Fedora Security Advisories

FEDORA-2026-abd4c1829d Packages in this update:

• usd-26.03-2.fc45

Update description:

Automatic update for usd-26.03-2.fc45.

Changelog * Mon Apr 6 2026 Benjamin A. Beasley <code@musicinmybrain.net> - 26.03-2 - Backport fix for CVE-2026-34544 in OpenEXRCore - Fixes RHBZ#2454226

FEDORA-2026-a9017d0297 Packages in this update:

• incus-6.23-2.fc42

Update description:

Update to 6.23

FEDORA-2026-5af38b7ecb Packages in this update:

• incus-6.23-2.fc43

Update description:

Update to 6.23

FEDORA-EPEL-2026-1ce4512bd4 Packages in this update:

• prometheus-3.11.0-1.el10_3

Update description:

Update to 3.11.0

FEDORA-2026-8b0a672383 Packages in this update:

• glab-1.91.0-1.fc44

Update description:

Update to 1.91.0

FEDORA-2026-868e266938 Packages in this update:

• trivy-0.69.3-1.fc43

Update description:

Update to 0.69.3

FEDORA-2026-6fc2f11089 Packages in this update:

• trivy-0.69.3-1.fc44

Update description:

Update to 0.69.3

FEDORA-2026-7c83223889 Packages in this update:

• NetworkManager-ssh-1.4.3-1.fc43

Update description:

Fix CVE-2025-9615

FEDORA-2026-87e30fe05b Packages in this update:

• NetworkManager-ssh-1.4.3-1.fc45

Update description:

Automatic update for NetworkManager-ssh-1.4.3-1.fc45.

Changelog * Fri Apr 3 2026 Dan Fruehauf <malkodan@gmail.com> - 1.4.3-1 - Always run autoreconf -fvi - Fix file access for private key and known hosts (rhbz#2428396) - Fix pkg-config macro - Move D-Bus policy file to /usr/share/dbus-1/system.d/

FEDORA-2026-11097124bf Packages in this update:

• mingw-openexr-3.4.9-1.fc44

Update description:

Update to 3.4.9.

Update to 3.4.8.

FEDORA-EPEL-2026-f68290c016 Packages in this update:

• libopenmpt-0.8.6-1.el9

Update description: libopenmpt 0.8.6 (2026-03-24)

• [Sec] The security fix in libopenmpt 0.8.5 (r25042) was incomplete, causing a regression when playing short looped (“chip”) samples (r25084).

libopenmpt 0.8.5 (2026-03-22)

• [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop. (r25042).
• MOD: ProTracker arpeggio wrapraound results in an effective period of 65536 on Paula, not pausing the sample entirely.
• ULT: Loop points were incorrectly limited for 16-bit samples.
• zlib: Update to v1.3.2 (2026-02-17).
• miniz: Update to v3.1.1 (2026-02-03).

FEDORA-EPEL-2026-3e5052fb10 Packages in this update:

• libopenmpt-0.8.6-1.el10_2

Update description: libopenmpt 0.8.6 (2026-03-24)

• [Sec] The security fix in libopenmpt 0.8.5 (r25042) was incomplete, causing a regression when playing short looped (“chip”) samples (r25084).

libopenmpt 0.8.5 (2026-03-22)

• [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop. (r25042).
• MOD: ProTracker arpeggio wrapraound results in an effective period of 65536 on Paula, not pausing the sample entirely.
• ULT: Loop points were incorrectly limited for 16-bit samples.
• zlib: Update to v1.3.2 (2026-02-17).
• miniz: Update to v3.1.1 (2026-02-03).

FEDORA-EPEL-2026-b529a37d50 Packages in this update:

• libopenmpt-0.8.6-1.el10_1

Update description: libopenmpt 0.8.6 (2026-03-24)

• [Sec] The security fix in libopenmpt 0.8.5 (r25042) was incomplete, causing a regression when playing short looped (“chip”) samples (r25084).

libopenmpt 0.8.5 (2026-03-22)

• [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop. (r25042).
• MOD: ProTracker arpeggio wrapraound results in an effective period of 65536 on Paula, not pausing the sample entirely.
• ULT: Loop points were incorrectly limited for 16-bit samples.
• zlib: Update to v1.3.2 (2026-02-17).
• miniz: Update to v3.1.1 (2026-02-03).

FEDORA-EPEL-2026-171a377c45 Packages in this update:

• libopenmpt-0.8.6-1.el10_3

Update description: libopenmpt 0.8.6 (2026-03-24)

• [Sec] The security fix in libopenmpt 0.8.5 (r25042) was incomplete, causing a regression when playing short looped (“chip”) samples (r25084).

libopenmpt 0.8.5 (2026-03-22)

• [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop. (r25042).
• MOD: ProTracker arpeggio wrapraound results in an effective period of 65536 on Paula, not pausing the sample entirely.
• ULT: Loop points were incorrectly limited for 16-bit samples.
• zlib: Update to v1.3.2 (2026-02-17).
• miniz: Update to v3.1.1 (2026-02-03).

FEDORA-EPEL-2026-4a5d8adc71 Packages in this update:

• libopenmpt-0.8.6-1.el8

Update description: libopenmpt 0.8.6 (2026-03-24)

• [Sec] The security fix in libopenmpt 0.8.5 (r25042) was incomplete, causing a regression when playing short looped (“chip”) samples (r25084).

libopenmpt 0.8.5 (2026-03-22)

• [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop. (r25042).
• MOD: ProTracker arpeggio wrapraound results in an effective period of 65536 on Paula, not pausing the sample entirely.
• ULT: Loop points were incorrectly limited for 16-bit samples.
• zlib: Update to v1.3.2 (2026-02-17).
• miniz: Update to v3.1.1 (2026-02-03).

FEDORA-2026-2490896a5d Packages in this update:

• pdns-recursor-5.2.8-1.fc42

Update description:

Update to latest 5.2 release, fixing multiple security issues

FEDORA-2026-9c582575e5 Packages in this update:

• pdns-recursor-5.2.8-1.fc43

Update description:

Update to latest 5.2 release, fixing multiple security issues

FEDORA-2026-db1ef256e0 Packages in this update:

• pdns-recursor-5.4.0-1.fc44

Update description:

Update to latest upstream

FEDORA-2026-6d5ed8d82d Packages in this update:

• mingw-LibRaw-0.22.0-3.fc44

Update description:

Backport fixes for CVE-2026-5318 and CVE-2026-5342.

FEDORA-2026-e54aebce7c Packages in this update:

• pgadmin4-9.14-1.fc44

Update description:

Update to lodash 9.14.