Fedora Security Advisories

python-django5-5.2.15-1.fc44

Fedora Security Advisories
2 hours 35 minutes ago
FEDORA-2026-e4146022ce Packages in this update:
  • python-django5-5.2.15-1.fc44
Update description:

Fixes five low-severity CVEs

  • CVE-2026-6873: Signed cookie salt namespace collision
  • CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend
  • CVE-2026-8404: Potential exposure of private data via case-sensitive Cache-Control directives
  • CVE-2026-35193: Potential exposure of private data via missing Vary: Authorization
  • CVE-2026-48587: Potential exposure of private data via whitespace padding in Vary header

python-django5-5.2.15-1.fc43

Fedora Security Advisories
2 hours 35 minutes ago
FEDORA-2026-f140cb16b6 Packages in this update:
  • python-django5-5.2.15-1.fc43
Update description:

Fixes five low-severity CVEs

  • CVE-2026-6873: Signed cookie salt namespace collision
  • CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend
  • CVE-2026-8404: Potential exposure of private data via case-sensitive Cache-Control directives
  • CVE-2026-35193: Potential exposure of private data via missing Vary: Authorization
  • CVE-2026-48587: Potential exposure of private data via whitespace padding in Vary header

bind9-next-9.21.22-2.fc43

Fedora Security Advisories
7 hours 39 minutes ago
FEDORA-2026-ec095a4675 Packages in this update:
  • bind9-next-9.21.22-2.fc43
Update description: Update to 9.21.22 (rhbz#2480122) Security Fixes:
  • Limit resolver server list size. (CVE-2026-3592)
  • Fix GSS-API resource leak. (CVE-2026-3039)
  • Disable recursion, UPDATE, and NOTIFY for non-IN views. (CVE-2026-5946)
  • Avoid unbounded recursion loop. (CVE-2026-5950)
  • Fix crash in resolver when SIG(0)-signed responses are received under load. (CVE-2026-5947)
  • Fix use-after-free error in DNS-over-HTTPS when processing HTTP/2 SETTINGS frames. (CVE-2026-3593)
  • Fix outgoing zone transfers' quota issue.
Feature Changes:
  • Fix CPU spikes and slow queries when cache approaches memory limit.
  • Implement RFC 3645 Section 4.1.1 key expiry check in TKEY.
  • Reduce memory footprint by actively returning unused memory to the OS.

multiple bugfixes.

Source: https://downloads.isc.org/isc/bind9/9.21.22/doc/arm/html/notes.html#notes-for-bind-9-21-22

bind9-next-9.21.22-2.fc44

Fedora Security Advisories
11 hours 11 minutes ago
FEDORA-2026-dbb0776ac5 Packages in this update:
  • bind9-next-9.21.22-2.fc44
Update description: Update to 9.21.22 (rhbz#2480122) Security Fixes:
  • Limit resolver server list size. (CVE-2026-3592)
  • Fix GSS-API resource leak. (CVE-2026-3039)
  • Disable recursion, UPDATE, and NOTIFY for non-IN views. (CVE-2026-5946)
  • Avoid unbounded recursion loop. (CVE-2026-5950)
  • Fix crash in resolver when SIG(0)-signed responses are received under load. (CVE-2026-5947)
  • Fix use-after-free error in DNS-over-HTTPS when processing HTTP/2 SETTINGS frames. (CVE-2026-3593)
  • Fix outgoing zone transfers' quota issue.
Feature Changes:
  • Fix CPU spikes and slow queries when cache approaches memory limit.
  • Implement RFC 3645 Section 4.1.1 key expiry check in TKEY.
  • Reduce memory footprint by actively returning unused memory to the OS.

multiple bugfixes.

Source: https://downloads.isc.org/isc/bind9/9.21.22/doc/arm/html/notes.html#notes-for-bind-9-21-22

python-python-multipart-0.0.32-1.el10_2

Fedora Security Advisories
11 hours 26 minutes ago
FEDORA-EPEL-2026-b71f1f4e9b Packages in this update:
  • python-python-multipart-0.0.32-1.el10_2
Update description: 0.0.32 (2026-06-04)
  • Speed up partial-boundary scanning for CR/LF-dense part data.
0.0.31 (2026-06-04)
  • Speed up multipart header parsing and callback dispatch.
  • Bound header field name size before validating.
  • Validate Content-Length is non-negative in parse_form.

