Fedora Security Advisories

asterisk-18.26.4-1.el9

Fedora Security Advisories
1 day 7 hours ago
FEDORA-EPEL-2026-d5cc2324a0 Packages in this update:
  • asterisk-18.26.4-1.el9
Update description:

Update to Asterisk 18.26.4, addressing numerous security vulnerabilities accumulated since the long-stale 18.12.1 package. The following CVEs are fixed in this update:

  • CVE-2022-26498 (fixed in 18.13.0): use-after-free in chan_ooh323
  • CVE-2022-42705 (fixed in 18.15.0): use-after-free in res_pjsip_pubsub
  • CVE-2022-37325 (fixed in 18.15.1): crash in H323 channel via malformed IE
  • CVE-2023-37457 (fixed in 18.20.0): buffer overflow in PJSIP_HEADER function
  • CVE-2023-49294 (fixed in 18.20.1): arbitrary file read via AMI GetConfig
  • CVE-2023-49786 (fixed in 18.20.1): DTLS race condition causing DoS
  • CVE-2024-35190 (fixed in 18.23.1): unauthorized SIP requests matched as endpoint
  • CVE-2024-42365 (fixed in 18.24.2): Write=originate allows code execution
  • CVE-2024-42491 (fixed in 18.25.0): crash via malformed Contact/Record-Route URI
  • CVE-2025-49832 (fixed in 18.26.3): DoS/RCE in res_stir_shaken
  • CVE-2025-47779 (fixed in 18.26.2): identity forging via malformed From header
  • CVE-2025-1131 (fixed in 18.26.3): local privilege escalation via safe_asterisk
  • CVE-2025-54995 (fixed in 18.26.4): resource exhaustion via RTP port leak

asterisk-18.26.4-1.el8

Fedora Security Advisories
1 day 7 hours ago
FEDORA-EPEL-2026-f2281acb03 Packages in this update:
  • asterisk-18.26.4-1.el8
Update description:

Update to Asterisk 18.26.4, addressing numerous security vulnerabilities accumulated since the long-stale 18.12.1 package. The following CVEs are fixed in this update:

  • CVE-2022-26498 (fixed in 18.13.0): use-after-free in chan_ooh323
  • CVE-2022-42705 (fixed in 18.15.0): use-after-free in res_pjsip_pubsub
  • CVE-2022-37325 (fixed in 18.15.1): crash in H323 channel via malformed IE
  • CVE-2023-37457 (fixed in 18.20.0): buffer overflow in PJSIP_HEADER function
  • CVE-2023-49294 (fixed in 18.20.1): arbitrary file read via AMI GetConfig
  • CVE-2023-49786 (fixed in 18.20.1): DTLS race condition causing DoS
  • CVE-2024-35190 (fixed in 18.23.1): unauthorized SIP requests matched as endpoint
  • CVE-2024-42365 (fixed in 18.24.2): Write=originate allows code execution
  • CVE-2024-42491 (fixed in 18.25.0): crash via malformed Contact/Record-Route URI
  • CVE-2025-49832 (fixed in 18.26.3): DoS/RCE in res_stir_shaken
  • CVE-2025-47779 (fixed in 18.26.2): identity forging via malformed From header
  • CVE-2025-1131 (fixed in 18.26.3): local privilege escalation via safe_asterisk
  • CVE-2025-54995 (fixed in 18.26.4): resource exhaustion via RTP port leak

asterisk-18.26.4-1.fc44

Fedora Security Advisories
1 day 20 hours ago
FEDORA-2026-38d71393c1 Packages in this update:
  • asterisk-18.26.4-1.fc44
Update description:

Update to Asterisk 18.26.4, addressing numerous security vulnerabilities accumulated since the long-stale 18.12.1 package. The following CVEs are fixed in this update:

  • CVE-2022-26498 (fixed in 18.13.0): use-after-free in chan_ooh323
  • CVE-2022-42705 (fixed in 18.15.0): use-after-free in res_pjsip_pubsub
  • CVE-2022-37325 (fixed in 18.15.1): crash in H323 channel via malformed IE
  • CVE-2023-37457 (fixed in 18.20.0): buffer overflow in PJSIP_HEADER function
  • CVE-2023-49294 (fixed in 18.20.1): arbitrary file read via AMI GetConfig
  • CVE-2023-49786 (fixed in 18.20.1): DTLS race condition causing DoS
  • CVE-2024-35190 (fixed in 18.23.1): unauthorized SIP requests matched as endpoint
  • CVE-2024-42365 (fixed in 18.24.2): Write=originate allows code execution
  • CVE-2024-42491 (fixed in 18.25.0): crash via malformed Contact/Record-Route URI
  • CVE-2025-49832 (fixed in 18.26.3): DoS/RCE in res_stir_shaken
  • CVE-2025-47779 (fixed in 18.26.2): identity forging via malformed From header
  • CVE-2025-1131 (fixed in 18.26.3): local privilege escalation via safe_asterisk
  • CVE-2025-54995 (fixed in 18.26.4): resource exhaustion via RTP port leak

