Aggregator

It was discovered that OpenImageIO incorrectly performed bounds checking when processing SGI files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-43903) It was discovered that OpenImageIO incorrectly handled run-length encoding when processing Softimage PIC files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-43904) It was discovered that OpenImageIO incorrectly validated subimage metadata when processing HEIF files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-43906) It was discovered that OpenImageIO contained multiple integer overflow vulnerabilities when processing DPX files. An attacker could possibly use these issues to cause a denial of service or execute arbitrary code. (CVE-2026-43907, CVE-2026-43908, CVE-2026-43909)

FEDORA-EPEL-2026-f33139a01c Packages in this update:

• coturn-4.13.1-1.el10_2

Update description: Coturn 4.13.1 What's in this release

• Security fixes

What's Changed

• Null-terminate server_name in stun_is_challenge_response_str
• Canonicalize all IPv4-in-IPv6 encodings before peer-IP checks
• Auto-deny coturn's own database backend endpoints as relay peers
• Deny link-local / ULA / site-local relay peers by default

Coturn 4.13.0 What's in this release

• More performance improvements for --udp-recvmmsg and --multiplex-peer. If your system does not rely on TURN unique ports give multiplexing a try - it has capacity to dramatically increase performance.
• Security fixes

What's Changed

• Wrap atomic everywhere
• Fix sendmmsg stride bug in multiplex-peer UDP batch flush
• Reap TURN permissions/channels via a per-thread sweep instead of per-object timers
• Add --udp-sendmmsg-log to observe egress sendmmsg/UDP-GSO batching
• Expose recvmmsg/sendmmsg UDP batch sizes as Prometheus metrics
• Restrict recvmmsg fast path to shared fan-in sockets (make --udp-recvmmsg useful standalone)
• Enable --udp-recvmmsg by default on Linux
• Security hardening: port parsing, admin brute-force throttle, credential log redaction, constant-time compare, OAuth bounds checks, permission cap
• Add continuous latency mode to stunclient
• Fix test_redis_format link failure
• Fix configure MANPREFIX typo
• Fix missing sqlite3 dependendcy
• Fix UDP receive buffer ownership

FEDORA-EPEL-2026-5fb0ce4f22 Packages in this update:

• coturn-4.13.1-1.el8

Update description: Coturn 4.13.1 What's in this release

• Security fixes

What's Changed

• Null-terminate server_name in stun_is_challenge_response_str
• Canonicalize all IPv4-in-IPv6 encodings before peer-IP checks
• Auto-deny coturn's own database backend endpoints as relay peers
• Deny link-local / ULA / site-local relay peers by default

Coturn 4.13.0 What's in this release

• More performance improvements for --udp-recvmmsg and --multiplex-peer. If your system does not rely on TURN unique ports give multiplexing a try - it has capacity to dramatically increase performance.
• Security fixes

What's Changed

• Wrap atomic everywhere
• Fix sendmmsg stride bug in multiplex-peer UDP batch flush
• Reap TURN permissions/channels via a per-thread sweep instead of per-object timers
• Add --udp-sendmmsg-log to observe egress sendmmsg/UDP-GSO batching
• Expose recvmmsg/sendmmsg UDP batch sizes as Prometheus metrics
• Restrict recvmmsg fast path to shared fan-in sockets (make --udp-recvmmsg useful standalone)
• Enable --udp-recvmmsg by default on Linux
• Security hardening: port parsing, admin brute-force throttle, credential log redaction, constant-time compare, OAuth bounds checks, permission cap
• Add continuous latency mode to stunclient
• Fix test_redis_format link failure
• Fix configure MANPREFIX typo
• Fix missing sqlite3 dependendcy
• Fix UDP receive buffer ownership

FEDORA-2026-c42d951aad Packages in this update:

• coturn-4.13.1-1.fc43

Update description: Coturn 4.13.1 What's in this release

• Security fixes

What's Changed

• Null-terminate server_name in stun_is_challenge_response_str
• Canonicalize all IPv4-in-IPv6 encodings before peer-IP checks
• Auto-deny coturn's own database backend endpoints as relay peers
• Deny link-local / ULA / site-local relay peers by default

