Aggregator

xrdp-0.10.6.1-1.fc43

1 hour 52 minutes ago
FEDORA-2026-bd0a75766f Packages in this update:
  • xrdp-0.10.6.1-1.fc43
Update description: Release notes for xrdp v0.10.6.1 (2026/07/06) General announcements

This release fixes 10 vulnerabilities and 1 regression introduced by a vulnerability fix in the previous release.

If you like xrdp, please consider sponsoring or donating to the project. We accept financial contributions through Open Collective, and direct donations to individual developers via GitHub Sponsors are also welcome.

Security fixes
  • CVE-2026-41252
  • CVE-2026-41521
  • CVE-2026-44178
  • CVE-2026-42218
  • CVE-2026-44978
  • CVE-2026-54538
  • CVE-2026-55238
  • CVE-2026-55626
  • CVE-2026-55639
  • CVE-2026-55645
New features
  • None
Bug fixes
  • regression: Fix SEGV in xrdp when running over TLS (#3793)

xrdp-0.10.6.1-1.fc44

1 hour 52 minutes ago
FEDORA-2026-05c06fa0a8 Packages in this update:
  • xrdp-0.10.6.1-1.fc44
Update description: Release notes for xrdp v0.10.6.1 (2026/07/06) General announcements

This release fixes 10 vulnerabilities and 1 regression introduced by a vulnerability fix in the previous release.

If you like xrdp, please consider sponsoring or donating to the project. We accept financial contributions through Open Collective, and direct donations to individual developers via GitHub Sponsors are also welcome.

Security fixes
  • CVE-2026-41252
  • CVE-2026-41521
  • CVE-2026-44178
  • CVE-2026-42218
  • CVE-2026-44978
  • CVE-2026-54538
  • CVE-2026-55238
  • CVE-2026-55626
  • CVE-2026-55639
  • CVE-2026-55645
New features
  • None
Bug fixes
  • regression: Fix SEGV in xrdp when running over TLS (#3793)

xrdp-0.10.6.1-1.el9

1 hour 52 minutes ago
FEDORA-EPEL-2026-329eff5f4b Packages in this update:
  • xrdp-0.10.6.1-1.el9
Update description: Release notes for xrdp v0.10.6.1 (2026/07/06) General announcements

This release fixes 10 vulnerabilities and 1 regression introduced by a vulnerability fix in the previous release.

If you like xrdp, please consider sponsoring or donating to the project. We accept financial contributions through Open Collective, and direct donations to individual developers via GitHub Sponsors are also welcome.

Security fixes
  • CVE-2026-41252
  • CVE-2026-41521
  • CVE-2026-44178
  • CVE-2026-42218
  • CVE-2026-44978
  • CVE-2026-54538
  • CVE-2026-55238
  • CVE-2026-55626
  • CVE-2026-55639
  • CVE-2026-55645
New features
  • None
Bug fixes
  • regression: Fix SEGV in xrdp when running over TLS (#3793)

xrdp-0.10.6.1-1.el8

1 hour 52 minutes ago
FEDORA-EPEL-2026-85c16c2007 Packages in this update:
  • xrdp-0.10.6.1-1.el8
Update description: Release notes for xrdp v0.10.6.1 (2026/07/06) General announcements

This release fixes 10 vulnerabilities and 1 regression introduced by a vulnerability fix in the previous release.

If you like xrdp, please consider sponsoring or donating to the project. We accept financial contributions through Open Collective, and direct donations to individual developers via GitHub Sponsors are also welcome.

Security fixes
  • CVE-2026-41252
  • CVE-2026-41521
  • CVE-2026-44178
  • CVE-2026-42218
  • CVE-2026-44978
  • CVE-2026-54538
  • CVE-2026-55238
  • CVE-2026-55626
  • CVE-2026-55639
  • CVE-2026-55645
New features
  • None
Bug fixes
  • regression: Fix SEGV in xrdp when running over TLS (#3793)

upower-1.91.3-2.fc43

2 hours 53 minutes ago
FEDORA-2026-ce80ea7afe Packages in this update:
  • upower-1.91.3-2.fc43
Update description:

upower 1.91.3:

  • Feature: up-device-battery: Prefer "Standard" over "Fast" charging (!316 (merged), #344 (closed))
  • Fix: Resolve potential leaks (!327 (merged))
  • Fix: Potential out-of-bound access (!328 (merged))
  • Fix: Improve access control (!326 (merged))
  • Fix: Remove unused codes (!329 (merged))
  • Fix: Fix for Asus Battery Charge Threshold Detection (!330 (merged), #347 (closed))

upower-1.91.3-1.fc44

2 hours 53 minutes ago
FEDORA-2026-e5305cffc2 Packages in this update:
  • upower-1.91.3-1.fc44
Update description:

upower 1.91.3:

