6009 matches found
Updated tor packages fix security issues
This update provides lots of security issues fixed by upstream since our current version. Please see the links for details...
Updated jq packages fix security vulnerabilities
An integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. CVE-2024-23337 It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of...
Updated freeciv packages fix security vulnerabilities
CVE-2026-33250, freeciv crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player's machine...
Updated wireshark packages fix security vulnerabilities
Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer, which could result in denial of service or the execution of arbitrary code. This update fixes the reported issue...
Updated minetest packages fix security vulnerabilities
Mod security sandbox escape. CVE-2026-40959 HTTP API and insecure environment access control bypass. CVE-2026-40960...
Updated ruby-net-ssh packages fix security vulnerabilities
This update fixes CVE-2023-48795: Prefix Truncation Attacks in SSH Specification Terrapin Attack , for ruby-net-ssh...
Updated packagekit packages fix security vulnerability
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root. CVE-2026-41651...
Updated suricata packages fix security vulnerabilities
Various security, performance, accuracy, and stability issues have been fixed, plus we have moved to a supported version...
Updated xdg-dbus-proxy packages fix security vulnerability
A policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases...
Updated golang-x-crypto & golang-x-sys-devel packages fix security vulnerability
fixes a protocol weakness in the golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise the integrity of the secure channel before it was established, allowing them to prevent transmission of a number of messages immediately after the secure channel was established without...
Updated perl-DBIx-Class-EncodedColumn and new perl-Crypt-URandom-Token packages fix security vulnerabilities
The updated perl-DBIx-Class-EncodedColumn and new perl-Crypt-URandom-Token packages fix security issues: DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand function for salting password hashes in Digest.pm CVE-2025-27551 DBIx::Class::EncodedColumn until 0.00032 for Perl uses...
Updated kernel-linus packages fix security vulnerabilities
Vanilla upstream kernel version 6.6.141 fixes vulnerabilities. For information about the vulnerabilities see the links...
Updated xmlrpc-c packages fix security vulnerabilities
This update fixes the vulnerabilities by no longer building with the vulnerable bundled libexpat version...
Updated cockpit packages fix security vulnerabilities
CVE-2026-4631, Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects...
Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities
Upstream kernel version 6.6.141 fixes vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel...
Updated lxc packages fix security vulnerability
CVE-2026-39402, lxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletion...
Updated libcaca packages fix security vulnerability
Heap OOB write in canvas import functions caused by int overflow. CVE-2026-42046...
Updated assimp packages fix security vulnerabilities
CVE-2025-2750,- A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation leads to...
Updated tar packages fix security vulnerability
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...
Updated sdl2_sound packages fix security vulnerability
Updated packages fix CVE-2025-14369 in bundled drflac...
Updated vim packages fix security vulnerabilities
Heap Buffer Overflow in spell file loading affects Vim 9.2.0450. CVE-2026-45130 Vimscript Code Injection in netrw NetrwMarkFile via crafted filename affects Vim 9.2.0480. CVE-2026-43961 Command Injection in tar.vim affects Vim 9.2.0479. CVE-2026-46483 Vimscript Code Injection in netrw...
Updated perl-Template-Toolkit packages fix security vulnerability
Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. CVE-2026-5090...
Updated graphicsmagick packages fix a security vulnerability
The updated packages fix a security vulnerability: Stack buffer overflow in XTileImage. CVE-2026-42050...
Updated thunderbird(-l10n) packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Incorrect boundary conditions in the Audio/Video: Web Codecs component. CVE-2026-8946 Incorrect boundary conditions in the JavaScript Engine: JIT component. CVE-2026-8388 Use-after-free in the DOM: Bindings WebIDL component. CVE-2026-8947 Other...
Updated perl-HTTP-Daemon package fixes a security vulnerability
The updated package fixes a security vulnerability: HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. CVE-2026-8450...
Updated microcode package fixes security vulnerability
The updated package fixes a security vulnerability: A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing microcode updates to mitigate this potential vulnerability. CVE-2025-35979...
Updated bind packages fix security vulnerabilities
Updated bind package fixes security vulnerabilities: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 Amplification vulnerabilities via self-pointed glue records CVE-2026-3592 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation CVE-2026-3593...
Updated nspr, nss and firefox(-l10n) packages fix security issues
The updated packages fix security vulnerabilities: Incorrect boundary conditions in the Audio/Video: Web Codecs component. CVE-2026-8946 Incorrect boundary conditions in the JavaScript Engine: JIT component. CVE-2026-8388 Use-after-free in the DOM: Bindings WebIDL component. CVE-2026-8947 Other...
