Aggregator
DSA-6355-1 linux - security update
python-pydantic-settings-2.14.2-1.fc43
FEDORA-2026-ade10efd88
Packages in this update:
- python-pydantic-settings-2.14.2-1.fc43
Update to 2.14.2; fixes GHSA-4xgf-cpjx-pc3j.
prometheus-podman-exporter-1.21.1-1.fc44
FEDORA-2026-3c6643b33a
Packages in this update:
- prometheus-podman-exporter-1.21.1-1.fc44
release 1.21.1
prometheus-podman-exporter-1.21.1-1.el10_3
FEDORA-EPEL-2026-25d7b70013
Packages in this update:
- prometheus-podman-exporter-1.21.1-1.el10_3
release 1.21.1
prometheus-podman-exporter-1.21.1-1.fc43
FEDORA-2026-460749ef95
Packages in this update:
- prometheus-podman-exporter-1.21.1-1.fc43
release 1.21.1
prometheus-podman-exporter-1.21.1-1.el9
FEDORA-EPEL-2026-5f0a1be559
Packages in this update:
- prometheus-podman-exporter-1.21.1-1.el9
release 1.21.1
podman-tui-1.11.2-1.el10_3
FEDORA-EPEL-2026-3143b24056
Packages in this update:
- podman-tui-1.11.2-1.el10_3
release 1.11.2
podman-tui-1.11.2-1.fc43
FEDORA-2026-ac94948c8a
Packages in this update:
- podman-tui-1.11.2-1.fc43
release 1.11.2
podman-tui-1.11.2-1.fc44
FEDORA-2026-c55ec73fe2
Packages in this update:
- podman-tui-1.11.2-1.fc44
release 1.11.2
podman-tui-1.11.2-1.el9
FEDORA-EPEL-2026-5f81d8931a
Packages in this update:
- podman-tui-1.11.2-1.el9
release 1.11.2
python-pydantic-settings-2.14.2-1.fc44
FEDORA-2026-6b7571be30
Packages in this update:
- python-pydantic-settings-2.14.2-1.fc44
Update to 2.14.2; fixes GHSA-4xgf-cpjx-pc3j.
buildah-1.43.2-1.fc44 podman-5.8.3-1.fc44
FEDORA-2026-ceb2f5c5bb
Packages in this update:
- buildah-1.43.2-1.fc44
- podman-5.8.3-1.fc44
Update to buildah 1.43.2 and podman 5.8.3
Security fix for CVE-2026-44517
buildah-1.43.2-1.fc43 podman-5.8.3-1.fc43
FEDORA-2026-be3238ba3e
Packages in this update:
- buildah-1.43.2-1.fc43
- podman-5.8.3-1.fc43
Update to buildah 1.43.2 and podman 5.8.3
Security fix for CVE-2026-44517
moby-engine-29.6.0-1.fc43
FEDORA-2026-0feb6e4967
Packages in this update:
- moby-engine-29.6.0-1.fc43
- Update to release v29.6.0
- Resolves: rhbz#2490590
- Resolves CVE-2026-39828: rhbz#2489945
- Resolves CVE-2026-39829: rhbz#2490099
- Resolves CVE-2026-39830: rhbz#2490466
- Upstream fixes and enhancements
moby-engine-29.6.0-1.fc44
FEDORA-2026-d8e03bae55
Packages in this update:
- moby-engine-29.6.0-1.fc44
- Update to release v29.6.0
- Resolves: rhbz#2490590
- Resolves CVE-2026-39828: rhbz#2489945
- Resolves CVE-2026-39829: rhbz#2490099
- Resolves CVE-2026-39830: rhbz#2490466
- Upstream fixes and enhancements
haveged-1.9.24-1.el8
FEDORA-EPEL-2026-0a805e7cc1
Packages in this update:
- haveged-1.9.24-1.el8
Update to 1.9.24. Disable command mode in long-running service (--no-command flag). Enable PrivateNetwork=true in systemd service. Remove SELinux policy module (no longer needed without command mode).
Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle (annocheck is a security inspection and cannot be disabled via inspections section)
Update to 1.9.23-2: - Add SELinux policy module to allow semaphore creation in /dev/shm - Add rpminspect.yaml to waive pre-existing annocheck false positive
Security fixes in 1.9.23-1: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
haveged-1.9.24-1.el10_2
FEDORA-EPEL-2026-ace6f31c40
Packages in this update:
- haveged-1.9.24-1.el10_2
Update to 1.9.24. Disable command mode in long-running service (--no-command flag). Enable PrivateNetwork=true in systemd service. Remove SELinux policy module (no longer needed without command mode).
Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle (annocheck is a security inspection and cannot be disabled via inspections section)
Update to 1.9.23-2: - Add SELinux policy module to allow semaphore creation in /dev/shm - Add rpminspect.yaml to waive pre-existing annocheck false positive
Security fixes in 1.9.23-1: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
haveged-1.9.24-1.el10_3
FEDORA-EPEL-2026-d45ef3ffda
Packages in this update:
- haveged-1.9.24-1.el10_3
Update to 1.9.24. Disable command mode in long-running service (--no-command flag). Enable PrivateNetwork=true in systemd service. Remove SELinux policy module (no longer needed without command mode).
Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle (annocheck is a security inspection and cannot be disabled via inspections section)
Update to 1.9.23-2: - Add SELinux policy module to allow semaphore creation in /dev/shm - Add rpminspect.yaml to waive pre-existing annocheck false positive
Security fixes in 1.9.23-1: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
haveged-1.9.24-1.el9
FEDORA-EPEL-2026-5636c53ecb
Packages in this update:
- haveged-1.9.24-1.el9
Update to 1.9.24. Disable command mode in long-running service (--no-command flag). Enable PrivateNetwork=true in systemd service. Remove SELinux policy module (no longer needed without command mode).
Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle (annocheck is a security inspection and cannot be disabled via inspections section)
Update to 1.9.23-2: - Add SELinux policy module to allow semaphore creation in /dev/shm - Add rpminspect.yaml to waive pre-existing annocheck false positive
Security fixes in 1.9.23-1: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined