Aggregator

USN-8062-2: curl vulnerabilities

Ubuntu Security Advisories
6 days ago
USN-8062-1 fixed vulnerabilities in curl. This update provides the corresponding update for CVE-2025-14017, CVE-2025-15079, and CVE-2025-15224 for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that curl incorrectly handled cookies when redirected from secure to insecure connections. An attacker could possibly use this issue to cause a denial of service, or obtain sensitive information. This issue only affected Ubuntu 25.10. (CVE-2025-9086) Calvin Ruocco discovered that curl did not properly handle WebSocket communications under certain circumstances. A malicious server could possibly use this issue to poison proxy caches with malicious content. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-10148) Stanislav Fort discovered that wcurl did not properly handle URLs with certain encoded characters. If a user were tricked into processing a specially crafted URL, an attacker could possibly use this issue to write files outside the intended directory. This issue only affected Ubuntu 25.10. (CVE-2025-11563) Stanislav Fort discovered that curl did not properly validate pinned public keys under certain circumstances. A remote attacker could possibly use this issue to perform a machine-in-the-middle attack. This issue only affected Ubuntu 25.10.(CVE-2025-13034) Stanislav Fort discovered that curl did not properly manage TLS options when performing LDAP over TLS transfers in multi-threaded environments. Under certain circumstances, certificate verification could be unintentionally and unknowingly disabled. (CVE-2025-14017) It was discovered that curl incorrectly handled Oauth2 bearer tokens when following redirects. A remote attacker could possibly use this issue to obtain authentication credentials. (CVE-2025-14524) Stanislav Fort discovered that curl did not properly validate TLS certificates when reusing connections. A remote attacker could possibly use this issue to bypass expected certificate verification. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-14819) Harry Sintonen discovered that curl did not properly validate SSH host keys when performing SSH-based file transfers. This issue could lead to unintended bypass of custom known_hosts file. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-15079) Harry Sintonen discovered that curl built with libssh did not properly handle authentication when performing SSH-based file transfers. This could result in unintended authentication operations. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-15224)

USN-7990-6: Linux kernel (Raspberry Pi) vulnerabilities

Ubuntu Security Advisories
6 days 2 hours ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Padata parallel execution mechanism; - Netfilter; (CVE-2022-49698, CVE-2025-21726, CVE-2025-40019)

dr_libs-0^20260302.fa931f3-2.fc42

Fedora Security Advisories
6 days 12 hours ago
FEDORA-2026-4bf819dfdb Packages in this update:
  • dr_libs-0^20260302.fa931f3-2.fc42
Update description: dr_flac v0.13.3 - 2026-01-17
  • Fix a compiler compatibility issue with some inlined assembly.
  • Fix a compilation warning.
dr_mp3 v0.7.3 - 2026-01-17
  • Fix an error in drmp3_open_and_read_pcm_frames_s16() and family when memory allocation fails.
  • Fix some compilation warnings.
dr_wav v0.14.5 - 2026-03-03
  • Fix a crash when loading files with a malformed "smpl" chunk.
  • Fix a signed overflow bug with the MS-ADPCM decoder.
v0.14.4 - 2026-01-17
  • Fix some compilation warnings.

dr_libs-0^20260302.fa931f3-2.fc43

Fedora Security Advisories
6 days 13 hours ago
FEDORA-2026-d1d665c9d5 Packages in this update:
  • dr_libs-0^20260302.fa931f3-2.fc43
Update description: dr_flac v0.13.3 - 2026-01-17
  • Fix a compiler compatibility issue with some inlined assembly.
  • Fix a compilation warning.
dr_mp3 v0.7.3 - 2026-01-17
  • Fix an error in drmp3_open_and_read_pcm_frames_s16() and family when memory allocation fails.
  • Fix some compilation warnings.
dr_wav v0.14.5 - 2026-03-03
  • Fix a crash when loading files with a malformed "smpl" chunk.
  • Fix a signed overflow bug with the MS-ADPCM decoder.
v0.14.4 - 2026-01-17
  • Fix some compilation warnings.

dr_libs-0^20260302.fa931f3-2.fc44

Fedora Security Advisories
6 days 13 hours ago
FEDORA-2026-c2889d2725 Packages in this update:
  • dr_libs-0^20260302.fa931f3-2.fc44
Update description: dr_flac v0.13.3 - 2026-01-17
  • Fix a compiler compatibility issue with some inlined assembly.
  • Fix a compilation warning.
dr_mp3 v0.7.3 - 2026-01-17
  • Fix an error in drmp3_open_and_read_pcm_frames_s16() and family when memory allocation fails.
  • Fix some compilation warnings.
dr_wav v0.14.5 - 2026-03-03
  • Fix a crash when loading files with a malformed "smpl" chunk.
  • Fix a signed overflow bug with the MS-ADPCM decoder.
v0.14.4 - 2026-01-17
  • Fix some compilation warnings.

USN-8067-1: Mailman vulnerability

Ubuntu Security Advisories
1 week ago
It was discovered that Mailman incorrectly handled CSRF tokens. A remote list member or moderator could possibly use their own token to craft an admin request CSRF attack and set a new admin password or make other changes.

USN-5376-6: Git regression

Ubuntu Security Advisories
1 week ago
USN-5376-4 fixed a regression in Git. This update provides the corresponding update for Ubuntu 18.04 LTS. We apologize for the inconvenience. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue to run arbitrary commands.