Aggregator

FEDORA-2026-168ebcb4a8 Packages in this update:

• libpng-1.6.55-1.fc42

Update description:

Version 1.6.54 [January 12, 2026] Fixed CVE-2026-22695 (medium severity): Heap buffer over-read in png_image_read_direct_scaled. Fixed CVE-2026-22801 (medium severity): Integer truncation causing heap buffer over-read in png_image_write_*.

Version 1.6.55 [February 9, 2026] Fixed CVE-2026-25646 (high severity): Heap buffer overflow in png_set_quantize.

FEDORA-2026-a9ae661fa2 Packages in this update:

• libpng-1.6.55-1.fc43

Update description:

Version 1.6.54 [January 12, 2026] Fixed CVE-2026-22695 (medium severity): Heap buffer over-read in png_image_read_direct_scaled. Fixed CVE-2026-22801 (medium severity): Integer truncation causing heap buffer over-read in png_image_write_*.

Version 1.6.55 [February 9, 2026] Fixed CVE-2026-25646 (high severity): Heap buffer overflow in png_set_quantize.

Version:next-20260213 (linux-next) Released:2026-02-13

FEDORA-2026-4366b8d2d8 Packages in this update:

• mupdf-1.26.3-5.fc42

Update description:

fix CVE-2026-25556 (rhbz#2437973)

FEDORA-2026-1771771381 Packages in this update:

• rsync-3.4.1-4.fc42

Update description:

Fix for CVE-2025-10158

FEDORA-2026-77de001ef5 Packages in this update:

• rsync-3.4.1-5.fc43

Update description:

Fix for CVE-2025-10158

FEDORA-2026-086a367966 Packages in this update:

• python-uv-build-0.10.2-1.fc42
• rust-ambient-id-0.0.10-1.fc42
• uv-0.10.2-1.fc42

Update description:

Update uv and python-uv-build to 0.10.2. There are some minor breaking changes in uv; most users should not have to change anything. See https://github.com/astral-sh/uv/blob/0.10.2/CHANGELOG.md for details. There are no breaking changes to python-uv-build.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Nios II architecture; - Sun Sparc architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - Drivers core; - Bus devices; - Hardware random number generator core; - Data acquisition framework and drivers; - CPU frequency scaling framework; - DMA engine subsystem; - GPU drivers; - HW tracing; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - MOST (Media Oriented Systems Transport) drivers; - MTD block device drivers; - Network drivers; - NVME drivers; - PCI subsystem; - Performance monitor drivers; - Pin controllers subsystem; - x86 platform drivers; - PPS (Pulse Per Second) driver; - PWM drivers; - SCSI subsystem; - TCM subsystem; - Userspace I/O drivers; - USB Gadget drivers; - USB Host Controller drivers; - Framebuffer layer; - BTRFS file system; - File systems infrastructure; - Ext4 file system; - Network file system (NFS) server daemon; - NTFS3 file system; - SMB network file system; - padata parallel execution mechanism; - IP tunnels definitions; - Network sockets; - XFRM subsystem; - Control group (cgroup); - Padata parallel execution mechanism; - PID allocator; - Tracing infrastructure; - Memory management; - 9P file system network protocol; - Ethernet bridge; - Ceph Core library; - Networking core; - IPv4 networking; - IPv6 networking; - NFC subsystem; - RF switch subsystem; - SCTP protocol; - Unix domain sockets; - VMware vSockets driver; - Intel ASoC drivers; - USB sound devices; (CVE-2024-53114, CVE-2024-56538, CVE-2024-58011, CVE-2025-21861, CVE-2025-22058, CVE-2025-23143, CVE-2025-38236, CVE-2025-38248, CVE-2025-38584, CVE-2025-39869, CVE-2025-39873, CVE-2025-39876, CVE-2025-39880, CVE-2025-39883, CVE-2025-39885, CVE-2025-39907, CVE-2025-39911, CVE-2025-39913, CVE-2025-39923, CVE-2025-39934, CVE-2025-39937, CVE-2025-39943, CVE-2025-39945, CVE-2025-39949, CVE-2025-39951, CVE-2025-39953, CVE-2025-39955, CVE-2025-39967, CVE-2025-39968, CVE-2025-39969, CVE-2025-39970, CVE-2025-39971, CVE-2025-39972, CVE-2025-39973, CVE-2025-39980, CVE-2025-39985, CVE-2025-39986, CVE-2025-39987, CVE-2025-39988, CVE-2025-39994, CVE-2025-39995, CVE-2025-39996, CVE-2025-39998, CVE-2025-40001, CVE-2025-40006, CVE-2025-40011, CVE-2025-40020, CVE-2025-40021, CVE-2025-40026, CVE-2025-40027, CVE-2025-40029, CVE-2025-40030, CVE-2025-40035, CVE-2025-40042, CVE-2025-40043, CVE-2025-40044, CVE-2025-40048, CVE-2025-40049, CVE-2025-40053, CVE-2025-40055, CVE-2025-40060, CVE-2025-40068, CVE-2025-40070, CVE-2025-40078, CVE-2025-40081, CVE-2025-40085, CVE-2025-40087, CVE-2025-40088, CVE-2025-40092, CVE-2025-40094, CVE-2025-40105, CVE-2025-40106, CVE-2025-40109, CVE-2025-40111, CVE-2025-40112, CVE-2025-40115, CVE-2025-40116, CVE-2025-40118, CVE-2025-40120, CVE-2025-40121, CVE-2025-40124, CVE-2025-40125, CVE-2025-40126, CVE-2025-40127, CVE-2025-40134, CVE-2025-40140, CVE-2025-40153, CVE-2025-40154, CVE-2025-40167, CVE-2025-40171, CVE-2025-40173, CVE-2025-40178, CVE-2025-40179, CVE-2025-40183, CVE-2025-40187, CVE-2025-40188, CVE-2025-40194, CVE-2025-40200, CVE-2025-40204, CVE-2025-40205, CVE-2025-40215, CVE-2025-40219, CVE-2025-40220, CVE-2025-40223, CVE-2025-40231, CVE-2025-40233, CVE-2025-40240, CVE-2025-40243, CVE-2025-40244, CVE-2025-40245, CVE-2025-40346, CVE-2025-40349, CVE-2025-40351, CVE-2025-68249)

