Aggregator

FEDORA-2026-5e8ffdd3b9 Packages in this update:

• retroarch-1.22.0-20.fc44

Update description:

Automatic update for retroarch-1.22.0-20.fc44.

Changelog * Mon Jan 26 2026 Artem Polishchuk <ego.cordatus@gmail.com> - 1.22.0-20 - Disable 7zip support due CVE - rhbz#2432835

It was discovered that GNU Screen incorrectly handled signals when setuid or setgid privileges were being used, which is not the default in Ubuntu. A local attacker could use this issue to send privileged signals, possibly leading to a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-24626) It was discovered that GNU Screen incorrectly handled PTY permissions. A local attacker could possibly use this issue to connect to an unauthorized screen session. (CVE-2025-46802) It was discovered that GNU Screen incorrectly handled file access when setuid privileges were being used, which is not the default in Ubuntu. A local attacker could use this issue to deduce information about certain file paths. (CVE-2025-46804) It was discovered that GNU Screen incorrectly handled signals when setuid privileges were being used, which is not the default in Ubuntu. A local attacker could use this issue to send privileged signals, possibly leading to a denial of service. (CVE-2025-46805)

Ryota K discovered that Git LFS may leak login credentials in certain instances due to failing to check for URL-encoded characters. An attacker could possibly use this issue to learn sensitive information. (CVE-2024-53263) It was discovered that Git LFS could have its git lfs checkout and git lfs pull commands abused to write to any file on a user's system. An attacker could possibly use this issue to execute arbitrary code. This issue was only addressed in Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-26625)

Ben Shonaldmann discovered that Form-data incorrectly generated boundary values for multipart form-encoded data, leading to predictable values. A remote attacker could possibly use this issue to make arbitrary requests to internal systems.

FEDORA-EPEL-2026-1f5a2c5f39 Packages in this update:

• python-python-multipart-0.0.22-1.el10_1

Update description:

Security fix for CVE-2026-24486 / GHSA-wp53-j4wj-2cfg.

0.0.22 (2026-01-25)

• Drop directory path from filename in File

FEDORA-2026-720b8d0c6c Packages in this update:

• python-python-multipart-0.0.22-1.fc42

Update description:

Security fix for CVE-2026-24486 / GHSA-wp53-j4wj-2cfg.

0.0.22 (2026-01-25)

• Drop directory path from filename in File

FEDORA-2026-08c12edc84 Packages in this update:

• python-python-multipart-0.0.22-1.fc43

Update description:

Security fix for CVE-2026-24486 / GHSA-wp53-j4wj-2cfg.

0.0.22 (2026-01-25)

• Drop directory path from filename in File

FEDORA-2026-ebabb127fb Packages in this update:

• gimp-3.0.8-4.fc43

Update description:

This is an upstream bugfix and security update. Please refer to the upstream release notes for details about the changes in this version.

FEDORA-2026-bda4a20a3c Packages in this update:

• gimp-3.0.8-4.fc42

Update description:

This is an upstream bugfix and security update. Please refer to the upstream release notes for details about the changes in this version.

Version:6.19-rc7 (mainline) Released:2026-01-25 Source:linux-6.19-rc7.tar.gz Patch:full (incremental)

FEDORA-2026-216041a3e7 Packages in this update:

• openttd-15.1-1.fc42

Update description: 15.x 15.1 (2026-01-24)

• Fix #15088: When building a new train, the refit button state may be incorrect (#15162)
• Fix #15160: Incorrect company names displayed in load game window (#15161)
• Fix #15153: Wrong tile used to get bridge reservation overlay (#15154)
• Fix #15116: Old cargo/industry sets without cargo translation table broken (#15150)
• Fix: Possible crash converting company liveries in older savegames/scenarios (#15148)
• Fix: Allow infinite water to be (de)selected when loading heightmap (#15146)
• Fix: Tile suitability test for farm field no longer handled snow tiles (#15134)
• Fix #15131: Trees no longer spread on partially snowy tiles (#15133)
• Fix: Change tooltips to match change from checkboxes to switches (#15123)
• Fix: [Script] Potential out of bounds array/string slice indexes (#15106)
• Fix: [Script] Potential out of bounds indexed string access (#15106)
• Fix: [Script] Check if array sort function modified array (#15106)
• Fix #15069: World generation map edges GUI starts in an invalid state (#15082)
• Fix #15079: Incorrect dates shown on town cargo history graph (#15080)
• Fix #15067: Mark NewGRF settings as modified after moving by drag & drop (#15068)
• Fix: Incorrect error message for aqueducts reaching northern map borders (#14974)
• Fix: Standardize wording of GRF/NewGRF (#15059)
• Fix #15046: Crash on loading game due to invalid group parents (#15049)
• Fix: Disable_elrails handling with engines that use both RAIL and ELRL (#15045)
• Fix: [Fluidsynth] Read settings from system and user config files if available (#15044)
• Fix #15039: Name and version can disappear from content list (#15040)
• Fix #15026: Remove incorrect info from base sounds tooltip (#15029)
• Fix: [Script] Improve reporting of invalid GetAPIVersion return (#15015)
• Fix: [Script] Undefined behaviour after calling SwapList during iteration (#14805)

