Fedora Security Advisories

FEDORA-2026-7c83223889 Packages in this update:

• NetworkManager-ssh-1.4.3-1.fc43

Update description:

Fix CVE-2025-9615

FEDORA-2026-87e30fe05b Packages in this update:

• NetworkManager-ssh-1.4.3-1.fc45

Update description:

Automatic update for NetworkManager-ssh-1.4.3-1.fc45.

Changelog * Fri Apr 3 2026 Dan Fruehauf <malkodan@gmail.com> - 1.4.3-1 - Always run autoreconf -fvi - Fix file access for private key and known hosts (rhbz#2428396) - Fix pkg-config macro - Move D-Bus policy file to /usr/share/dbus-1/system.d/

FEDORA-2026-11097124bf Packages in this update:

• mingw-openexr-3.4.9-1.fc44

Update description:

Update to 3.4.9.

Update to 3.4.8.

FEDORA-EPEL-2026-f68290c016 Packages in this update:

• libopenmpt-0.8.6-1.el9

Update description: libopenmpt 0.8.6 (2026-03-24)

• [Sec] The security fix in libopenmpt 0.8.5 (r25042) was incomplete, causing a regression when playing short looped (“chip”) samples (r25084).

libopenmpt 0.8.5 (2026-03-22)

• [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop. (r25042).
• MOD: ProTracker arpeggio wrapraound results in an effective period of 65536 on Paula, not pausing the sample entirely.
• ULT: Loop points were incorrectly limited for 16-bit samples.
• zlib: Update to v1.3.2 (2026-02-17).
• miniz: Update to v3.1.1 (2026-02-03).

FEDORA-EPEL-2026-3e5052fb10 Packages in this update:

• libopenmpt-0.8.6-1.el10_2

Update description: libopenmpt 0.8.6 (2026-03-24)

• [Sec] The security fix in libopenmpt 0.8.5 (r25042) was incomplete, causing a regression when playing short looped (“chip”) samples (r25084).

libopenmpt 0.8.5 (2026-03-22)

• [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop. (r25042).
• MOD: ProTracker arpeggio wrapraound results in an effective period of 65536 on Paula, not pausing the sample entirely.
• ULT: Loop points were incorrectly limited for 16-bit samples.
• zlib: Update to v1.3.2 (2026-02-17).
• miniz: Update to v3.1.1 (2026-02-03).

FEDORA-EPEL-2026-b529a37d50 Packages in this update:

• libopenmpt-0.8.6-1.el10_1

Update description: libopenmpt 0.8.6 (2026-03-24)

• [Sec] The security fix in libopenmpt 0.8.5 (r25042) was incomplete, causing a regression when playing short looped (“chip”) samples (r25084).

libopenmpt 0.8.5 (2026-03-22)

• [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop. (r25042).
• MOD: ProTracker arpeggio wrapraound results in an effective period of 65536 on Paula, not pausing the sample entirely.
• ULT: Loop points were incorrectly limited for 16-bit samples.
• zlib: Update to v1.3.2 (2026-02-17).
• miniz: Update to v3.1.1 (2026-02-03).

FEDORA-EPEL-2026-171a377c45 Packages in this update:

• libopenmpt-0.8.6-1.el10_3

Update description: libopenmpt 0.8.6 (2026-03-24)

• [Sec] The security fix in libopenmpt 0.8.5 (r25042) was incomplete, causing a regression when playing short looped (“chip”) samples (r25084).

libopenmpt 0.8.5 (2026-03-22)

• [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop. (r25042).
• MOD: ProTracker arpeggio wrapraound results in an effective period of 65536 on Paula, not pausing the sample entirely.
• ULT: Loop points were incorrectly limited for 16-bit samples.
• zlib: Update to v1.3.2 (2026-02-17).
• miniz: Update to v3.1.1 (2026-02-03).

FEDORA-EPEL-2026-4a5d8adc71 Packages in this update:

• libopenmpt-0.8.6-1.el8

Update description: libopenmpt 0.8.6 (2026-03-24)

• [Sec] The security fix in libopenmpt 0.8.5 (r25042) was incomplete, causing a regression when playing short looped (“chip”) samples (r25084).

libopenmpt 0.8.5 (2026-03-22)

• [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop. (r25042).
• MOD: ProTracker arpeggio wrapraound results in an effective period of 65536 on Paula, not pausing the sample entirely.
• ULT: Loop points were incorrectly limited for 16-bit samples.
• zlib: Update to v1.3.2 (2026-02-17).
• miniz: Update to v3.1.1 (2026-02-03).

FEDORA-2026-2490896a5d Packages in this update:

• pdns-recursor-5.2.8-1.fc42

Update description:

Update to latest 5.2 release, fixing multiple security issues

FEDORA-2026-9c582575e5 Packages in this update:

• pdns-recursor-5.2.8-1.fc43

Update description:

Update to latest 5.2 release, fixing multiple security issues

FEDORA-2026-db1ef256e0 Packages in this update:

• pdns-recursor-5.4.0-1.fc44

Update description:

Update to latest upstream

FEDORA-2026-6d5ed8d82d Packages in this update:

• mingw-LibRaw-0.22.0-3.fc44

Update description:

Backport fixes for CVE-2026-5318 and CVE-2026-5342.

FEDORA-2026-e54aebce7c Packages in this update:

• pgadmin4-9.14-1.fc44

Update description:

Update to lodash 9.14.

FEDORA-2026-ead60fa20d Packages in this update:

• pgadmin4-9.14-1.fc43

Update description:

Update to lodash 9.14.

FEDORA-2026-5e39475fb3 Packages in this update:

• pgadmin4-9.14-1.fc42

Update description:

Update to lodash 9.14.

FEDORA-EPEL-2026-7bead9ad13 Packages in this update:

• mupdf-1.25.4-5.el10_3

Update description:

fix CVE-2026-3308 (rhbz#2454359)

FEDORA-2026-b56fe1f040 Packages in this update:

• mupdf-1.26.3-6.fc42

Update description:

fix CVE-2026-3308 (rhbz#2454360)

FEDORA-2026-7a9c0c8c04 Packages in this update:

• mupdf-1.27.1-10.fc43

Update description:

fix CVE-2026-3308 (rhbz#2454361)

FEDORA-2026-0ebdbc98c5 Packages in this update:

• mupdf-1.27.1-10.fc44

Update description:

fix CVE-2026-3308 (rhbz#2454361)

FEDORA-2026-563f85e690 Packages in this update:

• mupdf-1.27.1-10.fc45

Update description:

Automatic update for mupdf-1.27.1-10.fc45.

Changelog * Thu Apr 2 2026 Michael J Gruber <mjg@fedoraproject.org> - 1.27.1-10 - fix CVE-2026-3308 (rhbz#2454361)