Aggregator

kryoptic-1.5.0-2.fc43 pyOpenSSL-26.0.0-1.fc43 python-cryptography-46.0.5-1.fc43 rust-asn1-0.22.0-1.fc43 rust-asn1_derive-0.22.0-1.fc43 rust-cryptoki-0.12.0-2.fc43 rust-cryptoki-sys-0.5.0-2.fc43 rust-wycheproof-0.6.0-1.fc43

4 days 4 hours ago
FEDORA-2026-9d5b9f45ec Packages in this update:
  • kryoptic-1.5.0-2.fc43
  • pyOpenSSL-26.0.0-1.fc43
  • python-cryptography-46.0.5-1.fc43
  • rust-asn1-0.22.0-1.fc43
  • rust-asn1_derive-0.22.0-1.fc43
  • rust-cryptoki-0.12.0-2.fc43
  • rust-cryptoki-sys-0.5.0-2.fc43
  • rust-wycheproof-0.6.0-1.fc43
Update description:
  • Update pyOpenSSL to v26.0.0 (security update)
  • Update python-cryptography to v46.0.5 (dependency of pyOpenSSL 26)
  • Update rust-asn1 to 0.22 (dependency of python-cryptography)
  • Update kryoptic to v1.5 (required for rust-asn1 bump to 0.22)

The security status of this update is only for pyOpenSSL.

localsearch-3.10.2-2.fc43

4 days 4 hours ago
FEDORA-2026-ba6641558a Packages in this update:
  • localsearch-3.10.2-2.fc43
Update description:

Add a patch for several CVEs:

  • CVE-2026-1764 - Heap Buffer Overflow in GNOME localsearch MP3 Extractor
  • CVE-2026-1765 - Heap Buffer Overflow in GNOME localsearch MP3 Extractor (TXXX Tags)
  • CVE-2026-1766 - Heap Buffer Overflow in GNOME localsearch MP3 Extractor (ID3v2.3 COMM Tags)
  • CVE-2026-1767 - Heap Buffer Overflow in GNOME localsearch MP3 Extractor

glib2-2.86.4-2.fc43

4 days 7 hours ago
FEDORA-2026-5637749c07 Packages in this update:
  • glib2-2.86.4-2.fc43
Update description:

Add patch for CVE-2026-0988 (Integer overflow in g_buffered_input_stream_peek() leads to segmentation fault)

USN-8103-2: Exiv2 regression

4 days 10 hours ago
USN-8103-1 fixed vulnerabilities in Exiv2. The update caused a regression for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Exiv2 did not correctly handle reading certain buffers. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-18771) Wen Cheng discovered that Exiv2 did not correctly handle certain memory allocation. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-18899) It was discovered that Exiv2 did not correctly handle writing certain metadata. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2025-54080) It was discovered that Exiv2 did not correctly handle parsing certain metadata. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-55304) It was discovered that Exiv2 did not correctly handle parsing certain images. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2026-25884) It was discovered that Exiv2 did not correctly handle previewing certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-27596) It was discovered that Exiv2 did not correctly handle certain integer arithmetic. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-27631)

roundcubemail-1.7~rc5-1.fc44

4 days 11 hours ago
FEDORA-2026-9b0f520716 Packages in this update:
  • roundcubemail-1.7~rc5-1.fc44
Update description:

Version 1.7-rc5

  • Password: Add nt-binary hashing method (#10096)
  • Fix URL matching for domain names with port numbers (#10105)
  • Fix PHP fatal error when using IMAP cache (#10102)
  • Fix Postgres connection using IPv6 address (#10104)
  • Fix bug where rel=stylesheet part of a <link> could get removed
  • Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler
  • Security: Fix bug where a password could get changed without providing the old password
  • Security: Fix IMAP Injection + CSRF bypass in mail search
  • Security: Fix remote image blocking bypass via various SVG animate attributes
  • Security: Fix remote image blocking bypass via a crafted body background attribute
  • Security: Fix fixed position mitigation bypass via use of !important
  • Security: Fix XSS issue in a HTML attachment preview
  • Security: Fix SSRF + Information Disclosure via stylesheet links to a local network hosts

roundcubemail-1.6.14-1.el10_2

4 days 11 hours ago
FEDORA-EPEL-2026-95071cd05c Packages in this update:
  • roundcubemail-1.6.14-1.el10_2
Update description:

Version 1.6.14

  • Fix Postgres connection using IPv6 address (#10104)
  • Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler
  • Security: Fix bug where a password could get changed without providing the old password
  • Security: Fix IMAP Injection + CSRF bypass in mail search
  • Security: Fix remote image blocking bypass via various SVG animate attributes
  • Security: Fix remote image blocking bypass via a crafted body background attribute
  • Security: Fix fixed position mitigation bypass via use of !important
  • Security: Fix XSS issue in a HTML attachment preview
  • Security: Fix SSRF + Information Disclosure via stylesheet links to a local network hosts

roundcubemail-1.6.14-1.fc42

4 days 11 hours ago
FEDORA-2026-c283cce7fd Packages in this update:
  • roundcubemail-1.6.14-1.fc42
Update description:

