postfix-3.9.11-1.fc42
FEDORA-2026-b1d51e524d
Packages in this update:
- postfix-3.9.11-1.fc42
This is an update fixing CVE-2026-43964.
Fedora Security Advisories
postfix-3.10.10-1.fc43
FEDORA-2026-e9fc21d7e2
Packages in this update:
- postfix-3.10.10-1.fc43
This is an update fixing CVE-2026-43964.
postfix-3.10.10-1.fc44
FEDORA-2026-5cf8cc5f32
Packages in this update:
- postfix-3.10.10-1.fc44
This is an update fixing CVE-2026-43964.
pcs-0.12.2-2.fc45
FEDORA-2026-a5176717a9
Packages in this update:
- pcs-0.12.2-2.fc45
Automatic update for pcs-0.12.2-2.fc45.
Changelog * Fri May 15 2026 Michal Pospíšil <mpospisi@redhat.com> - 0.12.2-2 - Updated standalone web UI and HA Cluster Management Cockpit application to pcs-web-ui 0.1.24.3 (see CHANGELOG_WUI.md) Resolves: rhbz#2454042 - Fixed a crash when running pcs resource|stonith list Resolves: rhbz#2458608 - Fixed order of resources in sets when listing configuration of constraints Resolves: rhbz#2461143pcs-0.12.2-2.fc44
FEDORA-2026-d420bebe72
Packages in this update:
- pcs-0.12.2-2.fc44
- Updated standalone web UI and HA Cluster Management Cockpit application to pcs-web-ui 0.1.24.3 (see CHANGELOG_WUI.md)
- Fixed a crash when running pcs resource|stonith list
- Fixed order of resources in sets when listing configuration of constraints
pcs-0.12.2-2.fc43
FEDORA-2026-c0f7d885ee
Packages in this update:
- pcs-0.12.2-2.fc43
- Updated standalone web UI and HA Cluster Management Cockpit application to pcs-web-ui 0.1.24.3 (see CHANGELOG_WUI.md)
- Fixed a crash when running pcs resource|stonith list
- Fixed order of resources in sets when listing configuration of constraints
perl-Crypt-DSA-1.17-29.el9
FEDORA-EPEL-2026-2c8580b72a
Packages in this update:
- perl-Crypt-DSA-1.17-29.el9
This update fixes a couple of security issues:
- Replace two arg open (CVE-2026-8704)
- Replace use of rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)
perl-Crypt-DSA-1.17-29.el8
FEDORA-EPEL-2026-7dcb3efd8b
Packages in this update:
- perl-Crypt-DSA-1.17-29.el8
This update fixes a couple of security issues:
- Replace two arg open (CVE-2026-8704)
- Replace use of rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)
dovecot-2.4.4-1.fc44
FEDORA-2026-96eeb03b88
Packages in this update:
- dovecot-2.4.4-1.fc44
- CVE-2026-27851: lib-var-expand: Safe filter marks all following pipelines safe.
- CVE-2026-33603: auth: CRAM-SHA-*-PLUS channel binding could be faked. MITM attacker with a certificate trusted by the client could have bypassed the requirement for channel binding.
- CVE-2026-40020: IMAP folders can be shared-spammed to everyone.
- CVE-2026-42006: An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete.
- indexer-worker, quota-status, script-login, program-client-local: Root privileges are now dropped permanently before serving requests.
- indexer-worker: Default restart_request_count changed to 1 to work correctly after permanent root privilege drop.
- lmtp: Add back service_extra_groups=$SET:default_internal_group that was incorrectly removed in v2.4.3.
- master: inet_listener_reuse_port has been replaced by service_reuse_port. The new setting properly pre-creates all listener sockets at startup and assigns one unique socket per process. Using this allows evenly distributing incoming connections to login processes.
dovecot-2.4.4-1.fc43
FEDORA-2026-693373747f
Packages in this update:
- dovecot-2.4.4-1.fc43
- CVE-2026-27851: lib-var-expand: Safe filter marks all following pipelines safe.
- CVE-2026-33603: auth: CRAM-SHA-*-PLUS channel binding could be faked. MITM attacker with a certificate trusted by the client could have bypassed the requirement for channel binding.
