Aggregator

USN-8072-1: PostgreSQL vulnerabilities

6 days 22 hours ago
Altan Birler discovered that PostgreSQL incorrectly validated oidvector types. An attacker could possibly use this issue to obtain a few bytes of sensitive information. (CVE-2026-2003) Daniel Firer discovered that PostgreSQL incorrectly validated input in the intarray extension. An attacker could possibly use this issue to execute arbitrary code. (CVE-2026-2004) It was dicovered that PosgreSQL incorrectly handled certain pgcrypto memory operations. An attacker could possibly use this issue to execute arbitrary code. (CVE-2026-2005) Paul Gerste and Moritz Sanft discovered that PostgreSQL incorrectly validated multibyte character lengths. An attacker could possibly use this issue to execute arbitrary code. (CVE-2026-2006)

USN-8071-1: NSS vulnerability

6 days 22 hours ago
It was discovered that NSS incorrectly handled memory when performing certain GHASH operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

USN-8069-1: ImageMagick vulnerabilities

6 days 23 hours ago
It was discovered that ImageMagick did not properly decode certain SUN image files. An attacker could use this issue to cause ImageMagick to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-25897) It was discovered that ImageMagick did not properly validate pixel index values when writing UIL and XPM image files. An attacker could use this issue to cause ImageMagick to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2026-25898) It was discovered that ImageMagick's MSL decoder did not properly handle certain attribute values. An attacker could use this issue to cause ImageMagick to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-25968) It was discovered that ImageMagick's MSL decoder did not properly handle memory when processing certain script elements. An attacker could use this issue to cause ImageMagick to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-25983) It was discovered that ImageMagick did not properly handle certain YUV image files. An attacker could use this issue to cause ImageMagick to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-25986) It was discovered that ImageMagick did not properly handle certain MAP image files. An attacker could use this issue to cause ImageMagick to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2026-25987) It was discovered that ImageMagick's PCD decoder did not properly process Huffman-coded data. An attacker could use this issue to cause ImageMagick to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2026-26284)

LSN-0118-1: Kernel Live Patch Security Notice

6 days 23 hours ago
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption (large read) crashes with a slab-use-after-free way down in the crypto API. In the Linux kernel, the following vulnerability has been resolved: padata: avoid UAF for reorder_work Although the previous patch can avoid ps and ps UAF for _do_serial, it can not avoid potential UAF issue for reorder_work. In the Linux kernel, the following vulnerability has been resolved: exfat: fix random stack corruption after get_block When get_block is called with a buffer_head allocated on the stack, such as do_mpage_readpage, stack corruption due to buffer_head UAF may occur in the following race condition situation. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in crypt_message when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from crypt_message(), assuming all crypto operations are synchronous. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Preauh_HashValue race condition If client send multiple session setup requests to ksmbd, Preauh_HashValue race condition could happen. In the Linux kernel, the following vulnerability has been resolved: io_uring/futex: ensure io_futex_wait() cleans up properly on failure The io_futex_data is allocated upfront and assigned to the io_kiocb async_data field, but the request isn't marked with REQ_F_ASYNC_DATA at that point. In the Linux kernel, the following vulnerability has been resolved: af_unix: Initialise scc_index in unix_add_edge().

USN-8070-2: Linux kernel vulnerabilities

6 days 23 hours ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - MMC subsystem; - Network drivers; - USB Device Class drivers; - BTRFS file system; - File systems infrastructure; - XFRM subsystem; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Simplified Mandatory Access Control Kernel framework; (CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659, CVE-2024-49927, CVE-2024-56548, CVE-2024-56593, CVE-2025-21704, CVE-2025-40215)

USN-8070-1: Linux kernel vulnerabilities

1 week ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - MMC subsystem; - Network drivers; - USB Device Class drivers; - BTRFS file system; - File systems infrastructure; - XFRM subsystem; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Simplified Mandatory Access Control Kernel framework; (CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659, CVE-2024-49927, CVE-2024-56548, CVE-2024-56593, CVE-2025-21704, CVE-2025-40215)

python3.12-3.12.13-1.fc42

1 week ago
FEDORA-2026-3ebfc12a16 Packages in this update:
  • python3.12-3.12.13-1.fc42
Update description:

Update to 3.12.13

Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367

python3.12-3.12.13-1.fc44

1 week ago
FEDORA-2026-05d833765a Packages in this update:
  • python3.12-3.12.13-1.fc44
Update description:

Update to 3.12.13

Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367