Aggregator

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; - Netfilter; - io_uring subsystem; (CVE-2024-35862, CVE-2024-50060, CVE-2026-23274, CVE-2026-23351)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Drivers core; - Null block device driver; - Ublk userspace block driver; - Bluetooth drivers; - Counter interface drivers; - DMA engine subsystem; - DPLL subsystem; - GPU drivers; - HID subsystem; - Intel Trace Hub HW tracing drivers; - IIO ADC drivers; - IIO subsystem; - On-Chip Interconnect management framework; - IRQ chip drivers; - Modular ISDN driver; - LED subsystem; - Multiple devices driver; - UACCE accelerator framework; - MMC subsystem; - Ethernet bonding driver; - Network drivers; - Mellanox network drivers; - NVME drivers; - PHY drivers; - x86 platform drivers; - i.MX PM domains; - SCSI subsystem; - SLIMbus drivers; - SPI subsystem; - TCM subsystem; - W1 Dallas's 1-wire bus driver; - Xen hypervisor drivers; - BTRFS file system; - EFI Variable file system; - exFAT file system; - Ext4 file system; - HFS+ file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NTFS3 file system; - SMB network file system; - Scheduler infrastructure; - Netfilter; - NFC subsystem; - Tracing infrastructure; - io_uring subsystem; - BPF subsystem; - Perf events; - Floating proportions library; - Memory management; - Bluetooth subsystem; - CAN network layer; - Ceph Core library; - Networking core; - IPv4 networking; - IPv6 networking; - L2TP protocol; - MAC80211 subsystem; - NET/ROM layer; - Network traffic control; - SCTP protocol; - TLS protocol; - Unix domain sockets; - VMware vSockets driver; - Wireless networking; - ALSA AC97 driver; - Generic PCM loopback sound driver; - Creative Sound Blaster X-Fi driver; - AMD SoC Alsa drivers; - Texas InstrumentS Audio (ASoC/HDA) drivers; - USB sound devices; - KVM subsystem; (CVE-2024-50004, CVE-2024-58096, CVE-2024-58097, CVE-2025-37926, CVE-2025-38201, CVE-2025-38591, CVE-2025-40039, CVE-2025-40082, CVE-2025-40149, CVE-2025-68351, CVE-2025-68358, CVE-2025-68365, CVE-2025-68725, CVE-2025-68749, CVE-2025-68803, CVE-2025-68823, CVE-2025-71160, CVE-2025-71162, CVE-2025-71163, CVE-2025-71180, CVE-2025-71182, CVE-2025-71183, CVE-2025-71184, CVE-2025-71185, CVE-2025-71186, CVE-2025-71188, CVE-2025-71189, CVE-2025-71190, CVE-2025-71191, CVE-2025-71192, CVE-2025-71193, CVE-2025-71194, CVE-2025-71195, CVE-2025-71196, CVE-2025-71197, CVE-2025-71198, CVE-2025-71199, CVE-2025-71200, CVE-2025-71220, CVE-2025-71222, CVE-2025-71224, CVE-2025-71225, CVE-2025-71268, CVE-2026-22976, CVE-2026-22977, CVE-2026-22978, CVE-2026-22979, CVE-2026-22980, CVE-2026-22982, CVE-2026-22984, CVE-2026-22990, CVE-2026-22991, CVE-2026-22992, CVE-2026-22994, CVE-2026-22996, CVE-2026-22997, CVE-2026-22998, CVE-2026-22999, CVE-2026-23000, CVE-2026-23001, CVE-2026-23003, CVE-2026-23005, CVE-2026-23006, CVE-2026-23010, CVE-2026-23011, CVE-2026-23019, CVE-2026-23020, CVE-2026-23021, CVE-2026-23025, CVE-2026-23026, CVE-2026-23030, CVE-2026-23031, CVE-2026-23032, CVE-2026-23033, CVE-2026-23035, CVE-2026-23037, CVE-2026-23038, CVE-2026-23047, CVE-2026-23049, CVE-2026-23050, CVE-2026-23053, CVE-2026-23054, CVE-2026-23056, CVE-2026-23057, CVE-2026-23058, CVE-2026-23059, CVE-2026-23061, CVE-2026-23062, CVE-2026-23063, CVE-2026-23064, CVE-2026-23065, CVE-2026-23068, CVE-2026-23069, CVE-2026-23071, CVE-2026-23073, CVE-2026-23075, CVE-2026-23076, CVE-2026-23078, CVE-2026-23080, CVE-2026-23083, CVE-2026-23084, CVE-2026-23085, CVE-2026-23086, CVE-2026-23087, CVE-2026-23088, CVE-2026-23089, CVE-2026-23090, CVE-2026-23091, CVE-2026-23093, CVE-2026-23094, CVE-2026-23095, CVE-2026-23096, CVE-2026-23097, CVE-2026-23098, CVE-2026-23099, CVE-2026-23101, CVE-2026-23102, CVE-2026-23103, CVE-2026-23105, CVE-2026-23107, CVE-2026-23108, CVE-2026-23110, CVE-2026-23113, CVE-2026-23116, CVE-2026-23119, CVE-2026-23120, CVE-2026-23121, CVE-2026-23123, CVE-2026-23124, CVE-2026-23125, CVE-2026-23126, CVE-2026-23128, CVE-2026-23129, CVE-2026-23131, CVE-2026-23133, CVE-2026-23135, CVE-2026-23136, CVE-2026-23139, CVE-2026-23140, CVE-2026-23141, CVE-2026-23142, CVE-2026-23144, CVE-2026-23145, CVE-2026-23146, CVE-2026-23148, CVE-2026-23150, CVE-2026-23151, CVE-2026-23156, CVE-2026-23159, CVE-2026-23160, CVE-2026-23163, CVE-2026-23164, CVE-2026-23166, CVE-2026-23167, CVE-2026-23168, CVE-2026-23170, CVE-2026-23172, CVE-2026-23173, CVE-2026-23176, CVE-2026-23178, CVE-2026-23179, CVE-2026-23180, CVE-2026-23182, CVE-2026-23187, CVE-2026-23190, CVE-2026-23191, CVE-2026-23193, CVE-2026-23198, CVE-2026-23200, CVE-2026-23202, CVE-2026-23204, CVE-2026-23205, CVE-2026-23206, CVE-2026-23212, CVE-2026-23213, CVE-2026-23214, CVE-2026-23215, CVE-2026-23216, CVE-2026-23254, CVE-2026-23256, CVE-2026-23257, CVE-2026-23258, CVE-2026-23260, CVE-2026-23261, CVE-2026-23262, CVE-2026-23264, CVE-2026-23274, CVE-2026-23351, CVE-2026-23394)

