Fedora Security Advisories

ruby-4.0.6-36.fc44

1 hour 51 minutes ago
FEDORA-2026-32d5a3d450 Packages in this update:
  • ruby-4.0.6-36.fc44
Update description:

Ruby 4.0.6 is released. This new ruby contains several security fixes in net-snmp.

wireshark-4.6.7-1.fc44

5 hours 26 minutes ago
FEDORA-2026-bc152c9ff6 Packages in this update:
  • wireshark-4.6.7-1.fc44
Update description:

Latest wireshark version includes fixes for the following CVEs: CVE-2026-15163 CVE-2026-15164 CVE-2026-15165 CVE-2026-15166 CVE-2026-15167 CVE-2026-15168 CVE-2026-15169 CVE-2026-15170 CVE-2026-15171 CVE-2026-15172 CVE-2026-15173 CVE-2026-15174

fasterxml-oss-parent-75-1.fc45 jackson-annotations-2.21-6.fc45 jackson-bom-2.21.5-1.fc45 jackson-core-2.21.5-1.fc45 jackson-databind-2.21.5-1.fc45 jackson-jaxrs-providers-2.21.5-1.fc45 jackson-modules-base-2.21.5-1.fc45 jackson-parent-2.21-1.fc45

17 hours 43 minutes ago
FEDORA-2026-ddde3cf003 Packages in this update:
  • fasterxml-oss-parent-75-1.fc45
  • jackson-annotations-2.21-6.fc45
  • jackson-bom-2.21.5-1.fc45
  • jackson-core-2.21.5-1.fc45
  • jackson-databind-2.21.5-1.fc45
  • jackson-jaxrs-providers-2.21.5-1.fc45
  • jackson-modules-base-2.21.5-1.fc45
  • jackson-parent-2.21-1.fc45
Update description:

Rebase to 2.21.5 to solve the CVE-2026-54518, CVE-2026-54517, CVE-2026-54516, CVE-2026-54515, CVE-2026-54513, CVE-2026-54512

spoofdpi-1.5.3-1.fc45

23 hours 51 minutes ago
FEDORA-2026-b382f3a576 Packages in this update:
  • spoofdpi-1.5.3-1.fc45
Update description:

Automatic update for spoofdpi-1.5.3-1.fc45.

Changelog * Tue Jul 14 2026 Emir Akdag <infraw.linux@proton.me> - 1.5.3-1 - Update spoofdpi to 1.5.3 - Update to 1.5.3 to fix CVE-2026-27145 - Add missing license for go-localereader - Fix build directory case sensitivity issue - Resolves: rhbz#2494220, rhbz#2494389

perl-YAML-Syck-1.47-1.el9

1 day 3 hours ago
FEDORA-EPEL-2026-57e759c14c Packages in this update:
  • perl-YAML-Syck-1.47-1.el9
Update description:

This update addresses four libsyck memory-safety CVEs reachable from the default YAML::Syck::Load() path on untrusted input with no special flags:

  • CVE-2026-57075 (CWE-125): Out-of-bounds read in the base64 decoder caused by signed-char indexing of the decode table on !!binary input
  • CVE-2026-57076 (CWE-416): Use-after-free of an anchor key string shared between the node and the anchors table
  • CVE-2026-57077 (CWE-125): One-byte out-of-bounds read in the lexer newline scan during block-scalar parsing (incomplete-fix follow-on to CVE-2025-11683)
  • CVE-2026-13713 (CWE-416/CWE-415): Use-after-free / double-free of an anchor node on anchor redefinition, a remote-crash DoS from a 7-byte input

There are also a few other bug-fixes included.

perl-YAML-Syck-1.47-1.el10_3

1 day 3 hours ago
FEDORA-EPEL-2026-22c2f092d6 Packages in this update:
  • perl-YAML-Syck-1.47-1.el10_3
Update description:

This update addresses four libsyck memory-safety CVEs reachable from the default YAML::Syck::Load() path on untrusted input with no special flags:

  • CVE-2026-57075 (CWE-125): Out-of-bounds read in the base64 decoder caused by signed-char indexing of the decode table on !!binary input
  • CVE-2026-57076 (CWE-416): Use-after-free of an anchor key string shared between the node and the anchors table
  • CVE-2026-57077 (CWE-125): One-byte out-of-bounds read in the lexer newline scan during block-scalar parsing (incomplete-fix follow-on to CVE-2025-11683)
  • CVE-2026-13713 (CWE-416/CWE-415): Use-after-free / double-free of an anchor node on anchor redefinition, a remote-crash DoS from a 7-byte input

There are also a few other bug-fixes included.

Checked
35 minutes 43 seconds ago