FEDORA-2026-f4563b100f Packages in this update:

• vim-9.1.2146-1.fc42

Update description:

patchlevel 2146

Security fix for CVE-2026-25749

FEDORA-2026-7eda235f65 Packages in this update:

• vim-9.1.2146-1.fc43

Update description:

patchlevel 2146

Security fix for CVE-2026-25749

FEDORA-2026-6ee987bce2 Packages in this update:

• python3.13-3.13.12-1.fc43

Update description:

Update to 3.13.12

FEDORA-EPEL-2026-e148a6bb84 Packages in this update:

• python3.13-3.13.12-1.el10_1

Update description:

Update to 3.13.12

Yuhan Gao and Peng Zhou discovered that Dottie was vulnerable to prototype pollution when altering the __proto__ magical attribute. An attacker could possibly use this issue to achieve remote code execution.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Padata parallel execution mechanism; - Netfilter; (CVE-2022-49698, CVE-2025-21726, CVE-2025-40019)

Titouan Lazard discovered that MUNGE contained an exploitable buffer overflow in munged (the MUNGE authentication daemon). A local attacker could possibly use this issue to forge MUNGE credentials, leading to arbitrary code execution.

It was discovered that the libpng simplified API incorrectly handled quantizing RGB images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service.

It was discovered that nginx incorrectly handled proxying to upstream TLS servers. An attacker could possibly use this issue to insert plain text data into the response from an upstream proxied server.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; - NVME drivers; - File systems infrastructure; - Timer subsystem; - Memory management; - Packet sockets; (CVE-2022-48986, CVE-2024-27078, CVE-2024-49959, CVE-2024-50195, CVE-2024-56606, CVE-2024-56756, CVE-2025-39993)

FEDORA-2026-b1b37b00ef Packages in this update:

• python3.13-3.13.12-1.fc42
• python3-docs-3.13.12-1.fc42

Update description:

Update to 3.13.12