Coturn 4.13.0 What's in this release

• More performance improvements for --udp-recvmmsg and --multiplex-peer. If your system does not rely on TURN unique ports give multiplexing a try - it has capacity to dramatically increase performance.
• Security fixes

What's Changed

• Wrap atomic everywhere
• Fix sendmmsg stride bug in multiplex-peer UDP batch flush
• Reap TURN permissions/channels via a per-thread sweep instead of per-object timers
• Add --udp-sendmmsg-log to observe egress sendmmsg/UDP-GSO batching
• Expose recvmmsg/sendmmsg UDP batch sizes as Prometheus metrics
• Restrict recvmmsg fast path to shared fan-in sockets (make --udp-recvmmsg useful standalone)
• Enable --udp-recvmmsg by default on Linux
• Security hardening: port parsing, admin brute-force throttle, credential log redaction, constant-time compare, OAuth bounds checks, permission cap
• Add continuous latency mode to stunclient
• Fix test_redis_format link failure
• Fix configure MANPREFIX typo
• Fix missing sqlite3 dependendcy
• Fix UDP receive buffer ownership

FEDORA-2026-dda1360c18 Packages in this update:

• coturn-4.13.1-1.fc44

Update description: Coturn 4.13.1 What's in this release

• Security fixes

What's Changed

• Null-terminate server_name in stun_is_challenge_response_str
• Canonicalize all IPv4-in-IPv6 encodings before peer-IP checks
• Auto-deny coturn's own database backend endpoints as relay peers
• Deny link-local / ULA / site-local relay peers by default

Coturn 4.13.0 What's in this release

• More performance improvements for --udp-recvmmsg and --multiplex-peer. If your system does not rely on TURN unique ports give multiplexing a try - it has capacity to dramatically increase performance.
• Security fixes

What's Changed

• Wrap atomic everywhere
• Fix sendmmsg stride bug in multiplex-peer UDP batch flush
• Reap TURN permissions/channels via a per-thread sweep instead of per-object timers
• Add --udp-sendmmsg-log to observe egress sendmmsg/UDP-GSO batching
• Expose recvmmsg/sendmmsg UDP batch sizes as Prometheus metrics
• Restrict recvmmsg fast path to shared fan-in sockets (make --udp-recvmmsg useful standalone)
• Enable --udp-recvmmsg by default on Linux
• Security hardening: port parsing, admin brute-force throttle, credential log redaction, constant-time compare, OAuth bounds checks, permission cap
• Add continuous latency mode to stunclient
• Fix test_redis_format link failure
• Fix configure MANPREFIX typo
• Fix missing sqlite3 dependendcy
• Fix UDP receive buffer ownership

FEDORA-EPEL-2026-69da7ab3e5 Packages in this update:

• coturn-4.13.1-1.el10_3

Update description: Coturn 4.13.1 What's in this release

• Security fixes

What's Changed

• Null-terminate server_name in stun_is_challenge_response_str
• Canonicalize all IPv4-in-IPv6 encodings before peer-IP checks
• Auto-deny coturn's own database backend endpoints as relay peers
• Deny link-local / ULA / site-local relay peers by default

Coturn 4.13.0 What's in this release

• More performance improvements for --udp-recvmmsg and --multiplex-peer. If your system does not rely on TURN unique ports give multiplexing a try - it has capacity to dramatically increase performance.
• Security fixes

What's Changed

• Wrap atomic everywhere
• Fix sendmmsg stride bug in multiplex-peer UDP batch flush
• Reap TURN permissions/channels via a per-thread sweep instead of per-object timers
• Add --udp-sendmmsg-log to observe egress sendmmsg/UDP-GSO batching
• Expose recvmmsg/sendmmsg UDP batch sizes as Prometheus metrics
• Restrict recvmmsg fast path to shared fan-in sockets (make --udp-recvmmsg useful standalone)
• Enable --udp-recvmmsg by default on Linux
• Security hardening: port parsing, admin brute-force throttle, credential log redaction, constant-time compare, OAuth bounds checks, permission cap
• Add continuous latency mode to stunclient
• Fix test_redis_format link failure
• Fix configure MANPREFIX typo
• Fix missing sqlite3 dependendcy
• Fix UDP receive buffer ownership

