Aggregator

perl-Crypt-PBKDF2-0.261630-1.fc44

Fedora Security Advisories
5 days 13 hours ago
FEDORA-2026-5b12cc327e Packages in this update:
  • perl-Crypt-PBKDF2-0.261630-1.fc44
Update description:

This update addresses a number of security issues:

  • Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641)
  • Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638)
  • Use a constant-time comparison in validate to avoid timing attacks (CVE-2017-20240)

perl-Crypt-PBKDF2-0.261630-1.el10_3

Fedora Security Advisories
5 days 13 hours ago
FEDORA-EPEL-2026-02984212ed Packages in this update:
  • perl-Crypt-PBKDF2-0.261630-1.el10_3
Update description:

This update addresses a number of security issues:

  • Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641)
  • Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638)
  • Use a constant-time comparison in validate to avoid timing attacks (CVE-2017-20240)

perl-Crypt-PBKDF2-0.261630-1.el10_2

Fedora Security Advisories
5 days 13 hours ago
FEDORA-EPEL-2026-ee9885ce31 Packages in this update:
  • perl-Crypt-PBKDF2-0.261630-1.el10_2
Update description:

This update addresses a number of security issues:

  • Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641)
  • Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638)
  • Use a constant-time comparison in validate to avoid timing attacks (CVE-2017-20240)

perl-Crypt-PBKDF2-0.261630-1.el9

Fedora Security Advisories
5 days 13 hours ago
FEDORA-EPEL-2026-c5b8fc5fd2 Packages in this update:
  • perl-Crypt-PBKDF2-0.261630-1.el9
Update description:

This update addresses a number of security issues:

  • Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641)
  • Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638)
  • Use a constant-time comparison in validate to avoid timing attacks (CVE-2017-20240)

perl-Crypt-PBKDF2-0.261630-1.fc43

Fedora Security Advisories
5 days 13 hours ago
FEDORA-2026-e8231b773d Packages in this update:
  • perl-Crypt-PBKDF2-0.261630-1.fc43
Update description:

This update addresses a number of security issues:

  • Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641)
  • Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638)
  • Use a constant-time comparison in validate to avoid timing attacks (CVE-2017-20240)

USN-8426-1: Linux kernel (Azure) vulnerabilities

Ubuntu Security Advisories
6 days 2 hours ago
It was discovered that the Linux kernel algif_aead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-31431) It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43284, CVE-2026-43500) It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43503, CVE-2026-46300) Qualys discovered that a race condition existed in the ptrace subsystem of the Linux kernel when privileged processes are exiting. An unprivileged local attacker could use this issue to expose sensitive information. (CVE-2026-46333) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Ethernet bonding driver; - SMB network file system; - Netfilter; - io_uring subsystem; - Packet sockets; - RDS protocol; - TLS protocol; (CVE-2024-35862, CVE-2024-50060, CVE-2026-23274, CVE-2026-23351, CVE-2026-31419, CVE-2026-31504, CVE-2026-31533, CVE-2026-43033, CVE-2026-43077, CVE-2026-43078, CVE-2026-43494, CVE-2026-46028)

atril-1.26.4-1.el8

Fedora Security Advisories
6 days 4 hours ago
FEDORA-EPEL-2026-c0bb6674c7 Packages in this update:
  • atril-1.26.4-1.el8
Update description: atril 1.26.4
  • epub: use g_strndup for parsing document path
  • epub: validate epub content before parsing
atril 1.26.3
  • epub: Avoid crash when index list has extraneous entry
  • fix a incompatible pointer type warning for gcc14
  • Fix build with libxml2 2.12
  • fix memleak
  • pdf: Always use poppler_document_save to avoid data loss
  • ev-application: Quote user-supplied strings in ev_spawn command line

atril-1.26.4-1.el9

Fedora Security Advisories
6 days 4 hours ago
FEDORA-EPEL-2026-abc540be8b Packages in this update:
  • atril-1.26.4-1.el9
Update description: atril 1.26.4
  • epub: use g_strndup for parsing document path
  • epub: validate epub content before parsing
atril 1.26.3
  • epub: Avoid crash when index list has extraneous entry
  • fix a incompatible pointer type warning for gcc14
  • Fix build with libxml2 2.12
  • fix memleak
  • pdf: Always use poppler_document_save to avoid data loss
  • ev-application: Quote user-supplied strings in ev_spawn command line

USN-8423-1: lwIP vulnerabilities

Ubuntu Security Advisories
6 days 5 hours ago
It was discovered that lwIP contained a buffer overflow in the EAP authentication handling code. An attacker could possibly use this issue to trigger a buffer overflow, resulting in arbitrary code execution or a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-8597) It was discovered that lwIP incorrectly handled certain ICMPv6 or 6LoWPAN packets. An attacker could possibly use this issue to trigger a buffer overflow, resulting in information disclosure. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-22283, CVE-2020-22284) It was discovered that lwIP did not properly validate certain SNMPv3 authentication parameters. An attacker could possibly use this issue to trigger a stack-based buffer overflow, resulting in arbitrary code execution or a denial of service. (CVE-2026-8836)