Version:next-20260525 (linux-next) Released:2026-05-25

It was discovered that NLTK incorrectly validated file paths when opening files using the nltk.util module. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-0846) It was discovered that NLTK incorrectly validated file paths in multiple CorpusReader classes. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-0847) It was discovered that NLTK did not properly validate external Java archive files loaded by StanfordSegmenter. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-0848) It was discovered that NLTK's WordNet browser application incorrectly handled user-supplied input. An attacker could possibly use this issue to perform a cross-site scripting attack. (CVE-2026-33230) It was discovered that NLTK's WordNet browser application did not restrict access to the shutdown endpoint. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2026-33231) It was discovered that NLTK's downloader did not validate path attributes in remote XML index files. An attacker could possibly use this issue to create or overwrite arbitrary files. (CVE-2026-33236)

Byambadalai Sumiya discovered that SimpleEval did not properly restrict attribute access and callback handling inside a sandbox. An attacker could possibly use this issue to execute arbitrary code.

Zou Dikai discovered that ngtcp2 serialized peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog was enabled, a remote attacker could possibly use this issue to execute arbitrary code.

FEDORA-2026-75b5ddf8c3 Packages in this update:

• vim-9.2.530-1.fc43

Update description:

keep GTK4 in rawhide for now

switch to GTK4 for GVim

Fix CVE-2026-46483

FEDORA-2026-f3e466ea26 Packages in this update:

• bind-9.18.49-1.fc42
• bind-dyndb-ldap-11.11-12.fc42

Update description: Update to 9.18.49 (rhbz#2480121) Security Fixes:

• Limit resolver server list size. (CVE-2026-3592)
• Fix GSS-API resource leak. (CVE-2026-3039)
• Disable recursion, UPDATE, and NOTIFY for non-IN views. (CVE-2026-5946)
• Avoid unbounded recursion loop. (CVE-2026-5950)
• Fix outgoing zone transfers' quota issue.

Feature Changes:

• Fix CPU spikes and slow queries when cache approaches memory limit.

