Aggregator

FEDORA-EPEL-2026-82eb23fb67 Packages in this update:

• cpp-httplib-0.38.0-1.el10_3

Update description: Update to 0.38.0 (rhbz#2447261)

• Filename sanitization for path traversal prevention — Added sanitize_filename() to prevent path traversal attacks via malicious filenames in multipart uploads (83e98a2)

• Symlink protection in static file server — Static file serving now detects and rejects symlinks that point outside the mount directory, preventing symlink-based directory traversal (f787f31)

• Brotli compression support — Added Brotli (br) as a supported content encoding alongside gzip and deflate (ec1ffbc)

• Accept-Encoding quality parameter parsing — The server now parses q= quality values in the Accept-Encoding header and selects the best encoding accordingly (bb7c7ab)
• SSL proxy connection support — SSLClient can now establish connections through HTTPS proxies, with a new setup_proxy_connection method for cleaner proxy handling (f6ed5fc, b1bb2b7)

• WebSocket ping interval runtime configuration — WebSocket ping interval can now be configured at runtime instead of only at compile time (257b266)

• Benchmark test suite — Added benchmark tests and configurations for performance evaluation (ba0d0b8)

• Unicode path component decoding tests — Added test coverage for Unicode characters in decode_path_component (43a54a3)

• Documentation updates — Enhanced TLS backend documentation with platform-specific certificate handling details; clarified progress callback usage and user data handling in examples (511e3ef, 2e61fd3)

• Fix port conflict in test — Fixed port number in OpenStreamMalformedContentLength test to avoid conflicts (4978f26)

• Removed large data tests for GzipDecompressor and SSLClientServerTest that caused memory issues (5ecba74, 69d468f)

• Enabled BindDualStack test (69d468f)

Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.38.0

• Fixes silent TLS certificate verification bypass on HTTPS Redirect via proxy (CVE-2026-32627, rhbz#2448105)

Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.37.2

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - ATM drivers; - Drivers core; - Network block device driver; - Bluetooth drivers; - Character device driver; - TPM device driver; - Data acquisition framework and drivers; - Counter interface drivers; - CPU frequency scaling framework; - Intel Stratix 10 firmware drivers; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - IIO subsystem; - InfiniBand drivers; - Input Device core drivers; - Input Device (Tablet) drivers; - ISDN/mISDN subsystem; - Macintosh device drivers; - Media drivers; - MOST (Media Oriented Systems Transport) drivers; - MTD block device drivers; - Network drivers; - Mellanox network drivers; - Texas Instruments network drivers; - Ethernet team driver; - MediaTek network drivers; - NVME drivers; - PA-RISC drivers; - PCI subsystem; - Chrome hardware platform drivers; - x86 platform drivers; - ARM PM domains; - Voltage and Current Regulator drivers; - S/390 drivers; - SCSI subsystem; - Texas Instruments SoC drivers; - SPI subsystem; - Realtek RTL8723BS SDIO drivers; - TCM subsystem; - Cadence USB3 driver; - DesignWare USB3 driver; - USB Gadget drivers; - USB Host Controller drivers; - Renesas USBHS Controller drivers; - USB Mass Storage drivers; - USB Type-C Connector System Software Interface driver; - Backlight driver; - Framebuffer layer; - Watchdog drivers; - BFS file system; - BTRFS file system; - Ext4 file system; - F2FS file system; - FUSE (File system in Userspace); - HFS+ file system; - Journaling layer for block devices (JBD2); - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - File system notification infrastructure; - NTFS3 file system; - OCFS2 file system; - OrangeFS file system; - Proc file system; - SMB network file system; - XFS file system; - BPF subsystem; - Ethernet bridge; - Memory management; - Network traffic control; - io_uring subsystem; - Locking primitives; - Scheduler infrastructure; - Shadow Call Stack mechanism; - Tracing infrastructure; - Bluetooth subsystem; - CAIF protocol; - CAN network layer; - Ceph Core library; - Networking core; - Ethtool driver; - HSR network protocol; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Multipath TCP; - Netfilter; - NET/ROM layer; - NFC subsystem; - Open vSwitch; - Rose network layer; - SCTP protocol; - Network sockets; - Sun RPC protocol; - TIPC protocol; - VMware vSockets driver; - Wireless networking; - Rust bindings mechanism; - Integrity Measurement Architecture(IMA) framework; - Key management; - Simplified Mandatory Access Control Kernel framework; - FireWire sound drivers; - Turtle Beach Wavefront ALSA driver; - STMicroelectronics SoC drivers; - USB sound devices; (CVE-2022-49465, CVE-2024-36903, CVE-2024-36927, CVE-2024-37354, CVE-2024-41014, CVE-2024-46830, CVE-2024-47666, CVE-2024-49968, CVE-2025-22022, CVE-2025-22111, CVE-2025-22121, CVE-2025-38022, CVE-2025-38129, CVE-2025-38556, CVE-2025-40040, CVE-2025-40083, CVE-2025-40110, CVE-2025-40211, CVE-2025-40248, CVE-2025-40252, CVE-2025-40253, CVE-2025-40254, CVE-2025-40257, CVE-2025-40258, CVE-2025-40259, CVE-2025-40261, CVE-2025-40262, CVE-2025-40263, CVE-2025-40264, CVE-2025-40269, CVE-2025-40271, CVE-2025-40272, CVE-2025-40273, CVE-2025-40275, CVE-2025-40277, CVE-2025-40278, CVE-2025-40279, CVE-2025-40280, CVE-2025-40281, CVE-2025-40282, CVE-2025-40283, CVE-2025-40304, CVE-2025-40306, CVE-2025-40308, CVE-2025-40309, CVE-2025-40312, CVE-2025-40313, CVE-2025-40314, CVE-2025-40315, CVE-2025-40317, CVE-2025-40319, CVE-2025-40321, CVE-2025-40322, CVE-2025-40324, CVE-2025-40331, CVE-2025-40342, CVE-2025-40343, CVE-2025-40345, CVE-2025-40360, CVE-2025-40363, CVE-2025-68168, CVE-2025-68176, CVE-2025-68177, CVE-2025-68185, CVE-2025-68191, CVE-2025-68192, CVE-2025-68194, CVE-2025-68200, CVE-2025-68204, CVE-2025-68217, CVE-2025-68220, CVE-2025-68227, CVE-2025-68229, CVE-2025-68238, CVE-2025-68241, CVE-2025-68244, CVE-2025-68245, CVE-2025-68254, CVE-2025-68255, CVE-2025-68257, CVE-2025-68258, CVE-2025-68261, CVE-2025-68264, CVE-2025-68266, CVE-2025-68282, CVE-2025-68284, CVE-2025-68285, CVE-2025-68286, CVE-2025-68287, CVE-2025-68288, CVE-2025-68289, CVE-2025-68290, CVE-2025-68295, CVE-2025-68301, CVE-2025-68302, CVE-2025-68303, CVE-2025-68308, CVE-2025-68312, CVE-2025-68321, CVE-2025-68325, CVE-2025-68327, CVE-2025-68328, CVE-2025-68330, CVE-2025-68331, CVE-2025-68332, CVE-2025-68335, CVE-2025-68336, CVE-2025-68337, CVE-2025-68339, CVE-2025-68344, CVE-2025-68346, CVE-2025-68349, CVE-2025-68354, CVE-2025-68362, CVE-2025-68364, CVE-2025-68366, CVE-2025-68367, CVE-2025-68372, CVE-2025-68724, CVE-2025-68727, CVE-2025-68728, CVE-2025-68732, CVE-2025-68733, CVE-2025-68734, CVE-2025-68740, CVE-2025-68746, CVE-2025-68757, CVE-2025-68758, CVE-2025-68759, CVE-2025-68764, CVE-2025-68765, CVE-2025-68767, CVE-2025-68769, CVE-2025-68771, CVE-2025-68774, CVE-2025-68776, CVE-2025-68777, CVE-2025-68780, CVE-2025-68782, CVE-2025-68783, CVE-2025-68785, CVE-2025-68787, CVE-2025-68788, CVE-2025-68795, CVE-2025-68796, CVE-2025-68797, CVE-2025-68799, CVE-2025-68800, CVE-2025-68801, CVE-2025-68803, CVE-2025-68804, CVE-2025-68808, CVE-2025-68813, CVE-2025-68814, CVE-2025-68815, CVE-2025-68816, CVE-2025-68818, CVE-2025-68819, CVE-2025-68820, CVE-2025-68821, CVE-2025-71064, CVE-2025-71066, CVE-2025-71068, CVE-2025-71069, CVE-2025-71075, CVE-2025-71077, CVE-2025-71078, CVE-2025-71079, CVE-2025-71081, CVE-2025-71082, CVE-2025-71083, CVE-2025-71084, CVE-2025-71085, CVE-2025-71086, CVE-2025-71087, CVE-2025-71091, CVE-2025-71093, CVE-2025-71094, CVE-2025-71096, CVE-2025-71097, CVE-2025-71098, CVE-2025-71102, CVE-2025-71104, CVE-2025-71105, CVE-2025-71108, CVE-2025-71111, CVE-2025-71112, CVE-2025-71113, CVE-2025-71114, CVE-2025-71116, CVE-2025-71118, CVE-2025-71120, CVE-2025-71121, CVE-2025-71125, CVE-2025-71127, CVE-2025-71131, CVE-2025-71132, CVE-2025-71133, CVE-2025-71136, CVE-2025-71137, CVE-2025-71147, CVE-2025-71154, CVE-2025-71180, CVE-2025-71182, CVE-2026-22976, CVE-2026-22977, CVE-2026-22978, CVE-2026-22980, CVE-2026-22982, CVE-2026-22984, CVE-2026-22990, CVE-2026-22991, CVE-2026-22992, CVE-2026-23019, CVE-2026-23020, CVE-2026-23021, CVE-2026-23047)

