Aggregator

FEDORA-2026-b78d5204fe Packages in this update:

• mysql8.0-8.0.46-1.fc42

Update description:

MySQL 8.0.46

Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-46.html Known issue: s390x-specific issue - zlib with DFLTCC compressed pages with low KEY_BLOCK_SIZE values can cause ER_TOO_BIG_ROWSIZE errors in tables near the column count and their size limits. EOL notice: As of April 2026, with version 8.0.46, MySQL 8.0 reached End of Life (EoL).

It is discovered that Avahi incorrectly handled crafted input. A remote attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2026-24401) Guillaume Meunier discovered that Avahi incorrectly handled crafted input. An attacker could possibly use this issue to crash the program, resulting in a denial of service. (CVE-2026-34933)

FEDORA-EPEL-2026-f4f7a26f7a Packages in this update:

• proftpd-1.3.6e-10.el8

Update description:

This update contains an updated mod_wrap2_sql that addresses a potential SQL injection issue when connected to from a client with a maliciously-constructed reverse DNS record (CVE-2026-44331). Note that mod_wrap2_sql is not enabled by default and the issue can only happen if UseReverseDNS is enabled, which is also off by default.

FEDORA-EPEL-2026-ddf8b5eac2 Packages in this update:

• proftpd-1.3.8d-3.el9

Update description:

This update contains an updated mod_wrap2_sql that addresses a potential SQL injection issue when connected to from a client with a maliciously-constructed reverse DNS record (CVE-2026-44331). Note that mod_wrap2_sql is not enabled by default and the issue can only happen if UseReverseDNS is enabled, which is also off by default.

FEDORA-EPEL-2026-fda27c1b84 Packages in this update:

• proftpd-1.3.9a-2.el10_3

Update description:

This update contains an updated mod_wrap2_sql that addresses a potential SQL injection issue when connected to from a client with a maliciously-constructed reverse DNS record (CVE-2026-44331). Note that mod_wrap2_sql is not enabled by default and the issue can only happen if UseReverseDNS is enabled, which is also off by default.

FEDORA-EPEL-2026-9f8a61c142 Packages in this update:

• proftpd-1.3.9a-2.el10_2

Update description:

This update contains an updated mod_wrap2_sql that addresses a potential SQL injection issue when connected to from a client with a maliciously-constructed reverse DNS record (CVE-2026-44331). Note that mod_wrap2_sql is not enabled by default and the issue can only happen if UseReverseDNS is enabled, which is also off by default.

FEDORA-EPEL-2026-c8e9680bd3 Packages in this update:

• proftpd-1.3.9a-2.el10_1

Update description:

This update contains an updated mod_wrap2_sql that addresses a potential SQL injection issue when connected to from a client with a maliciously-constructed reverse DNS record (CVE-2026-44331). Note that mod_wrap2_sql is not enabled by default and the issue can only happen if UseReverseDNS is enabled, which is also off by default.

FEDORA-2026-871243b391 Packages in this update:

• proftpd-1.3.9a-2.fc44

Update description:

This update contains an updated mod_wrap2_sql that addresses a potential SQL injection issue when connected to from a client with a maliciously-constructed reverse DNS record (CVE-2026-44331). Note that mod_wrap2_sql is not enabled by default and the issue can only happen if UseReverseDNS is enabled, which is also off by default.

FEDORA-2026-4ddb108952 Packages in this update:

• proftpd-1.3.9a-2.fc43

Update description:

This update contains an updated mod_wrap2_sql that addresses a potential SQL injection issue when connected to from a client with a maliciously-constructed reverse DNS record (CVE-2026-44331). Note that mod_wrap2_sql is not enabled by default and the issue can only happen if UseReverseDNS is enabled, which is also off by default.

It was discovered that Exim incorrectly handled BDAT body parsing. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code.

FEDORA-2026-79e64d2daa Packages in this update:

• python-dotenv-1.2.2-1.fc44

Update description:

Update to 1.2.2, security fix for CVE-2026-28684.

FEDORA-2026-20312e36a8 Packages in this update:

• python-dotenv-1.2.2-1.fc43

Update description:

Update to 1.2.2, security fix for CVE-2026-28684.

FEDORA-2026-4542b2d7aa Packages in this update:

• firefox-150.0.3-1.fc43

Update description:

• New upstream release (150.0.3)

FEDORA-2026-c62259888c Packages in this update:

• firefox-150.0.3-1.fc42

Update description:

• New upstream release (150.0.3)

FEDORA-2026-9cf92027ec Packages in this update:

• mingw-expat-2.8.1-1.fc43

Update description:

Update to expat-2.8.1.

FEDORA-2026-163d1fe6c0 Packages in this update:

• mingw-expat-2.8.1-1.fc44

Update description:

Update to expat-2.8.1.

FEDORA-2026-6384a3cf14 Packages in this update:

• dnsmasq-2.92rel2-2.fc43

Update description: Update to 2.92rel2 2.92 point release incorporating fixes for:

• CVE-2026-2291
• CVE-2026-4890
• CVE-2026-4891
• CVE-2026-4892
• CVE-2026-4893
• CVE-2026-5172

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html

FEDORA-2026-ac5cceec13 Packages in this update:

• dnsmasq-2.92rel2-9.fc44

Update description: Update to 2.92rel2 2.92 point release incorporating fixes for:

• CVE-2026-2291
• CVE-2026-4890
• CVE-2026-4891
• CVE-2026-4892
• CVE-2026-4893
• CVE-2026-5172

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html

FEDORA-2026-649806ee21 Packages in this update:

• nodejs22-22.22.2-3.fc42

Update description:

Update to version 22.22.2

FEDORA-2026-c8173d7dcd Packages in this update:

• proftpd-1.3.9a-2.fc45

Update description:

Automatic update for proftpd-1.3.9a-2.fc45.

Changelog * Mon May 11 2026 Paul Howarth <paul@city-fan.org> - 1.3.9a-2 - Additional escaping for avoidance of SQL injection issues with %{note:...} and %{env:...}; these are on top of the existing fix for CVE-2026-42167 in 1.3.9a - Fix for SQL Injection in mod_wrap2_sql via reverse DNS hostname (CVE-2026-44331, rhbz#2466899, https://github.com/proftpd/proftpd/issues/2057)