Fedora Security Advisories

• rust-openssl-0.10.78-1.el10_3
• rust-openssl-sys-0.9.114-1.el10_3

Update the openssl crate to version 0.10.78 and the openssl-sys crate to version 0.9.114.

Release notes:

• openssl 0.10.77 / openssl-sys 0.9.113: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.77
• openssl 0.10.78 / openssl-sys 0.9.114: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78

This addresses the following security advisories:

• GHSA-pqf5-4pqq-29f5 / CVE-2026-41676: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5
• GHSA-xmgf-hq76-4vx2 / CVE-2026-41677: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xmgf-hq76-4vx2
• GHSA-8c75-8mhr-p7r9 / CVE-2026-41678: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-8c75-8mhr-p7r9
• GHSA-ghm9-cr32-g9qj / CVE-2026-41681: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-ghm9-cr32-g9qj
• GHSA-hppc-g8h3-xhp3 (no CVE entry): https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-hppc-g8h3-xhp3

Affected applications still need to be rebuilt to pick up these fixes.

• rust-openssl-0.10.78-1.fc42
• rust-openssl-sys-0.9.114-1.fc42

Update the openssl crate to version 0.10.78 and the openssl-sys crate to version 0.9.114.

Release notes:

• openssl 0.10.77 / openssl-sys 0.9.113: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.77
• openssl 0.10.78 / openssl-sys 0.9.114: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78

This addresses the following security advisories:

• GHSA-pqf5-4pqq-29f5 / CVE-2026-41676: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5
• GHSA-xmgf-hq76-4vx2 / CVE-2026-41677: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xmgf-hq76-4vx2
• GHSA-8c75-8mhr-p7r9 / CVE-2026-41678: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-8c75-8mhr-p7r9
• GHSA-ghm9-cr32-g9qj / CVE-2026-41681: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-ghm9-cr32-g9qj
• GHSA-hppc-g8h3-xhp3 (no CVE entry): https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-hppc-g8h3-xhp3

Affected applications still need to be rebuilt to pick up these fixes.

• rust-openssl-0.10.78-1.fc43
• rust-openssl-sys-0.9.114-1.fc43

Update the openssl crate to version 0.10.78 and the openssl-sys crate to version 0.9.114.

Release notes:

• openssl 0.10.77 / openssl-sys 0.9.113: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.77
• openssl 0.10.78 / openssl-sys 0.9.114: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78

This addresses the following security advisories:

• GHSA-pqf5-4pqq-29f5 / CVE-2026-41676: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5
• GHSA-xmgf-hq76-4vx2 / CVE-2026-41677: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xmgf-hq76-4vx2
• GHSA-8c75-8mhr-p7r9 / CVE-2026-41678: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-8c75-8mhr-p7r9
• GHSA-ghm9-cr32-g9qj / CVE-2026-41681: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-ghm9-cr32-g9qj
• GHSA-hppc-g8h3-xhp3 (no CVE entry): https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-hppc-g8h3-xhp3

Affected applications still need to be rebuilt to pick up these fixes.

• rust-openssl-0.10.78-1.fc44
• rust-openssl-sys-0.9.114-1.fc44

Update the openssl crate to version 0.10.78 and the openssl-sys crate to version 0.9.114.

Release notes:

• openssl 0.10.77 / openssl-sys 0.9.113: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.77
• openssl 0.10.78 / openssl-sys 0.9.114: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78

This addresses the following security advisories:

• GHSA-pqf5-4pqq-29f5 / CVE-2026-41676: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5
• GHSA-xmgf-hq76-4vx2 / CVE-2026-41677: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xmgf-hq76-4vx2
• GHSA-8c75-8mhr-p7r9 / CVE-2026-41678: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-8c75-8mhr-p7r9
• GHSA-ghm9-cr32-g9qj / CVE-2026-41681: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-ghm9-cr32-g9qj
• GHSA-hppc-g8h3-xhp3 (no CVE entry): https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-hppc-g8h3-xhp3

Affected applications still need to be rebuilt to pick up these fixes.

• rust-openssl-0.10.78-1.fc45
• rust-openssl-sys-0.9.114-1.fc45

Update the openssl crate to version 0.10.78 and the openssl-sys crate to version 0.9.114.

Release notes:

• openssl 0.10.77 / openssl-sys 0.9.113: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.77
• openssl 0.10.78 / openssl-sys 0.9.114: https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78

This addresses the following security advisories:

• GHSA-pqf5-4pqq-29f5 / CVE-2026-41676: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5
• GHSA-xmgf-hq76-4vx2 / CVE-2026-41677: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xmgf-hq76-4vx2
• GHSA-8c75-8mhr-p7r9 / CVE-2026-41678: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-8c75-8mhr-p7r9
• GHSA-ghm9-cr32-g9qj / CVE-2026-41681: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-ghm9-cr32-g9qj
• GHSA-hppc-g8h3-xhp3 (no CVE entry): https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-hppc-g8h3-xhp3

Affected applications still need to be rebuilt to pick up these fixes.

• openvpn-2.7.2-1.el10_1

Update to upstream 2.7.2 release CVE-2026-40215 CVE-2026-35058

• openvpn-2.7.2-1.el10_2

Update to upstream 2.7.2 release CVE-2026-40215 CVE-2026-35058

• openvpn-2.7.2-1.el10_3

Update to upstream 2.7.2 release CVE-2026-40215 CVE-2026-35058

• openvpn-2.7.2-1.fc44

Update to upstream 2.7.2 release CVE-2026-40215 CVE-2026-35058

• openvpn-2.6.20-1.fc42

Update to upstream OpenVPN 2.6.20 CVE-2026-40215 CVE-2026-35058

• openvpn-2.6.20-1.fc43

Update to upstream OpenVPN 2.6.20 CVE-2026-40215 CVE-2026-35058

• edk2-20260213-4.fc43

unbreak https boot

update openssl to 3.5.6

• glow-2.1.2-1.el10_3

Update to version 2.1.2. This also updates some of the vendored dependencies to fix CVEs, as well as building with the latest golang to fix even more CVEs.

• glow-2.1.2-1.fc42

Update to version 2.1.2. This also updates some of the vendored dependencies to fix CVEs, as well as building with the latest golang to fix even more CVEs.

• glow-2.1.2-1.fc43

Update to version 2.1.2. This also updates some of the vendored dependencies to fix CVEs, as well as building with the latest golang to fix even more CVEs.

• glow-2.1.2-1.fc44

Update to version 2.1.2. This also updates some of the vendored dependencies to fix CVEs, as well as building with the latest golang to fix even more CVEs.

• vhs-0.9.0-2.fc42

Rebuild with golang 1.25.9 to pick up multiple security fixes.

• vhs-0.10.0-4.fc43

Rebuild with golang 1.25.9 to pick up multiple security fixes.

• vhs-0.11.0-2.fc44

Update vendored goldmark to 1.7.17 to resolve CVE-2026-5160.

• emacs-30.2-7.fc43

Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS.