Aggregator

exim-4.99.4-1.el8

1 week ago
FEDORA-EPEL-2026-6c0b7937b4 Packages in this update:
  • exim-4.99.4-1.el8
Update description:

This is an update fixing a pre-authentication information disclosure (CVE-2026-48840).

exim-4.99.4-1.el9

1 week ago
FEDORA-EPEL-2026-c313127dd3 Packages in this update:
  • exim-4.99.4-1.el9
Update description:

This is an update fixing a pre-authentication information disclosure (CVE-2026-48840).

exim-4.99.4-1.el10_3

1 week ago
FEDORA-EPEL-2026-c53d2746cf Packages in this update:
  • exim-4.99.4-1.el10_3
Update description:

This is an update fixing a pre-authentication information disclosure (CVE-2026-48840).

USN-8359-1: NNCP vulnerability

1 week ago
It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote attacker could possibly use this issue to read or write arbitrary files outside of the intended directory.

USN-8055-2: Evolution Data Server vulnerability

1 week ago
USN-8055-1 fixed a vulnerability in Evolution Data Server. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Evolution Data Server incorrectly handled removing local cache files. An attacker could possibly use this issue to cause Evolution Data Server to remove arbitrary files.

USN-8357-1: Qt Declarative vulnerability

1 week ago
It was discovered that Qt Declarative did not properly validate the width and height attributes of image tags in the Text component of Qt Quick. An attacker could possibly use this issue to cause Qt Declarative to use excessive resources, leading to a denial of service.

exim-4.99.4-1.fc43

1 week ago
FEDORA-2026-71b1e9b455 Packages in this update:
  • exim-4.99.4-1.fc43
Update description:

This is an update fixing a pre-authentication information disclosure (CVE-2026-48840).

exim-4.99.4-1.fc44

1 week ago
FEDORA-2026-78bf093219 Packages in this update:
  • exim-4.99.4-1.fc44
Update description:

This is an update fixing a pre-authentication information disclosure (CVE-2026-48840).

USN-8355-1: SSSD vulnerability

1 week ago
It was discovered that SSSD did not properly handle raw bytes in the PAM passkey responder. A local attacker could possibly use this issue to cause the SSSD PAM responder to crash, resulting in a denial of service.

putty-0.84-1.el8

1 week ago
FEDORA-EPEL-2026-3a38802c78 Packages in this update:
  • putty-0.84-1.el8
Update description:

This is an update fixing several security related problems in putty.

putty-0.84-1.el9

1 week ago
FEDORA-EPEL-2026-cd5d16450f Packages in this update:
  • putty-0.84-1.el9
Update description:

This is an update fixing several security related problems in putty.

USN-8354-1: nginx vulnerabilities

1 week ago
It was discovered that nginx did not properly validate source addresses in the HTTP/3 QUIC module. A remote attacker could possibly use this issue to bypass authorization checks or rate limiting. This issue only affected Ubuntu 25.04 and Ubuntu 25.10. (CVE-2026-40460) It was discovered that nginx contained a use-after-free vulnerability in the ngx_http_ssl_module module when client certificate verification and OCSP validation were enabled. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly modify data in memory. (CVE-2026-40701) It was discovered that nginx did not properly handle certain proxied responses in the ngx_http_charset_module module. A remote attacker could possibly use this issue to obtain sensitive information or cause nginx to crash, resulting in a denial of service. (CVE-2026-42934) It was discovered that nginx did not properly process certain SCGI and uWSGI responses. An attacker able to perform a machine-in-the-middle attack could possibly use this issue to obtain sensitive information or cause nginx to crash, resulting in a denial of service. (CVE-2026-42946) It was discovered that nginx incorrectly handled certain rewrite rules in the ngx_http_rewrite_module module. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-9256)