Aggregator

USN-8535-1: PipeWire vulnerabilities

5 days 7 hours ago
It was discovered that PipeWire accepted unbounded Content-Length values in its RAOP module. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2026-14324) It was discovered that PipeWire performed multiple unbounded stack allocations in its PulseAudio protocol server. A local attacker could possibly use this issue to cause a denial of service. (CVE-2026-14330)

USN-8534-1: LibreOffice vulnerabilities

5 days 8 hours ago
It was discovered that LibreOffice incorrectly handled importing DXF drawings. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-6039) It was discovered that LibreOffice incorrectly handled certain ODF number formats. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-6040) It was discovered that LibreOffice incorrectly handled importing EMF+ graphics. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-6045) It was discovered that LibreOffice incorrectly handled importing PPT presentations. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-8356) It was discovered that LibreOffice Calc incorrectly handled compiling certain formulas. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possily execute arbitrary code. (CVE-2026-8357) It was discovered that LibreOffice Calc incorrectly handled importing spreadsheet tracked changes. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-8358)

USN-8533-1: OpenSSH vulnerabilities

5 days 10 hours ago
It was discovered that OpenSSH sftp did not properly constrain the location of downloaded files when connecting to an attacker-controlled server. An attacker could possibly use this issue to write files to unintended locations on the file system. (CVE-2026-59995) It was discovered that OpenSSH scp could place files in the parent directory of the intended destination when copying between two remote hosts. An attacker could possibly use this issue to write files to unintended locations. (CVE-2026-59996) It was discovered that OpenSSH internal-sftp only recognized the first nine command-line arguments, This could result in certain security-sensitive arguments being ignored, contrary to expectations. (CVE-2026-59997) It was discovered that OpenSSH had undocumented behaviour regarding the GSSAPIStrictAcceptorCheck option in environments using Windows Active Directory. The documentation has been updated to clarify use of the option. (CVE-2026-59998) It was discovered that OpenSSH did not properly enforce precedence of DisableForwarding=yes over PermitTunnel=yes in server configurations. This could possibly result in intended network forwarding restrictions being bypassed, contrary to expectations. (CVE-2026-59999) It was discovered that OpenSSH mishandled the MaxAuthTries limit for GSSAPI authentication. A remote attacker could use this issue to perform excessive authentication attempts. (CVE-2026-60000) It was discovered that OpenSSH did not always honour the minimum authentication delay. An attacker could possibly use this issue to perform brute-force attacks more efficiently. (CVE-2026-60001) It was discovered that the OpenSSH client had a use-after-free vulnerability when a server changed its host key during a key re-exchange. An attacker able to intercept communications could possibly use this issue to execute arbitrary code or obtain sensitive information. (CVE-2026-60002)

USN-8532-1: libssh2 vulnerabilities

5 days 10 hours ago
It was discovered that libssh2 incorrectly handled certain publickey subsystem attributes. A remote attacker controlling a malicious SSH server could use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2026-58050) It was discovered that libssh2 did not properly initialize publickey list entries before parsing. A remote attacker controlling a malicious SSH server could use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2026-58051)

USN-8496-3: cifs-utils vulnerability

5 days 10 hours ago
USN-8496-1 fixed vulnerabilities in cifs-utils. The update caused a regression and was backed out in USN-8496-2. This update reintroduces the security fix, along with a fix for the regression. Original advisory details: It was discovered that cifs-utils incorrectly dropped root privileges before looking up user information. A local attacker could possibly use this issue to execute arbitrary code as the root user.

USN-8531-1: libexif vulnerabilities

5 days 11 hours ago
It was discovered that libexif had an integer overflow in its MakerNote decoder when called with a zero-length buffer. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-32775) It was discovered that libexif had an integer overflow in its Nikon MakerNote handler on 32-bit systems. A local attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-40385) It was discovered that libexif had an integer underflow in its size checking for Fuji and Olympus MakerNote decoding. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-40386)

freerdp-3.28.0-1.fc44

5 days 12 hours ago
FEDORA-2026-931f893f1b Packages in this update:
  • freerdp-3.28.0-1.fc44
Update description:

Update to 3.28.0

It fixes CVE-2026-57156, CVE-2026-57157 and CVE-2026-57158.

freerdp-3.28.0-1.fc43

5 days 12 hours ago
FEDORA-2026-e2afc3151d Packages in this update:
  • freerdp-3.28.0-1.fc43
Update description:

Update to 3.28.0

It fixes CVE-2026-57156, CVE-2026-57157 and CVE-2026-57158.

python-asyncssh-2.24.0-2.el10_3

6 days ago
FEDORA-EPEL-2026-f1bf34001a Packages in this update:
  • python-asyncssh-2.24.0-2.el10_3
Update description:

update to version 2.24.0 Fix CVE-2026-54590: Unauthorized file modification via authorized-keys directory escape Fix CVE-2026-54591: Arbitrary file write via path traversal in SCP client