Aggregator

In the Linux kernel, the following vulnerability has been resolved: e100: Fix possible use after free in e100_xmit_prepare In e100_xmit_prepare(), if we can't map the skb, then return -ENOMEM, so e100_xmit_frame() will return NETDEV_TX_BUSY and the upper layer will resend the skb. In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for real_dev Create a new macsec device but not get reference to real_dev. In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix firmware crash due to invalid peer nss Currently, if the access point receives an association request containing an Extended HE Capabilities Information Element with an invalid MCS-NSS, it triggers a firmware crash. In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix overflow in oa batch buffer By default xe_bb_create_job() appends a MI_BATCH_BUFFER_END to batch buffer, this is not a problem if batch buffer is only used once but oa reuses the batch buffer for the same metric and at each call it appends a MI_BATCH_BUFFER_END, printing the warning below and then overflowing. In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4_process_cb_update() @ses is initialized to NULL. In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Explicitly verify the target vCPU is fully online _prior_ to clamping the index in kvm_get_vcpu(). In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters, leading to an out of bounds memory access. In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan found that ets_class_from_arg() can index an Out- Of-Bound class in ets_class_from_arg() when passed clid of 0. In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check control transfer buffer size before access If the first fragment is shorter than struct usb_cdc_notification, we can't calculate an expected_size. In the Linux kernel, the following vulnerability has been resolved: net: davicom: fix UAF in dm9000_drv_remove dm is netdev private data and it cannot be used after free_netdev() call. In the Linux kernel, the following vulnerability has been resolved: exfat: fix random stack corruption after get_block When get_block is called with a buffer_head allocated on the stack, such as do_mpage_readpage, stack corruption due to buffer_head UAF may occur in the following race condition situation.

David Leadbeater discovered that containerd incorrectly set certain directory path permissions. An attacker could possibly use this issue to achieve unauthorised access to the files. (CVE-2024-25621) It was discovered that containerd did not properly handle the execution of the goroutine of container attach. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-64329)

Version:next-20260128 (linux-next) Released:2026-01-28

FEDORA-EPEL-2026-d12ea63356 Packages in this update:

• xorgxrdp-0.10.5-1.el9
• xrdp-0.10.5-1.el9

Update description:

Release notes for xrdp v0.10.5 (2026/01/27)

Security fixes

• CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-based Buffer Overflow

New features

• It is now possible to start the xrdp daemon entirely unprivileged from the service manager (#3599 #3603). If you do this certain restrictions will apply. See https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-root for details.
• TLS pre-master secrets can now be recorded for packet captures (#3617)
• Add a FuseRootReportMaxFree to work around 'no free space' issues with some file managers (#3639)
• Alternate shell names can now be passed to startwm.sh in an environment variable for more system management control (#3624 #3651)
• Updated Xorg paths in sesman.ini to include more recent distros (#3663)
• Add Slovenian keyboard (#3668 #3670)
• xrdpapi: Add a way to monitor connect/disconnect events (#3693)

Bug fixes

• Allow an empty X11 UTF8_STRING to be pasted to the clipboard (#3580 #3582)
• Fix a regression introduced in v0.10.x, where it became impossible to connect to a VNC server which did not support the ExtendedDesktopSize encoding (#3540 #3584)
• Fix a regression introduced in v0.10.x related to PAM groups handling (#3594)
• Inconsistencies with [MS-RDPBCGR] have been addressed (#3608)
• A reference to uninitialised data within the verify_user_pam_userpass.c module has been fixed (#3638)
• Prevent some possible crashes when the RFX encoder is resized (#3590 #3644)
• Fixes a regression introduced by GFX development which prevented the JPEG encoder from working correctly (#3649)
• Fixes a regression introduced by #2974 which resulted in the xrdp PID file being deleted unexpectedly (#3650)
• Do not overwrite a VNC port set by the user when not using sesman (#3674)
• Fix regression from 0.9.x when freerdp client uses /workarea (#3618 #3676)
• Fixes a crash where a resize is attempted with drdynvc disabled (#3672 #3680)
• getgrouplist() now compiles on MacOS (#3575)
• Various Coverity warnings have been addressed (#3656)
• Documentation improvements (#3665)

Internal changes

• An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has been removed (#3679)

Release notes for xorgxrdp v0.10.5 (2026/01/28)

Bug fixes

• Fix bug in Chrome pointer detection (#394 #396)

Internal changes

• CI: Update FreeBSD xrdp dependency (#398)

FEDORA-2026-b409dad73e Packages in this update:

