the HTTP/3 QUIC module. A remote attacker could possibly use this issue to
bypass authorization checks or rate limiting. This issue only affected
Ubuntu 25.04 and Ubuntu 25.10. (CVE-2026-40460)
It was discovered that nginx contained a use-after-free vulnerability in
the ngx_http_ssl_module module when client certificate verification and
OCSP validation were enabled. A remote attacker could use this issue to
cause nginx to crash, resulting in a denial of service, or possibly modify
data in memory. (CVE-2026-40701)
It was discovered that nginx did not properly handle certain proxied
responses in the ngx_http_charset_module module. A remote attacker could
possibly use this issue to obtain sensitive information or cause nginx to
crash, resulting in a denial of service. (CVE-2026-42934)
It was discovered that nginx did not properly process certain SCGI and
uWSGI responses. An attacker able to perform a machine-in-the-middle attack
could possibly use this issue to obtain sensitive information or cause
nginx to crash, resulting in a denial of service. (CVE-2026-42946)
It was discovered that nginx incorrectly handled certain rewrite rules in
the ngx_http_rewrite_module module. A remote attacker could use this issue
to cause nginx to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2026-9256)
4 days 20 hours ago
FEDORA-2026-61f53cc218
Packages in this update:
Update description:
This is an update fixing several security related problems in putty.
4 days 20 hours ago
FEDORA-2026-1ab61e6e20
Packages in this update:
Update description:
This is an update fixing several security related problems in putty.
4 days 21 hours ago
Warisjeet Singh discovered that Exim with SUPPORT_PROXY enabled did not
properly handle memory before SMTP authentication. A remote attacker could
possibly use this issue to obtain sensitive information.
4 days 21 hours ago
Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched
encryption salt parameters in crafted OOXML documents. An attacker could
use this issue to cause LibreOffice to crash, resulting in a denial of
service, or possibly execute arbitrary code.
4 days 21 hours ago
It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Ethernet bonding driver;
- Packet sockets;
- TLS protocol;
(CVE-2026-31419, CVE-2026-31504, CVE-2026-31533, CVE-2026-43033,
CVE-2026-43077, CVE-2026-43078, CVE-2026-46028)
4 days 22 hours ago
It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Ethernet bonding driver;
- Packet sockets;
- TLS protocol;
(CVE-2026-31419, CVE-2026-31504, CVE-2026-31533, CVE-2026-43033,
CVE-2026-43077, CVE-2026-43078, CVE-2026-46028)