Aggregator

FEDORA-2026-086a367966 Packages in this update:

• python-uv-build-0.10.2-1.fc42
• rust-ambient-id-0.0.10-1.fc42
• uv-0.10.2-1.fc42

Update description:

Update uv and python-uv-build to 0.10.2. There are some minor breaking changes in uv; most users should not have to change anything. See https://github.com/astral-sh/uv/blob/0.10.2/CHANGELOG.md for details. There are no breaking changes to python-uv-build.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Nios II architecture; - Sun Sparc architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - Drivers core; - Bus devices; - Hardware random number generator core; - Data acquisition framework and drivers; - CPU frequency scaling framework; - DMA engine subsystem; - GPU drivers; - HW tracing; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - MOST (Media Oriented Systems Transport) drivers; - MTD block device drivers; - Network drivers; - NVME drivers; - PCI subsystem; - Performance monitor drivers; - Pin controllers subsystem; - x86 platform drivers; - PPS (Pulse Per Second) driver; - PWM drivers; - SCSI subsystem; - TCM subsystem; - Userspace I/O drivers; - USB Gadget drivers; - USB Host Controller drivers; - Framebuffer layer; - BTRFS file system; - File systems infrastructure; - Ext4 file system; - Network file system (NFS) server daemon; - NTFS3 file system; - SMB network file system; - padata parallel execution mechanism; - IP tunnels definitions; - Network sockets; - XFRM subsystem; - Control group (cgroup); - Padata parallel execution mechanism; - PID allocator; - Tracing infrastructure; - Memory management; - 9P file system network protocol; - Ethernet bridge; - Ceph Core library; - Networking core; - IPv4 networking; - IPv6 networking; - NFC subsystem; - RF switch subsystem; - SCTP protocol; - Unix domain sockets; - VMware vSockets driver; - Intel ASoC drivers; - USB sound devices; (CVE-2024-53114, CVE-2024-56538, CVE-2024-58011, CVE-2025-21861, CVE-2025-22058, CVE-2025-23143, CVE-2025-38236, CVE-2025-38248, CVE-2025-38584, CVE-2025-39869, CVE-2025-39873, CVE-2025-39876, CVE-2025-39880, CVE-2025-39883, CVE-2025-39885, CVE-2025-39907, CVE-2025-39911, CVE-2025-39913, CVE-2025-39923, CVE-2025-39934, CVE-2025-39937, CVE-2025-39943, CVE-2025-39945, CVE-2025-39949, CVE-2025-39951, CVE-2025-39953, CVE-2025-39955, CVE-2025-39967, CVE-2025-39968, CVE-2025-39969, CVE-2025-39970, CVE-2025-39971, CVE-2025-39972, CVE-2025-39973, CVE-2025-39980, CVE-2025-39985, CVE-2025-39986, CVE-2025-39987, CVE-2025-39988, CVE-2025-39994, CVE-2025-39995, CVE-2025-39996, CVE-2025-39998, CVE-2025-40001, CVE-2025-40006, CVE-2025-40011, CVE-2025-40020, CVE-2025-40021, CVE-2025-40026, CVE-2025-40027, CVE-2025-40029, CVE-2025-40030, CVE-2025-40035, CVE-2025-40042, CVE-2025-40043, CVE-2025-40044, CVE-2025-40048, CVE-2025-40049, CVE-2025-40053, CVE-2025-40055, CVE-2025-40060, CVE-2025-40068, CVE-2025-40070, CVE-2025-40078, CVE-2025-40081, CVE-2025-40085, CVE-2025-40087, CVE-2025-40088, CVE-2025-40092, CVE-2025-40094, CVE-2025-40105, CVE-2025-40106, CVE-2025-40109, CVE-2025-40111, CVE-2025-40112, CVE-2025-40115, CVE-2025-40116, CVE-2025-40118, CVE-2025-40120, CVE-2025-40121, CVE-2025-40124, CVE-2025-40125, CVE-2025-40126, CVE-2025-40127, CVE-2025-40134, CVE-2025-40140, CVE-2025-40153, CVE-2025-40154, CVE-2025-40167, CVE-2025-40171, CVE-2025-40173, CVE-2025-40178, CVE-2025-40179, CVE-2025-40183, CVE-2025-40187, CVE-2025-40188, CVE-2025-40194, CVE-2025-40200, CVE-2025-40204, CVE-2025-40205, CVE-2025-40215, CVE-2025-40219, CVE-2025-40220, CVE-2025-40223, CVE-2025-40231, CVE-2025-40233, CVE-2025-40240, CVE-2025-40243, CVE-2025-40244, CVE-2025-40245, CVE-2025-40346, CVE-2025-40349, CVE-2025-40351, CVE-2025-68249)