- CVE-2026-40020: IMAP folders can be shared-spammed to everyone.
- CVE-2026-42006: An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete.
- indexer-worker, quota-status, script-login, program-client-local: Root privileges are now dropped permanently before serving requests.
- indexer-worker: Default restart_request_count changed to 1 to work correctly after permanent root privilege drop.
- lmtp: Add back service_extra_groups=$SET:default_internal_group that was incorrectly removed in v2.4.3.
- master: inet_listener_reuse_port has been replaced by service_reuse_port. The new setting properly pre-creates all listener sockets at startup and assigns one unique socket per process. Using this allows evenly distributing incoming connections to login processes.
perl-Crypt-DSA-1.20-1.el10_3
FEDORA-EPEL-2026-bb3b5814c6
Packages in this update:
- perl-Crypt-DSA-1.20-1.el10_3
This update fixes a couple of security issues:
- Replace two arg open (CVE-2026-8704)
- Replace rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)
Upstream's use of the Crypt::SysRandom module is replaced by the equally-secure Crypt::URandom module, which is already a dependency of perl-Crypt-DSA: Crypt::SysRandom is not currently available in EPEL.
perl-Crypt-DSA-1.20-1.el10_2
FEDORA-EPEL-2026-617040b22d
Packages in this update:
- perl-Crypt-DSA-1.20-1.el10_2
This update fixes a couple of security issues:
- Replace two arg open (CVE-2026-8704)
- Replace rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)
Upstream's use of the Crypt::SysRandom module is replaced by the equally-secure Crypt::URandom module, which is already a dependency of perl-Crypt-DSA: Crypt::SysRandom is not currently available in EPEL.
perl-Crypt-DSA-1.20-1.el10_1
FEDORA-EPEL-2026-c7fdab55d8
Packages in this update:
- perl-Crypt-DSA-1.20-1.el10_1
This update fixes a couple of security issues:
- Replace two arg open (CVE-2026-8704)
- Replace rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)
Upstream's use of the Crypt::SysRandom module is replaced by the equally-secure Crypt::URandom module, which is already a dependency of perl-Crypt-DSA: Crypt::SysRandom is not currently available in EPEL.
perl-Crypt-DSA-1.20-1.fc43
FEDORA-2026-fdc100f74f
Packages in this update:
- perl-Crypt-DSA-1.20-1.fc43
This update fixes a couple of security issues:
- Replace two arg open (CVE-2026-8704)
- Replace rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)
perl-Crypt-DSA-1.20-1.fc42
FEDORA-2026-ffe3625a50
Packages in this update:
- perl-Crypt-DSA-1.20-1.fc42
This update fixes a couple of security issues:
- Replace two arg open (CVE-2026-8704)
- Replace rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)
perl-Crypt-DSA-1.20-1.fc44
FEDORA-2026-cdcb20089b
Packages in this update:
- perl-Crypt-DSA-1.20-1.fc44
This update fixes a couple of security issues:
- Replace two arg open (CVE-2026-8704)
- Replace rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)
