6009 matches found
Updated redis packages fix security vulnerabilities
CVE-2026-23479 Use-After-Free in unblock client flow may lead to Remote Code Execution. CVE-2026-25243 Invalid memory access in RESTORE may lead to Remote Code Execution CVE-2026-23631 Lua Use-After-Free may lead to remote code execution A user can manipulate data read by a connection by injectin...
Updated perl-XML-LibXML packages fix security vulnerability
XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. CVE-2026-8177...
Updated perl-Net-CIDR-Lite packages fix security vulnerabilities
Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. CVE-2026-45190 Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL...
Updated flatpak packages fix security vulnerabilities
Complete sandbox escape leading to host file access and code execution in the host context. CVE-2026-34078 Arbitrary file deletion on the host filesystem. CVE-2026-34079...
Updated dnsmasq packages fix security vulnerabilities
CVE-2026-2291: dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS. CVE-2026-4890: A Denial of Service DoS...
Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerability
Upstream kernel version 6.6.138 fixes a vulnerability. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel...
Updated kernel-linus packages fix security vulnerability
Vanilla upstream kernel version 6.6.138 fixes vulnerability. For information about the vulnerability see the links...
Updated sed packages fix security vulnerability
Race Condition in GNU Sed. CVE-2026-5958...
Updated apache packages fix security vulnerabilities
http2: double free and possible RCE on early reset. CVE-2026-23918 modrewrite elevation of privileges via apexpr. CVE-2026-24072 buffer overflow in modproxyajp via ajpmsgcheckheader. CVE-2026-28780 modmd unrestricted OCSP response. CVE-2026-29168 moddavlock indirect lock crash. CVE-2026-29169...
Updated perl-Gazelle packages fix security vulnerability
Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. CVE-2026-40562...
Updated php packages fix security vulnerabilities
FPM: Fixed GHSA-7qg2-v9fj-4mwv XSS within status endpoint. CVE-2026-6735 MBString: Fixed GHSA-wm6j-2649-pv75 Null pointer dereference in phpmbcheckencoding via mberegsearchinit. CVE-2026-7259 OpenSSL: Fix compatibility issues with OpenSSL 4.0. PDOFirebird: Fixed GHSA-w476-322c-wpvm SQL injection...
Updated openvpn packages fix security vulnerabilities
CVE-2026-35058 - fix server ASSERT on receiving a suitably malformed packet with a valid tls-crypt-v2 key CVE-2026-40215 - fix race condition in TLS handshake that could lead to leaking of packet data from a previous handshake under specific circumstances...
Updated vim packages fix security vulnerabilities
Ex command injection in Vims NetBeans integration. CVE-2026-39881 Command injection via backtick expansion in tag filenames in Vim v9.2.0357. CVE-2026-41411 OS Command Injection in netrw affects Vim 9.2.0383. CVE-2026-42307 OS Command Injection via 'path' completion affects Vim 9.2.0435...
Updated rootcerts, nss & firefox packages fix security vulnerabilities
Use-after-free in the DOM: Core & HTML component. CVE-2026-6746 Use-after-free in the WebRTC component. CVE-2026-6747 Uninitialized memory in the Audio/Video: Web Codecs component. CVE-2026-6748 Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. CVE-2026-6749...
Updated thunderbird packages fix security vulnerabilities
Use-after-free in the DOM: Core & HTML component. CVE-2026-6746 Use-after-free in the WebRTC component. CVE-2026-6747 Uninitialized memory in the Audio/Video: Web Codecs component. CVE-2026-6748 Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. CVE-2026-6749...
Updated libexif packages fix security vulnerabilities
CVE-2026-32775: libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow. CVE-2026-40385: In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon...
Updated nginx packages fix security vulnerabilities
Buffer overflow in ngxhttpdavmodule CVE-2026-27654 Buffer overflow in the ngxhttpmp4module CVE-2026-27784 Buffer overflow in the ngxhttpmp4module CVE-2026-32647 NULL pointer dereference while using CRAM-MD5 or APOP CVE-2026-27651 Injection in authhttp and XCLIENT CVE-2026-28753 OCSP result bypass...
Updated ntfs-3g packages fix security vulnerability
In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path stat, readdir, open when...
Updated perl-Starman packages fix security vulnerability
Starman versions before 0.4018 for Perl allow HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...
Updated krb5-appl packages fix security vulnerability
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC Set Local Characters suboption handler because addslc does not check whether the buffer is full. CVE-2026-32746...
Updated tcpflow packages fix security vulnerability
tcpflow has TIM Element OOB Write in wifipcap. CVE-2026-25061...
Updated libtiff packages fix security vulnerability
Arbitrary code execution or denial of service via signed integer overflow in tiff file processing. CVE-2026-4775...
Updated perl-Starlet packages fix security vulnerability
Starlet versions through 0.31 for Perl allow HTTP Request Smuggling via Improper Header Precedence. CVE-2026-40561...
