Aggregator

Antonio Morales Maldonado discovered that OpenMPT did not properly limit the length of strings in certain cases, leading to a buffer overflow. An attacker could possibly use this issue to cause OpenMPT to crash, resulting in a denial of service.

Version:next-20260423 (linux-next) Released:2026-04-23

FEDORA-EPEL-2026-5e2c50cadf Packages in this update:

• perl-CryptX-0.088-2.el10_2

Update description:

0.088 2026-04-23 - Crypt::KeyDerivation - new functions: pbkdf1_openssl, bcrypt_pbkdf, scrypt_pbkdf, argon2_pbkdf - Crypt::Misc - new functions: random_v7uuid, is_uuid - bundled libtomcrypt update branch:develop (commit: 2e441a17 2026-04-15) - bundled libtommath update branch:develop (commit: ae40a87 2026-04-20) - security fix CVE-2026-41564 https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-24c2-gp6c-24c6

FEDORA-EPEL-2026-71cdc386ed Packages in this update:

• perl-CryptX-0.088-2.el10_3

Update description:

0.088 2026-04-23 - Crypt::KeyDerivation - new functions: pbkdf1_openssl, bcrypt_pbkdf, scrypt_pbkdf, argon2_pbkdf - Crypt::Misc - new functions: random_v7uuid, is_uuid - bundled libtomcrypt update branch:develop (commit: 2e441a17 2026-04-15) - bundled libtommath update branch:develop (commit: ae40a87 2026-04-20) - security fix CVE-2026-41564 https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-24c2-gp6c-24c6

FEDORA-EPEL-2026-401e78e90b Packages in this update:

• perl-CryptX-0.088-2.el10_1

Update description:

0.088 2026-04-23 - Crypt::KeyDerivation - new functions: pbkdf1_openssl, bcrypt_pbkdf, scrypt_pbkdf, argon2_pbkdf - Crypt::Misc - new functions: random_v7uuid, is_uuid - bundled libtomcrypt update branch:develop (commit: 2e441a17 2026-04-15) - bundled libtommath update branch:develop (commit: ae40a87 2026-04-20) - security fix CVE-2026-41564 https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-24c2-gp6c-24c6

FEDORA-EPEL-2026-25a3af10b3 Packages in this update:

• perl-CryptX-0.088-2.el9

Update description:

0.088 2026-04-23 - Crypt::KeyDerivation - new functions: pbkdf1_openssl, bcrypt_pbkdf, scrypt_pbkdf, argon2_pbkdf - Crypt::Misc - new functions: random_v7uuid, is_uuid - bundled libtomcrypt update branch:develop (commit: 2e441a17 2026-04-15) - bundled libtommath update branch:develop (commit: ae40a87 2026-04-20) - security fix CVE-2026-41564 https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-24c2-gp6c-24c6

FEDORA-EPEL-2026-6bff23a642 Packages in this update:

• perl-CryptX-0.088-2.el8

Update description:

0.088 2026-04-23 - Crypt::KeyDerivation - new functions: pbkdf1_openssl, bcrypt_pbkdf, scrypt_pbkdf, argon2_pbkdf - Crypt::Misc - new functions: random_v7uuid, is_uuid - bundled libtomcrypt update branch:develop (commit: 2e441a17 2026-04-15) - bundled libtommath update branch:develop (commit: ae40a87 2026-04-20) - security fix CVE-2026-41564 https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-24c2-gp6c-24c6

FEDORA-2026-bc5090f99b Packages in this update:

• perl-CryptX-0.088-2.fc42

Update description:

0.088 2026-04-23 - Crypt::KeyDerivation - new functions: pbkdf1_openssl, bcrypt_pbkdf, scrypt_pbkdf, argon2_pbkdf - Crypt::Misc - new functions: random_v7uuid, is_uuid - bundled libtomcrypt update branch:develop (commit: 2e441a17 2026-04-15) - bundled libtommath update branch:develop (commit: ae40a87 2026-04-20) - security fix CVE-2026-41564 https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-24c2-gp6c-24c6

FEDORA-2026-3e1f671a17 Packages in this update:

• perl-CryptX-0.088-2.fc43

Update description:

0.088 2026-04-23 - Crypt::KeyDerivation - new functions: pbkdf1_openssl, bcrypt_pbkdf, scrypt_pbkdf, argon2_pbkdf - Crypt::Misc - new functions: random_v7uuid, is_uuid - bundled libtomcrypt update branch:develop (commit: 2e441a17 2026-04-15) - bundled libtommath update branch:develop (commit: ae40a87 2026-04-20) - security fix CVE-2026-41564 https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-24c2-gp6c-24c6