Also fixes F44FailsToInstall for asterisk-snmp (BZ#2433748).

asterisk-18.26.4-1.fc43

Fedora Security Advisories
1 day 20 hours ago
FEDORA-2026-80b21debe7 Packages in this update:
  • asterisk-18.26.4-1.fc43
Update description:

Update to Asterisk 18.26.4, addressing numerous security vulnerabilities accumulated since the long-stale 18.12.1 package. The following CVEs are fixed in this update:

  • CVE-2022-26498 (fixed in 18.13.0): use-after-free in chan_ooh323
  • CVE-2022-42705 (fixed in 18.15.0): use-after-free in res_pjsip_pubsub
  • CVE-2022-37325 (fixed in 18.15.1): crash in H323 channel via malformed IE
  • CVE-2023-37457 (fixed in 18.20.0): buffer overflow in PJSIP_HEADER function
  • CVE-2023-49294 (fixed in 18.20.1): arbitrary file read via AMI GetConfig
  • CVE-2023-49786 (fixed in 18.20.1): DTLS race condition causing DoS
  • CVE-2024-35190 (fixed in 18.23.1): unauthorized SIP requests matched as endpoint
  • CVE-2024-42365 (fixed in 18.24.2): Write=originate allows code execution
  • CVE-2024-42491 (fixed in 18.25.0): crash via malformed Contact/Record-Route URI
  • CVE-2025-49832 (fixed in 18.26.3): DoS/RCE in res_stir_shaken
  • CVE-2025-47779 (fixed in 18.26.2): identity forging via malformed From header
  • CVE-2025-1131 (fixed in 18.26.3): local privilege escalation via safe_asterisk
  • CVE-2025-54995 (fixed in 18.26.4): resource exhaustion via RTP port leak

Also fixes F44FailsToInstall for asterisk-snmp (BZ#2433748).

asterisk-18.26.4-1.fc42

Fedora Security Advisories
1 day 20 hours ago
FEDORA-2026-98decbde87 Packages in this update:
  • asterisk-18.26.4-1.fc42
Update description:

Update to Asterisk 18.26.4, addressing numerous security vulnerabilities accumulated since the long-stale 18.12.1 package. The following CVEs are fixed in this update:

  • CVE-2022-26498 (fixed in 18.13.0): use-after-free in chan_ooh323
  • CVE-2022-42705 (fixed in 18.15.0): use-after-free in res_pjsip_pubsub
  • CVE-2022-37325 (fixed in 18.15.1): crash in H323 channel via malformed IE
  • CVE-2023-37457 (fixed in 18.20.0): buffer overflow in PJSIP_HEADER function
  • CVE-2023-49294 (fixed in 18.20.1): arbitrary file read via AMI GetConfig
  • CVE-2023-49786 (fixed in 18.20.1): DTLS race condition causing DoS
  • CVE-2024-35190 (fixed in 18.23.1): unauthorized SIP requests matched as endpoint
  • CVE-2024-42365 (fixed in 18.24.2): Write=originate allows code execution
  • CVE-2024-42491 (fixed in 18.25.0): crash via malformed Contact/Record-Route URI
  • CVE-2025-49832 (fixed in 18.26.3): DoS/RCE in res_stir_shaken
  • CVE-2025-47779 (fixed in 18.26.2): identity forging via malformed From header
  • CVE-2025-1131 (fixed in 18.26.3): local privilege escalation via safe_asterisk
  • CVE-2025-54995 (fixed in 18.26.4): resource exhaustion via RTP port leak

Also fixes F44FailsToInstall for asterisk-snmp (BZ#2433748).

micropython-1.28.0-1.fc45

Fedora Security Advisories
1 day 21 hours ago
FEDORA-2026-d619d8d077 Packages in this update:
  • micropython-1.28.0-1.fc45
Update description:

Automatic update for micropython-1.28.0-1.fc45.

