5 days 9 hours ago
FEDORA-2026-3bce8d3f11
Packages in this update:
- python-starlette-0.52.1-2.fc44
Update description:
Backport fix for CVE-2026-48710
5 days 10 hours ago
FEDORA-EPEL-2026-688571a474
Packages in this update:
- nextcloud-33.0.4-1.el10_2
Update description:
33.0.4 Release
5 days 10 hours ago
FEDORA-2026-e187104307
Packages in this update:
Update description:
33.0.4 Release
5 days 10 hours ago
FEDORA-EPEL-2026-a0b50bf0a0
Packages in this update:
- nextcloud-33.0.4-1.el10_3
Update description:
33.0.4 Release
5 days 10 hours ago
FEDORA-2026-30881a5be7
Packages in this update:
Update description:
33.0.4 Release
5 days 10 hours ago
USN-8229-1 fixed a vulnerability in sed. This update provides the
corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
Michał Majchrowicz and Marcin Wyczechowski discovered that sed
incorrectly handled symbolic links when performing in-place edits.
A local attacker could possibly use this issue to overwrite
arbitrary files.
5 days 10 hours ago
It was discovered that Vim did not properly handle backticks in tag
filenames. An attacker could possibly use this issue to execute
arbitrary commands.
5 days 10 hours ago
FEDORA-EPEL-2026-2d8dd834d8
Packages in this update:
Update description:
Update to 6.0.6 to fix a bunch of security issues: CVE-2026-25075, CVE-2026-35328, CVE-2026-35329, CVE-2026-35330, CVE-2026-35331, CVE-2026-35332, CVE-2026-35333, CVE-2026-35334, CVE-2026-25075, CVE-2025-9615, CVE-2025-62291
5 days 11 hours ago
It was discovered that multipart had an ambiguous regular expression
alternation when handling certain HTTP header values. A remote attacker
could possibly use this issue to cause multipart to use excessive
resources, leading to a denial of service.
5 days 11 hours ago
Version:next-20260528 (linux-next)
Released:2026-05-28
5 days 13 hours ago
Thomas Beckers discovered that the JAXP component of OpenJDK 25 did not
correctly authenticate certain APIs. A remote unauthenticated attacker
could possibly use this issue to gain unauthorized access to sensitive
information. (CVE-2026-22016)
It was discovered that the Networking component of OpenJDK 25 did not
correctly authenticate certain APIs. A remote unauthenticated attacker
could possibly use this issue to cause a denial of service.
(CVE-2026-34282)
It was discovered that the JSSE component of OpenJDK 25 did not correctly
authenticate certain APIs. A remote unauthenticated attacker could possibly
use this issue to cause a denial of service. (CVE-2026-22021)
It was discovered that the JGSS component of OpenJDK 25 did not correctly
authenticate certain APIs. A remote attacker could possibly use this issue
to obtain sensitive information. (CVE-2026-22013)
It was discovered that the 2D component of OpenJDK 25 did not correctly
handle certain integer arithmetic. If a user or automated system were
tricked into opening a specially crafted file, an attacker could possibly
use this issue to obtain sensitive information. (CVE-2026-23865)
It was discovered that the Libraries component of OpenJDK 25 did not
correctly authenticate certain APIs. A remote unauthenticated attacker
could possibly use this issue to modify data. (CVE-2026-22008)
It was discovered that the Libraries component of OpenJDK 25 did not
correctly authenticate certain APIs. A remote unauthenticated attacker
could possibly use this issue to cause a denial of service.
(CVE-2026-22018)
Ken Pyle discovered that the Security component of OpenJDK 25 did not
correctly authenticate certain APIs. A local attacker could possibly use
this issue to obtain sensitive information. (CVE-2026-22007,
CVE-2026-34268)
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2026-04-21
5 days 13 hours ago
FEDORA-EPEL-2026-395b39d32e
Packages in this update:
- perl-Cpanel-JSON-XS-4.41-1.el8
Update description:
This update addresses a number of bugs including these security issues:
- Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
- Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)
5 days 13 hours ago
FEDORA-EPEL-2026-06873e634a
Packages in this update:
- perl-Cpanel-JSON-XS-4.41-1.el9
Update description:
This update addresses a number of bugs including these security issues:
- Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
- Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)
5 days 13 hours ago
FEDORA-2026-d88c7fac8c
Packages in this update:
- perl-Cpanel-JSON-XS-4.41-1.fc43
Update description:
This update addresses a number of bugs including these security issues:
- Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
- Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)
5 days 13 hours ago
FEDORA-EPEL-2026-b3c7c438c4
Packages in this update:
- perl-Cpanel-JSON-XS-4.41-1.el10_3
Update description:
This update addresses a number of bugs including these security issues:
- Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
- Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)
5 days 13 hours ago
FEDORA-EPEL-2026-4aaa6e0ce5
Packages in this update:
- perl-Cpanel-JSON-XS-4.41-1.el10_2
Update description:
This update addresses a number of bugs including these security issues:
- Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
- Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)
5 days 13 hours ago
FEDORA-2026-0a82e80353
Packages in this update:
- perl-Cpanel-JSON-XS-4.41-1.fc44
Update description:
This update addresses a number of bugs including these security issues:
- Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
- Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)
5 days 13 hours ago
Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched
encryption salt parameters in crafted OOXML documents. An attacker could
use this issue to cause LibreOffice to crash, resulting in a denial of
service, or possibly execute arbitrary code.
