Aggregator

FEDORA-2026-55dd4da86b Packages in this update:

• pypy3.10-7.3.19-11.3.10.fc44

Update description:

Security fix for CVE-2025-56005 for the bundled ply within the bundled pycparser

FEDORA-2026-6c4a7cd1b1 Packages in this update:

• pypy-7.3.21-3.fc43

Update description:

Fix jit backend for ppc64le and s390x

FEDORA-2026-496bf1e0dd Packages in this update:

• pypy-7.3.21-3.fc44

Update description:

Fix jit backend for ppc64le and s390x

FEDORA-2026-06635fd623 Packages in this update:

• pypy3.10-7.3.19-11.3.10.fc45

Update description:

Automatic update for pypy3.10-7.3.19-11.3.10.fc45.

Changelog * Thu Mar 19 2026 Charalampos Stratakis <cstratak@redhat.com> - 7.3.19-11 - Security fix for CVE-2025-56005 for the bundled ply within the bundled pycparser - Fixes: rhbz#2431977

FEDORA-2026-7585365ba3 Packages in this update:

• pypy-7.3.21-3.fc45

Update description:

Automatic update for pypy-7.3.21-3.fc45.

Changelog * Thu Mar 19 2026 Charalampos Stratakis <cstratak@redhat.com> - 7.3.21-2 - Security fix for CVE-2025-56005 for the bundled ply within the bundled pycparser - Fixes: rhbz#2431976 * Thu Mar 19 2026 Charalampos Stratakis <cstratak@redhat.com> - 7.3.21-1 - Update to 7.3.21 - Fixes: rhbz#2447284

Version:next-20260320 (linux-next) Released:2026-03-20

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - GPIO subsystem; - GPU drivers; - MMC subsystem; - BTRFS file system; - XFRM subsystem; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - SMC sockets; (CVE-2021-47599, CVE-2022-48875, CVE-2022-49072, CVE-2022-49267, CVE-2024-49927, CVE-2024-56640, CVE-2025-21780, CVE-2025-40215)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - MMC subsystem; - Network drivers; - USB Device Class drivers; - BTRFS file system; - HFS+ file system; - XFRM subsystem; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Simplified Mandatory Access Control Kernel framework; (CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659, CVE-2024-49927, CVE-2024-56548, CVE-2024-56581, CVE-2024-56593, CVE-2025-21704, CVE-2025-40215)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - MMC subsystem; - Network drivers; - USB Device Class drivers; - BTRFS file system; - HFS+ file system; - XFRM subsystem; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Simplified Mandatory Access Control Kernel framework; (CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659, CVE-2024-49927, CVE-2024-56548, CVE-2024-56581, CVE-2024-56593, CVE-2025-21704, CVE-2025-40215)

FEDORA-EPEL-2026-37ef30e238 Packages in this update:

• python-ujson-5.8.0-2.el9

Update description:

Backport fixes for CVE-2026-32874 and CVE-2026-32875

FEDORA-2026-8c07fcde49 Packages in this update:

• rubygem-json-2.13.2-2.fc43

Update description:

This new updates backports a fix for a format string injection vulnerability in JSON.parse, which is now assigned as CVE-2026-33210

FEDORA-EPEL-2026-74a1834691 Packages in this update:

• bcftools-1.23.1-1.el8
• htslib-1.23.1-1.el8
• samtools-1.23.1-1.el8

Update description:

Update to 1.23.1

FEDORA-EPEL-2026-52be5354a0 Packages in this update:

• perl-YAML-Syck-1.37-1.el9

Update description:

YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.

FEDORA-EPEL-2026-de60bba45b Packages in this update:

• perl-YAML-Syck-1.37-1.el10_2

Update description:

YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.

FEDORA-EPEL-2026-e7f8f46758 Packages in this update:

• perl-YAML-Syck-1.37-1.el10_3

Update description:

YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.

FEDORA-2026-3572f7e01c Packages in this update:

• perl-YAML-Syck-1.37-1.fc43

Update description:

YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.

FEDORA-2026-a8d89d8ae2 Packages in this update:

• perl-YAML-Syck-1.37-1.fc44

Update description:

YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.

FEDORA-2026-d226775800 Packages in this update:

• perl-YAML-Syck-1.37-1.fc42

Update description:

YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.

USN-8105-1 fixed vulnerabilities in FreeRDP. The update introduced a regression which could cause FreeRDP to crash. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that FreeRDP incorrectly handled certain RDP packets. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.