FEDORA-2026-04a531cece Packages in this update:

• cpp-httplib-0.37.2-1.fc42

Update description: Update to 0.37.2

• Fixes silent TLS certificate verification bypass on HTTPS Redirect via proxy (CVE-2026-32627, rhbz#2448105)

Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.37.2

It was discovered that pyOpenSSL incorrectly handled exceptions in the tlsext_servername callback. This could result in connections being accepted after an exception, contrary to expectations. (CVE-2026-27448) It was discovered that pyOpenSSL incorrectly handled the DTLS cookie generation callback. If a callback provided cookie values greater than 256 bytes, an attacker could use this issue to cause pyOpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-27459)

It was discovered that the GVfs FTP backend incorrectly handled IP addresses and ports returned by passive mode responses. A malicious remote server could possibly use this issue to help scan for open ports. (CVE-2026-28295) It was discovered that the GVfs FTP backend incorrectly handled crafted file paths. A remote attacker could use this issue to terminate or inject arbitrary FTP commands, or possibly execute arbitrary code. (CVE-2026-28296)

FEDORA-2026-e76feaf213 Packages in this update:

• cpp-httplib-0.38.0-1.fc43

Update description: Update to 0.38.0 (rhbz#2447261)

• Filename sanitization for path traversal prevention — Added sanitize_filename() to prevent path traversal attacks via malicious filenames in multipart uploads (83e98a2)

• Symlink protection in static file server — Static file serving now detects and rejects symlinks that point outside the mount directory, preventing symlink-based directory traversal (f787f31)

• Brotli compression support — Added Brotli (br) as a supported content encoding alongside gzip and deflate (ec1ffbc)

• Accept-Encoding quality parameter parsing — The server now parses q= quality values in the Accept-Encoding header and selects the best encoding accordingly (bb7c7ab)
• SSL proxy connection support — SSLClient can now establish connections through HTTPS proxies, with a new setup_proxy_connection method for cleaner proxy handling (f6ed5fc, b1bb2b7)

• WebSocket ping interval runtime configuration — WebSocket ping interval can now be configured at runtime instead of only at compile time (257b266)

• Benchmark test suite — Added benchmark tests and configurations for performance evaluation (ba0d0b8)

• Unicode path component decoding tests — Added test coverage for Unicode characters in decode_path_component (43a54a3)

• Documentation updates — Enhanced TLS backend documentation with platform-specific certificate handling details; clarified progress callback usage and user data handling in examples (511e3ef, 2e61fd3)

• Fix port conflict in test — Fixed port number in OpenStreamMalformedContentLength test to avoid conflicts (4978f26)

• Removed large data tests for GzipDecompressor and SSLClientServerTest that caused memory issues (5ecba74, 69d468f)

• Enabled BindDualStack test (69d468f)

Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.38.0

• Fixes silent TLS certificate verification bypass on HTTPS Redirect via proxy (CVE-2026-32627, rhbz#2448105)

Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.37.2

FEDORA-2026-03599f0b32 Packages in this update:

