Aggregator

FEDORA-2026-2d0a32ddc0 Packages in this update:

• rubygem-yard-0.9.37-5.fc43

Update description:

Backport 0.9.41 / 0.9.44 fixes for possible path traversal issues

FEDORA-2026-acefc1fe48 Packages in this update:

• rubygem-yard-0.9.40-2.fc44

Update description:

Backport 0.9.41 / 0.9.44 fixes for possible path traversal issues

FEDORA-EPEL-2026-ea9af18b11 Packages in this update:

• strongswan-6.0.6-1.el9

Update description:

Update to 6.0.6 to fix CVE-2026-35328, CVE-2026-35329, CVE-2026-35330, CVE-2026-35331, CVE-2026-35332, CVE-2026-35333, CVE-2026-35334, CVE-2026-25075, CVE-2025-9615, CVE-2025-62291

FEDORA-2026-ecfadb29a1 Packages in this update:

• rust-sequoia-cert-store-0.7.3-1.fc43
• rust-sequoia-chameleon-gnupg-0.13.1-13.fc43
• rust-sequoia-octopus-librnp-1.11.1-7.fc43
• rust-sequoia-sop-0.37.3-4.fc43
• rust-sequoia-sq-1.3.1-12.fc43
• rust-sequoia-wot-0.15.2-1.fc43

Update description:

• Update the sequoia-wot crate to version 0.15.2.
• Update the sequoia-keystore crate to version 0.7.3.

This includes a rebuild of all dependent applications to address three low-severity security vulnerabilities in sequoia-wot:

• https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/77605b2f
• https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/81210321
• https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/dd2ffb50

FEDORA-2026-5c5f4f40a4 Packages in this update:

• rust-sequoia-cert-store-0.7.3-1.fc44
• rust-sequoia-chameleon-gnupg-0.13.1-13.fc44
• rust-sequoia-octopus-librnp-1.11.1-7.fc44
• rust-sequoia-sop-0.37.3-4.fc44
• rust-sequoia-sq-1.3.1-12.fc44
• rust-sequoia-wot-0.15.2-1.fc44

Update description:

• Update the sequoia-wot crate to version 0.15.2.
• Update the sequoia-keystore crate to version 0.7.3.

This includes a rebuild of all dependent applications to address three low-severity security vulnerabilities in sequoia-wot:

• https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/77605b2f
• https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/81210321
• https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/dd2ffb50

FEDORA-2026-4a6b728056 Packages in this update:

• dolphin-emu-2503a-16.fc45

Update description:

Automatic update for dolphin-emu-2503a-16.fc45.

Changelog * Wed May 27 2026 Jeremy Newton <alexjnewt@hotmail.com> - 2503a-16 - Fix RHBZ#2454084

FEDORA-EPEL-2026-9b6d13e4b9 Packages in this update:

• strongswan-6.0.6-1.el10_3

Update description:

Fixes CVE-2026-35328, CVE-2026-35329, CVE-2026-35330, CVE-2026-35331, CVE-2026-35332, CVE-2026-35333, CVE-2026-35334, CVE-2026-25075, CVE-2025-9615, CVE-2025-62291

Matthias Gerstner discovered that Foomuuri's D-Bus service did not properly enforce authorization. An unprivileged local attacker could possibly use this issue to manipulate the firewall configuration, contrary to expectations. (CVE-2025-67603) Matthias Gerstner discovered that Foomuuri's D-Bus service did not properly validate interface names. A local attacker could possibly use this issue to manipulate the firewall configuration in unintended ways. (CVE-2025-67858)

FEDORA-2026-bc20b091a8 Packages in this update:

• kernel-7.0.10-201.fc44

Update description:

The 7.0.10-101/201 stable kernel updates contain a number of important fixes across the tree.

FEDORA-2026-146d86eefc Packages in this update:

• kernel-7.0.10-101.fc43

Update description:

The 7.0.10-101/201 stable kernel updates contain a number of important fixes across the tree.

Version:next-20260527 (linux-next) Released:2026-05-27

It was discovered that tgt incorrectly tried to achieve entropy by calling rand without srand. An attacker could possibly use this issue to make tgt generate an identical sequence of challenges, resulting in authentication bypass.

It was discovered that Apache Tika incorrectly handled XML external entities when parsing XFA content in PDF files. An attacker could possibly use this issue to obtain sensitive information or send malicious requests to internal resources or third-party servers.

FEDORA-2026-f2c746ff8e Packages in this update:

• perl-Crypt-Argon2-0.031-1.fc43
• perl-Dist-Build-0.028-1.fc43
• perl-ExtUtils-Builder-0.020-1.fc43
• perl-ExtUtils-Builder-Compiler-0.036-1.fc43

Update description:

Update to 0.031 #2477035 #2481131 fixes CVE-2026-8463

It was discovered that Postorius did not properly escape HTML in message subjects when rendering the Held messages pop-up. An attacker could possibly use this issue to inject arbitrary HTML, resulting in exposure of sensitive information.

It was discovered that Apache Commons BeanUtils incorrectly allowed access to the declaredClass property of Java enum objects when handling externally supplied property paths. An attacker could possibly use this issue to execute arbitrary code.

It was discovered that Papers incorrectly handled PDF /GoToR actions. If a user were tricked into opening a specially crafted PDF file, an attacker could use this issue to manipulate command lines and possibly execute arbitrary code.

It was discovered that Memcached's SASL password database authentication had a timing side channel when handling username and password data. A remote attacker could possibly use this issue to obtain sensitive information.

It was discovered that Libgcrypt incorrectly handled crafted ECDH ciphertext. An attacker could possibly use this issue to cause Libgcrypt to crash, resulting in a denial of service. (CVE-2026-41989) It was discovered that Libgcrypt incorrectly handled Dilithium signing. An attacker could possibly use this issue to cause Libgcrypt to crash, resulting in a denial of service. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-41990)

It was discovered that libcaca incorrectly handled certain malformed files. An attacker could use this issue to cause libcaca to crash, resulting in a denial of service, or possibly execute arbitrary code.