Fedora Security Advisories

perl-Sereal-Decoder-4.018-2.el9

5 days 9 hours ago
FEDORA-EPEL-2026-78a69d7632 Packages in this update:
  • perl-Sereal-Decoder-4.018-2.el9
Update description:

This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer.

perl-Sereal-Decoder-4.018-2.el8

5 days 9 hours ago
FEDORA-EPEL-2026-9c8dc0ea44 Packages in this update:
  • perl-Sereal-Decoder-4.018-2.el8
Update description:

This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer.

docker-compose-5.1.4-1.fc42

5 days 10 hours ago
FEDORA-2026-d275a6eaac Packages in this update:
  • docker-compose-5.1.4-1.fc42
Update description:
  • Update to release v5.1.4
  • Resolves: rhbz#2480186
  • Upstream fixes
  • Update to release v5.1.3
  • Resolves rhbz#2458697
  • Resolves CVE-2026-33747: rhbz#2452188, rhbz#2452199
  • Resolves CVE-2026-33748: rhbz#2453089
  • Upstream fixes

docker-compose-5.1.4-1.fc43

5 days 20 hours ago
FEDORA-2026-951a6725b8 Packages in this update:
  • docker-compose-5.1.4-1.fc43
Update description:
  • Update to release v5.1.4
  • Resolves: rhbz#2480186
  • Upstream fixes
  • Update to release v5.1.3
  • Resolves rhbz#2458697
  • Resolves CVE-2026-33747: rhbz#2452188, rhbz#2452199
  • Resolves CVE-2026-33748: rhbz#2453089
  • Upstream fixes

docker-compose-5.1.4-1.fc44

6 days ago
FEDORA-2026-3316f97296 Packages in this update:
  • docker-compose-5.1.4-1.fc44
Update description:
  • Update to release v5.1.4
  • Resolves: rhbz#2480186
  • Upstream fixes
  • Update to release v5.1.3
  • Resolves rhbz#2458697
  • Resolves CVE-2026-33747: rhbz#2452188, rhbz#2452199
  • Resolves CVE-2026-33748: rhbz#2453089
  • Upstream fixes

perl-libwww-perl-6.83-1.fc43

6 days 4 hours ago
FEDORA-2026-3b48ba7dc7 Packages in this update:
  • perl-libwww-perl-6.83-1.fc43
Update description:

Changes:

6.83 2026-05-12 11:41:48Z

- LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects (a different scheme, host, or port) to prevent credential leakage to the redirect target. Same-origin redirects retain credentials. Opt out with allow_credentialed_redirects => 1. CVE-2026-8368 reported by Kai Zen; PoC and initial patch by Stig Palmquist. - LWP::UserAgent now refuses https to http redirects by default to prevent leaking remaining request headers and bodies over plaintext. Opt in with allow_downgrade => 1. Related hardening alongside CVE-2026-8368; PoC by Stig Palmquist.

perl-libwww-perl-6.83-1.fc44

6 days 4 hours ago
FEDORA-2026-8d1333fb52 Packages in this update:
  • perl-libwww-perl-6.83-1.fc44
Update description:

Changes:

6.83 2026-05-12 11:41:48Z

- LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects (a different scheme, host, or port) to prevent credential leakage to the redirect target. Same-origin redirects retain credentials. Opt out with allow_credentialed_redirects => 1. CVE-2026-8368 reported by Kai Zen; PoC and initial patch by Stig Palmquist. - LWP::UserAgent now refuses https to http redirects by default to prevent leaking remaining request headers and bodies over plaintext. Opt in with allow_downgrade => 1. Related hardening alongside CVE-2026-8368; PoC by Stig Palmquist.

openbao-2.5.4-1.el8

6 days 5 hours ago
FEDORA-EPEL-2026-7c82182eba Packages in this update:
  • openbao-2.5.4-1.el8
Update description:

Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808

openbao-2.5.4-1.el9

6 days 5 hours ago
FEDORA-EPEL-2026-89a3c4993d Packages in this update:
  • openbao-2.5.4-1.el9
Update description:

Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808

openbao-2.5.4-1.fc44

6 days 5 hours ago
FEDORA-2026-bf7889aec6 Packages in this update:
  • openbao-2.5.4-1.fc44
Update description:

Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808

Checked
41 minutes 55 seconds ago