Updated nginx package fixes a security vulnerability
The updated package fixes a security vulnerability: NGINX ngxhttprewritemodule vulnerability. CVE-2026-9256...
Updated perl-IO-Compress package fixes security vulnerabilities
The updated package fixes security vulnerabilities: IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. CVE-2025-15649 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in...
Updated perl-Catalyst-Plugin-Authentication package fixes a security vulnerability
The updated package fixes a security vulnerability: Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. CVE-2026-5091...
Updated perl-Imager packages fix security vulnerabilities
Imager versions through 1.030 for Perl allow a heap out of bounds OOB write on crafted multi-frame GIF files. CVE-2026-8669...
Updated nginx packages fix security vulnerabilities
NGINX ngxquicmodule vulnerability. CVE-2026-40460 NGINX ngxhttpsslmodule vulnerability. CVE-2026-40701 NGINX ngxhttpproxyv2module vulnerability. CVE-2026-42926 NGINX ngxhttpcharsetmodule vulnerability. CVE-2026-42934 NGINX ngxhttprewritemodule vulnerability. CVE-2026-42945 NGINX ngxhttpscgimodule...
Updated ffmpeg packages fix security vulnerabilities
An out-of-bounds read in the readglobalparam function libavcodec/av1dec.c of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via a crafted input. CVE-2026-30997 FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to...
Updated x11-server, x11-server-xwayland & tigervnc packages fix security vulnerabilities
XKB Integer Underflow in XkbSetCompatMap. CVE-2026-33999 XKB Out-of-bounds Read in CheckSetGeom. CVE-2026-34000 XSYNC Use-after-free in miSyncTriggerFence. CVE-2026-34001 XKB Out-of-bounds read in CheckModifierMap. CVE-2026-34002 XKB Buffer overflow in CheckKeyTypes. CVE-2026-34003...
Updated bind packages fix security vulnerabilities
It was discovered that bind contained a vulnerability where a Malformed BRID/HHIT record can cause named to terminate unexpectedly CVE-2025-13878. If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-on...
Updated perl-libwww-perl & perl-HTTP-Message packages fix security vulnerabilities
LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects...
Updated postgresql15 packages fix security vulnerabilities
PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege. CVE-2026-6472 PostgreSQL server undersizes allocations, via integer wraparound. CVE-2026-6473 PostgreSQL timeofday can disclose portions of server memory. CVE-2026-6474 PostgreSQL pgbasebackup and pgrewind can overwrite...
Updated perl-WWW-Mechanize-Cached, perl-File-XDG & perl-Path-Tiny packages fix security vulnerabilities
WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution...
Updated perl-YAML-Syck package fixes security vulnerability
YAML::Syck versions before 1.38 for Perl have an out-of-bounds read...
Updated rclone packages fix security vulnerabilities
This update bring new features, bugs and vulnerabilities fixed in rclone and golang components used to build it...
Updated haproxy packages fix security vulnerability
The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. CVE-2026-33555...
Updated firefox & thunderbird packages fix security vulnerabilities
LZ4 compression library issue. CVE-2025-62813 libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. CVE-2026-32776 libexpat before 2.7.5 allows an infinite loop while parsing DTD content. CVE-2026-32777 libexpat before 2.7.5 allows a NULL pointer...
Updated dpkg packages fix security vulnerabilities
It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...
Updated golang packages fix security vulnerabilities
We are moving to a supported branch as ver. 1.24 reaches EOL. This update comes with the security vulnerabilities fixed in the 1.25 branch. Please see the links for details...
Updated samba packages fix security vulnerabilities
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. CVE-2018-14628 Command injection in wins server hook...
Updated awstats packages fix security vulnerability
AWStats is vulnerable to Command Injection via the open function. CVE-2025-63261...
Updated perl-HTTP-Tiny packages fix security vulnerability
HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. CVE-2026-7010...
Updated libreoffice packages fix security vulnerability
Heap Buffer Overflow in AgileEngine. CVE-2026-4430...
Updated tomcat packages fix security vulnerability
Unbounded read in WebDAV LOCK and PROPFIND handling. CVE-2026-41284 HTTP/2 request headers not validated. CVE-2026-41293 WebSocket authentication header exposure. CVE-2026-42498 Digest authenticator will authenticate any unknown user. CVE-2026-43512 LockOutRealm treats user names as case-sensitiv...