Fedora Security Advisories

perl-HTML-Gumbo-0.19-1.fc44

15 minutes 2 seconds ago
FEDORA-2026-75010c7f44 Packages in this update:
  • perl-HTML-Gumbo-0.19-1.fc44
Update description:

This package provides the Perl module HTML::Gumbo. Versions before 0.19 disclose heap memory via type confusion.

Support for the <template> element was added to libgumbo 0.10.0 in 2015, but the walk_tree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen() over-reads the heap block that the pointer addresses.</template>

perl-HTML-Gumbo-0.19-1.fc43

15 minutes 3 seconds ago
FEDORA-2026-a457bf78b4 Packages in this update:
  • perl-HTML-Gumbo-0.19-1.fc43
Update description:

This package provides the Perl module HTML::Gumbo. Versions before 0.19 disclose heap memory via type confusion.

Support for the <template> element was added to libgumbo 0.10.0 in 2015, but the walk_tree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen() over-reads the heap block that the pointer addresses.</template>

docker-compose-5.3.0-1.fc45

1 hour 23 minutes ago
FEDORA-2026-caecf8f2d7 Packages in this update:
  • docker-compose-5.3.0-1.fc45
Update description:

Automatic update for docker-compose-5.3.0-1.fc45.

Changelog * Thu Jul 2 2026 Bradley G Smith <bradley.g.smith@gmail.com> - 5.3.0-1 - Update to release v5.3.0 - Resolves: rhbz#2496535 - Resolves CVE-2026-53492: rhbz#2496550 - Resolves CVE-2026-47262: rhbz#2496433 - Upstream note: This release introduces native support for init containers. - Additional upstream fixes and new features

librabbitmq-0.17.0-1.fc43

15 hours 1 minute ago
FEDORA-2026-436ef78874 Packages in this update:
  • librabbitmq-0.17.0-1.fc43
Update description: Version 0.17.0 - 2026-07-01 Security
  • Fix size_t overflow in amqp_decode_bytes bounds check leading to out-of-bounds read (GHSA-jgjf-7fwf-f3c7, #888)
  • Fix heap buffer overflow in amqp_frame_to_bytes for oversized body frames (GHSA-hfjv-vcp3-39wh, #892)
Added
  • librabbitmq-tools fall back to the AMQP_URL environment variable when no connection options are given on the command line (#887)
Fixed
  • Fix undefined behavior in amqp_decode_properties when decoding content-header property flags (#883, #885)
  • Fix ioctlsocket type mismatch on Windows (#890)
  • Document buffer lifetime requirement of amqp_decode_table's encoded buffer to prevent use-after-free misuse (#895)
Changed
  • librabbitmq-tools now enable default SSL certificate verification paths unless --no-default-cert-paths is passed (fixes #868, #893)
  • Building the tools now requires POPT v1.14 or newer (#889)

librabbitmq-0.17.0-1.fc44

15 hours 3 minutes ago
FEDORA-2026-fc2f661416 Packages in this update:
  • librabbitmq-0.17.0-1.fc44
Update description: Version 0.17.0 - 2026-07-01 Security
  • Fix size_t overflow in amqp_decode_bytes bounds check leading to out-of-bounds read (GHSA-jgjf-7fwf-f3c7, #888)
  • Fix heap buffer overflow in amqp_frame_to_bytes for oversized body frames (GHSA-hfjv-vcp3-39wh, #892)
Added
  • librabbitmq-tools fall back to the AMQP_URL environment variable when no connection options are given on the command line (#887)
Fixed
  • Fix undefined behavior in amqp_decode_properties when decoding content-header property flags (#883, #885)
  • Fix ioctlsocket type mismatch on Windows (#890)
  • Document buffer lifetime requirement of amqp_decode_table's encoded buffer to prevent use-after-free misuse (#895)
Changed
  • librabbitmq-tools now enable default SSL certificate verification paths unless --no-default-cert-paths is passed (fixes #868, #893)
  • Building the tools now requires POPT v1.14 or newer (#889)

composer-2.10.2-1.el9

15 hours 48 minutes ago
FEDORA-EPEL-2026-1e765d4f0c Packages in this update:
  • composer-2.10.2-1.el9
Update description: Version 2.10.2 - 2026-07-01
  • Security: Validate package names (GHSA-499r-g7pc-vmp9)
  • Security: Validate package bin paths against path traversal (GHSA-gjfg-22fp-rrxx)
  • Security: Sanitize URL-embedded usernames/token in verbose output (GHSA-g6xq-892h-64w3)
  • Security: Only follow HTTP redirects from HTTP responses (#12948)
  • Security: Prevent phar metadata unserialization on unsafe PHP versions (#12946)
  • Security: Sanitize JSON parse errors in http responses to avoid leaking response body data (#12959)
  • Added warning output in self-update command when using a soon-to-be EOL version (#12920)
  • Added download retry when a GitHub codeload URL returns a 400 (#12962)
  • Fixed audit command to output the audit result to stdout (#12904)
  • Fixed backspace characters being output to non-decorated output (#12925)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)
  • Fixed provider packages hiding suggestions for the package they provide themselves (#12933)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)

