Aggregator

USN-8418-1: Crypt-SaltedHash vulnerability

Ubuntu Security Advisories
5 days 3 hours ago
It was discovered that Crypt-SaltedHash incorrectly generated salts using a cryptographically weak pseudo-random number generator. An attacker could possibly use this issue to predict generated salts, leading to a weakening of cryptographic protections.

singularity-ce-4.4.2-1.fc45

Fedora Security Advisories
5 days 4 hours ago
FEDORA-2026-d32912dc74 Packages in this update:
  • singularity-ce-4.4.2-1.fc45
Update description:

Automatic update for singularity-ce-4.4.2-1.fc45.

Changelog * Wed Jun 10 2026 David Trudgian <dtrudg@sylabs.io> - 4.4.2-1 - Upgrade to 4.4.2 upstream version. - Fix rhbz#2453093 - Fix rhbz#2458933 - Fix CVE-2026-47215

perl-GD-2.86-1.el9

Fedora Security Advisories
5 days 5 hours ago
FEDORA-EPEL-2026-dc3d293a5d Packages in this update:
  • perl-GD-2.86-1.el9
Update description:

This update fixes a command injection issue resulting from the use of the 2-argument form of open (CVE-2026-11526).

perl-GD-2.86-1.el8

Fedora Security Advisories
5 days 5 hours ago
FEDORA-EPEL-2026-fe2027915d Packages in this update:
  • perl-GD-2.86-1.el8
Update description:

This update fixes a command injection issue resulting from the use of the 2-argument form of open (CVE-2026-11526).

perl-GD-2.86-1.el10_3

Fedora Security Advisories
5 days 5 hours ago
FEDORA-EPEL-2026-64e6156b8f Packages in this update:
  • perl-GD-2.86-1.el10_3
Update description:

This update fixes a command injection issue resulting from the use of the 2-argument form of open (CVE-2026-11526).

perl-GD-2.86-1.el10_2

Fedora Security Advisories
5 days 5 hours ago
FEDORA-EPEL-2026-d41d0279ec Packages in this update:
  • perl-GD-2.86-1.el10_2
Update description:

This update fixes a command injection issue resulting from the use of the 2-argument form of open (CVE-2026-11526).

perl-GD-2.86-1.fc44

Fedora Security Advisories
5 days 5 hours ago
FEDORA-2026-263adf0222 Packages in this update:
  • perl-GD-2.86-1.fc44
Update description:

This update fixes a command injection issue resulting from the use of the 2-argument form of open (CVE-2026-11526).

perl-GD-2.86-1.fc43

Fedora Security Advisories
5 days 5 hours ago
FEDORA-2026-63831abaee Packages in this update:
  • perl-GD-2.86-1.fc43
Update description:

This update fixes a command injection issue resulting from the use of the 2-argument form of open (CVE-2026-11526).

USN-8417-1: Tomcat vulnerabilities

Ubuntu Security Advisories
5 days 6 hours ago
It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request bodies. A remote attacker could use this issue to cause Tomcat to consume excessive memory, resulting in a denial of service. (CVE-2026-41284) It was discovered that Tomcat incorrectly validated HTTP/2 header fields. A remote attacker could use this issue to cause Tomcat to crash or possibly execute arbitrary code. (CVE-2026-41293) It was discovered that Tomcat did not properly clear HTTP authentication headers during WebSocket connection upgrades and redirects. A remote attacker could use this issue to obtain sensitive credentials. (CVE-2026-42498) It was discovered that Tomcat incorrectly handled digest authentication. A remote attacker could possibly use this issue to bypass authentication restrictions. (CVE-2026-43512) It was discovered that Tomcat incorrectly handled case sensitivity in LockOutRealm. A remote attacker could possibly use this issue to bypass account lockout protections and obtain sensitive information. (CVE-2026-43513) It was discovered that Tomcat incorrectly handled authorization when multiple method constraints defined the same HTTP method. A remote attacker could possibly use this issue to bypass authorization restrictions. (CVE-2026-43515)

librabbitmq-0.16.0-1.fc44

Fedora Security Advisories
5 days 6 hours ago
FEDORA-2026-7174ee9a91 Packages in this update:
  • librabbitmq-0.16.0-1.fc44
Update description: Version 0.16.0 - 2026-06-08 Security
  • Fix out-of-bounds read via undersized frames in amqp_handle_input (GHSA-9mmv-r8g3-qp46, #878)
  • Fix client crash when server negotiates frame_max below the AMQP protocol minimum (GHSA-jh48-qjf5-fx5v)
Added
  • Add amqp_bytes_from_buffer macro to create amqp_bytes_t from an arbitrary byte buffer with explicit length (#856, #866)
Fixed
  • Fix NULL pointer dereferences on allocation failure in tools/publish.c (#860, #861)
  • Fix NULL pointer dereference in tools/consume.c stringify_bytes() on allocation failure (#858)
  • Fix file stream leak in tools/common.c read_authfile() (#859)
  • Fix handling of absolute CMAKE_INSTALL_INCLUDEDIR in exported CMake targets (#849)
Changed
  • amqp_literal_bytes macro now uses an explicit (void *) cast (#853)

librabbitmq-0.16.0-1.fc43

Fedora Security Advisories
5 days 6 hours ago
FEDORA-2026-454722e3d8 Packages in this update:
  • librabbitmq-0.16.0-1.fc43
Update description: Version 0.16.0 - 2026-06-08 Security
  • Fix out-of-bounds read via undersized frames in amqp_handle_input (GHSA-9mmv-r8g3-qp46, #878)
  • Fix client crash when server negotiates frame_max below the AMQP protocol minimum (GHSA-jh48-qjf5-fx5v)
Added
  • Add amqp_bytes_from_buffer macro to create amqp_bytes_t from an arbitrary byte buffer with explicit length (#856, #866)
Fixed
  • Fix NULL pointer dereferences on allocation failure in tools/publish.c (#860, #861)
  • Fix NULL pointer dereference in tools/consume.c stringify_bytes() on allocation failure (#858)
  • Fix file stream leak in tools/common.c read_authfile() (#859)
  • Fix handling of absolute CMAKE_INSTALL_INCLUDEDIR in exported CMake targets (#849)
Changed
  • amqp_literal_bytes macro now uses an explicit (void *) cast (#853)