FEDORA-2026-f533fcc0b6 Packages in this update:

• perl-CryptX-0.088-2.fc44

Update description:

0.088 2026-04-23 - Crypt::KeyDerivation - new functions: pbkdf1_openssl, bcrypt_pbkdf, scrypt_pbkdf, argon2_pbkdf - Crypt::Misc - new functions: random_v7uuid, is_uuid - bundled libtomcrypt update branch:develop (commit: 2e441a17 2026-04-15) - bundled libtommath update branch:develop (commit: ae40a87 2026-04-20) - security fix CVE-2026-41564 https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-24c2-gp6c-24c6

FEDORA-EPEL-2026-7e951d42d8 Packages in this update:

• rust-openssl-0.10.78-1.el9
• rust-openssl-sys-0.9.114-1.el9

Update description:

Update the openssl crate to version 0.10.78 and the openssl-sys crate to version 0.9.114.

Release notes:

• openssl 0.10.77 / openssl-sys 0.9.113: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.77
• openssl 0.10.78 / openssl-sys 0.9.114: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78

This addresses the following security advisories:

• GHSA-pqf5-4pqq-29f5 / CVE-2026-41676: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5
• GHSA-xmgf-hq76-4vx2 / CVE-2026-41677: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xmgf-hq76-4vx2
• GHSA-8c75-8mhr-p7r9 / CVE-2026-41678: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-8c75-8mhr-p7r9
• GHSA-ghm9-cr32-g9qj / CVE-2026-41681: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-ghm9-cr32-g9qj
• GHSA-hppc-g8h3-xhp3 (no CVE entry): https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-hppc-g8h3-xhp3

Affected applications still need to be rebuilt to pick up these fixes.

FEDORA-EPEL-2026-8b61559fc0 Packages in this update:

• rust-openssl-0.10.78-1.el10_2
• rust-openssl-sys-0.9.114-1.el10_2

Update description:

Update the openssl crate to version 0.10.78 and the openssl-sys crate to version 0.9.114.

Release notes:

• openssl 0.10.77 / openssl-sys 0.9.113: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.77
• openssl 0.10.78 / openssl-sys 0.9.114: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78

This addresses the following security advisories:

• GHSA-pqf5-4pqq-29f5 / CVE-2026-41676: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5
• GHSA-xmgf-hq76-4vx2 / CVE-2026-41677: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xmgf-hq76-4vx2
• GHSA-8c75-8mhr-p7r9 / CVE-2026-41678: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-8c75-8mhr-p7r9
• GHSA-ghm9-cr32-g9qj / CVE-2026-41681: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-ghm9-cr32-g9qj
• GHSA-hppc-g8h3-xhp3 (no CVE entry): https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-hppc-g8h3-xhp3

Affected applications still need to be rebuilt to pick up these fixes.

FEDORA-EPEL-2026-73102895f0 Packages in this update:

• rust-openssl-0.10.78-1.el10_3
• rust-openssl-sys-0.9.114-1.el10_3

Update description:

Update the openssl crate to version 0.10.78 and the openssl-sys crate to version 0.9.114.

Release notes:

• openssl 0.10.77 / openssl-sys 0.9.113: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.77
• openssl 0.10.78 / openssl-sys 0.9.114: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78

This addresses the following security advisories:

• GHSA-pqf5-4pqq-29f5 / CVE-2026-41676: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5
• GHSA-xmgf-hq76-4vx2 / CVE-2026-41677: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xmgf-hq76-4vx2
• GHSA-8c75-8mhr-p7r9 / CVE-2026-41678: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-8c75-8mhr-p7r9
• GHSA-ghm9-cr32-g9qj / CVE-2026-41681: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-ghm9-cr32-g9qj
• GHSA-hppc-g8h3-xhp3 (no CVE entry): https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-hppc-g8h3-xhp3

Affected applications still need to be rebuilt to pick up these fixes.

FEDORA-2026-76f57efeef Packages in this update:

• rust-openssl-0.10.78-1.fc42
• rust-openssl-sys-0.9.114-1.fc42

Update description:

Update the openssl crate to version 0.10.78 and the openssl-sys crate to version 0.9.114.

Release notes:

• openssl 0.10.77 / openssl-sys 0.9.113: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.77
• openssl 0.10.78 / openssl-sys 0.9.114: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78

This addresses the following security advisories:

• GHSA-pqf5-4pqq-29f5 / CVE-2026-41676: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5
• GHSA-xmgf-hq76-4vx2 / CVE-2026-41677: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xmgf-hq76-4vx2
• GHSA-8c75-8mhr-p7r9 / CVE-2026-41678: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-8c75-8mhr-p7r9
• GHSA-ghm9-cr32-g9qj / CVE-2026-41681: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-ghm9-cr32-g9qj
• GHSA-hppc-g8h3-xhp3 (no CVE entry): https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-hppc-g8h3-xhp3

Affected applications still need to be rebuilt to pick up these fixes.

FEDORA-2026-16a3cea414 Packages in this update:

• rust-openssl-0.10.78-1.fc43
• rust-openssl-sys-0.9.114-1.fc43

Update description:

Update the openssl crate to version 0.10.78 and the openssl-sys crate to version 0.9.114.

Release notes:

• openssl 0.10.77 / openssl-sys 0.9.113: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.77
• openssl 0.10.78 / openssl-sys 0.9.114: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78

This addresses the following security advisories:

• GHSA-pqf5-4pqq-29f5 / CVE-2026-41676: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5
• GHSA-xmgf-hq76-4vx2 / CVE-2026-41677: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xmgf-hq76-4vx2
• GHSA-8c75-8mhr-p7r9 / CVE-2026-41678: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-8c75-8mhr-p7r9
• GHSA-ghm9-cr32-g9qj / CVE-2026-41681: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-ghm9-cr32-g9qj
• GHSA-hppc-g8h3-xhp3 (no CVE entry): https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-hppc-g8h3-xhp3

Affected applications still need to be rebuilt to pick up these fixes.

FEDORA-2026-fc9d4b5520 Packages in this update:

• rust-openssl-0.10.78-1.fc44
• rust-openssl-sys-0.9.114-1.fc44

Update description:

Update the openssl crate to version 0.10.78 and the openssl-sys crate to version 0.9.114.

Release notes:

• openssl 0.10.77 / openssl-sys 0.9.113: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.77
• openssl 0.10.78 / openssl-sys 0.9.114: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78

This addresses the following security advisories:

• GHSA-pqf5-4pqq-29f5 / CVE-2026-41676: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5
• GHSA-xmgf-hq76-4vx2 / CVE-2026-41677: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xmgf-hq76-4vx2
• GHSA-8c75-8mhr-p7r9 / CVE-2026-41678: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-8c75-8mhr-p7r9
• GHSA-ghm9-cr32-g9qj / CVE-2026-41681: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-ghm9-cr32-g9qj
• GHSA-hppc-g8h3-xhp3 (no CVE entry): https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-hppc-g8h3-xhp3

Affected applications still need to be rebuilt to pick up these fixes.

FEDORA-2026-8f21bdd167 Packages in this update:

• rust-openssl-0.10.78-1.fc45
• rust-openssl-sys-0.9.114-1.fc45

Update description:

Update the openssl crate to version 0.10.78 and the openssl-sys crate to version 0.9.114.

Release notes:

• openssl 0.10.77 / openssl-sys 0.9.113: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.77
• openssl 0.10.78 / openssl-sys 0.9.114: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78

This addresses the following security advisories:

• GHSA-pqf5-4pqq-29f5 / CVE-2026-41676: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5
• GHSA-xmgf-hq76-4vx2 / CVE-2026-41677: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xmgf-hq76-4vx2
• GHSA-8c75-8mhr-p7r9 / CVE-2026-41678: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-8c75-8mhr-p7r9
• GHSA-ghm9-cr32-g9qj / CVE-2026-41681: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-ghm9-cr32-g9qj
• GHSA-hppc-g8h3-xhp3 (no CVE entry): https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-hppc-g8h3-xhp3

Affected applications still need to be rebuilt to pick up these fixes.

FEDORA-EPEL-2026-77356f0378 Packages in this update:

• openvpn-2.7.2-1.el10_1

Update description:

Update to upstream 2.7.2 release CVE-2026-40215 CVE-2026-35058

FEDORA-EPEL-2026-e044b52ddc Packages in this update:

• openvpn-2.7.2-1.el10_2

Update description:

Update to upstream 2.7.2 release CVE-2026-40215 CVE-2026-35058

FEDORA-EPEL-2026-43e953a8ec Packages in this update:

• openvpn-2.7.2-1.el10_3

Update description:

Update to upstream 2.7.2 release CVE-2026-40215 CVE-2026-35058