Aggregator

FEDORA-2026-e1ed3b1fa8 Packages in this update:

• rsync-3.4.3-1.fc43

Update description:

New version 3.4.3. The rsync-patches are no longer supported so I removed them. The only patch used from that repo is detect-renamed and detect-renamed-lax. I keep these alive for F43 at least but maintaining them is becoming harder and harder. This update also fixes the following CVEs: CVE-2026-29518 CVE-2026-43617 CVE-2026-43618 CVE-2026-43619 CVE-2026-43620 CVE-2026-45232

FEDORA-2026-d14cd355b3 Packages in this update:

• rsync-3.4.3-1.fc44

Update description:

New version 3.4.3. The rsync-patches are no longer supported so I removed them. The only patch used from that repo is detect-renamed and detect-renamed-lax. I keep these alive for F43 at least but maintaining them is becoming harder and harder. This update also fixes the following CVEs: CVE-2026-29518 CVE-2026-43617 CVE-2026-43618 CVE-2026-43619 CVE-2026-43620 CVE-2026-45232

FEDORA-2026-513c495139 Packages in this update:

• keylime-7.14.2-1.fc43

Update description:

Updating for Keylime release v7.14.2:

• This includes the fix for CVE-2026-6420.
• Update keylime-selinux policy to the latest version 44.1.0

FEDORA-2026-9064cdf8ef Packages in this update:

• keylime-7.14.2-1.fc44

Update description:

Updating for Keylime release v7.14.2:

• This includes the fix for CVE-2026-6420.
• Update keylime-selinux policy to the latest version 44.1.0

FEDORA-EPEL-2026-025c44e73d Packages in this update:

• perl-CryptX-0.089-1.el10_3

Update description:

Fixes CVE-2026-41565

FEDORA-EPEL-2026-3fb3a6ee48 Packages in this update:

• perl-CryptX-0.089-1.el10_2

Update description:

Fixes CVE-2026-41565

FEDORA-EPEL-2026-e788f7bb84 Packages in this update:

• perl-CryptX-0.089-1.el8

Update description:

Fixes CVE-2026-41565

FEDORA-EPEL-2026-267188ebd0 Packages in this update:

• perl-CryptX-0.089-1.el9

Update description:

Fixes CVE-2026-41565

FEDORA-2026-2158c96917 Packages in this update:

• perl-CryptX-0.089-1.fc44

Update description:

Fixes CVE-2026-41565

FEDORA-2026-2ef4c0c642 Packages in this update:

• perl-CryptX-0.089-1.fc43

Update description:

Fixes CVE-2026-41565

USN-8338-1 fixed vulnerabilities in Apache HTTP Server. The update introduced a regression that prevented mod_http2 from loading on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04 LTS. (CVE-2023-38709) Will Dormann and David Warren discovered that Apache HTTP Server's HTTP/2 implementation did not properly reclaim memory when streams were reset by clients. A remote attacker could possibly use this issue to cause Apache HTTP Server to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2023-45802) Keran Mu and Jianjun Chen discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-24795) Orange Tsai discovered that Apache HTTP Server mod_proxy incorrectly handled URL encoding. A remote attacker could possibly use this issue to bypass authentication via crafted requests. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-38473) Orange Tsai discovered that Apache HTTP Server could be caused to perform server-side request forgery (SSRF) via malicious backend response headers. A remote attacker could possibly use this issue to conduct SSRF attacks or disclose sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-38476) Orange Tsai discovered that Apache HTTP Server mod_proxy did not properly handle certain null pointer conditions. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-38477) Orange Tsai discovered that Apache HTTP Server mod_rewrite could be made to perform server-side request forgery (SSRF) via unsafe RewriteRules. A remote attacker could possibly use this issue to conduct SSRF attacks. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-39573) It was discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-42516) It was discovered that Apache HTTP Server could be caused to perform server-side request forgery (SSRF) via mod_headers modifying Content-Type headers. A remote attacker could possibly use this issue to conduct SSRF attacks. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-43204) John Runyon discovered that Apache HTTP Server mod_ssl did not properly escape user-supplied data before writing log entries. A remote attacker could possibly use this issue to insert escape sequences into log files. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-47252) Robert Merget discovered that Apache HTTP Server with SSLEngine optional was vulnerable to HTTP desynchronisation attacks. An attacker in a privileged network position could possibly use this issue to hijack HTTP sessions. This issue only affected Ubuntu 14.04 LTS. (CVE-2025-49812) It was discovered that Apache HTTP Server mod_md had an integer overflow in the ACME certificate renewal backoff timer. An attacker could possibly use this issue to cause excessive certificate renewal requests. This issue only affected Ubuntu 20.04 LTS. (CVE-2025-55753) Anthony Parfenov discovered that Apache HTTP Server with SSI enabled and mod_cgid passed shell-escaped query strings to #exec cmd directives. A remote attacker could possibly use this issue to perform command injection. (CVE-2025-58098) Mattias Åsander discovered that Apache HTTP Server incorrectly gave precedence to environment variables from HTTP headers over server-calculated CGI variables. A remote attacker could possibly use this issue to influence the environment of CGI programs. (CVE-2025-65082) Mattias Åsander discovered that Apache HTTP Server mod_userdir with suexec could be caused to run CGI scripts under an unexpected user ID via RequestHeader directives in .htaccess files. An attacker with .htaccess write access could possibly use this issue to bypass suexec user restrictions. (CVE-2025-66200)

