fvwm3-1.1.4-4.fc43
FEDORA-2026-adbfebd04b
Packages in this update:
- fvwm3-1.1.4-4.fc43
Fix CVE-2025-65637.
Aggregator
fvwm3-1.1.4-4.fc42
FEDORA-2026-439af2cc95
Packages in this update:
- fvwm3-1.1.4-4.fc42
Fix CVE-2025-65637.
next-20260210: linux-next
Version:next-20260210 (linux-next)
Released:2026-02-10
USN-7954-2: Libtasn1 vulnerabilities
USN-7954-1 fixed vulnerabilities in Libtasn1. This update provides the
corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu
18.04 LTS, and Ubuntu 20.04 LTS. CVE-2021-46848 only affected Ubuntu
14.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Libtasn1 incorrectly handled decoding ASN.1
content. An attacker could possibly use this issue to cause Libtasn1 to
crash, resulting in a denial of service. (CVE-2025-13151)
It was discovered that Libtasn1 incorrectly handled encoding ASN.1
content. An attacker could possibly use this issue to cause Libtasn1 to
crash, resulting in a denial of service. This issue only affected
Ubuntu 22.04 LTS. (CVE-2021-46848)
gnutls-3.8.11-3.fc42
FEDORA-2026-2b6035ee2b
Packages in this update:
- gnutls-3.8.11-3.fc42
This backports fixes for a couple CVEs:
** libgnutls: Fix NULL pointer dereference in PSK binder verification A TLS 1.3 resumption attempt with an invalid PSK binder value in ClientHello could lead to a denial of service attack via crashing the server. The updated code guards against the problematic dereference. Reported by Jaehun Lee. [Fixes: GNUTLS-SA-2026-02-09-1, CVSS: high] [CVE-2026-1584]
** libgnutls: Fix name constraint processing performance issue Verifying certificates with pathological amounts of name constraints could lead to a denial of service attack via resource exhaustion. Reworked processing algorithms exhibit better performance characteristics. Reported by Tim Scheckenbach. [Fixes: GNUTLS-SA-2026-02-09-2, CVSS: medium] [CVE-2025-14831]
gnutls-3.8.12-1.fc43
FEDORA-2026-ef7170c9f6
Packages in this update:
- gnutls-3.8.12-1.fc43
This fixes a couple CVEs:
** libgnutls: Fix NULL pointer dereference in PSK binder verification A TLS 1.3 resumption attempt with an invalid PSK binder value in ClientHello could lead to a denial of service attack via crashing the server. The updated code guards against the problematic dereference. Reported by Jaehun Lee. [Fixes: GNUTLS-SA-2026-02-09-1, CVSS: high] [CVE-2026-1584]
** libgnutls: Fix name constraint processing performance issue Verifying certificates with pathological amounts of name constraints could lead to a denial of service attack via resource exhaustion. Reworked processing algorithms exhibit better performance characteristics. Reported by Tim Scheckenbach. [Fixes: GNUTLS-SA-2026-02-09-2, CVSS: medium] [CVE-2025-14831]
USN-7942-2: GLib vulnerabilities
USN-7942-1 fixed vulnerabilities in GLib. This update provides the
corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04
LTS, and Ubuntu 20.04 LTS. CVE-2025-3360 only affected Ubuntu 18.04
LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that GLib incorrectly handled escaping URI strings. An
attacker could use this issue to cause GLib to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2025-13601)
It was discovered that GLib incorrectly parsed certain GVariants. An
attacker could use this issue to cause GLib to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2025-14087)
It was discovered that GLib incorrectly parsed certain long invalid ISO
8601 timestamps. An attacker could possibly use this issue to cause GLib
to crash, resulting in a denial of service. This issue only affected
Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-3360)
It was discovered that GLib incorrectly handled GString memory operations.
An attacker could use this issue to cause GLib to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2025-6052)
It was discovered that GLib incorrectly handled creating temporary files.
An attacker could possibly use this issue to access unauthorized data.
