3 days 16 hours ago
It was discovered that GDK-PixBuf incorrectly handled certain JPEG files.
An attacker could use this issue to cause GDK-PixBuf to crash, resulting in
a denial of service, or possibly execute arbitrary code.
3 days 17 hours ago
Viktor Dukhovni discovered that OpenSSL incorrectly negotiated the expected
preferred key exchange group when used as a TLS 1.3 server. This could
result in a less preferred key exchange being used, contrary to
expectations. This issue only affected Ubuntu 25.10. (CVE-2026-2673)
Igor Morgenstern discovered that OpenSSL incorrectly handled certain memory
operations when used as a DANE client. A remote attacker could use this
issue to cause OpenSSL to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-28387)
Igor Morgenstern discovered that OpenSSL incorrectly handled certain memory
operations when processing a delta CRL. A remote attacker could possibly
use this issue to cause OpenSSL to crash, resulting in a denial of service.
(CVE-2026-28388)
Nathan Sportsman, Daniel Rhea, and Jaeho Nam discovered that OpenSSL
incorrectly handled certain memory operations when processing a crafted CMS
EnvelopedData message with KeyAgreeRecipientInfo. A remote attacker could
possibly use this issue to cause OpenSSL to crash, resulting in a denial
of service. (CVE-2026-28389)
Muhammad Daffa, Joshua Rogers, and Chanho Kim discovered that OpenSSL
incorrectly handled processing of a crafted CMS EnvelopedData message with
KeyTransportRecipientInfo. A remote attacker could possibly use this issue
to cause OpenSSL to crash, resulting in a denial of service.
(CVE-2026-28390)
Quoc Tran discovered that OpenSSL incorrectly handled hexadecimal
conversion on 32-bit platforms. A remote attacker could use this issue to
cause OpenSSL to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2026-31789)
Simo Sorce discovered that OpenSSL incorrectly handled failures in RSA KEM
RSASVE Encapsulation. A remote attacker could possibly use this issue to
obtain sensitive information. (CVE-2026-31790)
3 days 17 hours ago
FEDORA-2026-c0f8cde7ad
Packages in this update:
Update description:
Automatic update for usd-26.03-3.fc45.
Changelog
* Wed Apr 8 2026 Benjamin A. Beasley <
code@musicinmybrain.net> - 26.03-3
- Backport several OpenEXRCore security fixes
- Fixes CVE-2026-34378 / GHSA-v76p-4qvv-vh4g; closes RHBZ#2455493
- Fixes CVE-2026-34380 / GHSA-q3v8-hw4m-59w5; closes RHBZ#2455534
- Fixes CVE-2026-34588 / GHSA-588r-cr5c-w6hf; closes RHBZ#2455505
- Fixes CVE-2026-34589 / GHSA-p8xc-w3q4-h64x; closes RHBZ#2455501
- Fixes CVE-2026-34379 / GHSA-w88v-vqhq-5p24; closes RHBZ#2455497
3 days 17 hours ago
FEDORA-2026-be26d4c1b2
Packages in this update:
Update description:
Update to 1.16.4
Fixes for CVE-2026-34078, CVE-2026-34079, GHSA-2fxp-43j9-pwvc and GHSA-89xm-3m96-w3jg
3 days 17 hours ago
FEDORA-2026-06b66012cd
Packages in this update:
Update description:
Update to 1.16.4
Fixes for CVE-2026-34078, CVE-2026-34079, GHSA-2fxp-43j9-pwvc and GHSA-89xm-3m96-w3jg
3 days 17 hours ago
FEDORA-2026-17f6840cea
Packages in this update:
Update description:
Update to 1.17.4
Fixes for CVE-2026-34078, CVE-2026-34079, GHSA-2fxp-43j9-pwvc and GHSA-89xm-3m96-w3jg
3 days 18 hours ago
FEDORA-EPEL-2026-2a86e9354d
Packages in this update:
- prometheus-3.11.1-1.el10_3
Update description:
Update to 3.11.1
Update to 3.11.0
3 days 21 hours ago
FEDORA-2026-02fa328deb
Packages in this update:
Update description:
3 days 22 hours ago
FEDORA-2026-6c1a1c78c1
Packages in this update:
Update description:
3 days 23 hours ago
FEDORA-2026-db2b4e5b64
Packages in this update:
- thunderbird-149.0.1-2.fc42
Update description:
Update to latest upstream version.
