Aggregator

kernel-7.0.9-102.fc43

Fedora Security Advisories
1 week ago
FEDORA-2026-88a1fb9418 Packages in this update:
  • kernel-7.0.9-102.fc43
Update description:

The 7.0.9-102/202 stable kernel builds contain additional mitigations for new code paths in fragnesia, and a couple of other security updates without fancy names or CVEs assigned yet.

The 7.0.9 stable kernel update contains a number of important fixes across the tree.

pcs-0.12.2-2.fc45

Fedora Security Advisories
1 week 1 day ago
FEDORA-2026-a5176717a9 Packages in this update:
  • pcs-0.12.2-2.fc45
Update description:

Automatic update for pcs-0.12.2-2.fc45.

Changelog * Fri May 15 2026 Michal Pospíšil <mpospisi@redhat.com> - 0.12.2-2 - Updated standalone web UI and HA Cluster Management Cockpit application to pcs-web-ui 0.1.24.3 (see CHANGELOG_WUI.md) Resolves: rhbz#2454042 - Fixed a crash when running pcs resource|stonith list Resolves: rhbz#2458608 - Fixed order of resources in sets when listing configuration of constraints Resolves: rhbz#2461143

pcs-0.12.2-2.fc44

Fedora Security Advisories
1 week 1 day ago
FEDORA-2026-d420bebe72 Packages in this update:
  • pcs-0.12.2-2.fc44
Update description:
  • Updated standalone web UI and HA Cluster Management Cockpit application to pcs-web-ui 0.1.24.3 (see CHANGELOG_WUI.md)
  • Fixed a crash when running pcs resource|stonith list
  • Fixed order of resources in sets when listing configuration of constraints

pcs-0.12.2-2.fc43

Fedora Security Advisories
1 week 1 day ago
FEDORA-2026-c0f7d885ee Packages in this update:
  • pcs-0.12.2-2.fc43
Update description:
  • Updated standalone web UI and HA Cluster Management Cockpit application to pcs-web-ui 0.1.24.3 (see CHANGELOG_WUI.md)
  • Fixed a crash when running pcs resource|stonith list
  • Fixed order of resources in sets when listing configuration of constraints

perl-Crypt-DSA-1.17-29.el9

Fedora Security Advisories
1 week 1 day ago
FEDORA-EPEL-2026-2c8580b72a Packages in this update:
  • perl-Crypt-DSA-1.17-29.el9
Update description:

This update fixes a couple of security issues:

  • Replace two arg open (CVE-2026-8704)
  • Replace use of rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)

perl-Crypt-DSA-1.17-29.el8

Fedora Security Advisories
1 week 1 day ago
FEDORA-EPEL-2026-7dcb3efd8b Packages in this update:
  • perl-Crypt-DSA-1.17-29.el8
Update description:

This update fixes a couple of security issues:

  • Replace two arg open (CVE-2026-8704)
  • Replace use of rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)

dovecot-2.4.4-1.fc44

Fedora Security Advisories
1 week 1 day ago
FEDORA-2026-96eeb03b88 Packages in this update:
  • dovecot-2.4.4-1.fc44
Update description:
  • CVE-2026-27851: lib-var-expand: Safe filter marks all following pipelines safe.
  • CVE-2026-33603: auth: CRAM-SHA-*-PLUS channel binding could be faked. MITM attacker with a certificate trusted by the client could have bypassed the requirement for channel binding.
  • CVE-2026-40020: IMAP folders can be shared-spammed to everyone.
  • CVE-2026-42006: An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete.
  • indexer-worker, quota-status, script-login, program-client-local: Root privileges are now dropped permanently before serving requests.
  • indexer-worker: Default restart_request_count changed to 1 to work correctly after permanent root privilege drop.
  • lmtp: Add back service_extra_groups=$SET:default_internal_group that was incorrectly removed in v2.4.3.
  • master: inet_listener_reuse_port has been replaced by service_reuse_port. The new setting properly pre-creates all listener sockets at startup and assigns one unique socket per process. Using this allows evenly distributing incoming connections to login processes.

