Aggregator

FEDORA-2026-66bba52149 Packages in this update:

• kernel-7.0.9-205.fc44

Update description:

The 7.0.9-105/205 stable kernel updates contain a couple if important security fixes.

FEDORA-2026-94731f4ace Packages in this update:

• kernel-7.0.9-105.fc43

Update description:

The 7.0.9-105/205 stable kernel updates contain a couple if important security fixes.

FEDORA-2026-b626e83a45 Packages in this update:

• bind-9.18.49-1.fc43
• bind-dyndb-ldap-11.11-13.fc43

Update description: Update to 9.18.49 (rhbz#2480121) Security Fixes:

• Limit resolver server list size. (CVE-2026-3592)
• Fix GSS-API resource leak. (CVE-2026-3039)
• Disable recursion, UPDATE, and NOTIFY for non-IN views. (CVE-2026-5946)
• Avoid unbounded recursion loop. (CVE-2026-5950)
• Fix outgoing zone transfers' quota issue.

Feature Changes:

• Fix CPU spikes and slow queries when cache approaches memory limit.

Bug Fixes:

• Fix named crash when processing SIG records in dynamic updates.
• Fix rndc modzone behavior for a zone in named.conf.
• Fix zone verification of NSEC3 signed zones.
• Prevent a crash when using both dns64 and filter-aaaa.
• Fixed an assertion failure when processing catalog zones.
• Prevent malicious DNSSEC zones from exhausting validator CPU.
• Fix rndc-confgen aborting on HMAC-SHA-384/512 keys above 512 bits.
• Prevent crafted queries from degrading RRL performance.
• Fix a bug in allow-query/allow-transfer catalog zone custom properties.
• Fix a memory leak issue in catalog zones.
• Fix suppressed missing-glue check in named-checkzone.
• Reject record sets too large to serve in DNS.

Source: https://downloads.isc.org/isc/bind9/9.18.49/doc/arm/html/notes.html#notes-for-bind-9-18-49

FEDORA-2026-411248c8d9 Packages in this update:

• bind-9.18.49-1.fc44
• bind-dyndb-ldap-11.11-15.fc44

Update description: Update to 9.18.49 (rhbz#2480121) Security Fixes:

• Limit resolver server list size. (CVE-2026-3592)
• Fix GSS-API resource leak. (CVE-2026-3039)
• Disable recursion, UPDATE, and NOTIFY for non-IN views. (CVE-2026-5946)
• Avoid unbounded recursion loop. (CVE-2026-5950)
• Fix outgoing zone transfers' quota issue.

Feature Changes:

• Fix CPU spikes and slow queries when cache approaches memory limit.

Bug Fixes:

• Fix named crash when processing SIG records in dynamic updates.
• Fix rndc modzone behavior for a zone in named.conf.
• Fix zone verification of NSEC3 signed zones.
• Prevent a crash when using both dns64 and filter-aaaa.
• Fixed an assertion failure when processing catalog zones.
• Prevent malicious DNSSEC zones from exhausting validator CPU.
• Fix rndc-confgen aborting on HMAC-SHA-384/512 keys above 512 bits.
• Prevent crafted queries from degrading RRL performance.
• Fix a bug in allow-query/allow-transfer catalog zone custom properties.
• Fix a memory leak issue in catalog zones.
• Fix suppressed missing-glue check in named-checkzone.
• Reject record sets too large to serve in DNS.