3 days 23 hours ago
FEDORA-2026-8463c31b61
Packages in this update:
- thunderbird-149.0.1-3.fc43
Update description:
Update to latest upstream version.
3 days 23 hours ago
FEDORA-2026-1902c187b6
Packages in this update:
- thunderbird-149.0.1-2.fc44
Update description:
Update to latest upstream version.
3 days 23 hours ago
FEDORA-2026-8c7366e046
Packages in this update:
Update description:
- update to 2.34
- https://nix.dev/manual/nix/2.34/release-notes/rl-2.33.html
- https://nix.dev/manual/nix/2.34/release-notes/rl-2.34.html
- includes fix for nix-daemon critical GHSA-g3g9-5vj6-r3gj (CVE-2026-39860)
4 days 1 hour ago
4 days 7 hours ago
FEDORA-2026-49fd0d9636
Packages in this update:
- moby-engine-29.4.0-1.fc42
Update description:
- Update to release v29.4.0
- Resolves: rhbz#2455894
- Resolves CVE-2026-34986: rhbz#2455665
- Upstream new features and fixes
4 days 8 hours ago
FEDORA-2026-a5015b57b9
Packages in this update:
- moby-engine-29.4.0-1.fc43
Update description:
- Update to release v29.4.0
- Resolves: rhbz#2455894
- Resolves CVE-2026-34986: rhbz#2455665
- Upstream new features and fixes
4 days 8 hours ago
FEDORA-2026-853a2fa7e5
Packages in this update:
- moby-engine-29.4.0-1.fc44
Update description:
- Update to release v29.4.0
- Resolves: rhbz#2455894
- Resolves CVE-2026-34986: rhbz#2455665
- Upstream new features and fixes
4 days 9 hours ago
FEDORA-2026-e520168745
Packages in this update:
- moby-engine-29.4.0-1.fc45
Update description:
Automatic update for moby-engine-29.4.0-1.fc45.
Changelog
* Tue Apr 7 2026 Bradley G Smith <
bradley.g.smith@gmail.com> - 29.4.0-1
- Update to release v29.4.0
- Resolves: rhbz#2455894
- Resolves CVE-2026-34986: rhbz#2455665
- Upstream new features and fixes
4 days 10 hours ago
USN-8089-1 fixed vulnerabilities in Go Networking. This update provides
the corresponding update to code vendored in LXD, ADSys, and Juju Core.
Original advisory details:
Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and
Kaan Onarlioglu discovered that servers using Go Networking could hang
during shutdown if preempted by a fatal error. An attacker could possibly
use this to cause a denial of service. This issue only affected Ubuntu
22.04 LTS. (CVE-2022-27664)
Arpad Ryszka and Jakob Ackermann discovered that a maliciously crafted
stream could cause excessive CPU usage in Go Networking's HPACK decoder. An
attacker could possibly use this to cause a denial of service. This issue
only affected Ubuntu 22.04 LTS. (CVE-2022-41723)
Mohammad Thoriq Aziz discovered that Go Networking did not properly
sanitize some text nodes. An attacker could possibly use this to execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-3978)
Sean Ng discovered an error in Go Networking's HTML tag handling. An
attacker could possibly use this to cause a denial of service.
(CVE-2025-22872)
Guido Vranken and Jakub Ciolek discovered that a maliciously crafted HTML
document could exhaust system resources on servers using Go Networking. An
attacker could possibly use this to cause a denial of service.
(CVE-2025-47911)
Guido Vranken discovered that a maliciously crafted HTML document could put
servers using Go Networking into an infinite loop. An attacker could
possibly use this to cause a denial of service. (CVE-2025-58190)
4 days 11 hours ago
Seokchan Yoon discovered that Django incorrectly handled copying memory
when parsing multipart uploads with excessive whitespace. A remote attacker
could possibly use this issue to cause Django to use excessive resources,
leading to a denial of service. (CVE-2026-33033)
It was discovered that Django did not enforce an upload memory size limit
in the Content-Length header. A remote attacker could possibly use this
issue to cause Django to use excessive resources, leading to a denial of
service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10.
(CVE-2026-33034)
Tarek Nakkouch discovered that Django incorrectly handled underscores in
the ASGI headers. A remote attacker could possibly use this issue to spoof
HTTP headers. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS,
and Ubuntu 25.10. (CVE-2026-3902)
It was discovered that Django incorrectly handled verification of model
data created with POST requests. A remote attacker could possibly use this
issue to forge new model permissions. (CVE-2026-4277, CVE-2026-4292)