python3.11-3.11.14-5.fc42
FEDORA-2026-8fa5a66a49
Packages in this update:
- python3.11-3.11.14-5.fc42
Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367
Aggregator
python3.11-3.11.14-5.fc43
FEDORA-2026-f17f6e94ca
Packages in this update:
- python3.11-3.11.14-5.fc43
Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367
python3.11-3.11.14-5.fc44
FEDORA-2026-91d3384f04
Packages in this update:
- python3.11-3.11.14-5.fc44
Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367
python3.12-3.12.12-4.fc42
FEDORA-2026-90382c6d3e
Packages in this update:
- python3.12-3.12.12-4.fc42
Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367
python3.12-3.12.12-4.fc43
FEDORA-2026-4e99b7fe5f
Packages in this update:
- python3.12-3.12.12-4.fc43
Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367
python3.12-3.12.12-4.fc44
FEDORA-2026-4c73011d81
Packages in this update:
- python3.12-3.12.12-4.fc44
Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367
DSA-6151-1 chromium - security update
DSA-6149-1 nss - security update
DSA-6150-1 python-django - security update
USN-8066-1: Rack vulnerabilities
Minh Pham Quang discovered that Rack did not correctly handle parsing
certain paths, which could lead to a path traversal attack. An attacker
could possibly use this issue to leak sensitive information.
(CVE-2026-22860)
Ali Firas discovered that Rack did not correctly sanitize certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2026-25500)
opensips-3.5.9-2.fc42
FEDORA-2026-1a199d8524
Packages in this update:
- opensips-3.5.9-2.fc42
Fix CVE-2026-25554
USN-8065-1: Authlib vulnerabilities
Millie Solem discovered that Authlib did not properly restrict algorithm
selection during JWT verification, allowing HMAC verification with
asymmetric public keys when no algorithm was specified. A remote attacker
could possibly use this issue to bypass signature verification and forge
tokens, resulting in authentication bypass or privilege escalation.
(CVE-2024-37568)
Muhammad Noman Ilyas discovered that Authlib did not properly enforce
critical header parameter handling during JSON Web Signature verification,
leading to unknown critical parameters being incorrectly accepted. A remote
attacker could possibly use this issue to bypass security policies in mixed
deployments, resulting in authentication bypass, replay attacks, or
privilege escalation. (CVE-2025-59420)
Muhammad Noman Ilyas discovered that Authlib did not properly limit the
size of JSON Web Signature or JSON Web Token header and signature segments.
A remote attacker could possibly use this issue to cause excessive memory
or processor consumption, leading to a denial of service. (CVE-2025-61920)
Muhammad Noman Ilyas discovered that Authlib performed unbounded
decompression when processing certain compressed encrypted tokens. A remote
attacker could possibly use this issue to send a specially crafted token
that can be expanded to a large size during decompression, causing a denial
of service. (CVE-2025-62706)
It was discovered that Authlib did not properly bind cached state
information to the initiating user session during OAuth authentication
flows. A remote attacker could possibly use this issue to perform cross-
site request forgery attacks, resulting in unauthorized actions or
authentication bypass. This issue only affected Ubuntu 24.04 LTS.
(CVE-2025-68158)
udisks2-2.11.1-1.fc43
FEDORA-2026-c6d7c9de1d
Packages in this update:
- udisks2-2.11.1-1.fc43
Rebase to latest upstream release
udisks2-2.11.1-1.fc44
FEDORA-2026-b8847e1e2c
Packages in this update:
- udisks2-2.11.1-1.fc44
Rebase to latest upstream release
next-20260225: linux-next
Version:next-20260225 (linux-next)
Released:2026-02-25
USN-8064-1: MongoDB vulnerabilities
Eliot Horowitz discovered that MongoDB may fail to validate some instances
of malformed BSON. A remote attacker could possibly use this issue to cause
MongoDB to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS. (CVE-2015-1609)
It was discovered that MongoDB read raw permissions from .dbshell history
files. A local attacker could possibly use this issue to obtain sensitive
information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04
LTS. (CVE-2016-6494)
Travis Brown discovered that MongoDB may be unable to parse specially
crafted UTF-8 strings in BSON requests. A remote attacker could possibly
use this issue to cause MongoDB to crash, resulting in a denial of service.
This issue only affected Ubuntu 18.04 LTS. (CVE-2018-20802)
firefox-148.0-1.fc43
FEDORA-2026-766e3a6ec8
Packages in this update:
- firefox-148.0-1.fc43
- New upstream release (148.0)
USN-5376-4: Git regression
USN-5376-1 fixed a vulnerability in Git. It was discovered that the safety
checks introduced in the update were not able to be set using the command
line, contrary to expectations. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
俞晨东 discovered that Git incorrectly handled certain repository paths in
platforms with multiple users support. An attacker could possibly use
this issue to run arbitrary commands.
USN-8063-1: Protocol Buffers vulnerability
It was discovered that Protocol Buffers incorrectly handled recursion when
the Python google.protobuf.json_format.ParseDict() function is being used.
An attacker could possibly use this issue to cause Protocol Buffers to
consume resources, resulting in a denial of service.
freerdp-3.23.0-1.fc43
FEDORA-2026-be60dd75d9
Packages in this update:
- freerdp-3.23.0-1.fc43
Update to 3.23.0 to fix CVE-2026-26965, CVE-2026-26955, CVE-2026-26271, CVE-2026-25997, CVE-2026-25959, CVE-2026-25955, CVE-2026-25954, CVE-2026-25953, CVE-2026-25952, CVE-2026-25942, CVE-2026-25941