Changelog * Mon Apr 6 2026 Lumír Balhar <lbalhar@redhat.com> - 1.28.0-1 - Update to 1.28.0 - Security fix for CVE-2026-1998 - Update mbedtls submodule to 3.6.6 - mbedtls security fixes for CVE-2026-25834, CVE-2026-34871, CVE-2026-25833 - CVE-2025-52496, CVE-2025-52497, CVE-2025-49087, CVE-2025-54764, CVE-2025-59438 Resolves: rhbz#2455368, rhbz#2376688, rhbz#2376701, rhbz#2382261, rhbz#2405245, rhbz#2405374, rhbz#2437327, rhbz#2454032, rhbz#2454086, rhbz#2454213

perl-Net-CIDR-Lite-0.23-1.fc42

Fedora Security Advisories
2 days 5 hours ago
FEDORA-2026-4b112416d8 Packages in this update:
  • perl-Net-CIDR-Lite-0.23-1.fc42
Update description:

This update addresses two security issues regarding incorrect handling of malformed IPv6 addresses:

  • Fix IPv4 mapped IPv6 packed length (CVE-2026-40199)
  • Reject invalid uncompressed IPv6 (CVE-2026-40198)

perl-Net-CIDR-Lite-0.23-1.fc43

Fedora Security Advisories
2 days 5 hours ago
FEDORA-2026-0a7ed21996 Packages in this update:
  • perl-Net-CIDR-Lite-0.23-1.fc43
Update description:

This update addresses two security issues regarding incorrect handling of malformed IPv6 addresses:

  • Fix IPv4 mapped IPv6 packed length (CVE-2026-40199)
  • Reject invalid uncompressed IPv6 (CVE-2026-40198)

perl-Net-CIDR-Lite-0.23-1.el10_3

Fedora Security Advisories
2 days 5 hours ago
FEDORA-EPEL-2026-b1230525c8 Packages in this update:
  • perl-Net-CIDR-Lite-0.23-1.el10_3
Update description:

This update addresses two security issues regarding incorrect handling of malformed IPv6 addresses:

  • Fix IPv4 mapped IPv6 packed length (CVE-2026-40199)
  • Reject invalid uncompressed IPv6 (CVE-2026-40198)

perl-Net-CIDR-Lite-0.23-1.fc44

Fedora Security Advisories
2 days 5 hours ago
FEDORA-2026-fe487aa625 Packages in this update:
  • perl-Net-CIDR-Lite-0.23-1.fc44
Update description:

This update addresses two security issues regarding incorrect handling of malformed IPv6 addresses:

  • Fix IPv4 mapped IPv6 packed length (CVE-2026-40199)
  • Reject invalid uncompressed IPv6 (CVE-2026-40198)

perl-Net-CIDR-Lite-0.23-1.el10_2

Fedora Security Advisories
2 days 5 hours ago
FEDORA-EPEL-2026-a41029a8e0 Packages in this update:
  • perl-Net-CIDR-Lite-0.23-1.el10_2
Update description:

This update addresses two security issues regarding incorrect handling of malformed IPv6 addresses:

  • Fix IPv4 mapped IPv6 packed length (CVE-2026-40199)
  • Reject invalid uncompressed IPv6 (CVE-2026-40198)

perl-Net-CIDR-Lite-0.23-1.el10_1

Fedora Security Advisories
2 days 5 hours ago
FEDORA-EPEL-2026-2db32adfde Packages in this update:
  • perl-Net-CIDR-Lite-0.23-1.el10_1
Update description:

This update addresses two security issues regarding incorrect handling of malformed IPv6 addresses:

  • Fix IPv4 mapped IPv6 packed length (CVE-2026-40199)
  • Reject invalid uncompressed IPv6 (CVE-2026-40198)

perl-Net-CIDR-Lite-0.23-1.el8

Fedora Security Advisories
2 days 5 hours ago
FEDORA-EPEL-2026-019655b9ea Packages in this update:
  • perl-Net-CIDR-Lite-0.23-1.el8
Update description:

This update addresses two security issues regarding incorrect handling of malformed IPv6 addresses:

  • Fix IPv4 mapped IPv6 packed length (CVE-2026-40199)
  • Reject invalid uncompressed IPv6 (CVE-2026-40198)

aurorae-6.6.4-1.fc44 bluedevil-6.6.4-1.fc44 breeze-gtk-6.6.4-1.fc44 extra-cmake-modules-6.25.0-1.fc44 flatpak-kcm-6.6.4-1.fc44 grub2-breeze-theme-6.6.4-1.fc44 kactivitymanagerd-6.6.4-1.fc44 kcm_wacomtablet-6.6.4-1.fc44 kde-cli-tools-6.6.4-1.fc44 kde-gtk…