5 days 14 hours ago
It was discovered that Apache HTTP Server incorrectly handled certain
response headers. An attacker could possibly use this issue to perform
HTTP response splitting attacks. This issue only affected Ubuntu 14.04
LTS. (CVE-2023-38709)
Will Dormann and David Warren discovered that Apache HTTP Server's HTTP/2
implementation did not properly reclaim memory when streams were reset by
clients. A remote attacker could possibly use this issue to cause Apache
HTTP Server to consume resources, leading to a denial of service. This
issue only affected Ubuntu 18.04 LTS. (CVE-2023-45802)
Keran Mu and Jianjun Chen discovered that Apache HTTP Server incorrectly
handled certain response headers. An attacker could possibly use this issue
to perform HTTP response splitting attacks. This issue only affected Ubuntu
14.04 LTS. (CVE-2024-24795)
Orange Tsai discovered that Apache HTTP Server mod_proxy incorrectly
handled URL encoding. A remote attacker could possibly use this issue to
bypass authentication via crafted requests. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-38473)
Orange Tsai discovered that Apache HTTP Server could be caused to perform
server-side request forgery (SSRF) via malicious backend response headers.
A remote attacker could possibly use this issue to conduct SSRF attacks or
disclose sensitive information. This issue only affected Ubuntu 14.04 LTS.
(CVE-2024-38476)
Orange Tsai discovered that Apache HTTP Server mod_proxy did not properly
handle certain null pointer conditions. A remote attacker could possibly use this
issue to cause Apache HTTP Server to crash, resulting in a denial of
service. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-38477)
Orange Tsai discovered that Apache HTTP Server mod_rewrite could be made
to perform server-side request forgery (SSRF) via unsafe RewriteRules. A
remote attacker could possibly use this issue to conduct SSRF attacks. This
issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-39573)
It was discovered that Apache HTTP Server incorrectly handled certain
response headers. An attacker could possibly use this issue to perform
HTTP response splitting attacks. This issue only affected Ubuntu 14.04 LTS.
(CVE-2024-42516)
It was discovered that Apache HTTP Server could be caused to perform
server-side request forgery (SSRF) via mod_headers modifying Content-Type
headers. A remote attacker could possibly use this issue to conduct SSRF
attacks. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-43204)
John Runyon discovered that Apache HTTP Server mod_ssl did not properly
escape user-supplied data before writing log entries. A remote attacker
could possibly use this issue to insert escape sequences into log files.
This issue only affected Ubuntu 14.04 LTS. (CVE-2024-47252)
Robert Merget discovered that Apache HTTP Server with SSLEngine optional was
vulnerable to HTTP desynchronisation attacks. An attacker in a privileged
network position could possibly use this issue to hijack HTTP sessions. This issue
only affected Ubuntu 14.04 LTS. (CVE-2025-49812)
It was discovered that Apache HTTP Server mod_md had an integer overflow in
the ACME certificate renewal backoff timer. An attacker could possibly use
this issue to cause excessive certificate renewal requests. This issue only
affected Ubuntu 20.04 LTS. (CVE-2025-55753)
Anthony Parfenov discovered that Apache HTTP Server with SSI enabled and
mod_cgid passed shell-escaped query strings to #exec cmd directives. A
remote attacker could possibly use this issue to perform command injection.
(CVE-2025-58098)
Mattias Åsander discovered that Apache HTTP Server incorrectly gave
precedence to environment variables from HTTP headers over server-calculated
CGI variables. A remote attacker could possibly use this issue to influence
the environment of CGI programs. (CVE-2025-65082)
Mattias Åsander discovered that Apache HTTP Server mod_userdir with suexec
could be caused to run CGI scripts under an unexpected user ID via
RequestHeader directives in .htaccess files. An attacker with .htaccess
write access could possibly use this issue to bypass suexec user restrictions.
(CVE-2025-66200)
5 days 14 hours ago
It was discovered that QtSvg incorrectly handled certain SVG images. An
attacker could possibly use this issue to cause QtSvg to crash, resulting in
a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2018-19869)
It was discovered that QtSvg incorrectly handled certain SVG images. An
attacker could use this issue to cause QtSvg to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 16.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-3481,
CVE-2021-28025, CVE-2021-45930)
It was discovered that QtSvg incorrectly handled certain SVG images. An
attacker could use this issue to cause QtSvg to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2023-32573)