Aggregator

USN-7954-1 fixed vulnerabilities in Libtasn1. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. CVE-2021-46848 only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Libtasn1 incorrectly handled decoding ASN.1 content. An attacker could possibly use this issue to cause Libtasn1 to crash, resulting in a denial of service. (CVE-2025-13151) It was discovered that Libtasn1 incorrectly handled encoding ASN.1 content. An attacker could possibly use this issue to cause Libtasn1 to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2021-46848)

FEDORA-2026-2b6035ee2b Packages in this update:

• gnutls-3.8.11-3.fc42

Update description:

This backports fixes for a couple CVEs:

** libgnutls: Fix NULL pointer dereference in PSK binder verification A TLS 1.3 resumption attempt with an invalid PSK binder value in ClientHello could lead to a denial of service attack via crashing the server. The updated code guards against the problematic dereference. Reported by Jaehun Lee. [Fixes: GNUTLS-SA-2026-02-09-1, CVSS: high] [CVE-2026-1584]

** libgnutls: Fix name constraint processing performance issue Verifying certificates with pathological amounts of name constraints could lead to a denial of service attack via resource exhaustion. Reworked processing algorithms exhibit better performance characteristics. Reported by Tim Scheckenbach. [Fixes: GNUTLS-SA-2026-02-09-2, CVSS: medium] [CVE-2025-14831]

FEDORA-2026-ef7170c9f6 Packages in this update:

• gnutls-3.8.12-1.fc43

Update description:

This fixes a couple CVEs:

** libgnutls: Fix NULL pointer dereference in PSK binder verification A TLS 1.3 resumption attempt with an invalid PSK binder value in ClientHello could lead to a denial of service attack via crashing the server. The updated code guards against the problematic dereference. Reported by Jaehun Lee. [Fixes: GNUTLS-SA-2026-02-09-1, CVSS: high] [CVE-2026-1584]

** libgnutls: Fix name constraint processing performance issue Verifying certificates with pathological amounts of name constraints could lead to a denial of service attack via resource exhaustion. Reworked processing algorithms exhibit better performance characteristics. Reported by Tim Scheckenbach. [Fixes: GNUTLS-SA-2026-02-09-2, CVSS: medium] [CVE-2025-14831]

USN-7942-1 fixed vulnerabilities in GLib. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. CVE-2025-3360 only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that GLib incorrectly handled escaping URI strings. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-13601) It was discovered that GLib incorrectly parsed certain GVariants. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-14087) It was discovered that GLib incorrectly parsed certain long invalid ISO 8601 timestamps. An attacker could possibly use this issue to cause GLib to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-3360) It was discovered that GLib incorrectly handled GString memory operations. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2025-6052) It was discovered that GLib incorrectly handled creating temporary files. An attacker could possibly use this issue to access unauthorized data. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.04. (CVE-2025-7039)

FEDORA-2026-7982f70f74 Packages in this update:

• p11-kit-0.26.2-1.fc42

Update description:

Notable changes from the rebase: * pkcs11: Update PKCS11 headers to version 3.2 * rpc: fix NULL dereference via C_DeriveKey with specific NULL parameters (CVE-2026-2100) * trust: Lookup DNs in reverse order (RFC4514 section 2.1)

FEDORA-2026-f1fabb2a49 Packages in this update:

• p11-kit-0.26.2-1.fc43

Update description:

Notable changes from the rebase: * pkcs11: Update PKCS11 headers to version 3.2 * rpc: fix NULL dereference via C_DeriveKey with specific NULL parameters (CVE-2026-2100) * trust: Lookup DNs in reverse order (RFC4514 section 2.1)

It was discovered that Expat incorrectly handled memory when parsing certain XML files. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 25.10. (CVE-2025-59375) It was discovered that Expat incorrectly handled the initialization of parsers for external entities. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-24515) It was discovered that Expat incorrectly handled integer calculations when allocating memory for XML tags. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-25210)

FEDORA-2026-0d8264f449 Packages in this update:

• libssh-0.11.4-1.fc42

Update description:

New upstream release fixing various security issues.

FEDORA-2026-53b80475c3 Packages in this update:

• libssh-0.11.4-1.fc43

Update description:

New upstream release fixing several security issues

FEDORA-2026-a92ff0085d Packages in this update:

• selenium-manager-4.34.0-6.fc45

Update description:

Automatic update for selenium-manager-4.34.0-6.fc45.

Changelog * Tue Feb 10 2026 tjuhasz <tjuhasz@redhat.com> - 4.34.0-6 - Rebuild for CVE-2026-25727 (rhbz#2438154)

Benny Isaacs discovered that ImageMagick did not properly manage memory when processing certain image files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

FEDORA-2026-3beebfc8ff Packages in this update:

• azure-cli-2.68.0-2.fc42
• python-azure-core-1.38.0-2.fc42

Update description:

Update to 1.38.0 to address CVE-2026-21226

FEDORA-2026-45e69bddb9 Packages in this update:

• azure-cli-2.81.0-2.fc43
• python-azure-core-1.38.0-2.fc43

Update description:

Update to 1.38.0 to address CVE-2026-21226

FEDORA-2026-e0c0434efb Packages in this update:

• mingw-python3-3.11.14-7.fc43

Update description:

Backport fixes for CVE-2025-11468, CVE-2026-0672, CVE-2026-0865, CVE-2025-15282, CVE-2026-1299

FEDORA-2026-c8b3418f91 Packages in this update:

• mingw-python3-3.11.14-7.fc42

Update description:

Backport fixes for CVE-2025-11468, CVE-2026-0672, CVE-2026-0865, CVE-2025-15282, CVE-2026-1299

FEDORA-2026-44af0f2383 Packages in this update:

• mingw-libsoup-2.74.3-17.fc43

Update description:

Backport fixes for CVE-2026-0716, CVE-2026-0719.

FEDORA-2026-07b73214fc Packages in this update:

• mingw-libsoup-2.74.3-17.fc42

Update description:

Backport fixes for CVE-2026-0716, CVE-2026-0719.

FEDORA-2026-651f0e2b32 Packages in this update:

• pgadmin4-9.12-1.fc42

Update description:

Update to pgadmin-9.12.

FEDORA-2026-28db64f571 Packages in this update:

• pgadmin4-9.12-1.fc43

Update description:

Update to pgadmin-9.12.