Aggregator

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Media drivers; - Memory management; - Appletalk network protocol; - Netfilter; (CVE-2025-37958, CVE-2025-38666, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018)

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Cryptographic API; - ACPI drivers; - Ublk userspace block driver; - Clock framework and drivers; - EDAC drivers; - GPU drivers; - HSI subsystem; - IIO subsystem; - InfiniBand drivers; - Media drivers; - MemoryStick subsystem; - Network drivers; - NTB driver; - PCI subsystem; - Remote Processor subsystem; - Thermal drivers; - Virtio Host (VHOST) subsystem; - 9P distributed file system; - File systems infrastructure; - JFS file system; - Network file system (NFS) server daemon; - NTFS3 file system; - SMB network file system; - Memory management; - Bluetooth subsystem; - RDMA verbs API; - Kernel fork() syscall; - Timer subsystem; - Tracing infrastructure; - Watch queue notification mechanism; - Appletalk network protocol; - Asynchronous Transfer Mode (ATM) subsystem; - Networking core; - IPv4 networking; - IPv6 networking; - Netfilter; - Network traffic control; - SCTP protocol; - TLS protocol; - SoC Audio for Freescale CPUs drivers; (CVE-2023-53034, CVE-2024-58092, CVE-2025-21729, CVE-2025-22018, CVE-2025-22019, CVE-2025-22020, CVE-2025-22021, CVE-2025-22025, CVE-2025-22027, CVE-2025-22028, CVE-2025-22033, CVE-2025-22035, CVE-2025-22036, CVE-2025-22038, CVE-2025-22039, CVE-2025-22040, CVE-2025-22041, CVE-2025-22042, CVE-2025-22044, CVE-2025-22045, CVE-2025-22047, CVE-2025-22050, CVE-2025-22053, CVE-2025-22054, CVE-2025-22055, CVE-2025-22056, CVE-2025-22057, CVE-2025-22058, CVE-2025-22060, CVE-2025-22062, CVE-2025-22063, CVE-2025-22064, CVE-2025-22065, CVE-2025-22066, CVE-2025-22068, CVE-2025-22070, CVE-2025-22071, CVE-2025-22072, CVE-2025-22073, CVE-2025-22075, CVE-2025-22079, CVE-2025-22080, CVE-2025-22081, CVE-2025-22083, CVE-2025-22086, CVE-2025-22089, CVE-2025-22090, CVE-2025-22095, CVE-2025-22097, CVE-2025-23136, CVE-2025-23138, CVE-2025-37838, CVE-2025-37937, CVE-2025-37958, CVE-2025-38118, CVE-2025-38152, CVE-2025-38227, CVE-2025-38240, CVE-2025-38352, CVE-2025-38575, CVE-2025-38616, CVE-2025-38637, CVE-2025-38666, CVE-2025-38678, CVE-2025-39682, CVE-2025-39728, CVE-2025-39735, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018, CVE-2025-40114, CVE-2025-40157)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Media drivers; - Network drivers; - AFS file system; - F2FS file system; - Tracing infrastructure; - Netfilter; (CVE-2022-49390, CVE-2024-47691, CVE-2024-50067, CVE-2024-53090, CVE-2024-53218, CVE-2025-21855, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018)

FEDORA-2026-94d266def6 Packages in this update:

• cef-143.0.13^chromium143.0.7499.192-1.fc44

Update description:

Automatic update for cef-143.0.13^chromium143.0.7499.192-1.fc44.

Changelog * Fri Jan 9 2026 Than Ngo <than@redhat.com> - 143.0.13^chromium143.0.7499.192-1 - Update to 143.0.7499.192 [rhbz#2427842] - * High CVE-2026-0628: Insufficient policy enforcement in WebView tag - Fix rhbz#2425338, Enable control flow integrity support for x86_64/aarch64 - Enable build for epel10.1

Version:next-20260109 (linux-next) Released:2026-01-09

FEDORA-EPEL-2026-50fab59f98 Packages in this update:

• helm3-3.19.3-1.el10_2
• helm-4.0.4-1.el10_2

Update description:

Update helm to version 4 and introduce helm3 as compat package.

FEDORA-EPEL-2026-4e0cd92103 Packages in this update:

• helm3-3.19.3-1.el10_1
• helm-4.0.4-1.el10_1

Update description:

Update helm to version 4 and introduce helm3 as compat package.

FEDORA-EPEL-2026-8461f97b9d Packages in this update:

• helm3-3.19.3-1.el9
• helm-4.0.4-1.el9

Update description:

Update to helm to version 4 and introduce helm3 as a compat package.

It was discovered that Tornado incorrectly handled special characters in HTTP headers. An attacker could possibly use this issue to execute a cross- site scripting (XSS) attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-67724) It was discovered that Tornado incorrectly handled repeated HTTP headers. An attacker could possibly use this issue to cause Tornado to use excessive resources, causing a denial of service. (CVE-2025-67725) It was discovered that Tornado incorrectly handled parsing of certain HTTP header values. An attacker could possibly use this issue to cause Tornado to use excessive resources, causing a denial of service. (CVE-2025-67726)

FEDORA-2026-5551bc920f Packages in this update:

• chromium-143.0.7499.192-1.fc44

Update description:

Automatic update for chromium-143.0.7499.192-1.fc44.

Changelog * Wed Jan 7 2026 Than Ngo <than@redhat.com> - 143.0.7499.192-1 - Update tp 143.0.7499.192 * High CVE-2026-0628: Insufficient policy enforcement in WebView tag - Fix rhbz#2425338, Enable control flow integrity support for x86_64/aarch64 - Enable build for epel10.1

FEDORA-2026-a4a01fb680 Packages in this update:

• forgejo-13.0.4-1.fc43

Update description:

This is an upstream bug and security fix release. Please view the upstream release notes for more details.

USN-7946-1 fixed vulnerabilities in GnuPG 2.x. This update provides the corresponding updates for GnuPG 1.x. Original advisory details: It was discovered that GnuPG incorrectly handled crafted input. A remote attacker could possibly use this issue to crash the program, or execute arbitrary code.

FEDORA-2026-9d457091e8 Packages in this update:

• openssh-9.9p1-12.fc42

Update description:

Added fixes for CVE-2025-61985 and CVE-2025-61984

It was discovered that Sodium incorrectly handled the elliptic curve point validity check in certain atypical use cases. This could result in invalid points being used, contrary to expectations.

It was discovered that GPSd incorrectly handled processing NMEA2000 packets. An attacker could use this issue to cause GPSd to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-67268) It was discovered that GPSd incorrectly handled processing NAVCOM packets. An attacker could possibly use this issue to cause GPSd to consume resources, resulting in a denial of service. (CVE-2025-67269)

It was discovered that GnuPG incorrectly handled crafted input. A remote attacker could possibly use this issue to crash the program, or execute arbitrary code.

It was discovered that libvirt parsed user-provided XML files before performing ACL checks. An attacker could possibly use this issue to cause libvirt to consume memory, resulting in a denial of service. (CVE-2025-12748) It was discovered that libvirt incorrectly handled permissions on external inactive snapshots. A local attacker could possibly use this issue to obtain sensitive guest contents. (CVE-2025-13193)

Version:6.18.4 (stable) Released:2026-01-08 Source:linux-6.18.4.tar.xz PGP Signature:linux-6.18.4.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.18.4

Version:6.12.64 (longterm) Released:2026-01-08 Source:linux-6.12.64.tar.xz PGP Signature:linux-6.12.64.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.64