Fedora Security Advisories

• miniupnpd-2.3.10-1.fc43

2026/03/24: fix missing fclose and potential double free in option file parsing

2026/03/23: upnphttp.c: fix removal of quotes in ParseHttpHeaders() minixml.c: fix buffer read overflow

2026/02/05: Rewrite permission line parser

2025/05/26: Fix false negative filtered STUN CGNAT test result for unsupported servers #825

2025/05/24: Fix Mac OS X 10.9 build

2025/05/15: build: teststun executable

2025/04/28: pf: fix delete_pinhole for openbsd. Was broken since miniupnpd 2.3.7

2025/04/26 Fix parsing of interfaces names starting with a digit nftables: add counter for DNAT rule (ENABLE_NFT_RULE_COUNTER in config.h) nftables: improve scripts to support already existing tables

• ngtcp2-1.22.1-1.el9

• Fixes CVE-2026-40170

• ngtcp2-1.22.1-1.el10_3

• Fixes CVE-2026-40170

• ngtcp2-1.22.1-1.fc43

• Fixes CVE-2026-40170

• ngtcp2-1.22.1-1.fc44

• Fixes CVE-2026-40170

• miniupnpd-2.3.10-1.fc44

2026/03/24: fix missing fclose and potential double free in option file parsing

2026/03/23: upnphttp.c: fix removal of quotes in ParseHttpHeaders() minixml.c: fix buffer read overflow

2026/02/05: Rewrite permission line parser

2025/05/26: Fix false negative filtered STUN CGNAT test result for unsupported servers #825

2025/05/24: Fix Mac OS X 10.9 build

2025/05/15: build: teststun executable

2025/04/28: pf: fix delete_pinhole for openbsd. Was broken since miniupnpd 2.3.7

2025/04/26 Fix parsing of interfaces names starting with a digit nftables: add counter for DNAT rule (ENABLE_NFT_RULE_COUNTER in config.h) nftables: improve scripts to support already existing tables

• openssh-9.9p1-14.fc42

Fixes high severity CVE: - CVE-2026-35385: Fix privilege escalation via scp legacy protocol when not in preserving file mode

• openssh-10.2p1-8.fc44

• CVE-2026-35385: Fix privilege escalation via scp legacy protocol when not in preserving file mode
• CVE-2026-35388: Add connection multiplexing confirmation for proxy-mode multiplexing sessions
• CVE-2026-35387: Fix incomplete application of PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms with regard to ECDSA keys
• CVE-2026-35414: Fix mishandling of authorized_keys principals option
• CVE-2026-35386: Add validation rules to usernames and hostnames set for ProxyJump/-J on the commandline

• openssh-10.0p1-9.fc43

• CVE-2026-35385: Fix privilege escalation via scp legacy protocol when not in preserving file mode
• CVE-2026-35388: Add connection multiplexing confirmation for proxy-mode multiplexing sessions
• CVE-2026-35387: Fix incomplete application of PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms with regard to ECDSA keys
• CVE-2026-35414: Fix mishandling of authorized_keys principals option
• CVE-2026-35386: Add validation rules to usernames and hostnames set for ProxyJump/-J on the commandline

• sudo-1.9.17-7.p2.fc43

Fix CVE-2026-35535

• sudo-1.9.17-8.p2.fc44

Fix CVE-2026-35535

• botan3-3.9.0-3.el10_3

Fix security vulnerabilities CVE-2026-32877,CVE-2026-32883,CVE-2026-32884,CVE-2026-34580,CVE-2026-34582

• botan3-3.9.0-6.fc44

Fix security vulnerabilities CVE-2026-32877,CVE-2026-32883,CVE-2026-32884,CVE-2026-34580,CVE-2026-34582

• python3.14-3.14.4-2.fc42

Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-5713, CVE-2026-6100

New minor version of the alternate Python interpreter

• python3.14-3.14.4-2.fc43

Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-5713, CVE-2026-6100

• python3.14-3.14.4-2.fc44

Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-5713, CVE-2026-6100

• mingw-python3-3.11.15-4.fc42

Backport fix for CVE-2026-4786.

Backport fixes for CVE-2026-6100, CVE-2026-3479, CVE-2026-1502

• mingw-python3-3.11.15-4.fc44

Backport fix for CVE-2026-4786.

Backport fixes for CVE-2026-6100, CVE-2026-3479, CVE-2026-1502

• mingw-python3-3.11.15-4.fc43

Backport fix for CVE-2026-4786.

Backport fixes for CVE-2026-6100, CVE-2026-3479, CVE-2026-1502

• python-pillow-12.2.0-1.fc44

Fix CVE-2026-40192.