freetype-2.14.3-1.fc44
FEDORA-2026-a5b86bbf99
Packages in this update:
- freetype-2.14.3-1.fc44
Update of FreeType to 2.14.3.
Fedora Security Advisories
skopeo-1.22.1-2.fc42
FEDORA-2026-0cc4c9d395
Packages in this update:
- skopeo-1.22.1-2.fc42
Security fix for CVE-2026-34986
skopeo-1.22.1-2.fc43
FEDORA-2026-6b3e9ef128
Packages in this update:
- skopeo-1.22.1-2.fc43
Security fix for CVE-2026-34986
skopeo-1.22.1-2.fc44
FEDORA-2026-4464b22917
Packages in this update:
- skopeo-1.22.1-2.fc44
Security fix for CVE-2026-34986
asterisk-18.26.4-1.el9
FEDORA-EPEL-2026-d5cc2324a0
Packages in this update:
- asterisk-18.26.4-1.el9
Update to Asterisk 18.26.4, addressing numerous security vulnerabilities accumulated since the long-stale 18.12.1 package. The following CVEs are fixed in this update:
- CVE-2022-26498 (fixed in 18.13.0): use-after-free in chan_ooh323
- CVE-2022-42705 (fixed in 18.15.0): use-after-free in res_pjsip_pubsub
- CVE-2022-37325 (fixed in 18.15.1): crash in H323 channel via malformed IE
- CVE-2023-37457 (fixed in 18.20.0): buffer overflow in PJSIP_HEADER function
- CVE-2023-49294 (fixed in 18.20.1): arbitrary file read via AMI GetConfig
- CVE-2023-49786 (fixed in 18.20.1): DTLS race condition causing DoS
- CVE-2024-35190 (fixed in 18.23.1): unauthorized SIP requests matched as endpoint
- CVE-2024-42365 (fixed in 18.24.2): Write=originate allows code execution
- CVE-2024-42491 (fixed in 18.25.0): crash via malformed Contact/Record-Route URI
- CVE-2025-49832 (fixed in 18.26.3): DoS/RCE in res_stir_shaken
- CVE-2025-47779 (fixed in 18.26.2): identity forging via malformed From header
- CVE-2025-1131 (fixed in 18.26.3): local privilege escalation via safe_asterisk
- CVE-2025-54995 (fixed in 18.26.4): resource exhaustion via RTP port leak
asterisk-18.26.4-1.el8
FEDORA-EPEL-2026-f2281acb03
Packages in this update:
- asterisk-18.26.4-1.el8
Update to Asterisk 18.26.4, addressing numerous security vulnerabilities accumulated since the long-stale 18.12.1 package. The following CVEs are fixed in this update:
- CVE-2022-26498 (fixed in 18.13.0): use-after-free in chan_ooh323
- CVE-2022-42705 (fixed in 18.15.0): use-after-free in res_pjsip_pubsub
- CVE-2022-37325 (fixed in 18.15.1): crash in H323 channel via malformed IE
- CVE-2023-37457 (fixed in 18.20.0): buffer overflow in PJSIP_HEADER function
- CVE-2023-49294 (fixed in 18.20.1): arbitrary file read via AMI GetConfig
- CVE-2023-49786 (fixed in 18.20.1): DTLS race condition causing DoS
- CVE-2024-35190 (fixed in 18.23.1): unauthorized SIP requests matched as endpoint
- CVE-2024-42365 (fixed in 18.24.2): Write=originate allows code execution
- CVE-2024-42491 (fixed in 18.25.0): crash via malformed Contact/Record-Route URI
- CVE-2025-49832 (fixed in 18.26.3): DoS/RCE in res_stir_shaken
- CVE-2025-47779 (fixed in 18.26.2): identity forging via malformed From header
- CVE-2025-1131 (fixed in 18.26.3): local privilege escalation via safe_asterisk
- CVE-2025-54995 (fixed in 18.26.4): resource exhaustion via RTP port leak