Updated nano packages fix security vulnerabilities
Local attacker can inject malicious .desktop launcher due to insecure directory permissions. CVE-2026-6842 Format string vulnerability leads to denial of service. CVE-2026-6843...
Updated perl-Net-CIDR-Lite packages fix security vulnerabilities
Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. CVE-2026-40198 Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. CVE-2026-40199...
Updated opam packages fix security vulnerability
In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. CVE-2026-41082...
Updated kernel-linus packages fix security vulnerabilities
Vanilla upstream kernel version 6.6.137 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...
Updated graphicsmagick packages fix security vulnerabilities
ImageMagick has a heap overflow in the pcd decoder that leads to an out of bounds read. CVE-2026-26284 ImageMagick has an Out-of-Bounds write of a zero byte in its X11 display interaction. CVE-2026-33535...
Updated virtualbox packages fix security vulnerabilities
Some security vulnerabilities are fixed by this update; please see the links. If you will not update to kernel 6.6.137 flavors, please think in use dkms-virtualbox package instead of virtualbox-kernel as those packages have not been updated for previous kernels...
Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities
Upstream kernel version 6.6.137 fixes bugs and vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel...
Updated gvfs packages fix security vulnerabilities
Gvfs: gvfs ftp backend: information disclosure via untrusted pasv responses. CVE-2026-28295 Gvfs: ftp gvfs backend: arbitrary ftp command injection via crlf sequences in file paths. CVE-2026-28296...
Updated firefox & thunderbird packages fix security vulnerabilities
Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. CVE-2026-5731 Incorrect boundary conditions, integer overflow in the Graphics: Text component. CVE-2026-5732 Memory safety bugs fixed in Firefox ESR 140.9.1,...
Updated libtiff packages fix security vulnerabilities
libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tifopen.c. CVE-2025-61143 libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. CVE-2025-61144...
Updated gdk-pixbuf2.0 packages fix security vulnerability
Denial of service via heap-based buffer overflow when processing a specially crafted jpeg image. CVE-2026-5201...
Updated python-cairosvg packages fix security vulnerability
CairoSVG vulnerable to Exponential DoS via recursive element amplification. CVE-2026-31899...
Updated giflib packages fix security vulnerability
Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible. CVE-2026-23868...
Updated rsync packages fix security vulnerability
In rsync 3.0.1 through 3.4.1, receivexattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X aka --xattrs. On Linux, many but not all common configurations are vulnerable. Non-Linux platforms are more widely vulnerable...
Updated polkit-122 packages fix security vulnerability
Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write. CVE-2025-7519...
Updated cockpit-338 packages fix security vulnerability
Unauthenticated remote code execution due to ssh command-line argument injection. CVE-2026-4631...
Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities
Upstream kernel version 6.6.130 fixes bugs and vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel...
Updated kernel-linus packages fix security vulnerabilities
Vanilla upstream kernel version 6.6.130 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...
Updated tomcat packages fix security vulnerabilities
Request smuggling via invalid chunk extension. CVE-2026-24880 Occasionally open redirect. CVE-2026-25854 TLS cipher order is not preserved. CVE-2026-29129 OCSP checks sometimes soft-fail even when soft-fail is disabled. CVE-2026-29145 EncryptInterceptor vulnerable to padding oracle attack by...
Updated squid packages fix security vulnerabilities
Squid mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asnbuildobjid in lib/snmplib/asn1.c. CVE-2025-59362 Squid vulnerable to information disclosure via authentication credential leakage in error handling. CVE-2025-62168 Squid vulnerable to Denial of Service in ICP Request handling...
Updated libpng12 packages fix security vulnerability
LIBPNG has a heap buffer overflow in pngsetquantize. CVE-2026-25646...
Updated python-django packages fix security vulnerabilities
ASGI header spoofing via underscore/hyphen conflation. CVE-2026-3902 Privilege abuse in GenericInlineModelAdmin. CVE-2026-4277 Privilege abuse in ModelAdmin.listeditable. CVE-2026-4292 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload. CVE-2026-33033...
Updated openssl packages fix security vulnerabilities
Incorrect Failure Handling in RSA KEM RSASVE Encapsulation. CVE-2026-31790 Potential Use-after-free in DANE Client Code. CVE-2026-28387 NULL Pointer Dereference When Processing a Delta CRL. CVE-2026-28388 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo. CVE-2026-28389 Possible...
Updated python-tornado packages fix security vulnerabilities
Tornado vulnerable to Header Injection and XSS via reason argument. CVE-2025-67724 Tornado is Vulnerable to Quadratic DoS via Repeated Header Coalescing. CVE-2025-67725 Tornado is Vulnerable to Quadratic DoS via Crafted Multipart Parameters. CVE-2025-67726...
Updated python-pygments packages fix security vulnerability
A security flaw in Pygments function AdlLexer in archetype.py stems from a regular expression having an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. CVE-2026-4539...
Updated tigervnc packages fix security vulnerability
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions. CVE-2026-34352...
Updated roundcubemail packages fix security vulnerability
SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke And some regressions from the last fix are fixed...