FEDORA-EPEL-2026-48a6ee99c9 Packages in this update:

• coturn-4.13.1-1.el9

Update description: Coturn 4.13.1 What's in this release

• Security fixes

What's Changed

• Null-terminate server_name in stun_is_challenge_response_str
• Canonicalize all IPv4-in-IPv6 encodings before peer-IP checks
• Auto-deny coturn's own database backend endpoints as relay peers
• Deny link-local / ULA / site-local relay peers by default

Coturn 4.13.0 What's in this release

• More performance improvements for --udp-recvmmsg and --multiplex-peer. If your system does not rely on TURN unique ports give multiplexing a try - it has capacity to dramatically increase performance.
• Security fixes

What's Changed

• Wrap atomic everywhere
• Fix sendmmsg stride bug in multiplex-peer UDP batch flush
• Reap TURN permissions/channels via a per-thread sweep instead of per-object timers
• Add --udp-sendmmsg-log to observe egress sendmmsg/UDP-GSO batching
• Expose recvmmsg/sendmmsg UDP batch sizes as Prometheus metrics
• Restrict recvmmsg fast path to shared fan-in sockets (make --udp-recvmmsg useful standalone)
• Enable --udp-recvmmsg by default on Linux
• Security hardening: port parsing, admin brute-force throttle, credential log redaction, constant-time compare, OAuth bounds checks, permission cap
• Add continuous latency mode to stunclient
• Fix test_redis_format link failure
• Fix configure MANPREFIX typo
• Fix missing sqlite3 dependendcy
• Fix UDP receive buffer ownership

FEDORA-2026-2c5cde060d Packages in this update:

• python-django-allauth-65.18.0-1.fc44

Update description:

Update to the latest django-allauth

Fixes CVE-2026-27982

It was discovered that rabbitmq-c exposed credentials in command-line arguments under certain circumstances. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2023-35789) It was discovered that rabbitmq-c incorrectly handled AMQP frame lengths under certain circumstances, which could lead to an out-of-bounds read. A remote attacker could possibly use this issue to cause rabbitmq-c to crash, resulting in a denial of service. (CVE-2026-44235) It was discovered that rabbitmq-c incorrectly handled AMQP login handshakes under certain circumstances, which could lead to a heap buffer overflow. A remote attacker could possibly use this issue to cause rabbitmq-c to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-44236)

Version:next-20260616 (linux-next) Released:2026-06-16

FEDORA-2026-67a9805962 Packages in this update:

• strongswan-6.0.7-2.fc43

Update description:

Addresses CVE-2026-47895 which is a theoretical RCE

Fixes CVE-2026-25075, CVE-2026-35328, CVE-2026-35329, CVE-2026-35330, CVE-2026-35331, CVE-2026-35332, CVE-2026-35333, CVE-2026-35334

Update to address CVE-2025-9615 and CVE-2025-62291

It was discovered that OpenStack Keystone allowed restricted application credentials to create EC2 credentials. An authenticated attacker with only a reader role could possibly use this issue to bypass the role restrictions imposed on the application credential. (CVE-2026-33551) It was discovered that the OpenStack Keystone LDAP identity backend did not correctly convert the user enabled attribute to a boolean value. An attacker could possibly use this issue to authenticate as a user disabled in LDAP. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-40683) It was discovered that OpenStack Keystone's application credential authentication plugin did not verify that the user supplied in an authentication request matched the credential owner. An authenticated attacker could possibly impersonate another user and gain access to their tokens and credentials. (CVE-2026-42998) It was discovered that OpenStack Keystone's RBAC policy enforcer unconditionally merged the raw JSON request body into the policy enforcement dictionary, overwriting trusted target data. An authenticated attacker could possibly use this issue to inject arbitrary policy attributes to bypass RBAC checks. (CVE-2026-42999) It was discovered that OpenStack Keystone allowed an attacker with the member role to escalate privileges to admin by chaining application credential impersonation with Keystone trusts. An attacker could possibly use this issue to create a persistent trust delegating the victim's admin role to themselves. (CVE-2026-43000) It was discovered that OpenStack Keystone did not validate that the project_id for an EC2 credential matched the project of the authenticating application credential. An attacker with valid credentials for one project could possibly use this issue to create EC2 credentials targeting a different project. (CVE-2026-43001) It was discovered that OpenStack Keystone's federated token rescoping mechanism did not propagate the original token's expiry to the newly issued token. A remote attacker could possibly use this issue to maintain access indefinitely by repeatedly rescoping tokens before expiry. (CVE-2026-44394)