• xorgxrdp-0.10.5-1.fc42
• xrdp-0.10.5-1.fc42

Update description:

Release notes for xrdp v0.10.5 (2026/01/27)

Security fixes

• CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-based Buffer Overflow

New features

• It is now possible to start the xrdp daemon entirely unprivileged from the service manager (#3599 #3603). If you do this certain restrictions will apply. See https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-root for details.
• TLS pre-master secrets can now be recorded for packet captures (#3617)
• Add a FuseRootReportMaxFree to work around 'no free space' issues with some file managers (#3639)
• Alternate shell names can now be passed to startwm.sh in an environment variable for more system management control (#3624 #3651)
• Updated Xorg paths in sesman.ini to include more recent distros (#3663)
• Add Slovenian keyboard (#3668 #3670)
• xrdpapi: Add a way to monitor connect/disconnect events (#3693)

Bug fixes

• Allow an empty X11 UTF8_STRING to be pasted to the clipboard (#3580 #3582)
• Fix a regression introduced in v0.10.x, where it became impossible to connect to a VNC server which did not support the ExtendedDesktopSize encoding (#3540 #3584)
• Fix a regression introduced in v0.10.x related to PAM groups handling (#3594)
• Inconsistencies with [MS-RDPBCGR] have been addressed (#3608)
• A reference to uninitialised data within the verify_user_pam_userpass.c module has been fixed (#3638)
• Prevent some possible crashes when the RFX encoder is resized (#3590 #3644)
• Fixes a regression introduced by GFX development which prevented the JPEG encoder from working correctly (#3649)
• Fixes a regression introduced by #2974 which resulted in the xrdp PID file being deleted unexpectedly (#3650)
• Do not overwrite a VNC port set by the user when not using sesman (#3674)
• Fix regression from 0.9.x when freerdp client uses /workarea (#3618 #3676)
• Fixes a crash where a resize is attempted with drdynvc disabled (#3672 #3680)
• getgrouplist() now compiles on MacOS (#3575)
• Various Coverity warnings have been addressed (#3656)
• Documentation improvements (#3665)

Internal changes

• An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has been removed (#3679)

Release notes for xorgxrdp v0.10.5 (2026/01/28)

Bug fixes

• Fix bug in Chrome pointer detection (#394 #396)

Internal changes

• CI: Update FreeBSD xrdp dependency (#398)

FEDORA-EPEL-2026-5c626357f7 Packages in this update:

• xorgxrdp-0.10.5-1.el8
• xrdp-0.10.5-1.el8

Update description:

Release notes for xrdp v0.10.5 (2026/01/27)

Security fixes

• CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-based Buffer Overflow

New features

• It is now possible to start the xrdp daemon entirely unprivileged from the service manager (#3599 #3603). If you do this certain restrictions will apply. See https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-root for details.
• TLS pre-master secrets can now be recorded for packet captures (#3617)
• Add a FuseRootReportMaxFree to work around 'no free space' issues with some file managers (#3639)
• Alternate shell names can now be passed to startwm.sh in an environment variable for more system management control (#3624 #3651)
• Updated Xorg paths in sesman.ini to include more recent distros (#3663)
• Add Slovenian keyboard (#3668 #3670)
• xrdpapi: Add a way to monitor connect/disconnect events (#3693)

Bug fixes

• Allow an empty X11 UTF8_STRING to be pasted to the clipboard (#3580 #3582)
• Fix a regression introduced in v0.10.x, where it became impossible to connect to a VNC server which did not support the ExtendedDesktopSize encoding (#3540 #3584)
• Fix a regression introduced in v0.10.x related to PAM groups handling (#3594)
• Inconsistencies with [MS-RDPBCGR] have been addressed (#3608)
• A reference to uninitialised data within the verify_user_pam_userpass.c module has been fixed (#3638)
• Prevent some possible crashes when the RFX encoder is resized (#3590 #3644)
• Fixes a regression introduced by GFX development which prevented the JPEG encoder from working correctly (#3649)
• Fixes a regression introduced by #2974 which resulted in the xrdp PID file being deleted unexpectedly (#3650)
• Do not overwrite a VNC port set by the user when not using sesman (#3674)
• Fix regression from 0.9.x when freerdp client uses /workarea (#3618 #3676)
• Fixes a crash where a resize is attempted with drdynvc disabled (#3672 #3680)
• getgrouplist() now compiles on MacOS (#3575)
• Various Coverity warnings have been addressed (#3656)
• Documentation improvements (#3665)