Bug Fixes:

• Fix named crash when processing SIG records in dynamic updates.
• Fix rndc modzone behavior for a zone in named.conf.
• Fix zone verification of NSEC3 signed zones.
• Prevent a crash when using both dns64 and filter-aaaa.
• Fixed an assertion failure when processing catalog zones.
• Prevent malicious DNSSEC zones from exhausting validator CPU.
• Fix rndc-confgen aborting on HMAC-SHA-384/512 keys above 512 bits.
• Prevent crafted queries from degrading RRL performance.
• Fix a bug in allow-query/allow-transfer catalog zone custom properties.
• Fix a memory leak issue in catalog zones.
• Fix suppressed missing-glue check in named-checkzone.
• Reject record sets too large to serve in DNS.

Source: https://downloads.isc.org/isc/bind9/9.18.49/doc/arm/html/notes.html#notes-for-bind-9-18-49

It was discovered that Rclone incorrectly handled authorization in the remote control API. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-41176) It was discovered that Rclone incorrectly handled backend instantiation via the remote control API. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-41179)

Muhammad Abdul Rehman discovered that .NET incorrectly handled certain network requests, leading to a loop with an unreachable exit condition. A remote attacker could possibly use this issue to consume excessive resources, resulting in a denial of service.

FEDORA-EPEL-2026-7158896891 Packages in this update:

• python-wsgidav-4.3.4-1.el10_3

Update description: 4.3.4 / 2026-05-24

• Resolve security advisory CVE-2026-48099

FEDORA-2026-7d942b469f Packages in this update:

• python-wsgidav-4.3.4-1.fc43

Update description: 4.3.4 / 2026-05-24

• Resolve security advisory CVE-2026-48099

FEDORA-2026-b2212b4742 Packages in this update:

• python-wsgidav-4.3.4-1.fc44

Update description: 4.3.4 / 2026-05-24

• Resolve security advisory CVE-2026-48099

FEDORA-EPEL-2026-c185cd6f77 Packages in this update:

• nix-2.31.5-1.el10_2

Update description:

• Rebase nix to 2.31.5
• fixes https://github.com/NixOS/nix/security/advisories/GHSA-vh5x-56v6-4368

FEDORA-2026-2b956d89d3 Packages in this update:

• roundcubemail-1.7.1-1.fc44

Update description: Release 1.7.1

• Enigma: Support automatic public key lookup (import) using HKP v1 protocol (#5314)
• Managesieve: Fix error when a mail message contains duplicate List-Id header (#10186)
• Clarified Elastic installation instructions (#10163)
• Added HTMLFormElement.requestSubmit() polyfill for older browsers (#10179)
• Fix so "has:attachment" search uses $HasAttachment/$HasNoAttachment keywords (#10168)
• Fix potential too long value in IMAP ID command (#10136)
• Fix redis/memcache disconnection in rcube::sleep() (#10127)
• Fix so static resources, e.g. skin_logo can be put inside the public_html directory (#10160)
• Fix so REQUEST_URI is used as a fallback if PATH_INFO is not set in static.php (#10181)
• Fix assets_path feature and remove dependency on PATH_INFO (#10185)
• Fix MySQL upgrade on MySQL < 8.0 and MariaDB < 10.5.3 (#10188)
• Security: Fix stored XSS/HTML/CSS injection in subject field of the draft restore dialog
• Security: Fix CSS injection bypass in HTML sanitizer via SVG <animate attributeName="style">
• Security: Fix pre-auth SQL injection in virtuser_query plugin via preg_replace backslash escape bypass
• Security: Fix SSRF bypass via specific local address URLs
• Security: Fix bypass of remote image blocking via CSS var()
• Security: Fix local/private URL fetch bypass when remote resources were not allowed
• Security: Fix pre-auth arbitrary file delete via redis/memcache session poisoning bypass
• Security: Fix code injection vulnerability - remove support for code evaluation in LDAP autovalues option

Version:7.1-rc5 (mainline) Released:2026-05-24 Source:linux-7.1-rc5.tar.gz Patch:full (incremental)

FEDORA-2026-af4f5feae8 Packages in this update:

• perl-Catalyst-Plugin-Authentication-0.10026-1.fc43

Update description:

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks since these versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password. Version 0.10026 of the module fixes this issue.

FEDORA-2026-26666575ae Packages in this update:

• perl-Catalyst-Plugin-Authentication-0.10026-1.fc44

Update description:

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks since these versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password. Version 0.10026 of the module fixes this issue.

FEDORA-2026-0a2c98c91f Packages in this update:

• perl-Catalyst-Plugin-Authentication-0.10026-1.fc42

Update description:

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks since these versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password. Version 0.10026 of the module fixes this issue.