Aggregator

FEDORA-2026-7567819345 Packages in this update:

• freeipa-4.13.1-12.fc44
• samba-4.24.3-1.fc44

Update description:

Update to Samba 4.24.3 - Security fix for CVE-2026-4480, CVE-2026-2340, CVE-2026-3012, CVE-2026-1933, CVE-2026-4408, and CVE-2026-3238

FEDORA-2026-9b08621bdc Packages in this update:

• freeipa-4.13.1-16.fc45
• samba-4.24.3-1.fc45

Update description:

Update to Samba 4.24.3 - Security fix for CVE-2026-4480, CVE-2026-2340, CVE-2026-3012, CVE-2026-1933, CVE-2026-4408, and CVE-2026-3238

FEDORA-EPEL-2026-0e1191456b Packages in this update:

• pdns-5.0.5-1.el9

Update description:

• Update to 5.0.5
• Fix for CVE-2026-42000, CVE-2026-42001, CVE-2026-42002, CVE-2026-41999, CVE-2026-42396

Security Advisory: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html

It was discovered that the vendored LibTIFF in QT WebEngine incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code.

It was discovered that the vendored LibTIFF in Texmaker incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code.

It was discovered that the vendored LibTIFF in GDAL incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code.

FEDORA-EPEL-2026-39d9295352 Packages in this update:

• libre-4.8.1-1.el10_3

Update description: libre v4.8.1 (2026-05-28)

• fmt/pl: add pl_strip_html()
• sys/fs: add getpwuid fallback for fs_gethome
• tls: remove unused include rsa.h
• ice: check source address of incoming application packets
• websock: Fix integer overflow in websock_decode() masked frame check
  • https://github.com/baresip/re/security/advisories/GHSA-hvxv-v2gp-v93h
  • https://github.com/baresip/baresip/issues/3705

FEDORA-2026-bfba5a213d Packages in this update:

• libre-4.8.1-1.fc43

Update description: libre v4.8.1 (2026-05-28)

• fmt/pl: add pl_strip_html()
• sys/fs: add getpwuid fallback for fs_gethome
• tls: remove unused include rsa.h
• ice: check source address of incoming application packets
• websock: Fix integer overflow in websock_decode() masked frame check
  • https://github.com/baresip/re/security/advisories/GHSA-hvxv-v2gp-v93h
  • https://github.com/baresip/baresip/issues/3705

FEDORA-EPEL-2026-e3f844d4d5 Packages in this update:

• libre-4.8.1-1.el9

Update description: libre v4.8.1 (2026-05-28)

• fmt/pl: add pl_strip_html()
• sys/fs: add getpwuid fallback for fs_gethome
• tls: remove unused include rsa.h
• ice: check source address of incoming application packets
• websock: Fix integer overflow in websock_decode() masked frame check
  • https://github.com/baresip/re/security/advisories/GHSA-hvxv-v2gp-v93h
  • https://github.com/baresip/baresip/issues/3705

FEDORA-EPEL-2026-035f48b183 Packages in this update:

• libre-4.8.1-1.el8

Update description: libre v4.8.1 (2026-05-28)

• fmt/pl: add pl_strip_html()
• sys/fs: add getpwuid fallback for fs_gethome
• tls: remove unused include rsa.h
• ice: check source address of incoming application packets
• websock: Fix integer overflow in websock_decode() masked frame check
  • https://github.com/baresip/re/security/advisories/GHSA-hvxv-v2gp-v93h
  • https://github.com/baresip/baresip/issues/3705

FEDORA-EPEL-2026-fdfd52de3c Packages in this update:

• libre-4.8.1-1.el10_2

Update description: libre v4.8.1 (2026-05-28)

• fmt/pl: add pl_strip_html()
• sys/fs: add getpwuid fallback for fs_gethome
• tls: remove unused include rsa.h
• ice: check source address of incoming application packets
• websock: Fix integer overflow in websock_decode() masked frame check
  • https://github.com/baresip/re/security/advisories/GHSA-hvxv-v2gp-v93h
  • https://github.com/baresip/baresip/issues/3705

FEDORA-2026-837d6ef455 Packages in this update:

• libre-4.8.1-1.fc44

Update description: libre v4.8.1 (2026-05-28)

• fmt/pl: add pl_strip_html()
• sys/fs: add getpwuid fallback for fs_gethome
• tls: remove unused include rsa.h
• ice: check source address of incoming application packets
• websock: Fix integer overflow in websock_decode() masked frame check
  • https://github.com/baresip/re/security/advisories/GHSA-hvxv-v2gp-v93h
  • https://github.com/baresip/baresip/issues/3705

FEDORA-2026-e0f378428e Packages in this update:

• python-starlette-0.52.1-2.fc43

Update description:

Backport fix for CVE-2026-48710

Thomas Beckers discovered that the JAXP component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. (CVE-2026-22016) It was discovered that the Networking component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2026-34282) It was discovered that the JSSE component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2026-22021) It was discovered that the JGSS component of OpenJDK 26 did not correctly authenticate certain APIs. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-22013) It was discovered that the 2D component of OpenJDK 26 did not correctly handle certain integer arithmetic. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to obtain sensitive information. (CVE-2026-23865) It was discovered that the Libraries component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to modify data. (CVE-2026-22008) It was discovered that the Libraries component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2026-22018) Ken Pyle discovered that the Security component of OpenJDK 26 did not correctly authenticate certain APIs. A local attacker could possibly use this issue to obtain sensitive information. (CVE-2026-22007, CVE-2026-34268) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2026-04-21

It was discovered that pip incorrectly handled TLS certificate verification in session connections. If a session was first used with certificate verification disabled, subsequent requests to the same host would also skip verification regardless of the session's current settings. A remote attacker could possibly use this issue to perform a machine-in-the-middle attack and expose sensitive information. (CVE-2024-35195) It was discovered that pip's bundled urllib3 library did not limit the number of decompression steps when processing HTTP responses. A remote attacker could possibly use this issue to cause pip to consume excessive resources, leading to a denial of service. (CVE-2025-66418) It was discovered that pip's bundled urllib3 library improperly handled streaming decompression of highly compressed data. A remote attacker could possibly use this issue to cause pip to consume excessive resources, leading to a denial of service. (CVE-2025-66471)

FEDORA-2026-3bce8d3f11 Packages in this update:

• python-starlette-0.52.1-2.fc44

Update description:

Backport fix for CVE-2026-48710

FEDORA-EPEL-2026-688571a474 Packages in this update:

• nextcloud-33.0.4-1.el10_2

Update description:

33.0.4 Release