Internal changes

• An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has been removed (#3679)

Release notes for xorgxrdp v0.10.5 (2026/01/28)

Bug fixes

• Fix bug in Chrome pointer detection (#394 #396)

Internal changes

• CI: Update FreeBSD xrdp dependency (#398)

FEDORA-2026-febea89ac3 Packages in this update:

• xorgxrdp-0.10.5-1.fc43
• xrdp-0.10.5-1.fc43

Update description:

Release notes for xrdp v0.10.5 (2026/01/27)

Security fixes

• CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-based Buffer Overflow

New features

• It is now possible to start the xrdp daemon entirely unprivileged from the service manager (#3599 #3603). If you do this certain restrictions will apply. See https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-root for details.
• TLS pre-master secrets can now be recorded for packet captures (#3617)
• Add a FuseRootReportMaxFree to work around 'no free space' issues with some file managers (#3639)
• Alternate shell names can now be passed to startwm.sh in an environment variable for more system management control (#3624 #3651)
• Updated Xorg paths in sesman.ini to include more recent distros (#3663)
• Add Slovenian keyboard (#3668 #3670)
• xrdpapi: Add a way to monitor connect/disconnect events (#3693)

Bug fixes

• Allow an empty X11 UTF8_STRING to be pasted to the clipboard (#3580 #3582)
• Fix a regression introduced in v0.10.x, where it became impossible to connect to a VNC server which did not support the ExtendedDesktopSize encoding (#3540 #3584)
• Fix a regression introduced in v0.10.x related to PAM groups handling (#3594)
• Inconsistencies with [MS-RDPBCGR] have been addressed (#3608)
• A reference to uninitialised data within the verify_user_pam_userpass.c module has been fixed (#3638)
• Prevent some possible crashes when the RFX encoder is resized (#3590 #3644)
• Fixes a regression introduced by GFX development which prevented the JPEG encoder from working correctly (#3649)
• Fixes a regression introduced by #2974 which resulted in the xrdp PID file being deleted unexpectedly (#3650)
• Do not overwrite a VNC port set by the user when not using sesman (#3674)
• Fix regression from 0.9.x when freerdp client uses /workarea (#3618 #3676)
• Fixes a crash where a resize is attempted with drdynvc disabled (#3672 #3680)
• getgrouplist() now compiles on MacOS (#3575)
• Various Coverity warnings have been addressed (#3656)
• Documentation improvements (#3665)

Internal changes

• An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has been removed (#3679)

Release notes for xorgxrdp v0.10.5 (2026/01/28)

Bug fixes

• Fix bug in Chrome pointer detection (#394 #396)

Internal changes

• CI: Update FreeBSD xrdp dependency (#398)

FEDORA-EPEL-2026-f9b1069f42 Packages in this update:

• python-python-multipart-0.0.20-2.el9

Update description:

Backport the fix for CVE-2026-24486 / GHSA-wp53-j4wj-2cfg: drop directory path from filename in File.

It was discovered that FFmpeg did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-59728) It was discovered that FFmpeg did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-59731, CVE-2025-59732) It was discovered that FFmpeg did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-59733) It was discovered that FFmpeg did not correctly handle certain integer arithmetic operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-63757)

USN-7980-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for CVE-2025-68160 for openssl and openssl1.0, CVE-2025-69418 for openssl on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS, CVE-2025-69419 for openssl on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS, CVE-2025-69420 for openssl on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS, CVE-2025-69421 for openssl and openssl1.0, CVE-2026-22795 for openssl on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS, and CVE-2026-22796 for openssl and openssl1.0. Original advisory details: Stanislav Fort, Petr Šimeček, and Hamza discovered that OpenSSL incorrectly validated PBMAC1 parameters when doing PKCS#12 MAC verification. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-11187) Stanislav Fort discovered that OpenSSL incorrectly parsed CMS AuthEnvelopedData messages. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-15467) Stanislav Fort discovered that OpenSSL incorrectly handled memory in the SSL_CIPHER_find() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-15468) Stanislav Fort discovered that the OpenSSL "openssl dgst" command line tool incorrectly truncated data to 16MB. An attacker could posibly use this issue to hide unauthenticated data beyond the 16MB limit. This issue only affected Ubuntu 25.10. (CVE-2025-15469) Tomas Dulka and Stanislav Fort discovered that OpenSSL incorrectly handled memory with TLS 1.3 connections using certificate compression. An attacker could possibly use this issue to consume resources, leading to a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-66199) Petr Simecek and Stanislav Fort discovered that OpenSSL incorrectly handled memory when writing large data into a BIO chain. An attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2025-68160) Stanislav Fort discovered that the OpenSSL OCB API could incorrectly leave final partial blocks unencrypted and unauthenticated. An attacker could possibly use this issue to read or tamper with the affected final bytes. (CVE-2025-69418) Stanislav Fort discovered that OpenSSL incorrectly handled the PKCS12_get_friendlyname() utf-8 conversion. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69419) Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in the TS_RESP_verify_response() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69420) Luigino Camastra discovered that OpenSSL incorrectly handled memory in the PKCS12_item_decrypt_d2i_ex function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69421) Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in PKCS#12 parsing. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-22795) Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in the PKCS7_digest_from_attributes() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-22796)

