Fedora Security Advisories

c-ares-1.34.7-1.fc43

8 hours 59 minutes ago
FEDORA-2026-727e84b289 Packages in this update:
  • c-ares-1.34.7-1.fc43
Update description:
  • update to 1.34.7
  • fixes CVE-2026-33630 (GHSA-6wfj-rwm7-3542) and GHSA-pjmc-gx33-gc76 and GHSA-jv8r-gqr9-68wj

c-ares-1.34.7-1.fc44

8 hours 59 minutes ago
FEDORA-2026-950a662010 Packages in this update:
  • c-ares-1.34.7-1.fc44
Update description:
  • update to 1.34.7
  • fixes CVE-2026-33630 (GHSA-6wfj-rwm7-3542) and GHSA-pjmc-gx33-gc76 and GHSA-jv8r-gqr9-68wj

openssh-10.2p1-12.fc44

10 hours 15 minutes ago
FEDORA-2026-a80275b42d Packages in this update:
  • openssh-10.2p1-12.fc44
Update description:

Improve GSS KEX algorithms documentation

  • CVE-2026-55653: Fix double free in openssh DH-GEX client path during FIPS known-group validation that leads to client-side denial of service
  • CVE-2026-55654: Fix heap out-of-bounds read during GSSAPI indicator cleanup due to missing NULL terminator
  • CVE-2026-55655: Fix MITM of X11 forwarding via abstract UNIX socket pre-binding

openssh-10.2p1-11.fc44

11 hours 38 minutes ago
FEDORA-2026-a2c682a975 Packages in this update:
  • openssh-10.2p1-11.fc44
Update description:
  • CVE-2026-55653: Fix double free in openssh DH-GEX client path during FIPS known-group validation that leads to client-side denial of service
  • CVE-2026-55654: Fix heap out-of-bounds read during GSSAPI indicator cleanup due to missing NULL terminator
  • CVE-2026-55655: Fix MITM of X11 forwarding via abstract UNIX socket pre-binding

openssh-10.0p1-10.fc43

11 hours 38 minutes ago
FEDORA-2026-95b955a09b Packages in this update:
  • openssh-10.0p1-10.fc43
Update description:
  • CVE-2026-55653: Fix double free in openssh DH-GEX client path during FIPS known-group validation that leads to client-side denial of service
  • CVE-2026-55654: Fix heap out-of-bounds read during GSSAPI indicator cleanup due to missing NULL terminator
  • CVE-2026-55655: Fix MITM of X11 forwarding via abstract UNIX socket pre-binding

perl-Imager-1.033-1.fc43

12 hours 16 minutes ago
FEDORA-2026-38f958d25a Packages in this update:
  • perl-Imager-1.033-1.fc43
Update description:

1.033 - CVE-2026-14454: Fix mishandling of large EXIF IFD entry count values — treated as negative numbers, could lead to allocation failure and program exit - JPEG: depend on Imager 1.033 for the EXIF fix - Fix thread context object reference count leak in bumpmap and bumpmap_complex filters - TIFF: fix a leak from processing the TIFF warnings buffer (introduced in Imager 1.021)

perl-Imager-1.033-1.fc44

12 hours 16 minutes ago
FEDORA-2026-5f5efe281d Packages in this update:
  • perl-Imager-1.033-1.fc44
Update description:

1.033 - CVE-2026-14454: Fix mishandling of large EXIF IFD entry count values — treated as negative numbers, could lead to allocation failure and program exit - JPEG: depend on Imager 1.033 for the EXIF fix - Fix thread context object reference count leak in bumpmap and bumpmap_complex filters - TIFF: fix a leak from processing the TIFF warnings buffer (introduced in Imager 1.021)

xrdp-0.10.6.1-1.fc43

13 hours 58 minutes ago
FEDORA-2026-bd0a75766f Packages in this update:
  • xrdp-0.10.6.1-1.fc43
Update description: Release notes for xrdp v0.10.6.1 (2026/07/06) General announcements

This release fixes 10 vulnerabilities and 1 regression introduced by a vulnerability fix in the previous release.

If you like xrdp, please consider sponsoring or donating to the project. We accept financial contributions through Open Collective, and direct donations to individual developers via GitHub Sponsors are also welcome.

