3 days ago
FEDORA-2026-547e298156
Packages in this update:
- roundcubemail-1.6.13-1.fc43
Update description:
Release 1.6.13
- Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075)
- Fix remote image blocking bypass via SVG content reported by nullcathedral
- Fix CSS injection vulnerability reported by CERT Polska
3 days ago
FEDORA-EPEL-2026-eea9bfd64c
Packages in this update:
- roundcubemail-1.6.13-1.el10_1
Update description:
Release 1.6.13
- Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075)
- Fix remote image blocking bypass via SVG content reported by nullcathedral
- Fix CSS injection vulnerability reported by CERT Polska
3 days ago
FEDORA-2026-d684b372f1
Packages in this update:
- roundcubemail-1.6.13-1.fc42
Update description:
Release 1.6.13
- Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075)
- Fix remote image blocking bypass via SVG content reported by nullcathedral
- Fix CSS injection vulnerability reported by CERT Polska
3 days ago
FEDORA-EPEL-2026-8701071c67
Packages in this update:
- roundcubemail-1.5.13-1.el9
Update description:
Release 1.5.13
- Fix remote image blocking bypass via SVG content reported by nullcathedral
- Fix CSS injection vulnerability reported by CERT Polska
3 days 7 hours ago
FEDORA-2026-adbfebd04b
Packages in this update:
Update description:
Fix CVE-2025-65637.
3 days 7 hours ago
FEDORA-2026-439af2cc95
Packages in this update:
Update description:
Fix CVE-2025-65637.
3 days 8 hours ago
Version:next-20260210 (linux-next)
Released:2026-02-10
3 days 11 hours ago
USN-7954-1 fixed vulnerabilities in Libtasn1. This update provides the
corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu
18.04 LTS, and Ubuntu 20.04 LTS. CVE-2021-46848 only affected Ubuntu
14.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Libtasn1 incorrectly handled decoding ASN.1
content. An attacker could possibly use this issue to cause Libtasn1 to
crash, resulting in a denial of service. (CVE-2025-13151)
It was discovered that Libtasn1 incorrectly handled encoding ASN.1
content. An attacker could possibly use this issue to cause Libtasn1 to
crash, resulting in a denial of service. This issue only affected
Ubuntu 22.04 LTS. (CVE-2021-46848)
3 days 12 hours ago
FEDORA-2026-2b6035ee2b
Packages in this update:
Update description:
This backports fixes for a couple CVEs:
** libgnutls: Fix NULL pointer dereference in PSK binder verification A TLS 1.3 resumption attempt with an invalid PSK binder value in ClientHello could lead to a denial of service attack via crashing the server. The updated code guards against the problematic dereference. Reported by Jaehun Lee. [Fixes: GNUTLS-SA-2026-02-09-1, CVSS: high] [CVE-2026-1584]
** libgnutls: Fix name constraint processing performance issue Verifying certificates with pathological amounts of name constraints could lead to a denial of service attack via resource exhaustion. Reworked processing algorithms exhibit better performance characteristics. Reported by Tim Scheckenbach. [Fixes: GNUTLS-SA-2026-02-09-2, CVSS: medium] [CVE-2025-14831]
3 days 13 hours ago
FEDORA-2026-ef7170c9f6
Packages in this update:
Update description:
This fixes a couple CVEs:
** libgnutls: Fix NULL pointer dereference in PSK binder verification A TLS 1.3 resumption attempt with an invalid PSK binder value in ClientHello could lead to a denial of service attack via crashing the server. The updated code guards against the problematic dereference. Reported by Jaehun Lee. [Fixes: GNUTLS-SA-2026-02-09-1, CVSS: high] [CVE-2026-1584]
** libgnutls: Fix name constraint processing performance issue Verifying certificates with pathological amounts of name constraints could lead to a denial of service attack via resource exhaustion. Reworked processing algorithms exhibit better performance characteristics. Reported by Tim Scheckenbach. [Fixes: GNUTLS-SA-2026-02-09-2, CVSS: medium] [CVE-2025-14831]
3 days 14 hours ago
USN-7942-1 fixed vulnerabilities in GLib. This update provides the
corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04
LTS, and Ubuntu 20.04 LTS. CVE-2025-3360 only affected Ubuntu 18.04
LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that GLib incorrectly handled escaping URI strings. An
attacker could use this issue to cause GLib to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2025-13601)
It was discovered that GLib incorrectly parsed certain GVariants. An
attacker could use this issue to cause GLib to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2025-14087)
It was discovered that GLib incorrectly parsed certain long invalid ISO
8601 timestamps. An attacker could possibly use this issue to cause GLib
to crash, resulting in a denial of service. This issue only affected
Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-3360)
It was discovered that GLib incorrectly handled GString memory operations.
An attacker could use this issue to cause GLib to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2025-6052)
It was discovered that GLib incorrectly handled creating temporary files.
An attacker could possibly use this issue to access unauthorized data.
This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu
25.04. (CVE-2025-7039)
3 days 15 hours ago
FEDORA-2026-7982f70f74
Packages in this update:
Update description:
Notable changes from the rebase:
* pkcs11: Update PKCS11 headers to version 3.2
* rpc: fix NULL dereference via C_DeriveKey with specific NULL parameters (CVE-2026-2100)
* trust: Lookup DNs in reverse order (RFC4514 section 2.1)
3 days 15 hours ago
FEDORA-2026-f1fabb2a49
Packages in this update:
Update description:
Notable changes from the rebase:
* pkcs11: Update PKCS11 headers to version 3.2
* rpc: fix NULL dereference via C_DeriveKey with specific NULL parameters (CVE-2026-2100)
* trust: Lookup DNs in reverse order (RFC4514 section 2.1)
3 days 15 hours ago
It was discovered that Expat incorrectly handled memory when parsing certain
XML files. An attacker could possibly use this issue to cause a denial of
service. This issue was only addressed in Ubuntu 25.10. (CVE-2025-59375)
It was discovered that Expat incorrectly handled the initialization of parsers
for external entities. An attacker could possibly use this issue to cause a
denial of service. (CVE-2026-24515)
It was discovered that Expat incorrectly handled integer calculations when
allocating memory for XML tags. An attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (CVE-2026-25210)
3 days 16 hours ago
FEDORA-2026-0d8264f449
Packages in this update:
Update description:
New upstream release fixing various security issues.
3 days 17 hours ago
FEDORA-2026-53b80475c3
Packages in this update:
Update description:
New upstream release fixing several security issues
3 days 18 hours ago
FEDORA-2026-a92ff0085d
Packages in this update:
- selenium-manager-4.34.0-6.fc45
Update description:
Automatic update for selenium-manager-4.34.0-6.fc45.
Changelog
* Tue Feb 10 2026 tjuhasz <
tjuhasz@redhat.com> - 4.34.0-6
- Rebuild for CVE-2026-25727 (rhbz#2438154)
3 days 21 hours ago
Benny Isaacs discovered that ImageMagick did not properly manage memory
when processing certain image files. An attacker could possibly use this
issue to cause a denial of service or execute arbitrary code.
4 days 2 hours ago
4 days 10 hours ago
FEDORA-2026-3beebfc8ff
Packages in this update:
- azure-cli-2.68.0-2.fc42
- python-azure-core-1.38.0-2.fc42
Update description:
Update to 1.38.0 to address CVE-2026-21226
