Fedora Security Advisories

FEDORA-EPEL-2026-42f57464f0 Packages in this update:

• rust-astral-tokio-tar-0.6.0-1.el9
• rust-tar-0.4.45-1.el9

Update description:

Update rust-tar to 0.4.45, fixing CVE-2026-33056. Initial EPEL9 package for rust-astral-tokio-tar.

FEDORA-2026-e70c1919fe Packages in this update:

• mingw-expat-2.7.5-1.fc43

Update description:

Update to 2.7.5.

FEDORA-2026-1cbd107c34 Packages in this update:

• mingw-expat-2.7.5-1.fc42

Update description:

Update to 2.7.5.

FEDORA-2026-cf814a1a06 Packages in this update:

• mingw-expat-2.7.5-1.fc44

Update description:

Update to 2.7.5.

FEDORA-2026-0e9d55a05c Packages in this update:

• mingw-freetype-2.14.2-1.fc44

Update description:

Update to 2.14.2.

FEDORA-2026-c260342365 Packages in this update:

• giflib-5.2.2-9.fc43

Update description:

Fix CVE-2026-23868.

FEDORA-2026-758ce76ef6 Packages in this update:

• giflib-6.1.2-1.fc44

Update description:

Fix CVE-2026-23868.

FEDORA-2026-6ea5f04bb9 Packages in this update:

• giflib-5.2.2-9.fc42

Update description:

Fix CVE-2026-23868.

FEDORA-EPEL-2026-5f6d5b28a7 Packages in this update:

• maturin-1.9.6-4.el10_2
• rust-tar-0.4.45-1.el10_2
• uv-0.10.2-2.el10_2

Update description:

Update rust-tar to 0.4.45, fixing CVE-2026-33056. Rebuild uv and maturin with the latest rust-tar.

FEDORA-2026-65fdd15133 Packages in this update:

• php-phpseclib3-3.0.50-1.fc42

Update description:

Update to v3.0.50; contains fix for CVE-2026-32935

FEDORA-2026-b7d9416ec4 Packages in this update:

• php-phpseclib3-3.0.50-1.fc43

Update description:

Update to v3.0.50; contains fix for CVE-2026-32935

FEDORA-2026-c6c01a71f2 Packages in this update:

• maturin-1.9.6-5.fc45
• python-fastar-0.9.0-2.fc45
• python-uv-build-0.10.12-1.fc45
• rust-astral-tokio-tar-0.6.0-1.fc45
• rust-tar-0.4.45-1.fc45
• uv-0.10.12-1.fc45

Update description:

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to 0.4.45 to 0.4.45, fixing CVE-2026-33056. Update uv and python-uv-build to [0.10.2](https://github.com/astral-sh/uv/blob/0.10.12/CHANGELOG.md, rebuilding them with the latest rust-astral-tokio-tar and rust-tar. Rebuild python-fastar and maturin with the latest rust-tar.

FEDORA-EPEL-2026-db92dee64a Packages in this update:

• rust-tar-0.4.45-1.el10_1

Update description:

Update rust-tar to 0.4.45, fixing CVE-2026-33056.

FEDORA-2026-85a7950dd4 Packages in this update:

• pypy3.11-7.3.21-3.3.11.fc43

Update description:

Fix jit backend for ppc64le and s390x

FEDORA-2026-8199b7452a Packages in this update:

• pypy3.11-7.3.21-3.3.11.fc44

Update description:

Fix jit backend for ppc64le and s390x

FEDORA-2026-ab51ea3744 Packages in this update:

• pypy3.11-7.3.21-3.3.11.fc45

Update description:

Automatic update for pypy3.11-7.3.21-3.3.11.fc45.

Changelog * Thu Mar 19 2026 Charalampos Stratakis <cstratak@redhat.com> - 7.3.21-2 - Fix CVE-2025-56005 via removing no-longer used bundled ply - Fixes: rhbz#2431978 * Thu Mar 19 2026 Charalampos Stratakis <cstratak@redhat.com> - 7.3.21-1 - Update to 7.3.21 - Fixes: rhbz#2447285

FEDORA-2026-98502d7938 Packages in this update:

• pypy3.10-7.3.19-11.3.10.fc43

Update description:

Security fix for CVE-2025-56005 for the bundled ply within the bundled pycparser

FEDORA-2026-55dd4da86b Packages in this update:

• pypy3.10-7.3.19-11.3.10.fc44

Update description:

Security fix for CVE-2025-56005 for the bundled ply within the bundled pycparser

FEDORA-2026-6c4a7cd1b1 Packages in this update:

• pypy-7.3.21-3.fc43

Update description:

Fix jit backend for ppc64le and s390x

FEDORA-2026-496bf1e0dd Packages in this update:

• pypy-7.3.21-3.fc44

Update description:

Fix jit backend for ppc64le and s390x