Source: https://downloads.isc.org/isc/bind9/9.18.49/doc/arm/html/notes.html#notes-for-bind-9-18-49

FEDORA-EPEL-2026-86e966dca4 Packages in this update:

• pdns-5.0.5-1.el10_3

Update description:

• Update to 5.0.5
• Fix for CVE-2026-42000, CVE-2026-42001, CVE-2026-42002, CVE-2026-41999, CVE-2026-42396

Security Advisory: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html

FEDORA-EPEL-2026-533c3439ba Packages in this update:

• pdns-5.0.5-1.el10_2

Update description:

• Update to 5.0.5
• Fix for CVE-2026-42000, CVE-2026-42001, CVE-2026-42002, CVE-2026-41999, CVE-2026-42396

Security Advisory: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html

FEDORA-2026-a6e5b1263b Packages in this update:

• pdns-5.0.5-1.fc44

Update description:

• Update to 5.0.5
• Fix for CVE-2026-42000, CVE-2026-42001, CVE-2026-42002, CVE-2026-41999, CVE-2026-42396

Security Advisory: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html

FEDORA-2026-6458693037 Packages in this update:

• pdns-5.0.5-1.fc43

Update description:

• Update to 5.0.5
• Fix for CVE-2026-42000, CVE-2026-42001, CVE-2026-42002, CVE-2026-41999, CVE-2026-42396

Security Advisory: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html

FEDORA-EPEL-2026-78a69d7632 Packages in this update:

• perl-Sereal-Decoder-4.018-2.el9

Update description:

This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer.

FEDORA-EPEL-2026-9c8dc0ea44 Packages in this update:

• perl-Sereal-Decoder-4.018-2.el8

Update description:

This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer.

FEDORA-EPEL-2026-daf86178f8 Packages in this update:

• perl-Sereal-5.006-1.el10_3
• perl-Sereal-Decoder-5.006-1.el10_3
• perl-Sereal-Encoder-5.006-1.el10_3

Update description:

This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer.

It was discovered that libarchive incorrectly handled certain RAR archives. An attacker could possibly use this issue to cause an out-of-bounds read via a crafted RAR archive, leading to sensitive memory disclosure. (CVE-2026-4424) It was discovered that libarchive incorrectly handled certain ISO files. An attacker could possibly use this issue to cause incorrect memory allocation via a crafted ISO file, leading to a denial of service. (CVE-2026-4426) It was discovered that libarchive incorrectly handled block pointer allocation in zisofs on 32-bit systems. An attacker could possibly use this issue to cause a heap buffer overflow via a crafted ISO9660 image, possibly leading to arbitrary code execution. (CVE-2026-5121)

FEDORA-2026-d275a6eaac Packages in this update:

• docker-compose-5.1.4-1.fc42

Update description:

• Update to release v5.1.4
• Resolves: rhbz#2480186
• Upstream fixes

• Update to release v5.1.3
• Resolves rhbz#2458697
• Resolves CVE-2026-33747: rhbz#2452188, rhbz#2452199
• Resolves CVE-2026-33748: rhbz#2453089
• Upstream fixes

FEDORA-2026-e3757dab23 Packages in this update:

• vim-9.2.506-2.fc43

Update description:

switch to GTK4 for GVim

Fix CVE-2026-46483

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; - Netfilter; - io_uring subsystem; (CVE-2024-35862, CVE-2024-50060, CVE-2026-23274, CVE-2026-23351)

Version:next-20260521 (linux-next) Released:2026-05-21

It was discovered that Path-to-Regexp incorrectly handled route patterns containing multiple named parameters separated by non-delimiter characters such as hyphens. An attacker could possibly use this issue to cause a denial of service via catastrophic backtracking in the generated regular expressions.

USN-8202-1 fixed vulnerabilities in jq. The update caused a regression for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was addressed in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-32316) It was discovered that jq did not correctly handle recursion in certain circumstances. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-33947) It was discovered that jq did not correctly handle improperly terminated strings. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was addressed in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-33948) It was discovered that jq did not correctly handle checking certain variable types. An attacker could possibly use this issue to cause a denial of service or leak sensitive information. This issue was addressed in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-39956) It was discovered that jq did not correctly handle certain string formatting. An attacker could possibly use this issue to leak sensitive information or cause a denial of service. (CVE-2026-39979) It was discovered that jq used a fixed seed for hash table operations. An attacker could possibly use this issue to cause a denial of service. This issue was addressed in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-40164)