Fixes security issues GHSA-v9pg-7xvm-68hf, GHSA-5rvq-cxj2-64vf, GHSA-6jv3-5f52-599m, and GHSA-vffw-93wf-4j4q.

0.0.30 (2026-05-31)
  • Parse application/x-www-form-urlencoded bodies per the WHATWG URL standard, treating only & as a field separator.
  • Ignore RFC 2231/5987 extended parameters (name*, filename*) in parse_options_header, keeping the plain parameter authoritative per RFC 7578 §4.2.

nasm-3.01-3.fc45

Fedora Security Advisories
11 hours 36 minutes ago
FEDORA-2026-c346e5cd24 Packages in this update:
  • nasm-3.01-3.fc45
Update description:

Automatic update for nasm-3.01-3.fc45.

Changelog * Wed Apr 22 2026 Dominik Mierzejewski <rpm@greysector.net> - 3.01-3 - fix CVE-2026-6067 (resolves rhbz#2458087, rhbz#2458089) patch by Nick Clifton

python-python-multipart-0.0.32-1.el10_3

Fedora Security Advisories
11 hours 59 minutes ago
FEDORA-EPEL-2026-62728108d7 Packages in this update:
  • python-python-multipart-0.0.32-1.el10_3
Update description: 0.0.32 (2026-06-04)
  • Speed up partial-boundary scanning for CR/LF-dense part data.
0.0.31 (2026-06-04)
  • Speed up multipart header parsing and callback dispatch.
  • Bound header field name size before validating.
  • Validate Content-Length is non-negative in parse_form.

Fixes security issues GHSA-v9pg-7xvm-68hf, GHSA-5rvq-cxj2-64vf, GHSA-6jv3-5f52-599m, and GHSA-vffw-93wf-4j4q.

0.0.30 (2026-05-31)
  • Parse application/x-www-form-urlencoded bodies per the WHATWG URL standard, treating only & as a field separator.
  • Ignore RFC 2231/5987 extended parameters (name*, filename*) in parse_options_header, keeping the plain parameter authoritative per RFC 7578 §4.2.

python-python-multipart-0.0.32-1.fc43

Fedora Security Advisories
12 hours 8 minutes ago
FEDORA-2026-2cfc16a621 Packages in this update:
  • python-python-multipart-0.0.32-1.fc43
Update description: 0.0.32 (2026-06-04)
  • Speed up partial-boundary scanning for CR/LF-dense part data.
0.0.31 (2026-06-04)
  • Speed up multipart header parsing and callback dispatch.
  • Bound header field name size before validating.
  • Validate Content-Length is non-negative in parse_form.

Fixes security issues GHSA-v9pg-7xvm-68hf, GHSA-5rvq-cxj2-64vf, GHSA-6jv3-5f52-599m, and GHSA-vffw-93wf-4j4q.

0.0.30 (2026-05-31)
  • Parse application/x-www-form-urlencoded bodies per the WHATWG URL standard, treating only & as a field separator.
  • Ignore RFC 2231/5987 extended parameters (name*, filename*) in parse_options_header, keeping the plain parameter authoritative per RFC 7578 §4.2.

python-python-multipart-0.0.32-1.fc44

Fedora Security Advisories
12 hours 46 minutes ago
FEDORA-2026-104e079187 Packages in this update:
  • python-python-multipart-0.0.32-1.fc44
Update description: 0.0.32 (2026-06-04)
  • Speed up partial-boundary scanning for CR/LF-dense part data.
0.0.31 (2026-06-04)
  • Speed up multipart header parsing and callback dispatch.
  • Bound header field name size before validating.
  • Validate Content-Length is non-negative in parse_form.

Fixes security issues GHSA-v9pg-7xvm-68hf, GHSA-5rvq-cxj2-64vf, GHSA-6jv3-5f52-599m, and GHSA-vffw-93wf-4j4q.

0.0.30 (2026-05-31)
  • Parse application/x-www-form-urlencoded bodies per the WHATWG URL standard, treating only & as a field separator.
  • Ignore RFC 2231/5987 extended parameters (name*, filename*) in parse_options_header, keeping the plain parameter authoritative per RFC 7578 §4.2.
Checked
8 minutes 29 seconds ago
URL
https://bodhi.fedoraproject.org/rss/updates/?type=security