Fedora Security Advisories

opkssh-0.15.0-2.el10_2

8 hours 12 minutes ago
FEDORA-EPEL-2026-2dad2b9f74 Packages in this update:
  • opkssh-0.15.0-2.el10_2
Update description:

Update to opkssh 0.15.0.

This release fixes several CVEs in bundled/vendored dependencies:

  • CVE-2026-39835: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
  • CVE-2026-39833: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation
  • CVE-2026-27145: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries (fixed via the Go toolchain used to build this package)

opkssh-0.15.0-2.el10_3

8 hours 14 minutes ago
FEDORA-EPEL-2026-229e7ad5a2 Packages in this update:
  • opkssh-0.15.0-2.el10_3
Update description:

Update to opkssh 0.15.0.

This release fixes several CVEs in bundled/vendored dependencies:

  • CVE-2026-39835: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
  • CVE-2026-39833: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation
  • CVE-2026-27145: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries (fixed via the Go toolchain used to build this package)

opkssh-0.15.0-2.fc44

8 hours 14 minutes ago
FEDORA-2026-a7570524a7 Packages in this update:
  • opkssh-0.15.0-2.fc44
Update description:

Update to opkssh 0.15.0.

This release fixes several CVEs in bundled/vendored dependencies:

  • CVE-2026-39829: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters
  • CVE-2026-39835: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
  • CVE-2026-39833: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation
  • CVE-2026-27145: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries (fixed via the Go toolchain used to build this package)

opkssh-0.15.0-2.fc43

8 hours 22 minutes ago
FEDORA-2026-387cf555e7 Packages in this update:
  • opkssh-0.15.0-2.fc43
Update description:

Update to opkssh 0.15.0.

This release fixes several CVEs in bundled/vendored dependencies:

  • CVE-2026-39829: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters
  • CVE-2026-39835: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
  • CVE-2026-39833: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation
  • CVE-2026-27145: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries (fixed via the Go toolchain used to build this package)

perl-HTML-Gumbo-0.19-1.fc44

8 hours 24 minutes ago
FEDORA-2026-75010c7f44 Packages in this update:
  • perl-HTML-Gumbo-0.19-1.fc44
Update description:

This package provides the Perl module HTML::Gumbo. Versions before 0.19 disclose heap memory via type confusion.

Support for the <template> element was added to libgumbo 0.10.0 in 2015, but the walk_tree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen() over-reads the heap block that the pointer addresses.</template>

perl-HTML-Gumbo-0.19-1.fc43

8 hours 24 minutes ago
FEDORA-2026-a457bf78b4 Packages in this update:
  • perl-HTML-Gumbo-0.19-1.fc43
Update description:

This package provides the Perl module HTML::Gumbo. Versions before 0.19 disclose heap memory via type confusion.

Support for the <template> element was added to libgumbo 0.10.0 in 2015, but the walk_tree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen() over-reads the heap block that the pointer addresses.</template>

docker-compose-5.3.0-1.fc45

9 hours 32 minutes ago
FEDORA-2026-caecf8f2d7 Packages in this update:
  • docker-compose-5.3.0-1.fc45
Update description:

Automatic update for docker-compose-5.3.0-1.fc45.

Changelog * Thu Jul 2 2026 Bradley G Smith <bradley.g.smith@gmail.com> - 5.3.0-1 - Update to release v5.3.0 - Resolves: rhbz#2496535 - Resolves CVE-2026-53492: rhbz#2496550 - Resolves CVE-2026-47262: rhbz#2496433 - Upstream note: This release introduces native support for init containers. - Additional upstream fixes and new features
Checked
23 minutes 7 seconds ago