Aggregator

It was discovered that python-cryptography incorrectly handled subgroup validation for SECT curves. A remote attacker could use this issue to perform a subgroup attack and possibly recover the least significant bits of private keys.

Version:6.19.7 (stable) Released:2026-03-12 Source:linux-6.19.7.tar.xz PGP Signature:linux-6.19.7.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.19.7

Version:6.18.17 (longterm) Released:2026-03-12 Source:linux-6.18.17.tar.xz PGP Signature:linux-6.18.17.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.18.17

FEDORA-EPEL-2026-439d2b09db Packages in this update:

• wordpress-6.9.4-1.el10_1

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4
• WordPress 6.9.4 Release

FEDORA-EPEL-2026-7fdbeef41b Packages in this update:

• wordpress-6.9.4-1.el9

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4
• WordPress 6.9.4 Release

FEDORA-2026-bf984d4931 Packages in this update:

• wordpress-6.9.4-1.fc44

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4
• WordPress 6.9.4 Release

FEDORA-2026-5774d46593 Packages in this update:

• wordpress-6.9.4-1.fc43

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4
• WordPress 6.9.4 Release

FEDORA-2026-675dd9b166 Packages in this update:

• wordpress-6.9.4-1.fc42

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4
• WordPress 6.9.4 Release

FEDORA-EPEL-2026-6d9113a8af Packages in this update:

• wordpress-6.9.4-1.el10_2

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4
• WordPress 6.9.4 Release

FEDORA-EPEL-2026-c7993fe121 Packages in this update:

• wordpress-6.9.4-1.el10_3

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4
• WordPress 6.9.4 Release

It was discovered that FreeType did not correctly handle certain integer arithmetic. An attacker could possibly use this issue to leak sensitive information.

FEDORA-2026-c47c476fdd Packages in this update:

• uxplay-1.73.3-1.fc42

Update description:

Update to 1.73.3; Fixes: RHBZ#2426392, RHBZ#2415186

FEDORA-2026-a00f52ac25 Packages in this update:

• uxplay-1.73.3-1.fc43

Update description:

Update to 1.73.3; Fixes: RHBZ#2426392, RHBZ#2415186

FEDORA-EPEL-2026-a16c1151d2 Packages in this update:

• uxplay-1.73.3-1.el10_3

Update description:

Update to 1.73.3; Fixes: RHBZ#2426392, RHBZ#2415186

It was discovered that the .NET Microsoft.Bcl.Memory NuGet package did not properly handle certain malformed Base64Url encoded input. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. This issue only affected .NET 9.0 and .NET 10.0. (CVE-2026-26127) Bartłomiej Dach discovered that .NET's SignalR server component did not properly manage resource consumption when processing certain messages. An attacker could possibly use this issue to exhaust internal buffers, resulting in a denial of service. (CVE-2026-26130)

FEDORA-2026-2fef29d32a Packages in this update:

• bpfman-0.5.4-4.fc43

Update description:

Fix CVE-2026-31812: Bump quinn-proto to 0.11.14 - Closes rhbz#2446359