5 days 12 hours ago
FEDORA-2026-8d275f4438
Packages in this update:
Update description:
Valkey 8.1.6 - Released Mon 23 February 2026
Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.
Security fixes
- (CVE-2026-21863) Remote DoS with malformed Valkey Cluster bus message
- (CVE-2025-67733) RESP Protocol Injection via Lua error_reply
Bug fixes
- Restrict ttl from being negative and avoid crash in import-mode (#2944)
- Fix chained replica crash when doing dual channel replication (#2983)
- Fix used_memory_dataset underflow due to miscalculated used_memory_overhead (#3005)
- Fix crashing while MODULE UNLOAD when ACL rules reference a module command or subcommand (#3160)
- Fix server assert on ACL LOAD and resetchannels (#3182)
- Fix bug causing no response flush sometimes when IO threads are busy (#3205)
5 days 14 hours ago
FEDORA-2026-ce5f5c292d
Packages in this update:
- php-zumba-json-serializer-3.2.4-1.fc44
Update description:
Version 3.2.4
- Fix serialization of parent class private properties by @Copilot in #71
- Fix fatal error when serializing objects with uninitialized typed properties by @Copilot in #68
Version 3.2.3
[Security] Added method to restrict which classes can be unserialized.
Security Advisory GHSA-v7m3-fpcr-h7m2
5 days 14 hours ago
FEDORA-2026-5ff99e948e
Packages in this update:
- php-zumba-json-serializer-3.2.4-1.fc43
Update description:
Version 3.2.4
- Fix serialization of parent class private properties by @Copilot in #71
- Fix fatal error when serializing objects with uninitialized typed properties by @Copilot in #68
Version 3.2.3
[Security] Added method to restrict which classes can be unserialized.
Security Advisory GHSA-v7m3-fpcr-h7m2
5 days 14 hours ago
FEDORA-2026-d781fd2f6b
Packages in this update:
- php-zumba-json-serializer-3.2.4-1.fc42
Update description:
Version 3.2.4
- Fix serialization of parent class private properties by @Copilot in #71
- Fix fatal error when serializing objects with uninitialized typed properties by @Copilot in #68
Version 3.2.3
[Security] Added method to restrict which classes can be unserialized.
Security Advisory GHSA-v7m3-fpcr-h7m2
5 days 22 hours ago
Version:next-20260223 (linux-next)
Released:2026-02-23
6 days 1 hour ago
Hanno Böck discovered that GIMP allocated FLI images using only the
information present in the file header, which allowed for a maliciously-
crafted file to cause out-of-bounds writes. An attacker could possibly use
this issue to cause a denial of service or execute arbitrary code. This
issue only affected Ubuntu 16.04 LTS. (CVE-2017-17785)
Michael Randrianantenaina discovered that that opening a maliciously
crafted FLI file could cause GIMP to index out-of-bounds. An attacker could
possibly use this issue to cause a denial or service or execute arbitrary
code. (CVE-2025-2761)
It was discovered that opening a maliciously-crafted DCM file could cause
GIMP to index out-of-bounds. An attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (CVE-2025-10922)
It was discovered that GIMP's JP2 parser did not account for precision when
allocating an image buffer. An attacker could possibly use this to cause a
denial of service or execute arbitrary code when a maliciously crafted file
is opened. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and
Ubuntu 24.04 LTS. (CVE-2025-14425)
It was discovered that GIMP's PSP parser erroneously queried the color
channels of a greyscale image, which resulted in an invalid memory pointer.
An attacker could possibly use this to cause a denial of service or execute
arbitrary code when a maliciously-crafted file is opened. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-15059)
6 days 1 hour ago
USN-8051-1 fixed vulnerabilities in libssh. This update provides the
corresponding updates for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu
20.04 LTS.
Original advisory details:
It was discovered that libssh clients incorrectly handled the key exchange
process. A remote attacker could possibly use this issue to cause libssh
clients to crash, resulting in a denial of service. (CVE-2025-8277)
It was discovered that the libssh SCP client incorrectly sanitized paths
received from servers. A remote attacker could use this issue to cause
libssh SCP clients to overwrite files outside of the working directory and
possibly execute arbitrary code. (CVE-2026-0964)
It was discovered that libssh incorrectly handled parsing configuration
files. A local attacker could possibly use this issue to cause libssh to
access non-regular files, resulting in a denial of service. (CVE-2026-0965)
It was discovered that libssh incorrectly handled the ssh_get_hexa()
function. A remote attacker could possibly use this issue to cause libssh
to crash, resulting in a denial of service. (CVE-2026-0966)
It was discovered that libssh incorrectly handled certain regular
expressions. A local attacker could possibly use this issue to cause
libssh to consume resources, resulting in a denial of service.
