Aggregator

vultr-cli-3.8.0-1.fc44

1 week 1 day ago
FEDORA-2026-ce174cdc78 Packages in this update:
  • vultr-cli-3.8.0-1.fc44
Update description:

Automatic update for vultr-cli-3.8.0-1.fc44.

Changelog * Wed Feb 4 2026 Major Hayden <major@redhat.com> - 3.8.0-1 - Update to 3.8.0 - Fixes CVE-2025-11065: go-viper/mapstructure updated to v2.4.0 - Resolves: rhbz#2390882, rhbz#2399729, rhbz#2397062

linux-sgx-2.26-34.fc43

1 week 1 day ago
FEDORA-2026-a84e0ad039 Packages in this update:
  • linux-sgx-2.26-34.fc43
Update description:

Update nodejs modules used by pccs daemon for CVE-2026-23745, CVE-2026-23950, CVE-2026-24842, CVE-2025-13465, CVE-2025-15284. Remove Fedora override of default pccs daemon port. Remove redundant dep on mpa_registration from pccs. Add system scriptlets for pccs server. Port to pycryptography & pyasn1. Fix tracebacks in keyring code.

openbao-2.5.0-1.el8

1 week 1 day ago
FEDORA-EPEL-2026-5e10141457 Packages in this update:
  • openbao-2.5.0-1.el8
Update description:

Update to upstream openbao-2.5.0. Also fixes CVE-2025-58189, CVE-2025-61723, CVE-2025-61725, CVE-2025-58183, CVE-2025-58185, CVE-2025-58188 on epel-8.

USN-8015-2: Linux kernel (Real-time) vulnerabilities

1 week 1 day ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; - io_uring subsystem; (CVE-2025-38561, CVE-2025-39698, CVE-2025-40019)

USN-8016-1: Linux kernel (NVIDIA) vulnerabilities

1 week 1 day ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SPI subsystem; - SMB network file system; - io_uring subsystem; (CVE-2025-38561, CVE-2025-39698, CVE-2025-40019, CVE-2025-68746)

USN-8015-1: Linux kernel vulnerabilities

1 week 1 day ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; - io_uring subsystem; (CVE-2025-38561, CVE-2025-39698, CVE-2025-40019)

USN-8014-1: Linux kernel vulnerabilities

1 week 1 day ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Unix domain sockets; (CVE-2025-40019, CVE-2025-40214)

USN-8013-1: Linux kernel vulnerabilities

1 week 1 day ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; (CVE-2025-38561, CVE-2025-40019)

USN-8012-1: GitHub CLI vulnerabilities

1 week 2 days ago
It was discovered that GitHub CLI could behave unexpectedly if users downloaded a malicious GitHub Actions workflow artifact through gh run download. An attacker could possibly use this issue to create or overwrite files in unintended directories. (CVE-2024-54132) It was discovered that GitHub CLI could behave unexpectedly when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. An attacker could possibly use this issue to gather authentication tokens. (CVE-2024-53858)

USN-8011-1: Emacs vulnerabilities

1 week 2 days ago
It was discovered that Emacs could trigger unsafe Lisp macro expansion, when a user invoked elisp-completion-at-point on untrusted Emacs Lisp source code. An attacker could possibly use this issue to execute arbitrary code. (CVE-2024-53920) It was discovered that Emacs did not properly sanitize input when handling certain URI schemes. An attacker could possibly use this issue to execute arbitrary shell commands by tricking a user into opening a specially crafted URL. (CVE-2025-1244)

USN-8009-1: Django vulnerabilities

1 week 3 days ago
It was discovered that Django exposed timing information when checking passwords. An attacker could possibly use this issue to obtain sensitive information. (CVE-2025-13473) Jiyong Yang discovered that Django incorrectly handled malformed requests with duplicate headers. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2025-14550) Tarek Nakkouch discovered that Django incorrectly parsed raster lookups. An attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-1207) Seokchan Yoon discovered that Django incorrectly handled malformed HTML inputs containing a large amount of unmatched HTML end tags. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-1285) Solomon Kebede discovered that Django incorrectly handled control characters in the dictionary expansion of certain QuerySet methods. An attacker could possibly use this issue to perform SQL injection attacks. (CVE-2026-1287) Solomon Kebede discovered that Django incorrectly handled column alias parsing with dictionary expansion. An attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-1312)