composer-2.10.2-1.el10_3

15 hours 48 minutes ago
FEDORA-EPEL-2026-6a8ea7a52d Packages in this update:
  • composer-2.10.2-1.el10_3
Update description: Version 2.10.2 - 2026-07-01
  • Security: Validate package names (GHSA-499r-g7pc-vmp9)
  • Security: Validate package bin paths against path traversal (GHSA-gjfg-22fp-rrxx)
  • Security: Sanitize URL-embedded usernames/token in verbose output (GHSA-g6xq-892h-64w3)
  • Security: Only follow HTTP redirects from HTTP responses (#12948)
  • Security: Prevent phar metadata unserialization on unsafe PHP versions (#12946)
  • Security: Sanitize JSON parse errors in http responses to avoid leaking response body data (#12959)
  • Added warning output in self-update command when using a soon-to-be EOL version (#12920)
  • Added download retry when a GitHub codeload URL returns a 400 (#12962)
  • Fixed audit command to output the audit result to stdout (#12904)
  • Fixed backspace characters being output to non-decorated output (#12925)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)
  • Fixed provider packages hiding suggestions for the package they provide themselves (#12933)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)

composer-2.10.2-1.fc44

15 hours 48 minutes ago
FEDORA-2026-22ba02bee3 Packages in this update:
  • composer-2.10.2-1.fc44
Update description: Version 2.10.2 - 2026-07-01
  • Security: Validate package names (GHSA-499r-g7pc-vmp9)
  • Security: Validate package bin paths against path traversal (GHSA-gjfg-22fp-rrxx)
  • Security: Sanitize URL-embedded usernames/token in verbose output (GHSA-g6xq-892h-64w3)
  • Security: Only follow HTTP redirects from HTTP responses (#12948)
  • Security: Prevent phar metadata unserialization on unsafe PHP versions (#12946)
  • Security: Sanitize JSON parse errors in http responses to avoid leaking response body data (#12959)
  • Added warning output in self-update command when using a soon-to-be EOL version (#12920)
  • Added download retry when a GitHub codeload URL returns a 400 (#12962)
  • Fixed audit command to output the audit result to stdout (#12904)
  • Fixed backspace characters being output to non-decorated output (#12925)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)
  • Fixed provider packages hiding suggestions for the package they provide themselves (#12933)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)

composer-2.10.2-1.fc43

15 hours 48 minutes ago
FEDORA-2026-3017b1bec1 Packages in this update:
  • composer-2.10.2-1.fc43
Update description: Version 2.10.2 - 2026-07-01
  • Security: Validate package names (GHSA-499r-g7pc-vmp9)
  • Security: Validate package bin paths against path traversal (GHSA-gjfg-22fp-rrxx)
  • Security: Sanitize URL-embedded usernames/token in verbose output (GHSA-g6xq-892h-64w3)
  • Security: Only follow HTTP redirects from HTTP responses (#12948)
  • Security: Prevent phar metadata unserialization on unsafe PHP versions (#12946)
  • Security: Sanitize JSON parse errors in http responses to avoid leaking response body data (#12959)
  • Added warning output in self-update command when using a soon-to-be EOL version (#12920)
  • Added download retry when a GitHub codeload URL returns a 400 (#12962)
  • Fixed audit command to output the audit result to stdout (#12904)
  • Fixed backspace characters being output to non-decorated output (#12925)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)
  • Fixed provider packages hiding suggestions for the package they provide themselves (#12933)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)

composer-2.10.2-1.el10_2

15 hours 48 minutes ago
FEDORA-EPEL-2026-084df34b74 Packages in this update:
  • composer-2.10.2-1.el10_2
Update description: Version 2.10.2 - 2026-07-01
  • Security: Validate package names (GHSA-499r-g7pc-vmp9)
  • Security: Validate package bin paths against path traversal (GHSA-gjfg-22fp-rrxx)
  • Security: Sanitize URL-embedded usernames/token in verbose output (GHSA-g6xq-892h-64w3)
  • Security: Only follow HTTP redirects from HTTP responses (#12948)
  • Security: Prevent phar metadata unserialization on unsafe PHP versions (#12946)
  • Security: Sanitize JSON parse errors in http responses to avoid leaking response body data (#12959)
  • Added warning output in self-update command when using a soon-to-be EOL version (#12920)
  • Added download retry when a GitHub codeload URL returns a 400 (#12962)
  • Fixed audit command to output the audit result to stdout (#12904)
  • Fixed backspace characters being output to non-decorated output (#12925)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)
  • Fixed provider packages hiding suggestions for the package they provide themselves (#12933)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)
Checked
14 minutes 49 seconds ago