FEDORA-2026-fc81581a79 Packages in this update:

• freeipa-4.13.1-7.fc43
• samba-4.23.8-1.fc43

Update description:

Update to Samba 4.23.8 - Security fix for CVE-2026-4480, CVE-2026-2340, CVE-2026-3012, CVE-2026-1933, CVE-2026-4408, and CVE-2026-3238

FEDORA-2026-7567819345 Packages in this update:

• freeipa-4.13.1-12.fc44
• samba-4.24.3-1.fc44

Update description:

Update to Samba 4.24.3 - Security fix for CVE-2026-4480, CVE-2026-2340, CVE-2026-3012, CVE-2026-1933, CVE-2026-4408, and CVE-2026-3238

FEDORA-2026-9b08621bdc Packages in this update:

• freeipa-4.13.1-16.fc45
• samba-4.24.3-1.fc45

Update description:

Update to Samba 4.24.3 - Security fix for CVE-2026-4480, CVE-2026-2340, CVE-2026-3012, CVE-2026-1933, CVE-2026-4408, and CVE-2026-3238

FEDORA-EPEL-2026-0e1191456b Packages in this update:

• pdns-5.0.5-1.el9

Update description:

• Update to 5.0.5
• Fix for CVE-2026-42000, CVE-2026-42001, CVE-2026-42002, CVE-2026-41999, CVE-2026-42396

Security Advisory: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html

It was discovered that the vendored LibTIFF in QT WebEngine incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code.

It was discovered that the vendored LibTIFF in Texmaker incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code.

It was discovered that the vendored LibTIFF in GDAL incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code.

FEDORA-EPEL-2026-39d9295352 Packages in this update:

• libre-4.8.1-1.el10_3

Update description: libre v4.8.1 (2026-05-28)

• fmt/pl: add pl_strip_html()
• sys/fs: add getpwuid fallback for fs_gethome
• tls: remove unused include rsa.h
• ice: check source address of incoming application packets
• websock: Fix integer overflow in websock_decode() masked frame check
  • https://github.com/baresip/re/security/advisories/GHSA-hvxv-v2gp-v93h
  • https://github.com/baresip/baresip/issues/3705

FEDORA-2026-bfba5a213d Packages in this update:

• libre-4.8.1-1.fc43

Update description: libre v4.8.1 (2026-05-28)

• fmt/pl: add pl_strip_html()
• sys/fs: add getpwuid fallback for fs_gethome
• tls: remove unused include rsa.h
• ice: check source address of incoming application packets
• websock: Fix integer overflow in websock_decode() masked frame check
  • https://github.com/baresip/re/security/advisories/GHSA-hvxv-v2gp-v93h
  • https://github.com/baresip/baresip/issues/3705