FEDORA-2026-84de1534b1 Packages in this update:

• openqa-5^20250711git28a0214-4.fc42

Update description:

This update bumps the bundled lodash to 4.17.23 to ensure openQA is protected against CVE-2025-13465. It likely was not vulnerable in any case, though, as I don't believe the vulnerable codepaths were exposed by openQA's use of lodash.

It was discovered that wlc did not correctly handle SSL verification. An attacker could possibly use this issue to access sensitive resources. (CVE-2026-22250) It was discovered that wlc did not correctly handle API keys. An attacker could possibly use this issue to leak API keys to a malicious server. (CVE-2026-22251)

Stanislav Fort, Petr Šimeček, and Hamza discovered that OpenSSL incorrectly validated PBMAC1 parameters when doing PKCS#12 MAC verification. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-11187) Stanislav Fort discovered that OpenSSL incorrectly parsed CMS AuthEnvelopedData messages. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-15467) Stanislav Fort discovered that OpenSSL incorrectly handled memory in the SSL_CIPHER_find() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-15468) Stanislav Fort discovered that the OpenSSL "openssl dgst" command line tool incorrectly truncated data to 16MB. An attacker could posibly use this issue to hide unauthenticated data beyond the 16MB limit. This issue only affected Ubuntu 25.10. (CVE-2025-15469) Tomas Dulka and Stanislav Fort discovered that OpenSSL incorrectly handled memory with TLS 1.3 connections using certificate compression. An attacker could possibly use this issue to consume resources, leading to a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-66199) Petr Simecek and Stanislav Fort discovered that OpenSSL incorrectly handled memory when writing large data into a BIO chain. An attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2025-68160) Stanislav Fort discovered that the OpenSSL OCB API could incorrectly leave final partial blocks unencrypted and unauthenticated. An attacker could possibly use this issue to read or tamper with the affected final bytes. (CVE-2025-69418) Stanislav Fort discovered that OpenSSL incorrectly handled the PKCS12_get_friendlyname() utf-8 conversion. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69419) Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in the TS_RESP_verify_response() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69420) Luigino Camastra discovered that OpenSSL incorrectly handled memory in the PKCS12_item_decrypt_d2i_ex function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69421) Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in PKCS#12 parsing. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-22795) Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in the PKCS7_digest_from_attributes() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-22796)

Version:next-20260127 (linux-next) Released:2026-01-27

FEDORA-2026-9bb4c555f1 Packages in this update:

• openssl-3.2.6-3.fc42

Update description:

Don't crash on parsing PKCS#12 without MAC Resolves: CVE-2025-11187 Resolves: CVE-2025-15467 Resolves: CVE-2025-69419

FEDORA-2026-5f7d0a5656 Packages in this update:

• openssl-3.5.4-2.fc43

Update description:

Resolves: CVE-2025-15467 Resolves: CVE-2025-15468 Resolves: CVE-2025-15469 Resolves: CVE-2025-66199 Resolves: CVE-2025-68160 Resolves: CVE-2025-69418 Resolves: CVE-2025-69420 Resolves: CVE-2025-69421 Resolves: CVE-2025-69419 Resolves: CVE-2026-22795 Resolves: CVE-2026-22796 Resolves: CVE-2025-11187

FEDORA-EPEL-2026-58d7d41403 Packages in this update:

• java-latest-openjdk-26.0.0.0.32-0.0.1.ea.el8

Update description:

January 2026 annual updates

FEDORA-EPEL-2026-5e00b7a772 Packages in this update:

• java-latest-openjdk-26.0.0.0.32-0.0.1.ea.el10_2
• java-latest-openjdk-portable-26.0.0.0.32-0.1.ea.rolling.el8

Update description:

January 2026 annual updates