Aggregator

FEDORA-EPEL-2026-19ec665339 Packages in this update:

• python-asyncmy-0.2.11-12.el10_3

Update description:

This is an upstream security and bugfix release. For details, see the release notes.

FEDORA-2026-cd9be7f17c Packages in this update:

• python-asyncmy-0.2.11-2.fc44

Update description:

This is an upstream security and bugfix release. For details, see the release notes.

FEDORA-EPEL-2026-2436e34efb Packages in this update:

• python-asyncmy-0.2.11-2.el9

Update description:

This is an upstream security and bugfix release. For details, see the release notes.

FEDORA-2026-cfa488b1ac Packages in this update:

• python-asyncmy-0.2.11-2.fc42

Update description:

This is an upstream security and bugfix release. For details, see the release notes.

FEDORA-2026-9d9161bac3 Packages in this update:

• python-asyncmy-0.2.11-2.fc43

Update description:

This is an upstream security and bugfix release. For details, see the release notes.

FEDORA-2026-ef5d97522f Packages in this update:

• python3.10-3.10.19-4.fc42

Update description:

Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367

FEDORA-2026-489dc1bc1b Packages in this update:

• python3.10-3.10.19-4.fc43

Update description:

Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367

FEDORA-2026-48d2e7135b Packages in this update:

• python3.10-3.10.19-4.fc44

Update description:

Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367

FEDORA-2026-8fa5a66a49 Packages in this update:

• python3.11-3.11.14-5.fc42

Update description:

Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367

FEDORA-2026-f17f6e94ca Packages in this update:

• python3.11-3.11.14-5.fc43

Update description:

Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367

FEDORA-2026-91d3384f04 Packages in this update:

• python3.11-3.11.14-5.fc44

Update description:

Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367

FEDORA-2026-90382c6d3e Packages in this update:

• python3.12-3.12.12-4.fc42

Update description:

Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367

FEDORA-2026-4e99b7fe5f Packages in this update:

• python3.12-3.12.12-4.fc43

Update description:

Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367

FEDORA-2026-4c73011d81 Packages in this update:

• python3.12-3.12.12-4.fc44

Update description:

Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367

Minh Pham Quang discovered that Rack did not correctly handle parsing certain paths, which could lead to a path traversal attack. An attacker could possibly use this issue to leak sensitive information. (CVE-2026-22860) Ali Firas discovered that Rack did not correctly sanitize certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2026-25500)

FEDORA-2026-1a199d8524 Packages in this update:

• opensips-3.5.9-2.fc42

Update description:

Fix CVE-2026-25554

Millie Solem discovered that Authlib did not properly restrict algorithm selection during JWT verification, allowing HMAC verification with asymmetric public keys when no algorithm was specified. A remote attacker could possibly use this issue to bypass signature verification and forge tokens, resulting in authentication bypass or privilege escalation. (CVE-2024-37568) Muhammad Noman Ilyas discovered that Authlib did not properly enforce critical header parameter handling during JSON Web Signature verification, leading to unknown critical parameters being incorrectly accepted. A remote attacker could possibly use this issue to bypass security policies in mixed deployments, resulting in authentication bypass, replay attacks, or privilege escalation. (CVE-2025-59420) Muhammad Noman Ilyas discovered that Authlib did not properly limit the size of JSON Web Signature or JSON Web Token header and signature segments. A remote attacker could possibly use this issue to cause excessive memory or processor consumption, leading to a denial of service. (CVE-2025-61920) Muhammad Noman Ilyas discovered that Authlib performed unbounded decompression when processing certain compressed encrypted tokens. A remote attacker could possibly use this issue to send a specially crafted token that can be expanded to a large size during decompression, causing a denial of service. (CVE-2025-62706) It was discovered that Authlib did not properly bind cached state information to the initiating user session during OAuth authentication flows. A remote attacker could possibly use this issue to perform cross- site request forgery attacks, resulting in unauthorized actions or authentication bypass. This issue only affected Ubuntu 24.04 LTS. (CVE-2025-68158)