4 days 7 hours ago
It was discovered that sslh did not properly handle symbolic
links when writing its PID file. A local attacker could
possibly use this issue to overwrite arbitrary files.
4 days 7 hours ago
It was discovered that NNCP did not properly sanitize file paths
in packet data during file requesting and file saving operations. A
remote attacker could possibly use this issue to read or write
arbitrary files outside of the intended directory.
4 days 7 hours ago
It was discovered that haveged incorrectly handled credential
checks on its control socket. A local attacker could possibly
use this issue to execute privileged commands.
4 days 7 hours ago
USN-8055-1 fixed a vulnerability in Evolution Data Server. This update
provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu
20.04 LTS.
Original advisory details:
It was discovered that Evolution Data Server incorrectly handled
removing local cache files. An attacker could possibly use this issue
to cause Evolution Data Server to remove arbitrary files.
4 days 7 hours ago
It was discovered that Qt Declarative did not properly validate the
width and height attributes of image tags in the Text component of Qt
Quick. An attacker could possibly use this issue to cause Qt Declarative
to use excessive resources, leading to a denial of service.
4 days 7 hours ago
FEDORA-2026-71b1e9b455
Packages in this update:
Update description:
This is an update fixing a pre-authentication information disclosure (CVE-2026-48840).
4 days 7 hours ago
FEDORA-2026-78bf093219
Packages in this update:
Update description:
This is an update fixing a pre-authentication information disclosure (CVE-2026-48840).
4 days 7 hours ago
It was discovered that GNU SASL did not properly handle certain DIGEST-MD5
tokens. An attacker could possibly use this issue to cause GNU SASL to
crash, resulting in a denial of service.
4 days 8 hours ago
It was discovered that SSSD did not properly handle raw bytes in the PAM
passkey responder. A local attacker could possibly use this issue to cause
the SSSD PAM responder to crash, resulting in a denial of service.
4 days 8 hours ago
FEDORA-EPEL-2026-3a38802c78
Packages in this update:
Update description:
This is an update fixing several security related problems in putty.
4 days 8 hours ago
FEDORA-EPEL-2026-cd5d16450f
Packages in this update:
Update description:
This is an update fixing several security related problems in putty.
4 days 8 hours ago
It was discovered that nginx did not properly validate source addresses in
the HTTP/3 QUIC module. A remote attacker could possibly use this issue to
bypass authorization checks or rate limiting. This issue only affected
Ubuntu 25.04 and Ubuntu 25.10. (CVE-2026-40460)
It was discovered that nginx contained a use-after-free vulnerability in
the ngx_http_ssl_module module when client certificate verification and
OCSP validation were enabled. A remote attacker could use this issue to
cause nginx to crash, resulting in a denial of service, or possibly modify
data in memory. (CVE-2026-40701)
It was discovered that nginx did not properly handle certain proxied
responses in the ngx_http_charset_module module. A remote attacker could
possibly use this issue to obtain sensitive information or cause nginx to
crash, resulting in a denial of service. (CVE-2026-42934)
It was discovered that nginx did not properly process certain SCGI and
uWSGI responses. An attacker able to perform a machine-in-the-middle attack
could possibly use this issue to obtain sensitive information or cause
nginx to crash, resulting in a denial of service. (CVE-2026-42946)
It was discovered that nginx incorrectly handled certain rewrite rules in
the ngx_http_rewrite_module module. A remote attacker could use this issue
to cause nginx to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2026-9256)
4 days 8 hours ago
FEDORA-2026-61f53cc218
Packages in this update:
Update description:
This is an update fixing several security related problems in putty.
4 days 8 hours ago
FEDORA-2026-1ab61e6e20
Packages in this update:
Update description:
This is an update fixing several security related problems in putty.
4 days 8 hours ago
Warisjeet Singh discovered that Exim with SUPPORT_PROXY enabled did not
properly handle memory before SMTP authentication. A remote attacker could
possibly use this issue to obtain sensitive information.
4 days 9 hours ago
Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched
encryption salt parameters in crafted OOXML documents. An attacker could
use this issue to cause LibreOffice to crash, resulting in a denial of
service, or possibly execute arbitrary code.
4 days 9 hours ago
It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Ethernet bonding driver;
- Packet sockets;
- TLS protocol;
(CVE-2026-31419, CVE-2026-31504, CVE-2026-31533, CVE-2026-43033,
CVE-2026-43077, CVE-2026-43078, CVE-2026-46028)
4 days 9 hours ago
It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Ethernet bonding driver;
- Packet sockets;
- TLS protocol;
(CVE-2026-31419, CVE-2026-31504, CVE-2026-31533, CVE-2026-43033,
CVE-2026-43077, CVE-2026-43078, CVE-2026-46028)
4 days 13 hours ago
Calum Hutton discovered that rsync contained a heap-based out-of-bounds
read when handling file transfers. A remote attacker with read access
to an rsync server could possibly use this issue to cause a denial of
service. (CVE-2025-10158)
Batuhan Sancak, Damien Neil, and Michael Stapelberg discovered that
rsync daemons configured without chroot protection were exposed to a
race condition on parent path components. A local attacker with write
access to a module could possibly use this issue to overwrite files,
obtain sensitive information, or escalate privileges.
(CVE-2026-29518)
It was discovered that rsync did not properly validate a length value
while sorting extended attributes. An attacker could possibly use this
issue to cause a denial of service. (CVE-2026-41035)
It was discovered that rsync performed reverse-DNS lookups after
chrooting in some daemon configurations. A remote attacker could
possibly use this issue to bypass hostname-based access controls and
access network services. (CVE-2026-43617)
Omar Elsayed discovered that rsync did not properly check for integer
overflows while decoding compressed tokens. A remote attacker could
possibly use this issue to obtain sensitive information.
(CVE-2026-43618)
Andrew Tridgell discovered that rsync did not fully fix a symlink race
condition in path-based system calls for daemons configured without
chroot protection. A local attacker could possibly use this issue to
overwrite files, obtain sensitive information, or escalate privileges.
(CVE-2026-43619)
Pratham Gupta discovered that rsync did not properly validate an index
while processing file lists. A remote attacker could possibly use this
issue to cause rsync to crash, resulting in a denial of service.
(CVE-2026-43620)
Michal Ruprich discovered that rsync contained an off-by-one error
while handling HTTP proxy responses. An attacker able to intercept network
communications or a malicious proxy server could possibly use this issue to
cause a denial of service. (CVE-2026-45232)
4 days 13 hours ago
In the Linux kernel, the following vulnerability has been
resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If
kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, we
propagate the error back to the ioctl but leave the vGIC vCPU data
initialised.
In the Linux kernel, the following vulnerability has been
resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU length
or offset exceeds sg_cnt and then use bogus sg->length/offset values,
leading to _copy_to_iter() GPF/KASAN.
It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container.)(CVE-2026-31431)