FEDORA-2026-f4563b100f Packages in this update:

• vim-9.1.2146-1.fc42

Update description:

patchlevel 2146

Security fix for CVE-2026-25749

FEDORA-2026-7eda235f65 Packages in this update:

• vim-9.1.2146-1.fc43

Update description:

patchlevel 2146

Security fix for CVE-2026-25749

FEDORA-2026-6ee987bce2 Packages in this update:

• python3.13-3.13.12-1.fc43

Update description:

Update to 3.13.12

FEDORA-EPEL-2026-e148a6bb84 Packages in this update:

• python3.13-3.13.12-1.el10_1

Update description:

Update to 3.13.12

Yuhan Gao and Peng Zhou discovered that Dottie was vulnerable to prototype pollution when altering the __proto__ magical attribute. An attacker could possibly use this issue to achieve remote code execution.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Padata parallel execution mechanism; - Netfilter; (CVE-2022-49698, CVE-2025-21726, CVE-2025-40019)

Titouan Lazard discovered that MUNGE contained an exploitable buffer overflow in munged (the MUNGE authentication daemon). A local attacker could possibly use this issue to forge MUNGE credentials, leading to arbitrary code execution.

It was discovered that the libpng simplified API incorrectly handled quantizing RGB images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service.

It was discovered that nginx incorrectly handled proxying to upstream TLS servers. An attacker could possibly use this issue to insert plain text data into the response from an upstream proxied server.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; - NVME drivers; - File systems infrastructure; - Timer subsystem; - Memory management; - Packet sockets; (CVE-2022-48986, CVE-2024-27078, CVE-2024-49959, CVE-2024-50195, CVE-2024-56606, CVE-2024-56756, CVE-2025-39993)

FEDORA-2026-b1b37b00ef Packages in this update:

• python3.13-3.13.12-1.fc42
• python3-docs-3.13.12-1.fc42

Update description:

Update to 3.13.12

It was discovered that HTTP/2, which is used/vendored by DNSdist, did not properly account for resources when handling client-triggered stream resets. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-8671) It was discovered that DNSdist did not properly manage memory limits when handling an unlimited number of queries on a single TCP connection. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-30193) It was discovered that DNSdist, when configured with the nghttp2 library, did not correctly process certain DNS over HTTPS queries. An attacker could possibly use this cause a denial of service. (CVE-2025-30187)

FEDORA-EPEL-2026-2fbc90c446 Packages in this update:

• python3.13-3.13.12-1.el10_2

Update description:

Update to 3.13.12

FEDORA-EPEL-2026-7e7682c00c Packages in this update:

• python3.13-3.13.12-1.el9

Update description:

Update to 3.13.12

Asim Viladi Oglu Manizada discovered that HAProxy incorrectly handled certain INITIAL packets. A remote attacker could possibly use this issue to cause HAProxy to crash, resulting in a denial of service.

Version:next-20260212 (linux-next) Released:2026-02-12

It was discovered that the libpng simplified API incorrectly processed palette PNG images with partial transparency and gamma correction. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-66293) Petr Simecek, Stanislav Fort and Pavel Kohout discovered that the libpng simplified API incorrectly processed interlaced 16-bit PNGs with 8-bit output format and non-minimal row strides. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2026-22695) Cosmin Truta discovered that the libpng simplified API incorrectly handled invalid row strides. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2026-22801) It was discovered that the libpng simplified API incorrectly handled quantizing RGB images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2026-25646)

FEDORA-2026-2af2f2fa9d Packages in this update:

• mingw-libpng-1.6.55-1.fc42

Update description:

Update to libpng-1.6.55.