Aggregator

SeungMyung Lee discovered that Rack::Session did not properly reject cookies upon decryption failure. A remote attacker could use this issue to manipulate session contents and possibly gain unauthorized access.

FEDORA-2026-2e8a8fd35b Packages in this update:

• miniupnpd-2.3.10-1.fc42

Update description:

2026/03/24: fix missing fclose and potential double free in option file parsing

2026/03/23: upnphttp.c: fix removal of quotes in ParseHttpHeaders() minixml.c: fix buffer read overflow

2026/02/05: Rewrite permission line parser

2025/05/26: Fix false negative filtered STUN CGNAT test result for unsupported servers #825

2025/05/24: Fix Mac OS X 10.9 build

2025/05/15: build: teststun executable

2025/04/28: pf: fix delete_pinhole for openbsd. Was broken since miniupnpd 2.3.7

2025/04/26 Fix parsing of interfaces names starting with a digit nftables: add counter for DNAT rule (ENABLE_NFT_RULE_COUNTER in config.h) nftables: improve scripts to support already existing tables

FEDORA-2026-5f908cb040 Packages in this update:

• miniupnpd-2.3.10-1.fc43

Update description:

2026/03/24: fix missing fclose and potential double free in option file parsing

2026/03/23: upnphttp.c: fix removal of quotes in ParseHttpHeaders() minixml.c: fix buffer read overflow

2026/02/05: Rewrite permission line parser

2025/05/26: Fix false negative filtered STUN CGNAT test result for unsupported servers #825

2025/05/24: Fix Mac OS X 10.9 build

2025/05/15: build: teststun executable

2025/04/28: pf: fix delete_pinhole for openbsd. Was broken since miniupnpd 2.3.7

2025/04/26 Fix parsing of interfaces names starting with a digit nftables: add counter for DNAT rule (ENABLE_NFT_RULE_COUNTER in config.h) nftables: improve scripts to support already existing tables

FEDORA-EPEL-2026-fca0ff7545 Packages in this update:

• ngtcp2-1.22.1-1.el9

Update description: Update to 1.22.1 (rhbz#2452790)

• Fixes CVE-2026-40170

FEDORA-EPEL-2026-146c20fe60 Packages in this update:

• ngtcp2-1.22.1-1.el10_3

Update description: Update to 1.22.1 (rhbz#2452790)

• Fixes CVE-2026-40170

FEDORA-2026-a0f25484e9 Packages in this update:

• ngtcp2-1.22.1-1.fc43

Update description: Update to 1.22.1 (rhbz#2452790)

• Fixes CVE-2026-40170

FEDORA-2026-705eb9cf95 Packages in this update:

• ngtcp2-1.22.1-1.fc44

Update description: Update to 1.22.1 (rhbz#2452790)

• Fixes CVE-2026-40170

It was discovered that RapidJSON did not properly protect against integer overflows in certain instances when parsing JSON text. A remote attacker could possibly use this issue to craft a malicious JSON file, that when read by RapidJSON, would lead to an elevation of privilege, resulting in the potential disclosure of sensitive information.

FEDORA-2026-f933979509 Packages in this update:

• miniupnpd-2.3.10-1.fc44

Update description:

2026/03/24: fix missing fclose and potential double free in option file parsing

2026/03/23: upnphttp.c: fix removal of quotes in ParseHttpHeaders() minixml.c: fix buffer read overflow

2026/02/05: Rewrite permission line parser

2025/05/26: Fix false negative filtered STUN CGNAT test result for unsupported servers #825

2025/05/24: Fix Mac OS X 10.9 build

2025/05/15: build: teststun executable

2025/04/28: pf: fix delete_pinhole for openbsd. Was broken since miniupnpd 2.3.7

2025/04/26 Fix parsing of interfaces names starting with a digit nftables: add counter for DNAT rule (ENABLE_NFT_RULE_COUNTER in config.h) nftables: improve scripts to support already existing tables

Version:next-20260420 (linux-next) Released:2026-04-20

FEDORA-2026-d08c298940 Packages in this update:

• openssh-9.9p1-14.fc42

Update description:

Fixes high severity CVE: - CVE-2026-35385: Fix privilege escalation via scp legacy protocol when not in preserving file mode

FEDORA-2026-93679cc7c2 Packages in this update:

• openssh-10.2p1-8.fc44

Update description:

• CVE-2026-35385: Fix privilege escalation via scp legacy protocol when not in preserving file mode
• CVE-2026-35388: Add connection multiplexing confirmation for proxy-mode multiplexing sessions
• CVE-2026-35387: Fix incomplete application of PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms with regard to ECDSA keys
• CVE-2026-35414: Fix mishandling of authorized_keys principals option
• CVE-2026-35386: Add validation rules to usernames and hostnames set for ProxyJump/-J on the commandline

FEDORA-2026-2cedc95af8 Packages in this update:

• openssh-10.0p1-9.fc43

Update description:

• CVE-2026-35385: Fix privilege escalation via scp legacy protocol when not in preserving file mode
• CVE-2026-35388: Add connection multiplexing confirmation for proxy-mode multiplexing sessions
• CVE-2026-35387: Fix incomplete application of PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms with regard to ECDSA keys
• CVE-2026-35414: Fix mishandling of authorized_keys principals option
• CVE-2026-35386: Add validation rules to usernames and hostnames set for ProxyJump/-J on the commandline

FEDORA-2026-e860be4db8 Packages in this update:

• sudo-1.9.17-7.p2.fc43

Update description:

Fix CVE-2026-35535

FEDORA-2026-6894ade78f Packages in this update:

• sudo-1.9.17-8.p2.fc44

Update description:

Fix CVE-2026-35535

FEDORA-EPEL-2026-a0842eadb1 Packages in this update:

• botan3-3.9.0-3.el10_3

Update description:

Fix security vulnerabilities CVE-2026-32877,CVE-2026-32883,CVE-2026-32884,CVE-2026-34580,CVE-2026-34582

FEDORA-2026-bd25e30303 Packages in this update:

• botan3-3.9.0-6.fc44

Update description:

Fix security vulnerabilities CVE-2026-32877,CVE-2026-32883,CVE-2026-32884,CVE-2026-34580,CVE-2026-34582

FEDORA-2026-1fd21102d1 Packages in this update:

• python3.14-3.14.4-2.fc42

Update description:

Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-5713, CVE-2026-6100

New minor version of the alternate Python interpreter