This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu
25.04. (CVE-2025-7039)
p11-kit-0.26.2-1.fc42
FEDORA-2026-7982f70f74
Packages in this update:
- p11-kit-0.26.2-1.fc42
Notable changes from the rebase: * pkcs11: Update PKCS11 headers to version 3.2 * rpc: fix NULL dereference via C_DeriveKey with specific NULL parameters (CVE-2026-2100) * trust: Lookup DNs in reverse order (RFC4514 section 2.1)
p11-kit-0.26.2-1.fc43
FEDORA-2026-f1fabb2a49
Packages in this update:
- p11-kit-0.26.2-1.fc43
Notable changes from the rebase: * pkcs11: Update PKCS11 headers to version 3.2 * rpc: fix NULL dereference via C_DeriveKey with specific NULL parameters (CVE-2026-2100) * trust: Lookup DNs in reverse order (RFC4514 section 2.1)
USN-8022-1: Expat vulnerabilities
It was discovered that Expat incorrectly handled memory when parsing certain
XML files. An attacker could possibly use this issue to cause a denial of
service. This issue was only addressed in Ubuntu 25.10. (CVE-2025-59375)
It was discovered that Expat incorrectly handled the initialization of parsers
for external entities. An attacker could possibly use this issue to cause a
denial of service. (CVE-2026-24515)
It was discovered that Expat incorrectly handled integer calculations when
allocating memory for XML tags. An attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (CVE-2026-25210)
libssh-0.11.4-1.fc42
FEDORA-2026-0d8264f449
Packages in this update:
- libssh-0.11.4-1.fc42
New upstream release fixing various security issues.
libssh-0.11.4-1.fc43
FEDORA-2026-53b80475c3
Packages in this update:
- libssh-0.11.4-1.fc43
New upstream release fixing several security issues
selenium-manager-4.34.0-6.fc45
FEDORA-2026-a92ff0085d
Packages in this update:
- selenium-manager-4.34.0-6.fc45
Automatic update for selenium-manager-4.34.0-6.fc45.
Changelog * Tue Feb 10 2026 tjuhasz <tjuhasz@redhat.com> - 4.34.0-6 - Rebuild for CVE-2026-25727 (rhbz#2438154)USN-8021-1: ImageMagick vulnerability
Benny Isaacs discovered that ImageMagick did not properly manage memory
when processing certain image files. An attacker could possibly use this
issue to cause a denial of service or execute arbitrary code.
DSA-6129-1 munge - security update
azure-cli-2.68.0-2.fc42 python-azure-core-1.38.0-2.fc42
FEDORA-2026-3beebfc8ff
Packages in this update:
- azure-cli-2.68.0-2.fc42
- python-azure-core-1.38.0-2.fc42
Update to 1.38.0 to address CVE-2026-21226
azure-cli-2.81.0-2.fc43 python-azure-core-1.38.0-2.fc43
FEDORA-2026-45e69bddb9
Packages in this update:
- azure-cli-2.81.0-2.fc43
- python-azure-core-1.38.0-2.fc43
Update to 1.38.0 to address CVE-2026-21226
mingw-python3-3.11.14-7.fc43
FEDORA-2026-e0c0434efb
Packages in this update:
- mingw-python3-3.11.14-7.fc43
Backport fixes for CVE-2025-11468, CVE-2026-0672, CVE-2026-0865, CVE-2025-15282, CVE-2026-1299
mingw-python3-3.11.14-7.fc42
FEDORA-2026-c8b3418f91
Packages in this update:
- mingw-python3-3.11.14-7.fc42
Backport fixes for CVE-2025-11468, CVE-2026-0672, CVE-2026-0865, CVE-2025-15282, CVE-2026-1299
mingw-libsoup-2.74.3-17.fc43
FEDORA-2026-44af0f2383
Packages in this update:
- mingw-libsoup-2.74.3-17.fc43
Backport fixes for CVE-2026-0716, CVE-2026-0719.