Fedora Security Advisories

FEDORA-EPEL-2026-0638da5c88 Packages in this update:

• haveged-1.9.23-1.el8

Update description:

Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

FEDORA-EPEL-2026-6c01f75372 Packages in this update:

• haveged-1.9.23-1.el10_2

Update description:

Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

FEDORA-EPEL-2026-d206fb8dbe Packages in this update:

• haveged-1.9.23-1.el10_3

Update description:

Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

FEDORA-EPEL-2026-50018db082 Packages in this update:

• haveged-1.9.23-1.el9

Update description:

Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

FEDORA-2026-afa00da304 Packages in this update:

• haveged-1.9.23-1.fc43

Update description:

Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

FEDORA-2026-333f3f8aba Packages in this update:

• haveged-1.9.23-1.fc44

Update description:

Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

FEDORA-2026-9d7328702e Packages in this update:

• nginx-1.30.3-1.fc43
• nginx-mod-brotli-1.0.0~rc-11.fc43
• nginx-mod-fancyindex-0.6.0-6.fc43
• nginx-mod-headers-more-0.39-11.fc43
• nginx-mod-modsecurity-1.0.4-12.fc43
• nginx-mod-naxsi-1.6-19.fc43
• nginx-mod-vts-0.2.4-11.fc43

Update description:

nginx-mod-headers-more:

• Rebuild for 1.30.3

nginx-mod-brotli:

• Rebuild for 1.30.3

nginx-mod-vts:

• Rebuild for 1.30.3

nginx-mod-modsecurity:

• Rebuild for 1.30.3

nginx-mod-fancyindex:

• Rebuild for 1.30.3

nginx-mod-naxsi:

• Rebuild for 1.30.3

nginx:

• update to 1.30.3
• fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142

FEDORA-2026-b8e751787c Packages in this update:

• nginx-1.30.3-1.fc44
• nginx-mod-brotli-1.0.0~rc-11.fc44
• nginx-mod-fancyindex-0.6.0-6.fc44
• nginx-mod-headers-more-0.39-11.fc44
• nginx-mod-js-challenge-0^20230517.gitda6852d-9.fc44
• nginx-mod-modsecurity-1.0.4-12.fc44
• nginx-mod-naxsi-1.6-19.fc44
• nginx-mod-vts-0.2.4-11.fc44

Update description:

nginx-mod-brotli:

• Rebuild for 1.30.3

nginx-mod-fancyindex:

• Rebuild for 1.30.3

nginx-mod-vts:

• Rebuild for 1.30.3

nginx-mod-modsecurity:

• Rebuild for 1.30.3

nginx-mod-headers-more:

• Rebuild for 1.30.3

nginx-mod-naxsi:

• Rebuild for 1.30.3

nginx-mod-js-challenge:

• Rebuild for 1.30.3

nginx:

• update to 1.30.3
• fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142

FEDORA-2026-e212182e6e Packages in this update:

• nginx-1.30.3-1.fc45
• nginx-mod-brotli-1.0.0~rc-11.fc45
• nginx-mod-fancyindex-0.6.0-6.fc45
• nginx-mod-headers-more-0.39-11.fc45
• nginx-mod-js-challenge-0^20230517.gitda6852d-9.fc45
• nginx-mod-modsecurity-1.0.4-12.fc45
• nginx-mod-naxsi-1.6-19.fc45
• nginx-mod-vts-0.2.4-11.fc45

Update description:

nginx-mod-brotli:

• Rebuild for 1.30.3

nginx-mod-fancyindex:

• Rebuild for 1.30.3

nginx-mod-modsecurity:

• Rebuild for 1.30.3

nginx-mod-headers-more:

• Rebuild for 1.30.3

nginx-mod-naxsi:

• Rebuild for 1.30.3

nginx-mod-js-challenge:

• Rebuild for 1.30.3

nginx-mod-vts:

• Rebuild for 1.30.3

nginx:

• update to 1.30.3
• fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142

FEDORA-EPEL-2026-a80cc1ccf4 Packages in this update:

• openbao-2.5.5-1.el10_2

Update description:

Update to upstream 2.5.5. Also fixes CVE-2026-55770, CVE-2026-55774, CVE-2026-55775, and CVE-2026-55776.

FEDORA-EPEL-2026-33e6f5bc0f Packages in this update:

• openbao-2.5.5-1.el10_3

Update description:

Update to upstream 2.5.5. Also fixes CVE-2026-55770, CVE-2026-55774, CVE-2026-55775, and CVE-2026-55776.

FEDORA-2026-da7e499416 Packages in this update:

• openbao-2.5.5-1.fc43

Update description:

Update to upstream 2.5.5. Also fixes CVE-2026-55770, CVE-2026-55774, CVE-2026-55775, and CVE-2026-55776.

FEDORA-EPEL-2026-68c29512d7 Packages in this update:

• openbao-2.5.5-1.el9

Update description:

Update to upstream 2.5.5. Also fixes CVE-2026-55770, CVE-2026-55774, CVE-2026-55775, and CVE-2026-55776.

FEDORA-EPEL-2026-c797cdf471 Packages in this update:

• openbao-2.5.5-1.el8

Update description:

Update to upstream 2.5.5. Also fixes CVE-2026-55770, CVE-2026-55774, CVE-2026-55775, and CVE-2026-55776.

FEDORA-2026-84ff0044db Packages in this update:

• openbao-2.5.5-1.fc44

Update description:

Update to upstream 2.5.5. Also fixes CVE-2026-55770, CVE-2026-55774, CVE-2026-55775, and CVE-2026-55776.

FEDORA-EPEL-2026-1402b5bee1 Packages in this update:

• python-postorius-1.3.8-9.el9

Update description:

Backport unreleased fix for cross-side scripting via unescaped HTML

FEDORA-2026-ef34f94241 Packages in this update:

• python-postorius-1.3.13-1.fc44

Update description:

Update to 1.3.13 (minor packaging changes); backport unreleased fix for cross-side scripting via unescaped HTML

FEDORA-2026-c2b475c5f1 Packages in this update:

• python-postorius-1.3.13-1.fc43

Update description:

Update to 1.3.13 (minor packaging changes); backport unreleased fix for cross-side scripting via unescaped HTML

FEDORA-2026-b67348bd21 Packages in this update:

• maradns-3.5.0037-1.fc45

Update description:

Automatic update for maradns-3.5.0037-1.fc45.

Changelog * Mon Jun 15 2026 Tomasz Torcz <ttorcz@fedoraproject.org> - 3.5.0037-1 - update to 3.5.0037, fixing DNS-over-TCP bug (rhbz#2488786)

FEDORA-2026-79d9e34e36 Packages in this update:

• liferea-1.16.12-1.fc44

Update description:

Update to 1.16.12

Update to 1.16.11