  • Feature: up-device-battery: Prefer "Standard" over "Fast" charging (!316 (merged), #344 (closed))
  • Fix: Resolve potential leaks (!327 (merged))
  • Fix: Potential out-of-bound access (!328 (merged))
  • Fix: Improve access control (!326 (merged))
  • Fix: Remove unused codes (!329 (merged))
  • Fix: Fix for Asus Battery Charge Threshold Detection (!330 (merged), #347 (closed))

roundcubemail-1.7.2-1.fc44

7 hours 8 minutes ago
FEDORA-2026-517daa8d64 Packages in this update:
  • roundcubemail-1.7.2-1.fc44
Update description: Release 1.7.2
  • Add HEAD request handler to the static.php
  • Fix so the oauth_password_claim claim is retrieved via token or userinfo request (#9631)
  • Fix bug where static.php would return a 416 error on a specific Range request (#10194)
  • Fix bug where configured skin logo wasn't loaded via static.php resulting in 404 error (#10191)
  • Fix bug where installto.sh would fail if public_html folder does not exist in the target directory (#10202)
  • Revert "Prefer 8bit over quoted-printable for HTML parts, when force_7bit is disabled (#8477)" (#10198)
  • Fix incorrect unfolding of folded lines when importing vCard 2.1 contacts (#9647)
  • Fix bug where Imagick could leave large temporary files on failure (#10230)
  • Fix bug where redis/memcache session could have been updated more often than needed
  • Fix support for untyped tokens in OIDC backchannel logout, require unset nonce (#10097)
  • Security: Fix an infinite loop in TNEF (winmail.dat) decoder (#10193)
  • Security: Fix various vulnerabilities in the password plugin using session-injected username
  • Security: Fix stored XSS via unescaped attachment MIME type on the attachment-validation warning page [CVE-2026-54432]
  • Security: Fix SSRF bypass via specific local address URLs - two new cases
  • Security: Fix zero-click stored XSS in plain-text rendering [CVE-2026-54433]
  • Security: Fix DoS via crafted compressed-RTF size in the TNEF (winmail.dat) file

roundcubemail-1.6.17-1.fc43

7 hours 8 minutes ago
FEDORA-2026-c3351f4ae4 Packages in this update:
  • roundcubemail-1.6.17-1.fc43
Update description: Release 1.6.17
  • Enigma: Support automatic public key lookup (import) using HKP v1 protocol (#5314)
  • Enigma: Kolab WOAT Support (#8626)
  • Security: Fix an infinite loop in TNEF (winmail.dat) decoder (#10193)
  • Security: Fix various vulnerabilities in the password plugin using session-injected username
  • Security: Fix stored XSS via unescaped attachment MIME type on the attachment-validation warning page [CVE-2026-54432]
  • Security: Fix SSRF bypass via specific local address URLs - two new cases
  • Security: Fix zero-click stored XSS in plain-text rendering [CVE-2026-54433]
  • Security: Fix DoS via crafted compressed-RTF size in the TNEF (winmail.dat) file

roundcubemail-1.6.17-1.el10_2

7 hours 8 minutes ago
FEDORA-EPEL-2026-a54f17adc3 Packages in this update:
  • roundcubemail-1.6.17-1.el10_2
Update description: Release 1.6.17
  • Enigma: Support automatic public key lookup (import) using HKP v1 protocol (#5314)
  • Enigma: Kolab WOAT Support (#8626)
  • Security: Fix an infinite loop in TNEF (winmail.dat) decoder (#10193)
  • Security: Fix various vulnerabilities in the password plugin using session-injected username
  • Security: Fix stored XSS via unescaped attachment MIME type on the attachment-validation warning page [CVE-2026-54432]
  • Security: Fix SSRF bypass via specific local address URLs - two new cases
  • Security: Fix zero-click stored XSS in plain-text rendering [CVE-2026-54433]
  • Security: Fix DoS via crafted compressed-RTF size in the TNEF (winmail.dat) file

roundcubemail-1.6.17-1.el10_3

7 hours 8 minutes ago
FEDORA-EPEL-2026-44b1dd565d Packages in this update:
  • roundcubemail-1.6.17-1.el10_3
Update description: Release 1.6.17
  • Enigma: Support automatic public key lookup (import) using HKP v1 protocol (#5314)
  • Enigma: Kolab WOAT Support (#8626)
  • Security: Fix an infinite loop in TNEF (winmail.dat) decoder (#10193)
  • Security: Fix various vulnerabilities in the password plugin using session-injected username
  • Security: Fix stored XSS via unescaped attachment MIME type on the attachment-validation warning page [CVE-2026-54432]
  • Security: Fix SSRF bypass via specific local address URLs - two new cases
  • Security: Fix zero-click stored XSS in plain-text rendering [CVE-2026-54433]
  • Security: Fix DoS via crafted compressed-RTF size in the TNEF (winmail.dat) file

cifs-utils-7.6-2.fc45

14 hours 10 minutes ago
FEDORA-2026-90dbff48ca Packages in this update:
  • cifs-utils-7.6-2.fc45
Update description:

Automatic update for cifs-utils-7.6-2.fc45.

Changelog * Mon Jul 6 2026 Paulo Alcantara <paalcant@redhat.com> - 7.6-2 - cifs.upcall: fix regression with kerberos mounts - Resolves: rhbz#2497446 - Resolves: rhbz#2496963 - Resolves: rhbz#2489808 - CVE-2026-12505