Menu

Latest articles

An update that solves one vulnerability can now be installed.
An update that solves 2 vulnerabilities can now be installed.
An update that solves 15 vulnerabilities can now be installed.
Update to 3.13.0
rebase to v2.4.0 to fix CVE-2026-54369 and CVE-2026-54370 Resolves: CVE-2026-54369 Resolves: CVE-2026-54370
rebase to v2.6.0 to fix CVE-2026-54371
Update to version 1.7.19. https://github.com/DaveGamble/cJSON/blob/v1.7.19/CHANGELOG.md
This package provides the Perl module HTML::Gumbo. Versions before 0.19 disclose heap memory via type confusion. Support for the element was added to libgumbo 0.10.0 in 2015, but the walk_tree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen() over-reads the heap block that the
fdf6afc update to 3.7b fixes rhbz#2498485 CHANGES FROM 3.7a TO 3.7b Fix so that the end of a synchronized update again triggers a redraw. CHANGES FROM 3.7 TO 3.7a Fix crash in break-pane when no name is provided.
CVE fixes: CVE-2026-12610 CVE-2026-14474 CVE-2026-14476 – rhbz#2494777: CVE-2026-12610 sssd: Use-after-free crash in SSSD’ ‘sssd_pam’ process – rhbz#2497650: CVE-2026-14476 sssd: sssd: GPO cache path traversal via unsanitized
Fix CVE-2026-55380, CVE-2026-54060, CVE-2026-54059, CVE-2026-55379, CVE-2026-55798
Update to 2.112.0.
Version 0.17.0 – 2026-07-01 Security Fix size_t overflow in amqp_decode_bytes bounds check leading to out-of-bounds read (GHSA-jgjf-7fwf-f3c7, #888) Fix heap buffer overflow in amqp_frame_to_bytes for oversized body frames (GHSA-
Version 2.10.2 – 2026-07-01 Security: Validate package names (GHSA-499r-g7pc-vmp9) Security: Validate package bin paths against path traversal (GHSA-gjfg-22fp- rrxx) Security: Sanitize URL-embedded usernames/token in verbose output
https://github.com/AcademySoftwareFoundation/OpenImageIO/releases/tag/v3.1.15.0
This package provides the Perl module HTML::Gumbo. Versions before 0.19 disclose heap memory via type confusion. Support for the element was added to libgumbo 0.10.0 in 2015, but the walk_tree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen() over-reads the heap block that the
Update to 3.13.0
CVE-2026-55653: Fix double free in openssh DH-GEX client path during FIPS known- group validation that leads to client-side denial of service CVE-2026-55654: Fix heap out-of-bounds read during GSSAPI indicator cleanup due to missing NULL terminator CVE-2026-55655: Fix MITM of X11 forwarding via abstract UNIX socket pre-binding
An update that solves 59 vulnerabilities can now be installed.
An update that solves 3 vulnerabilities can now be installed.
Linux Privilege Escalation from a Defensive Perspective: Sudoers and SUID Misconfigurations
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For Debian 12 bookworm, these problems have been fixed in version 150.0.7871.114-1~deb12u1.
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (trixie), these problems have been fixed in version 150.0.7871.114-1~deb13u1.
Security update
Security update
Security update
Security update
1.2.9, CVE fixes
Fire scrollend event for instant programmatic scrolls. Increase network idle connection timeout to 115 seconds. Fix several crashes and rendering issues. Fix CVE-2024-4367, CVE-2026-39872, CVE-2026-43663, CVE-2026-43676, CVE-2026-43699, CVE-2026-43701, CVE-2026-43705, CVE-2026-43707, CVE-2026-43712,
server: fixed stack exhaustion via unbounded recursion in RPC attribute parsing by enforcing a recursion depth limit (CVE-2026-13757) fixed confusing error message when trying to store an existing cert with trust anchor fixed assert when parsing p11-kit files with value (“)
Update to the latest version to bring fixes for CVE-2026-45409 and CVE-2024-3651 into the stable releases.
Update to 150.0.7871.114 * CVE-2026-15112: Use after free in Ozone * CVE-2026-15129: Use after free in Views * CVE-2026-15132: Uninitialized Use in V8 * CVE-2026-15133: Use after free in InterestGroups
Update to xserver 21.1.24, fixes for: CVE-2026-55999, CVE-2025-56000
This update, to the current upstream release, addresses a cryptographic flaw (modulo bias) in key generation that could lead to private key compromise (CVE-2026-14570) .
Update to 6.5.7 – CVE-2026-35536 (rhbz#2457335), CVE-2026-31958 (rhbz#2451660)
Update to log4cxx 1.7.0. New features: fallback-ref appender attribute, Qt CMake find_package component, TelnetAppender NonBlocking option. Bug fixes: non-ASCII JSON encoding, invalid XML 1.0 characters in XML output, crash on recursive XML config references, possible UB during
Update to 150.0.7871.114 * CVE-2026-15112: Use after free in Ozone * CVE-2026-15129: Use after free in Views * CVE-2026-15132: Uninitialized Use in V8 * CVE-2026-15133: Use after free in InterestGroups
fdf6afc update to 3.7b fixes rhbz#2498485 CHANGES FROM 3.7a TO 3.7b Fix so that the end of a synchronized update again triggers a redraw. CHANGES FROM 3.7 TO 3.7a Fix crash in break-pane when no name is provided.
libXfont2 2.0.8 (CVE-2026-56001, CVE-2026-56002, CVE-2026-56003)
upower 1.91.3: Feature: up-device-battery: Prefer “Standard” over “Fast” charging (!316 (merged), #344 (closed)) Fix: Resolve potential leaks (!327 (merged)) Fix: Potential out-of-bound access (!328 (merged))
Update to xwayland 24.1.13, fixes for: CVE-2026-55999, CVE-2026-56000
This update, to the current upstream release, addresses a cryptographic flaw (modulo bias) in key generation that could lead to private key compromise (CVE-2026-14570) .
Update to 6.5.7 – CVE-2026-35536 (rhbz#2457335), CVE-2026-31958 (rhbz#2451660)
This update addresses a few security issues, one of which could plausibly result in remote code execution.
Security update
https://security-tracker.debian.org/tracker/DSA-6386-1
An update that solves 10 vulnerabilities and has one security fix can now be installed.
An update that solves 28 vulnerabilities can now be installed.
An update that solves one vulnerability can now be installed.