Aggregator

proftpd-1.3.9a-2.el10_1

Fedora Security Advisories
5 days 5 hours ago
FEDORA-EPEL-2026-c8e9680bd3 Packages in this update:
  • proftpd-1.3.9a-2.el10_1
Update description:

This update contains an updated mod_wrap2_sql that addresses a potential SQL injection issue when connected to from a client with a maliciously-constructed reverse DNS record (CVE-2026-44331). Note that mod_wrap2_sql is not enabled by default and the issue can only happen if UseReverseDNS is enabled, which is also off by default.

proftpd-1.3.9a-2.fc44

Fedora Security Advisories
5 days 5 hours ago
FEDORA-2026-871243b391 Packages in this update:
  • proftpd-1.3.9a-2.fc44
Update description:

This update contains an updated mod_wrap2_sql that addresses a potential SQL injection issue when connected to from a client with a maliciously-constructed reverse DNS record (CVE-2026-44331). Note that mod_wrap2_sql is not enabled by default and the issue can only happen if UseReverseDNS is enabled, which is also off by default.

proftpd-1.3.9a-2.fc43

Fedora Security Advisories
5 days 5 hours ago
FEDORA-2026-4ddb108952 Packages in this update:
  • proftpd-1.3.9a-2.fc43
Update description:

This update contains an updated mod_wrap2_sql that addresses a potential SQL injection issue when connected to from a client with a maliciously-constructed reverse DNS record (CVE-2026-44331). Note that mod_wrap2_sql is not enabled by default and the issue can only happen if UseReverseDNS is enabled, which is also off by default.

proftpd-1.3.9a-2.fc45

Fedora Security Advisories
5 days 9 hours ago
FEDORA-2026-c8173d7dcd Packages in this update:
  • proftpd-1.3.9a-2.fc45
Update description:

Automatic update for proftpd-1.3.9a-2.fc45.

Changelog * Mon May 11 2026 Paul Howarth <paul@city-fan.org> - 1.3.9a-2 - Additional escaping for avoidance of SQL injection issues with %{note:...} and %{env:...}; these are on top of the existing fix for CVE-2026-42167 in 1.3.9a - Fix for SQL Injection in mod_wrap2_sql via reverse DNS hostname (CVE-2026-44331, rhbz#2466899, https://github.com/proftpd/proftpd/issues/2057)

USN-8268-1: Dnsmasq vulnerabilities

Ubuntu Security Advisories
5 days 11 hours ago
Andrew S. Fasano, Royce M, and Hugo Martinez Ray discovered that Dnsmasq did not allocate the necessary space to store domain names in some contexts. An attacker could possibly use this issue to write out-of-bounds, and could cause a denial of service or execute arbitrary code. (CVE-2026-2291) Royce M discovered that Dnsmasq could loop infinitely due to erroneously missing the window header. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-4890) Royce M discovered that a maliciously crafted packet could cause Dnsmasq to report a negative length. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-4891) Royce M and Asim Viladi Oglu Manizada discovered that certain configurations of Dnsmasq could write over the DHCPv6 CLID buffer within a privileged helper. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-4892) Royce M discovered that certain configurations of Dnsmasq could bypass internal bounds checks. An attacker could possibly use this issue to permit malformed packets, and could cause a denial of service. (CVE-2026-4893) Hugo Martinez discovered that Dnsmasq did not check the rdlen element of a record. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-5172)

dnsmasq-2.92rel2-9.fc45

Fedora Security Advisories
5 days 11 hours ago
FEDORA-2026-e58a6acf77 Packages in this update:
  • dnsmasq-2.92rel2-9.fc45
Update description:

Automatic update for dnsmasq-2.92rel2-9.fc45.

Changelog * Tue May 12 2026 Petr Menšík <pemensik@redhat.com> - 2.92rel2-9 - Update to 2.92rel2 (rhbz#2469245) * Mon Apr 20 2026 Petr Menšík <pemensik@redhat.com> - 2.92-8 - Fix 1 byte extra write byte in DHCP reply (rhbz#2459196) * Mon Feb 16 2026 Petr Menšík <pemensik@redhat.com> - 2.92-7 - Add optional build support for libasan * Wed Feb 11 2026 Petr Menšík <<pemensik@redhat.com>> - 2.92-6 - Do not fail hard on inotify socket or watch failure * Thu Jan 22 2026 Petr Menšík <<pemensik@redhat.com>> - 2.92-5 - Do not fail validation if signature owner name does not match (rbhz#2421820)