FEDORA-2026-a7ff7017ee Packages in this update:

• util-linux-2.41.5-1.fc43

Update description:

upstream upgrade with security fixes:

• CVE-2026-53612 - libmount: TOCTOU attack via ancestor directory swap during mount
• CVE-2026-53613 - libmount: SUID bypass via LIBMOUNT_FORCE_MOUNT2 and legacy mount path
• CVE-2026-53614 - libmount: fd_target TOCTOU prevention

FEDORA-2026-c70cb96ff1 Packages in this update:

• util-linux-2.41.5-1.fc44

Update description:

upstream upgrade with security fixes:

• CVE-2026-53612 - libmount: TOCTOU attack via ancestor directory swap during mount
• CVE-2026-53613 - libmount: SUID bypass via LIBMOUNT_FORCE_MOUNT2 and legacy mount path
• CVE-2026-53614 - libmount: fd_target TOCTOU prevention

It was discovered that FreeRDP incorrectly handled memory under certain circumstances, which could lead to an out-of-bounds heap write. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-45700) In addition, this update fixes a regression introduced in USN-8105-1. The update introduces a complete fix for CVE-2026-22858, CVE-2026-23732 and CVE-2026-25952 in Ubuntu 24.04 LTS and Ubuntu 25.10.

USN-8349-1 fixed vulnerabilities in rsync. Unfortunately that update introduced multiple regressions in rsync functionality. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with read access to an rsync server could possibly use this issue to cause a denial of service. (CVE-2025-10158) Batuhan Sancak, Damien Neil, and Michael Stapelberg discovered that rsync daemons configured without chroot protection were exposed to a race condition on parent path components. A local attacker with write access to a module could possibly use this issue to overwrite files, obtain sensitive information, or escalate privileges. (CVE-2026-29518) It was discovered that rsync did not properly validate a length value while sorting extended attributes. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-41035) It was discovered that rsync performed reverse-DNS lookups after chrooting in some daemon configurations. A remote attacker could possibly use this issue to bypass hostname-based access controls and access network services. (CVE-2026-43617) Omar Elsayed discovered that rsync did not properly check for integer overflows while decoding compressed tokens. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-43618) Andrew Tridgell discovered that rsync did not fully fix a symlink race condition in path-based system calls for daemons configured without chroot protection. A local attacker could possibly use this issue to overwrite files, obtain sensitive information, or escalate privileges. (CVE-2026-43619) Pratham Gupta discovered that rsync did not properly validate an index while processing file lists. A remote attacker could possibly use this issue to cause rsync to crash, resulting in a denial of service. (CVE-2026-43620) Michal Ruprich discovered that rsync contained an off-by-one error while handling HTTP proxy responses. An attacker able to intercept network communications or a malicious proxy server could possibly use this issue to cause a denial of service. (CVE-2026-45232)

FEDORA-2026-d2806ddffc Packages in this update:

• materialx-1.39.5-1.fc44

Update description:

New release version 1.39.5.

See the change log.

FEDORA-2026-85d5d5f493 Packages in this update:

• materialx-1.39.5-1.fc43

Update description:

New release version 1.39.5.

See the change log.

FEDORA-2026-284c049f7f Packages in this update:

• strongswan-6.0.7-1.fc44

Update description:

Addresses CVE-2026-47895 which is a theoretical RCE