Fedora Security Advisories

cifs-utils-7.6-2.fc45

5 hours 28 minutes ago
FEDORA-2026-90dbff48ca Packages in this update:
  • cifs-utils-7.6-2.fc45
Update description:

Automatic update for cifs-utils-7.6-2.fc45.

Changelog * Mon Jul 6 2026 Paulo Alcantara <paalcant@redhat.com> - 7.6-2 - cifs.upcall: fix regression with kerberos mounts - Resolves: rhbz#2497446 - Resolves: rhbz#2496963 - Resolves: rhbz#2489808 - CVE-2026-12505

syncthing-2.1.1-1.el10_2

1 day 13 hours ago
FEDORA-EPEL-2026-2c3b9215e1 Packages in this update:
  • syncthing-2.1.1-1.el10_2
Update description:

Update to version 2.1.1.

The major change in v2 is migration of the database backend from LevelDB to SQLite. This is handled transparently on startup by syncthing like any other database migration - the only change should be that the first startup takes a bit longer than usual.

This update also includes fixes for various security issues by compiling with updated dependencies and / or newer versions of the Go compiler and standard library.

Please refer to the upstream release notes for other changes since 1.30.0: https://github.com/syncthing/syncthing/releases

Approved EPEL incompatible upgrade request: https://forge.fedoraproject.org/epel/steering/issues/368

syncthing-2.1.1-1.el10_3

1 day 13 hours ago
FEDORA-EPEL-2026-ddefa409e2 Packages in this update:
  • syncthing-2.1.1-1.el10_3
Update description:

Update to version 2.1.1.

The major change in v2 is migration of the database backend from LevelDB to SQLite. This is handled transparently on startup by syncthing like any other database migration - the only change should be that the first startup takes a bit longer than usual.

This update also includes fixes for various security issues by compiling with updated dependencies and / or newer versions of the Go compiler and standard library.

Please refer to the upstream release notes for other changes since 1.30.0: https://github.com/syncthing/syncthing/releases

Approved EPEL incompatible upgrade request: https://forge.fedoraproject.org/epel/steering/issues/368

python-llvmlite-0.48.0-1.fc45

1 day 22 hours ago
FEDORA-2026-ebbaee3606 Packages in this update:
  • python-llvmlite-0.48.0-1.fc45
Update description:

Automatic update for python-llvmlite-0.48.0-1.fc45.

Changelog * Fri Jul 3 2026 Benjamin A. Beasley <code@musicinmybrain.net> - 0.48.0-1 - Update to 0.48.0 - Closes RHBZ#2453491; fixes RHBZ#2495139; fixes RHBZ#2496401

breezy-3.3.21-2.fc44

1 day 22 hours ago
FEDORA-2026-c872d91489 Packages in this update:
  • breezy-3.3.21-2.fc44
Update description:

Allow PyO3 0.29, which fixes RUSTSEC-2026-0194 and RUSTSEC-2026-0195.

Update to 3.3.21, including upstream fixes for compatibility with dulwich 0.25 and later.

kernel-7.1.3-200.fc44 kernel-headers-7.1.3-200.fc44

2 days 1 hour ago
FEDORA-2026-75653cf1c2 Packages in this update:
  • kernel-7.1.3-200.fc44
  • kernel-headers-7.1.3-200.fc44
Update description:

The 7.1.3 stable kernel rebase contains new features, improved hardware support, and a number of important fixes across the tree. This also has a fix for CVE-2026-53359

kernel-7.1.3-100.fc43 kernel-headers-7.1.3-100.fc43

2 days 1 hour ago
FEDORA-2026-c3e2e91b4d Packages in this update:
  • kernel-7.1.3-100.fc43
  • kernel-headers-7.1.3-100.fc43
Update description:

The 7.1.3 stable kernel rebase contains new features, improved hardware support, and a number of important fixes across the tree. This also has a fix for CVE-2026-53359

kryoptic-1.5.2-2.fc45 mir-2.28.0-2.fc45 rust-ashpd-0.13.12-2.fc45 rust-busd-0.5.0-3.fc45 rust-gtk4-macros-0.11.4-3.fc45 rust-inferno-0.12.6-3.fc45 rust-quick-xml-0.41.0-1.fc45 rust-reqsign-aws-v4-3.0.1-4.fc45 rust-wayland-scanner-0.31.10-5.fc45 sandogasa…

2 days 18 hours ago
FEDORA-2026-bc3a541ebd Packages in this update:
  • kryoptic-1.5.2-2.fc45
  • mir-2.28.0-2.fc45
  • rust-ashpd-0.13.12-2.fc45
  • rust-busd-0.5.0-3.fc45
  • rust-gtk4-macros-0.11.4-3.fc45
  • rust-inferno-0.12.6-3.fc45
  • rust-quick-xml-0.41.0-1.fc45
  • rust-reqsign-aws-v4-3.0.1-4.fc45
  • rust-wayland-scanner-0.31.10-5.fc45
  • sandogasa-0.15.3-2.fc45
Update description:

Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest

sandogasa v0.15.3
  • ebranch base-distro guard — resolve/file-requests now know EPEL must not replace RHEL/CentOS Stream packages: deps present in the base at a too-old version are blocked with clear options (alternate package via --override, or lower the requirement) instead of becoming CANTFIX branch requests; file-requests re-checks the base before filing
  • New sandogasa-sourcehut crate — sr.ht GraphQL client; sandogasa-report gains a Sourcehut section (patches, tickets, commits split yours vs third-party, git_emails attribution)
  • ebranch check-crate — human report on stderr alongside --koji/--copr machine output, so build scripts stay pipeable
  • dbranch rebuild — creates debian/gbp.conf when the Debian branch has none and handles the modern single-line salsa-ci.yml
  • Robustness: 120s HTTP timeout on every client; --version on every tool; quick-xml bumped to 0.41 for RUSTSEC-2026-0194/-0195
  • sandogasa-report: consistent commit detail levels across forges

Full details: https://github.com/slopfest/sandogasa/blob/v0.15.3/CHANGELOG.md#v0153

v0.15.2
  • New sandogasa-review crate — shared keep/explain/remove resolution for reviewer-curated findings; adopted by fedora-review-digest, ebranch check-update, and fedora-cve-triage
  • New sandogasa-forgejo crate — Forgejo/Gitea REST API client (PR activity
  • issue filing); powers sandogasa-report's Forgejo accounting
  • ebranch check-update overhaul — condensed output (counts + version grouping), reviewer curation of blocking findings before karma, branch inference for Fedora side tags (EPEL still needs -b al9 -r @epel), plus fixes for stale-side-tag and rich-dep installability false positives and large-update performance
  • fedora-cve-triage — per-bug keep/explain/remove review before closing detected false positives
  • sandogasa-report — Forgejo PR-merge and issue accounting

Full details: https://github.com/slopfest/sandogasa/blob/v0.15.2/CHANGELOG.md#v0152

rust-quick-xml-0.41.0-1.el9 rust-wayland-scanner-0.31.10-3.el9 sandogasa-0.15.3-2.el9

2 days 18 hours ago
FEDORA-EPEL-2026-8bec43f801 Packages in this update:
  • rust-quick-xml-0.41.0-1.el9
  • rust-wayland-scanner-0.31.10-3.el9
  • sandogasa-0.15.3-2.el9
Update description:

Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest

sandogasa v0.15.3
  • ebranch base-distro guard — resolve/file-requests now know EPEL must not replace RHEL/CentOS Stream packages: deps present in the base at a too-old version are blocked with clear options (alternate package via --override, or lower the requirement) instead of becoming CANTFIX branch requests; file-requests re-checks the base before filing
  • New sandogasa-sourcehut crate — sr.ht GraphQL client; sandogasa-report gains a Sourcehut section (patches, tickets, commits split yours vs third-party, git_emails attribution)
  • ebranch check-crate — human report on stderr alongside --koji/--copr machine output, so build scripts stay pipeable
  • dbranch rebuild — creates debian/gbp.conf when the Debian branch has none and handles the modern single-line salsa-ci.yml
  • Robustness: 120s HTTP timeout on every client; --version on every tool; quick-xml bumped to 0.41 for RUSTSEC-2026-0194/-0195
  • sandogasa-report: consistent commit detail levels across forges

Full details: https://github.com/slopfest/sandogasa/blob/v0.15.3/CHANGELOG.md#v0153

v0.15.2
  • New sandogasa-review crate — shared keep/explain/remove resolution for reviewer-curated findings; adopted by fedora-review-digest, ebranch check-update, and fedora-cve-triage
  • New sandogasa-forgejo crate — Forgejo/Gitea REST API client (PR activity
  • issue filing); powers sandogasa-report's Forgejo accounting
  • ebranch check-update overhaul — condensed output (counts + version grouping), reviewer curation of blocking findings before karma, branch inference for Fedora side tags (EPEL still needs -b al9 -r @epel), plus fixes for stale-side-tag and rich-dep installability false positives and large-update performance
  • fedora-cve-triage — per-bug keep/explain/remove review before closing detected false positives
  • sandogasa-report — Forgejo PR-merge and issue accounting

Full details: https://github.com/slopfest/sandogasa/blob/v0.15.2/CHANGELOG.md#v0152

rust-quick-xml-0.41.0-1.el10_3 rust-reqsign-aws-v4-3.0.1-2.el10_3 rust-wayland-scanner-0.31.10-3.el10_3 sandogasa-0.15.3-2.el10_3

2 days 18 hours ago
FEDORA-EPEL-2026-6df36818d4 Packages in this update:
  • rust-quick-xml-0.41.0-1.el10_3
  • rust-reqsign-aws-v4-3.0.1-2.el10_3
  • rust-wayland-scanner-0.31.10-3.el10_3
  • sandogasa-0.15.3-2.el10_3
Update description:

Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest

sandogasa v0.15.3
  • ebranch base-distro guard — resolve/file-requests now know EPEL must not replace RHEL/CentOS Stream packages: deps present in the base at a too-old version are blocked with clear options (alternate package via --override, or lower the requirement) instead of becoming CANTFIX branch requests; file-requests re-checks the base before filing
  • New sandogasa-sourcehut crate — sr.ht GraphQL client; sandogasa-report gains a Sourcehut section (patches, tickets, commits split yours vs third-party, git_emails attribution)
  • ebranch check-crate — human report on stderr alongside --koji/--copr machine output, so build scripts stay pipeable
  • dbranch rebuild — creates debian/gbp.conf when the Debian branch has none and handles the modern single-line salsa-ci.yml
  • Robustness: 120s HTTP timeout on every client; --version on every tool; quick-xml bumped to 0.41 for RUSTSEC-2026-0194/-0195
  • sandogasa-report: consistent commit detail levels across forges

Full details: https://github.com/slopfest/sandogasa/blob/v0.15.3/CHANGELOG.md#v0153

v0.15.2
  • New sandogasa-review crate — shared keep/explain/remove resolution for reviewer-curated findings; adopted by fedora-review-digest, ebranch check-update, and fedora-cve-triage
  • New sandogasa-forgejo crate — Forgejo/Gitea REST API client (PR activity
  • issue filing); powers sandogasa-report's Forgejo accounting
  • ebranch check-update overhaul — condensed output (counts + version grouping), reviewer curation of blocking findings before karma, branch inference for Fedora side tags (EPEL still needs -b al9 -r @epel), plus fixes for stale-side-tag and rich-dep installability false positives and large-update performance
  • fedora-cve-triage — per-bug keep/explain/remove review before closing detected false positives
  • sandogasa-report — Forgejo PR-merge and issue accounting

Full details: https://github.com/slopfest/sandogasa/blob/v0.15.2/CHANGELOG.md#v0152

rust-busd-0.5.0-3.fc43 rust-inferno-0.12.6-3.fc43 rust-quick-xml-0.41.0-1.fc43 rust-reqsign-aws-v4-3.0.1-2.fc43 rust-wayland-scanner-0.31.10-3.fc43 sandogasa-0.15.3-2.fc43

2 days 18 hours ago
FEDORA-2026-ffaebbf2f0 Packages in this update:
  • rust-busd-0.5.0-3.fc43
  • rust-inferno-0.12.6-3.fc43
  • rust-quick-xml-0.41.0-1.fc43
  • rust-reqsign-aws-v4-3.0.1-2.fc43
  • rust-wayland-scanner-0.31.10-3.fc43
  • sandogasa-0.15.3-2.fc43
Update description:

Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest

sandogasa v0.15.3
  • ebranch base-distro guard — resolve/file-requests now know EPEL must not replace RHEL/CentOS Stream packages: deps present in the base at a too-old version are blocked with clear options (alternate package via --override, or lower the requirement) instead of becoming CANTFIX branch requests; file-requests re-checks the base before filing
  • New sandogasa-sourcehut crate — sr.ht GraphQL client; sandogasa-report gains a Sourcehut section (patches, tickets, commits split yours vs third-party, git_emails attribution)
  • ebranch check-crate — human report on stderr alongside --koji/--copr machine output, so build scripts stay pipeable
  • dbranch rebuild — creates debian/gbp.conf when the Debian branch has none and handles the modern single-line salsa-ci.yml
  • Robustness: 120s HTTP timeout on every client; --version on every tool; quick-xml bumped to 0.41 for RUSTSEC-2026-0194/-0195
  • sandogasa-report: consistent commit detail levels across forges

Full details: https://github.com/slopfest/sandogasa/blob/v0.15.3/CHANGELOG.md#v0153

v0.15.2
  • New sandogasa-review crate — shared keep/explain/remove resolution for reviewer-curated findings; adopted by fedora-review-digest, ebranch check-update, and fedora-cve-triage
  • New sandogasa-forgejo crate — Forgejo/Gitea REST API client (PR activity
  • issue filing); powers sandogasa-report's Forgejo accounting
  • ebranch check-update overhaul — condensed output (counts + version grouping), reviewer curation of blocking findings before karma, branch inference for Fedora side tags (EPEL still needs -b al9 -r @epel), plus fixes for stale-side-tag and rich-dep installability false positives and large-update performance
  • fedora-cve-triage — per-bug keep/explain/remove review before closing detected false positives
  • sandogasa-report — Forgejo PR-merge and issue accounting

Full details: https://github.com/slopfest/sandogasa/blob/v0.15.2/CHANGELOG.md#v0152

mir-2.26.0-2.fc44 rust-ashpd-0.13.12-2.fc44 rust-busd-0.5.0-3.fc44 rust-gtk4-macros-0.11.4-2.fc44 rust-inferno-0.12.6-3.fc44 rust-quick-xml-0.41.0-1.fc44 rust-reqsign-aws-v4-3.0.1-2.fc44 rust-wayland-scanner-0.31.10-3.fc44 sandogasa-0.15.3-2.fc44

2 days 18 hours ago
FEDORA-2026-b25dca4806 Packages in this update:
  • mir-2.26.0-2.fc44
  • rust-ashpd-0.13.12-2.fc44
  • rust-busd-0.5.0-3.fc44
  • rust-gtk4-macros-0.11.4-2.fc44
  • rust-inferno-0.12.6-3.fc44
  • rust-quick-xml-0.41.0-1.fc44
  • rust-reqsign-aws-v4-3.0.1-2.fc44
  • rust-wayland-scanner-0.31.10-3.fc44
  • sandogasa-0.15.3-2.fc44
Update description:

Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest

sandogasa v0.15.3
  • ebranch base-distro guard — resolve/file-requests now know EPEL must not replace RHEL/CentOS Stream packages: deps present in the base at a too-old version are blocked with clear options (alternate package via --override, or lower the requirement) instead of becoming CANTFIX branch requests; file-requests re-checks the base before filing
  • New sandogasa-sourcehut crate — sr.ht GraphQL client; sandogasa-report gains a Sourcehut section (patches, tickets, commits split yours vs third-party, git_emails attribution)
  • ebranch check-crate — human report on stderr alongside --koji/--copr machine output, so build scripts stay pipeable
  • dbranch rebuild — creates debian/gbp.conf when the Debian branch has none and handles the modern single-line salsa-ci.yml
  • Robustness: 120s HTTP timeout on every client; --version on every tool; quick-xml bumped to 0.41 for RUSTSEC-2026-0194/-0195
  • sandogasa-report: consistent commit detail levels across forges

