Fedora Security Advisories

Changelog * Thu Mar 19 2026 Charalampos Stratakis <cstratak@redhat.com> - 7.3.19-11 - Security fix for CVE-2025-56005 for the bundled ply within the bundled pycparser - Fixes: rhbz#2431977

pypy-7.3.21-3.fc45

1 hour 48 minutes ago

FEDORA-2026-7585365ba3 Packages in this update:

pypy-7.3.21-3.fc45

Update description:

Automatic update for pypy-7.3.21-3.fc45.

Changelog * Thu Mar 19 2026 Charalampos Stratakis <cstratak@redhat.com> - 7.3.21-2 - Security fix for CVE-2025-56005 for the bundled ply within the bundled pycparser - Fixes: rhbz#2431976 * Thu Mar 19 2026 Charalampos Stratakis <cstratak@redhat.com> - 7.3.21-1 - Update to 7.3.21 - Fixes: rhbz#2447284

python-ujson-5.8.0-2.el9

Fedora Security Advisories

10 hours 31 minutes ago

FEDORA-EPEL-2026-37ef30e238 Packages in this update:

python-ujson-5.8.0-2.el9

Update description:

Backport fixes for CVE-2026-32874 and CVE-2026-32875

rubygem-json-2.13.2-2.fc43

Fedora Security Advisories

12 hours 24 minutes ago

FEDORA-2026-8c07fcde49 Packages in this update:

rubygem-json-2.13.2-2.fc43

Update description:

This new updates backports a fix for a format string injection vulnerability in JSON.parse, which is now assigned as CVE-2026-33210

bcftools-1.23.1-1.el8 htslib-1.23.1-1.el8 samtools-1.23.1-1.el8

Fedora Security Advisories

22 hours 50 minutes ago

FEDORA-EPEL-2026-74a1834691 Packages in this update:

bcftools-1.23.1-1.el8
htslib-1.23.1-1.el8
samtools-1.23.1-1.el8

Update description:

Update to 1.23.1

perl-YAML-Syck-1.37-1.el9

Fedora Security Advisories

22 hours 57 minutes ago

FEDORA-EPEL-2026-52be5354a0 Packages in this update:

perl-YAML-Syck-1.37-1.el9

Update description:

YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.

perl-YAML-Syck-1.37-1.el10_2

Fedora Security Advisories

22 hours 57 minutes ago

FEDORA-EPEL-2026-de60bba45b Packages in this update:

perl-YAML-Syck-1.37-1.el10_2

Update description:

YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.

perl-YAML-Syck-1.37-1.el10_3

Fedora Security Advisories

22 hours 57 minutes ago

FEDORA-EPEL-2026-e7f8f46758 Packages in this update:

perl-YAML-Syck-1.37-1.el10_3

Update description:

YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.

perl-YAML-Syck-1.37-1.fc43

Fedora Security Advisories

23 hours 55 minutes ago

FEDORA-2026-3572f7e01c Packages in this update:

perl-YAML-Syck-1.37-1.fc43

Update description:

YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.

perl-YAML-Syck-1.37-1.fc44

Fedora Security Advisories

23 hours 55 minutes ago

FEDORA-2026-a8d89d8ae2 Packages in this update:

perl-YAML-Syck-1.37-1.fc44

Update description:

YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.

perl-YAML-Syck-1.37-1.fc42

Fedora Security Advisories

23 hours 55 minutes ago

FEDORA-2026-d226775800 Packages in this update:

perl-YAML-Syck-1.37-1.fc42

Update description:

YAML::Syck versions up to and including 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.