• cpp-httplib-0.38.0-1.fc44

Update description: Update to 0.38.0 (rhbz#2447261)

• Filename sanitization for path traversal prevention — Added sanitize_filename() to prevent path traversal attacks via malicious filenames in multipart uploads (83e98a2)

• Symlink protection in static file server — Static file serving now detects and rejects symlinks that point outside the mount directory, preventing symlink-based directory traversal (f787f31)

• Brotli compression support — Added Brotli (br) as a supported content encoding alongside gzip and deflate (ec1ffbc)

• Accept-Encoding quality parameter parsing — The server now parses q= quality values in the Accept-Encoding header and selects the best encoding accordingly (bb7c7ab)
• SSL proxy connection support — SSLClient can now establish connections through HTTPS proxies, with a new setup_proxy_connection method for cleaner proxy handling (f6ed5fc, b1bb2b7)

• WebSocket ping interval runtime configuration — WebSocket ping interval can now be configured at runtime instead of only at compile time (257b266)

• Benchmark test suite — Added benchmark tests and configurations for performance evaluation (ba0d0b8)

• Unicode path component decoding tests — Added test coverage for Unicode characters in decode_path_component (43a54a3)

• Documentation updates — Enhanced TLS backend documentation with platform-specific certificate handling details; clarified progress callback usage and user data handling in examples (511e3ef, 2e61fd3)

• Fix port conflict in test — Fixed port number in OpenStreamMalformedContentLength test to avoid conflicts (4978f26)

• Removed large data tests for GzipDecompressor and SSLClientServerTest that caused memory issues (5ecba74, 69d468f)

• Enabled BindDualStack test (69d468f)

Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.38.0

• Fixes silent TLS certificate verification bypass on HTTPS Redirect via proxy (CVE-2026-32627, rhbz#2448105)

Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.37.2

FEDORA-2026-dbf8b26cfb Packages in this update:

• perl-XML-Parser-2.51-1.fc42

Update description:

2.51 bump - Fix CVE-2006-10002, CVE-2006-10003

FEDORA-2026-b7182d65b7 Packages in this update:

• perl-XML-Parser-2.51-1.fc43

Update description:

2.51 bump - Fix CVE-2006-10002, CVE-2006-10003

FEDORA-2026-dcb80f8e23 Packages in this update:

• perl-XML-Parser-2.51-1.fc44

Update description:

2.51 bump - Fix CVE-2006-10002, CVE-2006-10003

FEDORA-2026-7d5754535f Packages in this update:

• perl-XML-Parser-2.51-1.fc45

Update description:

Automatic update for perl-XML-Parser-2.51-1.fc45.

Changelog * Mon Mar 23 2026 Jitka Plesnikova <jplesnik@redhat.com> - 2.51-1 - 2.51 bump (rhbz#2448965) - Fix CVE-2006-10002 (rhbz#2449269), CVE-2006-10003 (rhbz#2449278)

FEDORA-2026-82783c3c1d Packages in this update:

• rust-cargo-c-0.10.19-2.fc42

Update description:

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056

FEDORA-2026-1fa97a41a7 Packages in this update:

• rust-sccache-0.13.0-4.fc44

Update description:

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056

FEDORA-2026-f5938ebad0 Packages in this update:

• rust-ingredients-0.2.2-3.fc44

Update description:

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056

FEDORA-EPEL-2026-c30f139d34 Packages in this update:

• rust-cargo-vendor-filterer-0.5.18-4.el10_3

Update description:

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056

FEDORA-2026-1a04e4e1ed Packages in this update:

• rust-cargo-vendor-filterer-0.5.18-4.fc42

Update description:

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056

FEDORA-2026-f0710d7a56 Packages in this update:

• rust-cargo-vendor-filterer-0.5.18-4.fc43

Update description:

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056

FEDORA-2026-433d51e09b Packages in this update:

• rust-cargo-rpmstatus-0.2.4-3.fc42

Update description:

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056

FEDORA-2026-7624cdcfb6 Packages in this update:

• rust-cargo-c-0.10.19-2.fc43

Update description:

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056

FEDORA-2026-38f7b7fc51 Packages in this update:

• libopenmpt-0.8.5-1.fc43

Update description:

Potential security fix plus bug-fixes in 0.8.5: https://lib.openmpt.org/libopenmpt/2026/03/22/security-updates-0.8.5-0.7.18-0.6.27-0.5.41-0.4.53/