5 days 8 hours ago
FEDORA-2026-63fca288d6
Packages in this update:
- ImageMagick-7.1.2.27-1.fc43
Update description:
Update to 7.1.2.27
5 days 8 hours ago
FEDORA-2026-b45924b5e5
Packages in this update:
- ImageMagick-7.1.2.27-1.fc44
Update description:
Update to 7.1.2.27
5 days 8 hours ago
FEDORA-EPEL-2026-1daced0e85
Packages in this update:
- ImageMagick-7.1.2.27-1.el10_3
Update description:
Update to 7.1.2.27
5 days 16 hours ago
FEDORA-EPEL-2026-6461c7af4f
Packages in this update:
Update description:
Update to 3.11.0
5 days 16 hours ago
FEDORA-EPEL-2026-f10b090d5b
Packages in this update:
Update description:
Update to 3.11.0
5 days 16 hours ago
FEDORA-2026-d36ca2dd19
Packages in this update:
Update description:
Update to 3.11.0
5 days 16 hours ago
FEDORA-2026-3a8abe43fb
Packages in this update:
Update description:
Update to 3.11.0
5 days 20 hours ago
Version:next-20260713 (linux-next)
Released:2026-07-13
5 days 22 hours ago
It was discovered that PipeWire accepted unbounded Content-Length values
in its RAOP module. A remote attacker could possibly use this issue to cause
a denial of service. This issue only affected Ubuntu 24.04 LTS.
(CVE-2026-14324)
It was discovered that PipeWire performed multiple unbounded stack
allocations in its PulseAudio protocol server. A local attacker could
possibly use this issue to cause a denial of service. (CVE-2026-14330)
5 days 22 hours ago
It was discovered that LibreOffice incorrectly handled importing DXF
drawings. An attacker could use this issue to cause LibreOffice to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2026-6039)
It was discovered that LibreOffice incorrectly handled certain ODF number
formats. An attacker could use this issue to cause LibreOffice to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-6040)
It was discovered that LibreOffice incorrectly handled importing EMF+
graphics. An attacker could use this issue to cause LibreOffice to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2026-6045)
It was discovered that LibreOffice incorrectly handled importing PPT
presentations. An attacker could use this issue to cause LibreOffice to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2026-8356)
It was discovered that LibreOffice Calc incorrectly handled compiling
certain formulas. An attacker could use this issue to cause LibreOffice to
crash, resulting in a denial of service, or possily execute arbitrary code.
(CVE-2026-8357)
It was discovered that LibreOffice Calc incorrectly handled importing
spreadsheet tracked changes. An attacker could use this issue to cause
LibreOffice to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2026-8358)
6 days ago
FEDORA-2026-d61fcb86ed
Packages in this update:
Update description:
Security fix for CVE-2026-58459
6 days ago
FEDORA-2026-36e3aa0593
Packages in this update:
Update description:
Security fix for CVE-2026-58459
6 days ago
FEDORA-EPEL-2026-af74150a7d
Packages in this update:
- perl-Crypt-OpenSSL-X509-2.1.3-1.el10_3
Update description:
Fixes CVE-2026-58101 and CVE-2026-58102
6 days ago
FEDORA-2026-7b98f6d033
Packages in this update:
- perl-Crypt-OpenSSL-X509-2.1.3-1.fc43
Update description:
Fixes CVE-2026-58101 and CVE-2026-58102
6 days ago
FEDORA-EPEL-2026-a8375dfbab
Packages in this update:
- perl-Crypt-OpenSSL-X509-2.1.3-1.el10_2
Update description:
Fixes CVE-2026-58101 and CVE-2026-58102
6 days ago
FEDORA-2026-df7ecb3577
Packages in this update:
- perl-Crypt-OpenSSL-X509-2.1.3-1.fc44
Update description:
Fixes CVE-2026-58101 and CVE-2026-58102
6 days ago
It was discovered that OpenSSH sftp did not properly constrain the location
of downloaded files when connecting to an attacker-controlled server. An
attacker could possibly use this issue to write files to unintended
locations on the file system. (CVE-2026-59995)
It was discovered that OpenSSH scp could place files in the parent
directory of the intended destination when copying between two remote
hosts. An attacker could possibly use this issue to write files to
unintended locations. (CVE-2026-59996)
It was discovered that OpenSSH internal-sftp only recognized the first nine
command-line arguments, This could result in certain security-sensitive
arguments being ignored, contrary to expectations. (CVE-2026-59997)
It was discovered that OpenSSH had undocumented behaviour regarding the
GSSAPIStrictAcceptorCheck option in environments using Windows Active
Directory. The documentation has been updated to clarify use of the option.
(CVE-2026-59998)
It was discovered that OpenSSH did not properly enforce precedence of
DisableForwarding=yes over PermitTunnel=yes in server configurations. This
could possibly result in intended network forwarding restrictions being
bypassed, contrary to expectations. (CVE-2026-59999)
It was discovered that OpenSSH mishandled the MaxAuthTries limit for GSSAPI
authentication. A remote attacker could use this issue to perform excessive
authentication attempts. (CVE-2026-60000)
It was discovered that OpenSSH did not always honour the minimum
authentication delay. An attacker could possibly use this issue to perform
brute-force attacks more efficiently. (CVE-2026-60001)
It was discovered that the OpenSSH client had a use-after-free
vulnerability when a server changed its host key during a key re-exchange.
An attacker able to intercept communications could possibly use this issue
to execute arbitrary code or obtain sensitive information. (CVE-2026-60002)
6 days 1 hour ago
It was discovered that libssh2 incorrectly handled certain publickey
subsystem attributes. A remote attacker controlling a malicious SSH server
could use this issue to cause a denial of service or possibly execute
arbitrary code. (CVE-2026-58050)
It was discovered that libssh2 did not properly initialize publickey list
entries before parsing. A remote attacker controlling a malicious SSH
server could use this issue to cause a denial of service or possibly
execute arbitrary code. (CVE-2026-58051)
6 days 1 hour ago
USN-8496-1 fixed vulnerabilities in cifs-utils. The update caused a
regression and was backed out in USN-8496-2. This update reintroduces the
security fix, along with a fix for the regression.
Original advisory details:
It was discovered that cifs-utils incorrectly dropped root privileges
before looking up user information. A local attacker could possibly use
this issue to execute arbitrary code as the root user.
6 days 1 hour ago
It was discovered that libexif had an integer overflow in its MakerNote
decoder when called with a zero-length buffer. An attacker could possibly
use this issue to cause a denial of service or obtain sensitive
information. (CVE-2026-32775)
It was discovered that libexif had an integer overflow in its Nikon
MakerNote handler on 32-bit systems. A local attacker could possibly use
this issue to cause a denial of service or obtain sensitive information.
(CVE-2026-40385)
It was discovered that libexif had an integer underflow in its size
checking for Fuji and Olympus MakerNote decoding. An attacker could
possibly use this issue to cause a denial of service or obtain sensitive
information. (CVE-2026-40386)