Fedora Security Advisories
2 days 5 hours ago
FEDORA-2026-fe3d8d4767 Packages in this update:
  • aurorae-6.6.4-1.fc44
  • bluedevil-6.6.4-1.fc44
  • breeze-gtk-6.6.4-1.fc44
  • extra-cmake-modules-6.25.0-1.fc44
  • flatpak-kcm-6.6.4-1.fc44
  • grub2-breeze-theme-6.6.4-1.fc44
  • kactivitymanagerd-6.6.4-1.fc44
  • kcm_wacomtablet-6.6.4-1.fc44
  • kde-cli-tools-6.6.4-1.fc44
  • kdecoration-6.6.4-1.fc44
  • kde-gtk-config-6.6.4-1.fc44
  • kdeplasma-addons-6.6.4-1.fc44
  • kf6-6.25.0-1.fc44
  • kf6-attica-6.25.0-1.fc44
  • kf6-baloo-6.25.0-1.fc44
  • kf6-bluez-qt-6.25.0-1.fc44
  • kf6-breeze-icons-6.25.0-1.fc44
  • kf6-frameworkintegration-6.25.0-1.fc44
  • kf6-kapidox-6.25.0-1.fc44
  • kf6-karchive-6.25.0-1.fc44
  • kf6-kauth-6.25.0-1.fc44
  • kf6-kbookmarks-6.25.0-1.fc44
  • kf6-kcalendarcore-6.25.0-1.fc44
  • kf6-kcmutils-6.25.0-1.fc44
  • kf6-kcodecs-6.25.0-1.fc44
  • kf6-kcolorscheme-6.25.0-1.fc44
  • kf6-kcompletion-6.25.0-1.fc44
  • kf6-kconfig-6.25.0-1.fc44
  • kf6-kconfigwidgets-6.25.0-1.fc44
  • kf6-kcontacts-6.25.0-1.fc44
  • kf6-kcoreaddons-6.25.0-1.fc44
  • kf6-kcrash-6.25.0-1.fc44
  • kf6-kdav-6.25.0-1.fc44
  • kf6-kdbusaddons-6.25.0-1.fc44
  • kf6-kdeclarative-6.25.0-1.fc44
  • kf6-kded-6.25.0-1.fc44
  • kf6-kdesu-6.25.0-1.fc44
  • kf6-kdnssd-6.25.0-1.fc44
  • kf6-kdoctools-6.25.0-1.fc44
  • kf6-kfilemetadata-6.25.0-1.fc44
  • kf6-kglobalaccel-6.25.0-1.fc44
  • kf6-kguiaddons-6.25.0-1.fc44
  • kf6-kholidays-6.25.0-1.fc44
  • kf6-ki18n-6.25.0-1.fc44
  • kf6-kiconthemes-6.25.0-1.fc44
  • kf6-kidletime-6.25.0-1.fc44
  • kf6-kimageformats-6.25.0-2.fc44
  • kf6-kio-6.25.0-1.fc44
  • kf6-kirigami-6.25.0-1.fc44
  • kf6-kitemmodels-6.25.0-1.fc44
  • kf6-kitemviews-6.25.0-1.fc44
  • kf6-kjobwidgets-6.25.0-1.fc44
  • kf6-knewstuff-6.25.0-1.fc44
  • kf6-knotifications-6.25.0-1.fc44
  • kf6-knotifyconfig-6.25.0-1.fc44
  • kf6-kpackage-6.25.0-1.fc44
  • kf6-kparts-6.25.0-1.fc44
  • kf6-kpeople-6.25.0-1.fc44
  • kf6-kplotting-6.25.0-1.fc44
  • kf6-kpty-6.25.0-1.fc44
  • kf6-kquickcharts-6.25.0-1.fc44
  • kf6-krunner-6.25.0-1.fc44
  • kf6-kservice-6.25.0-1.fc44
  • kf6-kstatusnotifieritem-6.25.0-1.fc44
  • kf6-ksvg-6.25.0-1.fc44
  • kf6-ktexteditor-6.25.0-1.fc44
  • kf6-ktexttemplate-6.25.0-1.fc44
  • kf6-ktextwidgets-6.25.0-1.fc44
  • kf6-kunitconversion-6.25.0-1.fc44
  • kf6-kuserfeedback-6.25.0-1.fc44
  • kf6-kwallet-6.25.0-1.fc44
  • kf6-kwidgetsaddons-6.25.0-1.fc44
  • kf6-kwindowsystem-6.25.0-1.fc44
  • kf6-kxmlgui-6.25.0-1.fc44