Security fixes
  • CVE-2026-41252
  • CVE-2026-41521
  • CVE-2026-44178
  • CVE-2026-42218
  • CVE-2026-44978
  • CVE-2026-54538
  • CVE-2026-55238
  • CVE-2026-55626
  • CVE-2026-55639
  • CVE-2026-55645
New features
  • None
Bug fixes
  • regression: Fix SEGV in xrdp when running over TLS (#3793)

xrdp-0.10.6.1-1.fc44

13 hours 58 minutes ago
FEDORA-2026-05c06fa0a8 Packages in this update:
  • xrdp-0.10.6.1-1.fc44
Update description: Release notes for xrdp v0.10.6.1 (2026/07/06) General announcements

This release fixes 10 vulnerabilities and 1 regression introduced by a vulnerability fix in the previous release.

If you like xrdp, please consider sponsoring or donating to the project. We accept financial contributions through Open Collective, and direct donations to individual developers via GitHub Sponsors are also welcome.

Security fixes
  • CVE-2026-41252
  • CVE-2026-41521
  • CVE-2026-44178
  • CVE-2026-42218
  • CVE-2026-44978
  • CVE-2026-54538
  • CVE-2026-55238
  • CVE-2026-55626
  • CVE-2026-55639
  • CVE-2026-55645
New features
  • None
Bug fixes
  • regression: Fix SEGV in xrdp when running over TLS (#3793)

xrdp-0.10.6.1-1.el9

13 hours 58 minutes ago
FEDORA-EPEL-2026-329eff5f4b Packages in this update:
  • xrdp-0.10.6.1-1.el9
Update description: Release notes for xrdp v0.10.6.1 (2026/07/06) General announcements

This release fixes 10 vulnerabilities and 1 regression introduced by a vulnerability fix in the previous release.

If you like xrdp, please consider sponsoring or donating to the project. We accept financial contributions through Open Collective, and direct donations to individual developers via GitHub Sponsors are also welcome.

Security fixes
  • CVE-2026-41252
  • CVE-2026-41521
  • CVE-2026-44178
  • CVE-2026-42218
  • CVE-2026-44978
  • CVE-2026-54538
  • CVE-2026-55238
  • CVE-2026-55626
  • CVE-2026-55639
  • CVE-2026-55645
New features
  • None
Bug fixes
  • regression: Fix SEGV in xrdp when running over TLS (#3793)

xrdp-0.10.6.1-1.el8

13 hours 58 minutes ago
FEDORA-EPEL-2026-85c16c2007 Packages in this update:
  • xrdp-0.10.6.1-1.el8
Update description: Release notes for xrdp v0.10.6.1 (2026/07/06) General announcements

This release fixes 10 vulnerabilities and 1 regression introduced by a vulnerability fix in the previous release.

If you like xrdp, please consider sponsoring or donating to the project. We accept financial contributions through Open Collective, and direct donations to individual developers via GitHub Sponsors are also welcome.

Security fixes
  • CVE-2026-41252
  • CVE-2026-41521
  • CVE-2026-44178
  • CVE-2026-42218
  • CVE-2026-44978
  • CVE-2026-54538
  • CVE-2026-55238
  • CVE-2026-55626
  • CVE-2026-55639
  • CVE-2026-55645
New features
  • None
Bug fixes
  • regression: Fix SEGV in xrdp when running over TLS (#3793)

upower-1.91.3-2.fc43

14 hours 59 minutes ago
FEDORA-2026-ce80ea7afe Packages in this update:
  • upower-1.91.3-2.fc43
Update description:

upower 1.91.3:

  • Feature: up-device-battery: Prefer "Standard" over "Fast" charging (!316 (merged), #344 (closed))
  • Fix: Resolve potential leaks (!327 (merged))
  • Fix: Potential out-of-bound access (!328 (merged))
  • Fix: Improve access control (!326 (merged))
  • Fix: Remove unused codes (!329 (merged))
  • Fix: Fix for Asus Battery Charge Threshold Detection (!330 (merged), #347 (closed))

upower-1.91.3-1.fc44

14 hours 59 minutes ago
FEDORA-2026-e5305cffc2 Packages in this update:
  • upower-1.91.3-1.fc44
Update description:

upower 1.91.3:

  • Feature: up-device-battery: Prefer "Standard" over "Fast" charging (!316 (merged), #344 (closed))
  • Fix: Resolve potential leaks (!327 (merged))
  • Fix: Potential out-of-bound access (!328 (merged))
  • Fix: Improve access control (!326 (merged))
  • Fix: Remove unused codes (!329 (merged))
  • Fix: Fix for Asus Battery Charge Threshold Detection (!330 (merged), #347 (closed))
Checked
33 minutes 32 seconds ago