Version 1.6.14

  • Fix Postgres connection using IPv6 address (#10104)
  • Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler
  • Security: Fix bug where a password could get changed without providing the old password
  • Security: Fix IMAP Injection + CSRF bypass in mail search
  • Security: Fix remote image blocking bypass via various SVG animate attributes
  • Security: Fix remote image blocking bypass via a crafted body background attribute
  • Security: Fix fixed position mitigation bypass via use of !important
  • Security: Fix XSS issue in a HTML attachment preview
  • Security: Fix SSRF + Information Disclosure via stylesheet links to a local network hosts

roundcubemail-1.6.14-1.fc43

4 days 11 hours ago
FEDORA-2026-2decd38070 Packages in this update:
  • roundcubemail-1.6.14-1.fc43
Update description:

Version 1.6.14

  • Fix Postgres connection using IPv6 address (#10104)
  • Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler
  • Security: Fix bug where a password could get changed without providing the old password
  • Security: Fix IMAP Injection + CSRF bypass in mail search
  • Security: Fix remote image blocking bypass via various SVG animate attributes
  • Security: Fix remote image blocking bypass via a crafted body background attribute
  • Security: Fix fixed position mitigation bypass via use of !important
  • Security: Fix XSS issue in a HTML attachment preview
  • Security: Fix SSRF + Information Disclosure via stylesheet links to a local network hosts

roundcubemail-1.6.14-1.el10_1

4 days 11 hours ago
FEDORA-EPEL-2026-31c7836113 Packages in this update:
  • roundcubemail-1.6.14-1.el10_1
Update description:

Version 1.6.14

  • Fix Postgres connection using IPv6 address (#10104)
  • Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler
  • Security: Fix bug where a password could get changed without providing the old password
  • Security: Fix IMAP Injection + CSRF bypass in mail search
  • Security: Fix remote image blocking bypass via various SVG animate attributes
  • Security: Fix remote image blocking bypass via a crafted body background attribute
  • Security: Fix fixed position mitigation bypass via use of !important
  • Security: Fix XSS issue in a HTML attachment preview
  • Security: Fix SSRF + Information Disclosure via stylesheet links to a local network hosts

roundcubemail-1.6.14-1.el10_3

4 days 11 hours ago
FEDORA-EPEL-2026-b318120749 Packages in this update:
  • roundcubemail-1.6.14-1.el10_3
Update description:

Version 1.6.14

  • Fix Postgres connection using IPv6 address (#10104)
  • Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler
  • Security: Fix bug where a password could get changed without providing the old password
  • Security: Fix IMAP Injection + CSRF bypass in mail search
  • Security: Fix remote image blocking bypass via various SVG animate attributes
  • Security: Fix remote image blocking bypass via a crafted body background attribute
  • Security: Fix fixed position mitigation bypass via use of !important
  • Security: Fix XSS issue in a HTML attachment preview
  • Security: Fix SSRF + Information Disclosure via stylesheet links to a local network hosts

roundcubemail-1.5.14-1.el9

4 days 11 hours ago
FEDORA-EPEL-2026-34a0375273 Packages in this update:
  • roundcubemail-1.5.14-1.el9
Update description:

Version 1.5.14

  • Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler
  • Security: Fix bug where a password could get changed without providing the old password
  • Security: Fix IMAP Injection + CSRF bypass in mail search
  • Security: Fix remote image blocking bypass via various SVG animate attributes
  • Security: Fix remote image blocking bypass via a crafted body background attribute
  • Security: Fix fixed position mitigation bypass via use of !important
  • Security: Fix XSS issue in a HTML attachment preview

USN-8018-3: Python 2.7 vulnerabilities

4 days 12 hours ago
USN-8018-1 fixed CVE-2025-12084, CVE-2025-15282, CVE-2026-0672, CVE-2026-0865 for python3. This update provides the corresponding updates for python2.7. Original advisory details: Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this issue to inject arbitrary headers into email messages. This issue only affected python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12, python3.13, and python3.14 packages. (CVE-2025-11468) Jacob Walls, Shai Berger, and Natalia Bidart discovered that Python inefficiently parsed XML input with quadratic complexity. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-12084) It was discovered that Python incorrectly parsed malicious plist files. An attacker could possibly use this issue to cause Python to use excessive resources, leading to a denial of service. This issue only affected python3.5, python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12, python3.13, and python3.14 packages. (CVE-2025-13837) Omar Hasan discovered that Python incorrectly parsed URL mediatypes. An attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2025-15282) Omar Hasan discovered that Python incorrectly parsed malicious IMAP inputs. An attacker could possibly use this issue to inject arbitrary IMAP commands. (CVE-2025-15366) Omar Hasan discovered that Python incorrectly parsed malicious POP3 inputs. An attacker could possibly use this issue to inject arbitrary POP3 commands. (CVE-2025-15367) Omar Hasan discovered that Python incorrectly parsed malicious HTTP cookie headers. An attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2026-0672) Omar Hasan discovered that Python incorrectly parsed malicious HTTP header names and values. An attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2026-0865)