  • kf6-modemmanager-qt-6.25.0-1.fc44
  • kf6-networkmanager-qt-6.25.0-1.fc44
  • kf6-prison-6.25.0-1.fc44
  • kf6-purpose-6.25.0-1.fc44
  • kf6-qqc2-desktop-style-6.25.0-1.fc44
  • kf6-solid-6.25.0-1.fc44
  • kf6-sonnet-6.25.0-1.fc44
  • kf6-syndication-6.25.0-1.fc44
  • kf6-syntax-highlighting-6.25.0-1.fc44
  • kf6-threadweaver-6.25.0-1.fc44
  • kgamma-6.6.4-1.fc44
  • kglobalacceld-6.6.4-1.fc44
  • kinfocenter-6.6.4-1.fc44
  • kmenuedit-6.6.4-1.fc44
  • knighttime-6.6.4-1.fc44
  • kpipewire-6.6.4-1.fc44
  • krdp-6.6.4-1.fc44
  • kscreen-6.6.4-1.fc44
  • kscreenlocker-6.6.4-1.fc44
  • ksshaskpass-6.6.4-1.fc44
  • ksystemstats-6.6.4-1.fc44
  • kwayland-6.6.4-1.fc44
  • kwayland-integration-6.6.4-1.fc44
  • kwin-6.6.4-2.fc44
  • kwin-x11-6.6.4-1.fc44
  • kwrited-6.6.4-1.fc44
  • layer-shell-qt-6.6.4-1.fc44
  • libkscreen-6.6.4-1.fc44
  • libksysguard-6.6.4-1.fc44
  • libplasma-6.6.4-1.fc44
  • ocean-sound-theme-6.6.4-1.fc44
  • oxygen-sounds-6.6.4-1.fc44
  • pam-kwallet-6.6.4-1.fc44
  • plasma5support-6.6.4-1.fc44
  • plasma-activities-6.6.4-1.fc44
  • plasma-activities-stats-6.6.4-1.fc44
  • plasma-breeze-6.6.4-1.fc44
  • plasma-browser-integration-6.6.4-1.fc44
  • plasma-desktop-6.6.4-1.fc44
  • plasma-dialer-6.6.4-1.fc44
  • plasma-discover-6.6.4-1.fc44
  • plasma-disks-6.6.4-1.fc44
  • plasma-drkonqi-6.6.4-1.fc44
  • plasma-firewall-6.6.4-1.fc44
  • plasma-integration-6.6.4-1.fc44
  • plasma-keyboard-6.6.4-1.fc44
  • plasma-login-manager-6.6.4-1.fc44
  • plasma-milou-6.6.4-1.fc44
  • plasma-mobile-6.6.4-1.fc44
  • plasma-nano-6.6.4-1.fc44
  • plasma-nm-6.6.4-1.fc44
  • plasma-oxygen-6.6.4-1.fc44
  • plasma-pa-6.6.4-1.fc44
  • plasma-print-manager-6.6.4-1.fc44
  • plasma-sdk-6.6.4-1.fc44
  • plasma-setup-6.6.4-1.fc44
  • plasma-systemmonitor-6.6.4-1.fc44
  • plasma-systemsettings-6.6.4-1.fc44
  • plasma-thunderbolt-6.6.4-1.fc44
  • plasma-vault-6.6.4-1.fc44
  • plasma-welcome-6.6.4-1.fc44
  • plasma-workspace-6.6.4-1.fc44
  • plasma-workspace-wallpapers-6.6.4-1.fc44
  • plasma-workspace-x11-6.6.4-1.fc44
  • plymouth-kcm-6.6.4-1.fc44
  • plymouth-theme-breeze-6.6.4-1.fc44
  • polkit-kde-6.6.4-1.fc44
  • powerdevil-6.6.4-1.fc44
  • qqc2-breeze-style-6.6.4-1.fc44
  • sddm-kcm-6.6.4-1.fc44
  • spacebar-6.6.4-1.fc44
  • spectacle-6.6.4-1.fc44
  • xdg-desktop-portal-kde-6.6.4-1.fc44
Update description:

Frameworks 6.25.0 + KDE Plasma 6.6.4

Checked
13 minutes 4 seconds ago
URL
https://bodhi.fedoraproject.org/rss/updates/?type=security