Aggregator

USN-8486-1: libssh2 vulnerabilities

4 days 4 hours ago
It was discovered that libssh2 incorrectly handled the sftp_symlink() function. A malicious SSH server or machine-in-the-middle attacker could possibly use this issue to obtain sensitive information or cause a denial of service. (CVE-2025-15661) It was discovered that libssh2 had a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler. A malicious SSH server could possibly use this issue to cause a client CPU exhaustion loop, resulting in a denial of service. (CVE-2026-55199) It was discovered that libssh2 incorrectly handled packet length fields. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-55200)

USN-8483-1: HPLIP vulnerabilities

4 days 5 hours ago
It was discovered that HPLIP incorrectly handled certain print data. An attacker could possibly use this issue to cause HPLIP to execute arbitrary code. (CVE-2026-8631) It was discovered that HPLIP incorrectly handled certain inputs. A local attacker could possibly use this issue to execute arbitrary code. (CVE-2026-8632)

python-nh3-0.3.6-1.fc44

4 days 6 hours ago
FEDORA-2026-5ebb12f543 Packages in this update:
  • python-nh3-0.3.6-1.fc44
Update description:

Update to 0.3.6; this includes an update to PyO3 0.29, which fixes RUSTSEC-2026-0176 and RUSTSEC-2026-0177.

USN-8481-1: NSS vulnerability

4 days 22 hours ago
Haruto Kimura discovered that NSS had incorrecty handled parsing PKCS#11 URI escape sequences. An attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service, or obtain sensitive information.

USN-8480-1: SQLite vulnerabilities

4 days 23 hours ago
It was discovered that SQLite incorrectly handled certain memory operations in the FTS5 full-text search extension. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.