FEDORA-2026-dd8314c4f3 Packages in this update:

• openttd-15.1-1.fc43

Update description: 15.x 15.1 (2026-01-24)

• Fix #15088: When building a new train, the refit button state may be incorrect (#15162)
• Fix #15160: Incorrect company names displayed in load game window (#15161)
• Fix #15153: Wrong tile used to get bridge reservation overlay (#15154)
• Fix #15116: Old cargo/industry sets without cargo translation table broken (#15150)
• Fix: Possible crash converting company liveries in older savegames/scenarios (#15148)
• Fix: Allow infinite water to be (de)selected when loading heightmap (#15146)
• Fix: Tile suitability test for farm field no longer handled snow tiles (#15134)
• Fix #15131: Trees no longer spread on partially snowy tiles (#15133)
• Fix: Change tooltips to match change from checkboxes to switches (#15123)
• Fix: [Script] Potential out of bounds array/string slice indexes (#15106)
• Fix: [Script] Potential out of bounds indexed string access (#15106)
• Fix: [Script] Check if array sort function modified array (#15106)
• Fix #15069: World generation map edges GUI starts in an invalid state (#15082)
• Fix #15079: Incorrect dates shown on town cargo history graph (#15080)
• Fix #15067: Mark NewGRF settings as modified after moving by drag & drop (#15068)
• Fix: Incorrect error message for aqueducts reaching northern map borders (#14974)
• Fix: Standardize wording of GRF/NewGRF (#15059)
• Fix #15046: Crash on loading game due to invalid group parents (#15049)
• Fix: Disable_elrails handling with engines that use both RAIL and ELRL (#15045)
• Fix: [Fluidsynth] Read settings from system and user config files if available (#15044)
• Fix #15039: Name and version can disappear from content list (#15040)
• Fix #15026: Remove incorrect info from base sounds tooltip (#15029)
• Fix: [Script] Improve reporting of invalid GetAPIVersion return (#15015)
• Fix: [Script] Undefined behaviour after calling SwapList during iteration (#14805)

FEDORA-2026-c5295ae3b9 Packages in this update:

• cef-144.0.11^chromium144.0.7559.96-1.fc43

Update description:

Update to cef-144.0.11+ge135be2 + chromium 144.0.7559.96 (rhbz#2432335)

• CVE-2026-1220: Race in V8
• CVE-2026-0899: Out of bounds memory access in V8
• CVE-2026-0900: Inappropriate implementation in V8
• CVE-2026-0901: Inappropriate implementation in Blink
• CVE-2026-0902: Inappropriate implementation in V8
• CVE-2026-0903: Insufficient validation of untrusted input in Downloads
• CVE-2026-0904: Incorrect security UI in Digital Credentials
• CVE-2026-0905: Insufficient policy enforcement in Network
• CVE-2026-0906: Incorrect security UI
• CVE-2026-0907: Incorrect security UI in Split View
• CVE-2026-0908: Use after free in ANGLE

FEDORA-2026-68ca733984 Packages in this update:

• cef-144.0.11^chromium144.0.7559.96-1.fc42

Update description:

Update to cef-144.0.11+ge135be2 + chromium 144.0.7559.96 (rhbz#2432335)

• CVE-2026-1220: Race in V8
• CVE-2026-0899: Out of bounds memory access in V8
• CVE-2026-0900: Inappropriate implementation in V8
• CVE-2026-0901: Inappropriate implementation in Blink
• CVE-2026-0902: Inappropriate implementation in V8
• CVE-2026-0903: Insufficient validation of untrusted input in Downloads
• CVE-2026-0904: Incorrect security UI in Digital Credentials
• CVE-2026-0905: Insufficient policy enforcement in Network
• CVE-2026-0906: Incorrect security UI
• CVE-2026-0907: Incorrect security UI in Split View
• CVE-2026-0908: Use after free in ANGLE

FEDORA-2026-205d532069 Packages in this update:

• glibc-2.42-9.fc43

Update description:

This update switches the currency symbol for Bulgaria to the Euro.

Furthermore, it addresses several security vulnerabilities:

• A crash when wordexp is used with WRDE_REUSE (CVE-2025-15281)
• Information leakage from the stack if getnetbyaddr is called for the zero address (CVE-2026-0915)
• An integer overflow in memalign and related functions if they are called with out-of-bounds size/alignment combinations (CVE-2026-0861)
• LD_PROFILE is now ignored with a warning if LD_PROFILE_OUTPUT is not specified, rather than using the insecure /var/tmp default.

Version:next-20260123 (linux-next) Released:2026-01-23

FEDORA-2026-78d626bfca Packages in this update:

• mingw-python-wheel-0.46.3-1.fc42

Update description:

Update to 0.46.3, fixes CVE-2026-24049.

FEDORA-2026-3d31544140 Packages in this update:

• mingw-python-wheel-0.46.3-1.fc43

Update description:

Update to 0.46.3, fixes CVE-2026-24049.