Aggregator

FEDORA-EPEL-2026-c313127dd3 Packages in this update:

• exim-4.99.4-1.el9

Update description:

This is an update fixing a pre-authentication information disclosure (CVE-2026-48840).

FEDORA-EPEL-2026-c53d2746cf Packages in this update:

• exim-4.99.4-1.el10_3

Update description:

This is an update fixing a pre-authentication information disclosure (CVE-2026-48840).

It was discovered that sslh did not properly handle symbolic links when writing its PID file. A local attacker could possibly use this issue to overwrite arbitrary files.

It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote attacker could possibly use this issue to read or write arbitrary files outside of the intended directory.

It was discovered that haveged incorrectly handled credential checks on its control socket. A local attacker could possibly use this issue to execute privileged commands.

USN-8055-1 fixed a vulnerability in Evolution Data Server. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Evolution Data Server incorrectly handled removing local cache files. An attacker could possibly use this issue to cause Evolution Data Server to remove arbitrary files.

It was discovered that Qt Declarative did not properly validate the width and height attributes of image tags in the Text component of Qt Quick. An attacker could possibly use this issue to cause Qt Declarative to use excessive resources, leading to a denial of service.

FEDORA-2026-71b1e9b455 Packages in this update:

• exim-4.99.4-1.fc43

Update description:

This is an update fixing a pre-authentication information disclosure (CVE-2026-48840).

FEDORA-2026-78bf093219 Packages in this update:

• exim-4.99.4-1.fc44

Update description:

This is an update fixing a pre-authentication information disclosure (CVE-2026-48840).

It was discovered that GNU SASL did not properly handle certain DIGEST-MD5 tokens. An attacker could possibly use this issue to cause GNU SASL to crash, resulting in a denial of service.

It was discovered that SSSD did not properly handle raw bytes in the PAM passkey responder. A local attacker could possibly use this issue to cause the SSSD PAM responder to crash, resulting in a denial of service.

FEDORA-EPEL-2026-3a38802c78 Packages in this update:

• putty-0.84-1.el8

Update description:

This is an update fixing several security related problems in putty.

FEDORA-EPEL-2026-cd5d16450f Packages in this update:

• putty-0.84-1.el9

Update description:

This is an update fixing several security related problems in putty.

It was discovered that nginx did not properly validate source addresses in the HTTP/3 QUIC module. A remote attacker could possibly use this issue to bypass authorization checks or rate limiting. This issue only affected Ubuntu 25.04 and Ubuntu 25.10. (CVE-2026-40460) It was discovered that nginx contained a use-after-free vulnerability in the ngx_http_ssl_module module when client certificate verification and OCSP validation were enabled. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly modify data in memory. (CVE-2026-40701) It was discovered that nginx did not properly handle certain proxied responses in the ngx_http_charset_module module. A remote attacker could possibly use this issue to obtain sensitive information or cause nginx to crash, resulting in a denial of service. (CVE-2026-42934) It was discovered that nginx did not properly process certain SCGI and uWSGI responses. An attacker able to perform a machine-in-the-middle attack could possibly use this issue to obtain sensitive information or cause nginx to crash, resulting in a denial of service. (CVE-2026-42946) It was discovered that nginx incorrectly handled certain rewrite rules in the ngx_http_rewrite_module module. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-9256)

FEDORA-2026-61f53cc218 Packages in this update:

• putty-0.84-1.fc43

Update description:

This is an update fixing several security related problems in putty.

FEDORA-2026-1ab61e6e20 Packages in this update:

• putty-0.84-1.fc44

Update description:

This is an update fixing several security related problems in putty.

Warisjeet Singh discovered that Exim with SUPPORT_PROXY enabled did not properly handle memory before SMTP authentication. A remote attacker could possibly use this issue to obtain sensitive information.

Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code.

It was discovered that the Linux kernel algif_aead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-31431) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Ethernet bonding driver; - Packet sockets; - TLS protocol; (CVE-2026-31419, CVE-2026-31504, CVE-2026-31533, CVE-2026-43033, CVE-2026-43077, CVE-2026-43078, CVE-2026-46028)

It was discovered that the Linux kernel algif_aead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-31431) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Ethernet bonding driver; - Packet sockets; - TLS protocol; (CVE-2026-31419, CVE-2026-31504, CVE-2026-31533, CVE-2026-43033, CVE-2026-43077, CVE-2026-43078, CVE-2026-46028)