dovecot-2.4.4-1.fc43

Fedora Security Advisories
1 week 1 day ago
FEDORA-2026-693373747f Packages in this update:
  • dovecot-2.4.4-1.fc43
Update description:
  • CVE-2026-27851: lib-var-expand: Safe filter marks all following pipelines safe.
  • CVE-2026-33603: auth: CRAM-SHA-*-PLUS channel binding could be faked. MITM attacker with a certificate trusted by the client could have bypassed the requirement for channel binding.
  • CVE-2026-40020: IMAP folders can be shared-spammed to everyone.
  • CVE-2026-42006: An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete.
  • indexer-worker, quota-status, script-login, program-client-local: Root privileges are now dropped permanently before serving requests.
  • indexer-worker: Default restart_request_count changed to 1 to work correctly after permanent root privilege drop.
  • lmtp: Add back service_extra_groups=$SET:default_internal_group that was incorrectly removed in v2.4.3.
  • master: inet_listener_reuse_port has been replaced by service_reuse_port. The new setting properly pre-creates all listener sockets at startup and assigns one unique socket per process. Using this allows evenly distributing incoming connections to login processes.

perl-Crypt-DSA-1.20-1.el10_3

Fedora Security Advisories
1 week 1 day ago
FEDORA-EPEL-2026-bb3b5814c6 Packages in this update:
  • perl-Crypt-DSA-1.20-1.el10_3
Update description:

This update fixes a couple of security issues:

  • Replace two arg open (CVE-2026-8704)
  • Replace rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)

Upstream's use of the Crypt::SysRandom module is replaced by the equally-secure Crypt::URandom module, which is already a dependency of perl-Crypt-DSA: Crypt::SysRandom is not currently available in EPEL.

perl-Crypt-DSA-1.20-1.el10_2

Fedora Security Advisories
1 week 1 day ago
FEDORA-EPEL-2026-617040b22d Packages in this update:
  • perl-Crypt-DSA-1.20-1.el10_2
Update description:

This update fixes a couple of security issues:

  • Replace two arg open (CVE-2026-8704)
  • Replace rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)

Upstream's use of the Crypt::SysRandom module is replaced by the equally-secure Crypt::URandom module, which is already a dependency of perl-Crypt-DSA: Crypt::SysRandom is not currently available in EPEL.

perl-Crypt-DSA-1.20-1.el10_1

Fedora Security Advisories
1 week 1 day ago
FEDORA-EPEL-2026-c7fdab55d8 Packages in this update:
  • perl-Crypt-DSA-1.20-1.el10_1
Update description:

This update fixes a couple of security issues:

  • Replace two arg open (CVE-2026-8704)
  • Replace rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)

Upstream's use of the Crypt::SysRandom module is replaced by the equally-secure Crypt::URandom module, which is already a dependency of perl-Crypt-DSA: Crypt::SysRandom is not currently available in EPEL.

perl-Crypt-DSA-1.20-1.fc43

Fedora Security Advisories
1 week 1 day ago
FEDORA-2026-fdc100f74f Packages in this update:
  • perl-Crypt-DSA-1.20-1.fc43
Update description:

This update fixes a couple of security issues:

  • Replace two arg open (CVE-2026-8704)
  • Replace rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)

perl-Crypt-DSA-1.20-1.fc42

Fedora Security Advisories
1 week 1 day ago
FEDORA-2026-ffe3625a50 Packages in this update:
  • perl-Crypt-DSA-1.20-1.fc42
Update description:

This update fixes a couple of security issues:

  • Replace two arg open (CVE-2026-8704)
  • Replace rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)

perl-Crypt-DSA-1.20-1.fc44

Fedora Security Advisories
1 week 1 day ago
FEDORA-2026-cdcb20089b Packages in this update:
  • perl-Crypt-DSA-1.20-1.fc44
Update description:

This update fixes a couple of security issues:

  • Replace two arg open (CVE-2026-8704)
  • Replace rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)