Fedora Security Advisories

collectd-5.12.0-57.fc43 varnish-7.7.3-2.fc43 varnish-modules-0.26.0-4.fc43 vmod-querystring-2.0.3-11.fc43

Fedora Security Advisories
1 hour 43 minutes ago
FEDORA-2026-7f36ec4c65 Packages in this update:
  • collectd-5.12.0-57.fc43
  • varnish-7.7.3-2.fc43
  • varnish-modules-0.26.0-4.fc43
  • vmod-querystring-2.0.3-11.fc43
Update description:

Update to latest 7.7.x release available, a security release. Includes fixes for VSV00017 aka CVE-2025-8671, aAdded patches for for VSV00018 aka CVE-2026-34475, added patches for for VSV00019.

moby-engine-29.6.0-1.fc43

Fedora Security Advisories
2 days 23 hours ago
FEDORA-2026-0feb6e4967 Packages in this update:
  • moby-engine-29.6.0-1.fc43
Update description:
  • Update to release v29.6.0
  • Resolves: rhbz#2490590
  • Resolves CVE-2026-39828: rhbz#2489945
  • Resolves CVE-2026-39829: rhbz#2490099
  • Resolves CVE-2026-39830: rhbz#2490466
  • Upstream fixes and enhancements

moby-engine-29.6.0-1.fc44

Fedora Security Advisories
3 days ago
FEDORA-2026-d8e03bae55 Packages in this update:
  • moby-engine-29.6.0-1.fc44
Update description:
  • Update to release v29.6.0
  • Resolves: rhbz#2490590
  • Resolves CVE-2026-39828: rhbz#2489945
  • Resolves CVE-2026-39829: rhbz#2490099
  • Resolves CVE-2026-39830: rhbz#2490466
  • Upstream fixes and enhancements

haveged-1.9.24-1.el8

Fedora Security Advisories
3 days ago
FEDORA-EPEL-2026-0a805e7cc1 Packages in this update:
  • haveged-1.9.24-1.el8
Update description:

Update to 1.9.24. Disable command mode in long-running service (--no-command flag). Enable PrivateNetwork=true in systemd service. Remove SELinux policy module (no longer needed without command mode).

Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle (annocheck is a security inspection and cannot be disabled via inspections section)

Update to 1.9.23-2: - Add SELinux policy module to allow semaphore creation in /dev/shm - Add rpminspect.yaml to waive pre-existing annocheck false positive

Security fixes in 1.9.23-1: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

haveged-1.9.24-1.el10_2

Fedora Security Advisories
3 days ago
FEDORA-EPEL-2026-ace6f31c40 Packages in this update:
  • haveged-1.9.24-1.el10_2
Update description:

Update to 1.9.24. Disable command mode in long-running service (--no-command flag). Enable PrivateNetwork=true in systemd service. Remove SELinux policy module (no longer needed without command mode).

Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle (annocheck is a security inspection and cannot be disabled via inspections section)

Update to 1.9.23-2: - Add SELinux policy module to allow semaphore creation in /dev/shm - Add rpminspect.yaml to waive pre-existing annocheck false positive

Security fixes in 1.9.23-1: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

Checked
31 minutes 18 seconds ago
URL
https://bodhi.fedoraproject.org/rss/updates/?type=security