USN-8234-1: Mako vulnerability
It was discovered that Mako incorrectly handled URIs with double-slash
prefixes in TemplateLookup. A remote attacker could possibly use this issue
to obtain sensitive information.
Aggregator
nix-2.34.7-2.fc44
FEDORA-2026-65ce3da435
Packages in this update:
- nix-2.34.7-2.fc44
- update to 2.34.7: fixes high GHSA-vh5x-56v6-4368 and moderate GHSA-gr92-w2r5-qw5p
- https://discourse.nixos.org/t/security-advisory-local-privilege-escalation-in-lix-and-nix/77407
- https://github.com/NixOS/nix/security/advisories/GHSA-vh5x-56v6-4368
USN-8233-1: nghttp2 vulnerability
Andrew MacPherson discovered that nghttp2 did not properly validate
internal state when the session termination API was called. A remote
attacker could possibly use this issue to cause nghttp2 to crash, resulting
in a denial of service.
python-click-8.0.3-2.el9
FEDORA-EPEL-2026-3faabe7ef7
Packages in this update:
- python-click-8.0.3-2.el9
Security fix for CVE-2026-7246
python-click-8.1.7-7.el10_2
FEDORA-EPEL-2026-f98849630c
Packages in this update:
- python-click-8.1.7-7.el10_2
Security fix for CVE-2026-7246
python-click-8.1.7-7.el10_3
FEDORA-EPEL-2026-a0e68dfa17
Packages in this update:
- python-click-8.1.7-7.el10_3
Security fix for CVE-2026-7246
USN-8232-1: Django vulnerabilities
It was discovered that Django did not vary cached response headers on
cookies when sessions were not modified while SESSION_SAVE_EVERY_REQUEST
was enabled. A remote attacker could possibly use this issue to steal a
user's session. (CVE-2026-35192)
Kyle Agronick and Jacob Walls discovered that Django incorrectly handled
ASGI requests with missing or understated Content-Length header values.
A remote attacker could possibly use this issue to cause Django to use
excessive resources, leading to a denial of service. (CVE-2026-5766)
Ahmad Sadeddin discovered that Django UpdateCacheMiddleware incorrectly
cached requests where the Vary header contained an asterisk. A remote
attacker could possibly use this issue to obtain sensitive information.
(CVE-2026-6907)
python-click-8.1.7-12.fc43
FEDORA-2026-599dafe4ae
Packages in this update:
- python-click-8.1.7-12.fc43
Security fix for CVE-2026-7246
gh-2.92.0-1.el10_3
FEDORA-EPEL-2026-66ed147b70
Packages in this update:
- gh-2.92.0-1.el10_3
Update to 2.92.0 and make telemetry sending opt in.
gh-2.92.0-1.fc44
FEDORA-2026-5df889949e
Packages in this update:
- gh-2.92.0-1.fc44
Update to 2.92.0 and make telemetry sending opt in.
next-20260505: linux-next
Version:next-20260505 (linux-next)
Released:2026-05-05
rust-astral-tokio-tar-0.6.1-1.el9
FEDORA-EPEL-2026-76e7234279
Packages in this update:
- rust-astral-tokio-tar-0.6.1-1.el9
Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.
rust-astral-tokio-tar-0.6.1-1.el10_3 uv-0.11.9-1.el10_3
FEDORA-EPEL-2026-4b95f570ed
Packages in this update:
- rust-astral-tokio-tar-0.6.1-1.el10_3
- uv-0.11.9-1.el10_3
Update uv to 0.11.9. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.
python-uv-build-0.11.9-1.fc42 rust-astral-tokio-tar-0.6.1-1.fc42 uv-0.11.9-1.fc42
FEDORA-2026-8d8aee6aaf
Packages in this update:
- python-uv-build-0.11.9-1.fc42
- rust-astral-tokio-tar-0.6.1-1.fc42
- uv-0.11.9-1.fc42
Update uv and python-uv-build to 0.11.9. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.
python-uv-build-0.11.9-1.fc43 rust-astral-tokio-tar-0.6.1-1.fc43 uv-0.11.9-1.fc43
FEDORA-2026-a8100094df
Packages in this update:
- python-uv-build-0.11.9-1.fc43
- rust-astral-tokio-tar-0.6.1-1.fc43
- uv-0.11.9-1.fc43
Update uv and python-uv-build to 0.11.9. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.
python-uv-build-0.11.9-1.fc44 rust-astral-tokio-tar-0.6.1-1.fc44 uv-0.11.9-1.fc44
FEDORA-2026-7aacc8ea7d
Packages in this update:
- python-uv-build-0.11.9-1.fc44
- rust-astral-tokio-tar-0.6.1-1.fc44
- uv-0.11.9-1.fc44
Update uv and python-uv-build to 0.11.9. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.
python-uv-build-0.11.9-1.fc45 rust-astral-tokio-tar-0.6.1-1.fc45 uv-0.11.9-1.fc45
FEDORA-2026-145c8d1a93
Packages in this update:
- python-uv-build-0.11.9-1.fc45
- rust-astral-tokio-tar-0.6.1-1.fc45
- uv-0.11.9-1.fc45
Update uv and python-uv-build to 0.11.9. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.
opencryptoki-3.26.0-3.fc44
FEDORA-2026-1273c7855d
Packages in this update:
- opencryptoki-3.26.0-3.fc44
Fix CVE-2026-23893, Privilege Escalation or Data Exposure via Symlink Following
opencryptoki-3.26.0-3.fc43
FEDORA-2026-6c3b6ec624
Packages in this update:
- opencryptoki-3.26.0-3.fc43
Fix CVE-2026-23893, Privilege Escalation or Data Exposure via Symlink Following
opencryptoki-3.26.0-3.fc42
FEDORA-2026-13e696d26f
Packages in this update:
- opencryptoki-3.26.0-3.fc42
Fix CVE-2026-23893, Privilege Escalation or Data Exposure via Symlink Following