Aggregator

FEDORA-2026-8b7270b473 Packages in this update:

• mingw-python-urllib3-2.6.3-1.fc43

Update description:

Update to 2.6.3, fixes CVE-2025-66471, CVE-2025-21441, CVE-2025-66418.

FEDORA-2026-2b6dfd7c83 Packages in this update:

• mingw-python-urllib3-2.6.3-1.fc42

Update description:

Update to 2.6.3, fixes CVE-2025-66471, CVE-2025-21441, CVE-2025-66418.

It was discovered that OpenCC incorrectly handled truncated UTF-8 input. An attacker could possibly use this issue to cause OpenCC to crash, resulting in a denial of service.

Version:next-20260121 (linux-next) Released:2026-01-21

It was discovered that GLib incorrectly handled the buffered input stream API. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code.

FEDORA-2026-d7cbd53e55 Packages in this update:

• ghostscript-10.05.1-6.fc42

Update description:

security fix for CVE-2025-59798, CVE-2025-59799, CVE-2025-59800 (fedora#2431544, fedora#2431548, fedora#2431546)

FEDORA-2026-c60e345359 Packages in this update:

• ghostscript-10.05.1-6.fc43

Update description:

security fix for CVE-2025-59798, CVE-2025-59799, CVE-2025-59800 (fedora#2431544, fedora#2431548, fedora#2431546)

Jorge Sancho Larraz discovered that iperf3 did not properly manage certain inputs, which could cause the server process to stop responding, waiting for input on the control connection. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 22.04 LTS. (CVE-2023-7250) It was discovered that iperf3 had a timing side-channel when performing RSA decryption. An attacker could possibly use this issue to recover sensitive information. This issue was only addressed in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-26306) It was discovered that iperf3 incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-53580) Han Lee discovered that iperf3 had an off-by-one heap overflow. An attacker could possibly use this issue to crash the program or execute arbitrary code. This issue was only addressed in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-54349) Han Lee discovered that iperf3 did not properly manage certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-54350)

Version:next-20260120 (linux-next) Released:2026-01-20

FEDORA-2026-f59e87ad88 Packages in this update:

• python-tinycss2-1.5.1-1.fc43
• weasyprint-68.0-1.fc43

Update description:

update to new upstream version including a fix for CVE-2025-68616

FEDORA-2026-943caf40d9 Packages in this update:

• freerdp-3.21.0-1.fc42

Update description:

Update to 3.21.0

FEDORA-2026-23d669bf94 Packages in this update:

• freerdp-3.21.0-1.fc43

Update description:

Update to 3.21.0

FEDORA-2026-3f0f0f85be Packages in this update:

• curl-8.11.1-7.fc42

Update description:

• fix broken TLS options for threaded LDAPS (CVE-2025-14017)

FEDORA-2026-e27b23af78 Packages in this update:

• curl-8.15.0-5.fc43

Update description:

• fix broken TLS options for threaded LDAPS (CVE-2025-14017)

FEDORA-2026-2a6cbb84d6 Packages in this update:

• perl-HarfBuzz-Shaper-0.033-1.fc42

Update description:

Upgrade to upstream. Eliminates distributing harfbuzz sources.

Upgrade to upstream 0.032.

FEDORA-2026-2b5249b4b6 Packages in this update:

• perl-HarfBuzz-Shaper-0.033-2.fc43

Update description:

Merge branch 'rawhide' into f43

Upgrade to upstream 0.032 to fix CVE-2026-22693.

Version:next-20260119 (linux-next) Released:2026-01-19

David Mendenhall discovered that Dungeon Crawl Stone Soup was incorrectly handling Lua bytecode embedded in an uploaded .crawlrc file. An attacker could possibly use this issue to execute arbitrary code.