(CVE-2026-0967)
It was discovered that the libssh SFTP client incorrectly handled certain
malformed longname fields. A remote attacker could use this issue to cause
libssh SFTP clients to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-0968)
6 days 3 hours ago
FEDORA-2026-b0bf6e9c9b
Packages in this update:
- perl-Crypt-URandom-0.55-1.fc42
Update description:
This release fixes CVE-2026-2474 (a heap buffer overflow) and handling failed read syscalls.
6 days 3 hours ago
FEDORA-2026-88f1155b8b
Packages in this update:
- perl-Crypt-URandom-0.55-1.fc43
Update description:
This release fixes CVE-2026-2474 (a heap buffer overflow) and handling failed read syscalls.
6 days 3 hours ago
FEDORA-2026-eb6b1039eb
Packages in this update:
- perl-Crypt-URandom-0.55-1.fc44
Update description:
This release fixes CVE-2026-2474 (a heap buffer overflow) and handling failed read syscalls.
6 days 8 hours ago
Simon Diepold discovered that U-Boot incorrectly handled certain DHCP
responses. An attacker on the local network could possibly use this issue
to obtain sensitive memory contents. (CVE-2024-42040)
It was discovered that U-Boot incorrectly handled symlink size calculations
in squashfs file systems. An attacker could use this issue with a specially
crafted squashfs file system to cause U-Boot to crash, resulting in a denial
of service, or execute arbitrary code. (CVE-2024-57254)
It was discovered that U-Boot incorrectly handled inode size calculations
in squashfs file systems. An attacker could use this issue with a specially
crafted squashfs file system to cause U-Boot to crash, resulting in a denial
of service, or execute arbitrary code. (CVE-2024-57255)
It was discovered that U-Boot incorrectly handled inode size calculations
in EXT4 file systems. An attacker could use this issue with a specially
crafted EXT4 file system to cause U-Boot to crash, resulting in a denial of
service, or execute arbitrary code. (CVE-2024-57256)
It was discovered that U-Boot incorrectly handled deep symlink nesting in
squashfs file systems. An attacker could possibly use this issue with a
specially crafted squashfs file system to cause U-Boot to crash, resulting
in a denial of service. (CVE-2024-57257)
It was discovered that U-Boot incorrectly handled memory allocation in
squashfs file systems. An attacker could use this issue with a specially
crafted squashfs file system to cause U-Boot to crash, resulting in a denial
of service, or execute arbitrary code. (CVE-2024-57258)
6 days 8 hours ago
It was discovered that Evolution Data Server incorrectly handled removing
local cache files. An attacker could possibly use this issue to cause
Evolution Data Server to remove arbitrary files.
6 days 8 hours ago
It was discovered that DjVuLibre could be forced to execute a division
by zero in certain instances. A remote attacker could possibly use
this issue to cause applications to stop responding or crash, resulting
in a denial of service. (CVE-2021-46312)
It was discovered that DjVuLibre incorrectly handled certain memory
operations. If a user or automated system were tricked into processing a
specially crafted DjVu file, a remote attacker could cause applications
to stop responding or crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu
18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2025-53367)
6 days 15 hours ago
FEDORA-2026-10cccbf560
Packages in this update:
- avr-binutils-2.45-4.fc43.1
Update description:
- fix CVE-2025-11083: heap-based overflow
- fix CVE-2025-11082: heap-based overflow
- fix CVE-2025-11081: out-of-bounds read
6 days 15 hours ago
FEDORA-2026-405dab5af2
Packages in this update:
- avr-binutils-2.45-4.fc42.1
Update description:
- fix CVE-2025-11083: heap-based overflow
- fix CVE-2025-11082: heap-based overflow
- fix CVE-2025-11081: out-of-bounds read
1 week ago
1 week ago
FEDORA-2026-8a15e7a423
Packages in this update:
Update description:
Erlang ver. 26.2.5.17
1 week ago
FEDORA-2026-d51972eee3
Packages in this update:
Update description:
Erlang ver. 26.2.5.17
1 week ago
FEDORA-EPEL-2026-5322e7a12f
Packages in this update:
- nextcloud-32.0.6-1.el10_2
Update description:
32.0.6 release
1 week ago
FEDORA-2026-889607c7a0
Packages in this update:
Update description:
32.0.6 release
