Aggregator

FEDORA-2026-8cffa03dad Packages in this update:

• kernel-7.0.4-200.fc44

Update description:

The 7.0.4 stable kernel rebase contains additional hardware support, new features, and a number of important fixes across the tree. It also contains a fix for the dirtyfrag vulnerability. This covers CVE-2026-43284 and CVE-2026-43500. For users who experience a problem with the 7.0.4 rebase, a build of 6.19.14 with just the dirtyfrag fixes should be available in koji shortly.

FEDORA-2026-abc00fb4e8 Packages in this update:

• kernel-7.0.4-100.fc43

Update description:

The 7.0.4 stable kernel rebase contains additional hardware support, new features, and a number of important fixes across the tree. It also contains a fix for the dirtyfrag vulnerability. This covers CVE-2026-43284 and CVE-2026-43500. For users who experience a problem with the 7.0.4 rebase, a build of 6.19.14 with just the dirtyfrag fixes should be available in koji shortly.

FEDORA-2026-b58cd376d6 Packages in this update:

• pypy-7.3.22-2.fc45

Update description:

Automatic update for pypy-7.3.22-2.fc45.

Changelog * Tue May 5 2026 Charalampos Stratakis <cstratak@redhat.com> - 7.3.22-2 - Security fix for CVE-2026-3219 in the bundled pip wheel - Fixes: rhbz#2461288 * Tue May 5 2026 Charalampos Stratakis <cstratak@redhat.com> - 7.3.22-1 - Update to 7.3.22 - Fixes: rhbz#2463475

FEDORA-2026-87dc12705e Packages in this update:

• kernel-6.19.14-101.fc42

Update description:

The 6.19.14-101 stable update contains a fix for the dirtyfrag vulnerability. This covers CVE-2026-43284 and CVE-2026-43500

Version:6.1.172 (longterm) Released:2026-05-08 Source:linux-6.1.172.tar.xz PGP Signature:linux-6.1.172.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.1.172

Version:5.15.206 (longterm) Released:2026-05-08 Source:linux-5.15.206.tar.xz PGP Signature:linux-5.15.206.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.15.206

USN-8248-1 fixed vulnerabilities in NASM. Unfortunately the update introduced a regression which could cause NASM to crash. This update fixes the problem by reverting the fix for CVE-2021-33450 and CVE-2021-33452 in Ubuntu 24.04 LTS. We apologize for the inconvenience. Original advisory details: Daisy Chen discovered that NASM was vulnerable to a heap buffer overflow when handling certain input. An attacker could possibly use this issue to cause NASM to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-31722) It was discovered that NASM incorrectly handled memory allocation. An attacker could possibly use this issue to cause NASM to use excessive resources, leading to a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2021-33452, CVE-2021-33450)

FEDORA-2026-8ad863685a Packages in this update:

• python-pulp-glue-0.37.0-5.fc43
• python-requests-2.33.1-1.fc43

Update description: 2.33.1 (2026-03-30)

Bugfixes - Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. - Fixed Content-Type header parsing for malformed values. - Improved error consistency for malformed header values.

2.33.0 (2026-03-25)

Announcements - 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security - CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements - Migrated to a PEP 517 build system using setuptools.

Bugfixes - Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+.

Deprecations - Dropped support for Python 3.9 following its end of support.

Documentation - Various typo fixes and doc improvements.

FEDORA-2026-44919b3d9f Packages in this update:

• python-pulp-glue-0.37.0-5.fc44
• python-requests-2.33.1-1.fc44

Update description: 2.33.1 (2026-03-30)

Bugfixes - Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. - Fixed Content-Type header parsing for malformed values. - Improved error consistency for malformed header values.

2.33.0 (2026-03-25)

Announcements - 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security - CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements - Migrated to a PEP 517 build system using setuptools.

Bugfixes - Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+.

Deprecations - Dropped support for Python 3.9 following its end of support.

Documentation - Various typo fixes and doc improvements.

Version:next-20260508 (linux-next) Released:2026-05-08

Version:6.1.171 (longterm) Released:2026-05-08 Source:linux-6.1.171.tar.xz PGP Signature:linux-6.1.171.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.1.171

Version:5.15.205 (longterm) Released:2026-05-08 Source:linux-5.15.205.tar.xz PGP Signature:linux-5.15.205.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.15.205

Version:5.10.255 (longterm) Released:2026-05-08 Source:linux-5.10.255.tar.xz PGP Signature:linux-5.10.255.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.10.255

It was discovered that the Lua parser incorrectly handled garbage collection when processing specially crafted Lua scripts. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Version:7.0.5 (stable) Released:2026-05-08 Source:linux-7.0.5.tar.xz PGP Signature:linux-7.0.5.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-7.0.5

Version:6.18.28 (longterm) Released:2026-05-08 Source:linux-6.18.28.tar.xz PGP Signature:linux-6.18.28.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.18.28

Version:6.12.87 (longterm) Released:2026-05-08 Source:linux-6.12.87.tar.xz PGP Signature:linux-6.12.87.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.87

Version:6.6.138 (longterm) Released:2026-05-08 Source:linux-6.6.138.tar.xz PGP Signature:linux-6.6.138.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.138

FEDORA-2026-793b55138d Packages in this update:

• python-jupytext-1.19.1-4.fc42

Update description:

This update contains upgrades to various npm packages used during the build to address CVEs, namely:

• CVE-2025-69873 (ajv)
• CVE-2026-0540 (DOMPurify)
• CVE-2026-3449 (@tootallnate/once)
• CVE-2026-4800 (lodash)
• CVE-2026-6321 (fast-uri)
• CVE-2026-41240 (DOMPurify)

This is probably unimportant since these packages are used at build-time only. They are not shipped with python3-jupytext and therefore do not affect runtime.

FEDORA-2026-85b819b928 Packages in this update:

• python-jupytext-1.19.1-4.fc43

Update description:

This update contains upgrades to various npm packages used during the build to address CVEs, namely:

• CVE-2025-69873 (ajv)
• CVE-2026-0540 (DOMPurify)
• CVE-2026-3449 (@tootallnate/once)
• CVE-2026-4800 (lodash)
• CVE-2026-6321 (fast-uri)
• CVE-2026-41240 (DOMPurify)

This is probably unimportant since these packages are used at build-time only. They are not shipped with python3-jupytext and therefore do not affect runtime.