Full details: https://github.com/slopfest/sandogasa/blob/v0.15.3/CHANGELOG.md#v0153

v0.15.2
  • New sandogasa-review crate — shared keep/explain/remove resolution for reviewer-curated findings; adopted by fedora-review-digest, ebranch check-update, and fedora-cve-triage
  • New sandogasa-forgejo crate — Forgejo/Gitea REST API client (PR activity
  • issue filing); powers sandogasa-report's Forgejo accounting
  • ebranch check-update overhaul — condensed output (counts + version grouping), reviewer curation of blocking findings before karma, branch inference for Fedora side tags (EPEL still needs -b al9 -r @epel), plus fixes for stale-side-tag and rich-dep installability false positives and large-update performance
  • fedora-cve-triage — per-bug keep/explain/remove review before closing detected false positives
  • sandogasa-report — Forgejo PR-merge and issue accounting

Full details: https://github.com/slopfest/sandogasa/blob/v0.15.2/CHANGELOG.md#v0152

perl-Crypt-DSA-1.17-31.el8

3 days 8 hours ago
FEDORA-EPEL-2026-b426ab1b56 Packages in this update:
  • perl-Crypt-DSA-1.17-31.el8
Update description:

This update adds two improvements backported from Crypt-DSA 1.22:

  • Hardening: Use a fresh, independent CSPRNG witness every round
  • Security fix: Modulo bias in key generation (CVE-2026-14570); an attack with hundreds of signatures could lead to full private-key compromise; keys should be considered compromised and new keys should be generated

perl-Crypt-DSA-1.17-31.el9

3 days 8 hours ago
FEDORA-EPEL-2026-432fddaa41 Packages in this update:
  • perl-Crypt-DSA-1.17-31.el9
Update description:

This update adds two improvements backported from Crypt-DSA 1.22:

  • Hardening: Use a fresh, independent CSPRNG witness every round
  • Security fix: Modulo bias in key generation (CVE-2026-14570); an attack with hundreds of signatures could lead to full private-key compromise; keys should be considered compromised and new keys should be generated

perl-Crypt-DSA-1.22-1.el10_3

3 days 10 hours ago
FEDORA-EPEL-2026-49e427dec0 Packages in this update:
  • perl-Crypt-DSA-1.22-1.el10_3
Update description:

This update, to the current upstream release, addresses a cryptographic flaw (modulo bias) in key generation that could lead to private key compromise (CVE-2026-1457) .

perl-Crypt-DSA-1.22-1.fc43

3 days 10 hours ago
FEDORA-2026-b77b9c5f04 Packages in this update:
  • perl-Crypt-DSA-1.22-1.fc43
Update description:

This update, to the current upstream release, addresses a cryptographic flaw (modulo bias) in key generation that could lead to private key compromise (CVE-2026-1457) .

perl-Crypt-DSA-1.22-1.fc44

3 days 10 hours ago
FEDORA-2026-fcfc08d46c Packages in this update:
  • perl-Crypt-DSA-1.22-1.fc44
Update description:

This update, to the current upstream release, addresses a cryptographic flaw (modulo bias) in key generation that could lead to private key compromise (CVE-2026-1457) .

perl-Crypt-DSA-1.22-1.el10_2

3 days 10 hours ago
FEDORA-EPEL-2026-121cfa24e8 Packages in this update:
  • perl-Crypt-DSA-1.22-1.el10_2
Update description:

This update, to the current upstream release, addresses a cryptographic flaw (modulo bias) in key generation that could lead to private key compromise (CVE-2026-1457) .

Checked
52 minutes 32 seconds ago