5 days 22 hours ago
FEDORA-2026-154efc6066
Packages in this update:
- python-lxml-html-clean-0.4.4-1.fc42
Update description:
Security update for python-lxml-html-clean
5 days 22 hours ago
FEDORA-2026-f46fc594f3
Packages in this update:
- python-lxml-html-clean-0.4.4-1.fc44
Update description:
Security update for python-lxml-html-clean
5 days 22 hours ago
FEDORA-2026-fdded962b2
Packages in this update:
- python-lxml-html-clean-0.4.4-1.fc43
Update description:
Security update for python-lxml-html-clean
6 days ago
FEDORA-EPEL-2026-8a5d339569
Packages in this update:
Update description:
Update to 1.4.0
6 days ago
FEDORA-EPEL-2026-830cb46951
Packages in this update:
Update description:
Update to 1.4.0
6 days ago
FEDORA-EPEL-2026-a96c428ab5
Packages in this update:
Update description:
Update to 1.4.0
6 days ago
FEDORA-2026-3481aa745b
Packages in this update:
Update description:
Update to 1.4.0
6 days ago
FEDORA-2026-f8e0af09af
Packages in this update:
Update description:
Update to 1.4.0
6 days ago
FEDORA-EPEL-2026-dcca0faa1b
Packages in this update:
Update description:
Update to 1.4.0
6 days ago
USN-8062-1 fixed vulnerabilities in curl. This update provides the
corresponding update for CVE-2025-14017, CVE-2025-15079, and CVE-2025-15224
for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04
LTS.
Original advisory details:
It was discovered that curl incorrectly handled cookies when redirected
from secure to insecure connections. An attacker could possibly use this
issue to cause a denial of service, or obtain sensitive information.
This issue only affected Ubuntu 25.10. (CVE-2025-9086)
Calvin Ruocco discovered that curl did not properly handle WebSocket
communications under certain circumstances. A malicious server could
possibly use this issue to poison proxy caches with malicious content.
This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10.
(CVE-2025-10148)
Stanislav Fort discovered that wcurl did not properly handle URLs with
certain encoded characters. If a user were tricked into processing
a specially crafted URL, an attacker could possibly use this issue to
write files outside the intended directory. This issue only affected
Ubuntu 25.10. (CVE-2025-11563)
Stanislav Fort discovered that curl did not properly validate pinned
public keys under certain circumstances. A remote attacker could
possibly use this issue to perform a machine-in-the-middle attack. This
issue only affected Ubuntu 25.10.(CVE-2025-13034)
Stanislav Fort discovered that curl did not properly manage TLS options
when performing LDAP over TLS transfers in multi-threaded environments.
Under certain circumstances, certificate verification could be
unintentionally and unknowingly disabled. (CVE-2025-14017)
It was discovered that curl incorrectly handled Oauth2 bearer tokens
when following redirects. A remote attacker could possibly use this
issue to obtain authentication credentials. (CVE-2025-14524)
Stanislav Fort discovered that curl did not properly validate TLS
certificates when reusing connections. A remote attacker could possibly
use this issue to bypass expected certificate verification. This issue
only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-14819)
Harry Sintonen discovered that curl did not properly validate SSH host
keys when performing SSH-based file transfers. This issue could lead to
unintended bypass of custom known_hosts file. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-15079)
Harry Sintonen discovered that curl built with libssh did not properly
handle authentication when performing SSH-based file transfers. This
could result in unintended authentication operations. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-15224)
6 days 2 hours ago
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Padata parallel execution mechanism;
- Netfilter;
(CVE-2022-49698, CVE-2025-21726, CVE-2025-40019)
6 days 4 hours ago
Version:next-20260303 (linux-next)
Released:2026-03-03
6 days 5 hours ago
Sergiu Ghetie discovered that some Intel® processors did not properly
handle values in the microcode flow. A local authenticated user could
potentially use this issue to escalate their privileges.
6 days 12 hours ago
FEDORA-2026-4bf819dfdb
Packages in this update:
- dr_libs-0^20260302.fa931f3-2.fc42
Update description:
dr_flac
v0.13.3 - 2026-01-17
- Fix a compiler compatibility issue with some inlined assembly.
- Fix a compilation warning.
dr_mp3
v0.7.3 - 2026-01-17
- Fix an error in drmp3_open_and_read_pcm_frames_s16() and family when memory
allocation fails.
- Fix some compilation warnings.
dr_wav
v0.14.5 - 2026-03-03
- Fix a crash when loading files with a malformed "smpl" chunk.
- Fix a signed overflow bug with the MS-ADPCM decoder.
v0.14.4 - 2026-01-17
- Fix some compilation warnings.
6 days 13 hours ago
FEDORA-2026-d1d665c9d5
Packages in this update:
- dr_libs-0^20260302.fa931f3-2.fc43
Update description:
dr_flac
v0.13.3 - 2026-01-17
- Fix a compiler compatibility issue with some inlined assembly.
- Fix a compilation warning.
dr_mp3
v0.7.3 - 2026-01-17
- Fix an error in drmp3_open_and_read_pcm_frames_s16() and family when memory
allocation fails.
- Fix some compilation warnings.
dr_wav
v0.14.5 - 2026-03-03
- Fix a crash when loading files with a malformed "smpl" chunk.
- Fix a signed overflow bug with the MS-ADPCM decoder.
v0.14.4 - 2026-01-17
- Fix some compilation warnings.
6 days 13 hours ago
FEDORA-2026-c2889d2725
Packages in this update:
- dr_libs-0^20260302.fa931f3-2.fc44
Update description:
dr_flac
v0.13.3 - 2026-01-17
- Fix a compiler compatibility issue with some inlined assembly.
- Fix a compilation warning.
dr_mp3
v0.7.3 - 2026-01-17
- Fix an error in drmp3_open_and_read_pcm_frames_s16() and family when memory
allocation fails.
- Fix some compilation warnings.
dr_wav
v0.14.5 - 2026-03-03
- Fix a crash when loading files with a malformed "smpl" chunk.
- Fix a signed overflow bug with the MS-ADPCM decoder.
v0.14.4 - 2026-01-17
- Fix some compilation warnings.
6 days 14 hours ago
6 days 14 hours ago
1 week ago
It was discovered that Mailman incorrectly handled CSRF tokens. A remote
list member or moderator could possibly use their own token to craft an
admin request CSRF attack and set a new admin password or make other
changes.
1 week ago
USN-5376-4 fixed a regression in Git. This update provides the
corresponding update for Ubuntu 18.04 LTS.
We apologize for the inconvenience.
Original advisory details:
俞晨东 discovered that Git incorrectly handled certain repository paths
in platforms with multiple users support. An attacker could possibly use
this issue to run arbitrary commands.