helix-25.07.1-10.fc45 rust-asyncgit-0.28.1-1.fc45 rust-cargo-0.93.0-2.fc45 rust-cargo-deny-0.18.9-5.fc45 rust-dua-cli-2.32.2-5.fc45 rust-gengo-0.14.3-2.fc45 rust-git2-hooks-0.7.0-1.fc45 rust-gix-0.83.0-1.fc45 rust-gix-actor-0.41.0-1.fc45 rust-gix-archive…
FEDORA-2026-a843eb2666
Packages in this update:
- helix-25.07.1-10.fc45
- rust-asyncgit-0.28.1-1.fc45
- rust-cargo-0.93.0-2.fc45
- rust-cargo-deny-0.18.9-5.fc45
- rust-dua-cli-2.32.2-5.fc45
- rust-gengo-0.14.3-2.fc45
- rust-git2-hooks-0.7.0-1.fc45
- rust-gix-0.83.0-1.fc45
- rust-gix-actor-0.41.0-1.fc45
- rust-gix-archive-0.32.0-1.fc45
- rust-gix-attributes-0.33.0-1.fc45
- rust-gix-bitmap-0.3.1-1.fc45
- rust-gix-blame-0.13.0-1.fc45
- rust-gix-chunk-0.7.1-1.fc45
- rust-gix-command-0.9.0-1.fc45
- rust-gix-commitgraph-0.37.0-1.fc45
- rust-gix-config-0.56.0-1.fc45
- rust-gix-config-value-0.18.0-1.fc45
- rust-gix-credentials-0.38.0-1.fc45
- rust-gix-date-0.15.3-1.fc45
- rust-gix-diff-0.63.0-1.fc45
- rust-gix-dir-0.25.0-1.fc45
- rust-gix-discover-0.51.0-1.fc45
- rust-gix-error-0.2.3-1.fc45
- rust-gix-features-0.48.0-1.fc45
- rust-gix-filter-0.30.0-1.fc45
- rust-gix-fs-0.21.1-1.fc45
- rust-gix-glob-0.26.0-1.fc45
- rust-gix-hash-0.25.0-1.fc45
- rust-gix-hashtable-0.15.0-1.fc45
- rust-gix-ignore-0.21.0-1.fc45
- rust-gix-imara-diff-0.2.1-1.fc45
- rust-gix-index-0.51.0-1.fc45
- rust-gix-lock-23.0.0-1.fc45
- rust-gix-mailmap-0.33.0-1.fc45
- rust-gix-merge-0.16.0-1.fc45
- rust-gix-negotiate-0.31.0-1.fc45
- rust-gix-object-0.60.0-1.fc45
- rust-gix-odb-0.80.0-1.fc45
- rust-gix-pack-0.70.0-1.fc45
- rust-gix-packetline-0.21.3-1.fc45
- rust-gix-path-0.12.0-1.fc45
- rust-gix-pathspec-0.18.0-1.fc45
- rust-gix-prompt-0.15.0-1.fc45
- rust-gix-protocol-0.61.0-1.fc45
- rust-gix-quote-0.7.1-1.fc45
- rust-gix-ref-0.63.0-1.fc45
- rust-gix-refspec-0.41.0-1.fc45
- rust-gix-revision-0.45.0-1.fc45
- rust-gix-revwalk-0.31.0-1.fc45
- rust-gix-sec-0.14.0-1.fc45
- rust-gix-shallow-0.12.0-1.fc45
- rust-gix-status-0.30.0-1.fc45
- rust-gix-submodule-0.30.0-1.fc45
- rust-gix-tempfile-23.0.0-1.fc45
- rust-gix-trace-0.1.19-1.fc45
- rust-gix-transport-0.57.0-1.fc45
- rust-gix-traverse-0.57.0-1.fc45
- rust-gix-url-0.36.0-1.fc45
- rust-gix-utils-0.3.2-1.fc45
- rust-gix-validate-0.11.1-1.fc45
- rust-gix-worktree-0.52.0-1.fc45
- rust-gix-worktree-state-0.30.0-1.fc45
- rust-gix-worktree-stream-0.32.0-1.fc45
- rust-onefetch-2.27.1-5.fc45
- rust-prodash-31.0.0-1.fc45
- rust-rustsec-0.31.0-3.fc45
- rust-tame-index-0.25.0-3.fc45
- stgit-2.5.5-6.fc45
Update gix to version 0.83
tor-0.4.9.8-1.fc43
FEDORA-2026-0c38968a1b
Packages in this update:
- tor-0.4.9.8-1.fc43
Update to latest upstream release https://forum.torproject.org/t/security-release-0-4-8-25-and-0-4-9-8/21559
tor-0.4.9.8-1.fc44
FEDORA-2026-5ce7cc46bb
Packages in this update:
- tor-0.4.9.8-1.fc44
Update to latest upstream release https://forum.torproject.org/t/security-release-0-4-8-25-and-0-4-9-8/21559
tor-0.4.9.8-1.el10_3
FEDORA-EPEL-2026-d271c3f4c8
Packages in this update:
- tor-0.4.9.8-1.el10_3
Update to latest upstream release https://forum.torproject.org/t/security-release-0-4-8-25-and-0-4-9-8/21559