singularity-ce-4.4.2-1.fc43
FEDORA-2026-5358fb95a0
Packages in this update:
- singularity-ce-4.4.2-1.fc43
Upgrade to 4.4.2 upstream version.
Fedora Security Advisories
singularity-ce-4.4.2-1.fc44
FEDORA-2026-63ae478575
Packages in this update:
- singularity-ce-4.4.2-1.fc44
Upgrade to 4.4.2 upstream version.
singularity-ce-4.4.2-1.fc45
FEDORA-2026-d32912dc74
Packages in this update:
- singularity-ce-4.4.2-1.fc45
Automatic update for singularity-ce-4.4.2-1.fc45.
Changelog * Wed Jun 10 2026 David Trudgian <dtrudg@sylabs.io> - 4.4.2-1 - Upgrade to 4.4.2 upstream version. - Fix rhbz#2453093 - Fix rhbz#2458933 - Fix CVE-2026-47215perl-GD-2.86-1.el9
FEDORA-EPEL-2026-dc3d293a5d
Packages in this update:
- perl-GD-2.86-1.el9
This update fixes a command injection issue resulting from the use of the 2-argument form of open (CVE-2026-11526).
perl-GD-2.86-1.el8
FEDORA-EPEL-2026-fe2027915d
Packages in this update:
- perl-GD-2.86-1.el8
This update fixes a command injection issue resulting from the use of the 2-argument form of open (CVE-2026-11526).
perl-GD-2.86-1.el10_3
FEDORA-EPEL-2026-64e6156b8f
Packages in this update:
- perl-GD-2.86-1.el10_3
This update fixes a command injection issue resulting from the use of the 2-argument form of open (CVE-2026-11526).
perl-GD-2.86-1.el10_2
FEDORA-EPEL-2026-d41d0279ec
Packages in this update:
- perl-GD-2.86-1.el10_2
This update fixes a command injection issue resulting from the use of the 2-argument form of open (CVE-2026-11526).
perl-GD-2.86-1.fc44
FEDORA-2026-263adf0222
Packages in this update:
- perl-GD-2.86-1.fc44
This update fixes a command injection issue resulting from the use of the 2-argument form of open (CVE-2026-11526).
perl-GD-2.86-1.fc43
FEDORA-2026-63831abaee
Packages in this update:
- perl-GD-2.86-1.fc43
This update fixes a command injection issue resulting from the use of the 2-argument form of open (CVE-2026-11526).
librabbitmq-0.16.0-1.fc44
FEDORA-2026-7174ee9a91
Packages in this update:
- librabbitmq-0.16.0-1.fc44
- Fix out-of-bounds read via undersized frames in amqp_handle_input (GHSA-9mmv-r8g3-qp46, #878)
- Fix client crash when server negotiates frame_max below the AMQP protocol minimum (GHSA-jh48-qjf5-fx5v)
- Add amqp_bytes_from_buffer macro to create amqp_bytes_t from an arbitrary byte buffer with explicit length (#856, #866)
- Fix NULL pointer dereferences on allocation failure in tools/publish.c (#860, #861)
- Fix NULL pointer dereference in tools/consume.c stringify_bytes() on allocation failure (#858)
- Fix file stream leak in tools/common.c read_authfile() (#859)
- Fix handling of absolute CMAKE_INSTALL_INCLUDEDIR in exported CMake targets (#849)
- amqp_literal_bytes macro now uses an explicit (void *) cast (#853)
librabbitmq-0.16.0-1.fc43
FEDORA-2026-454722e3d8
Packages in this update:
- librabbitmq-0.16.0-1.fc43
- Fix out-of-bounds read via undersized frames in amqp_handle_input (GHSA-9mmv-r8g3-qp46, #878)
- Fix client crash when server negotiates frame_max below the AMQP protocol minimum (GHSA-jh48-qjf5-fx5v)
- Add amqp_bytes_from_buffer macro to create amqp_bytes_t from an arbitrary byte buffer with explicit length (#856, #866)
- Fix NULL pointer dereferences on allocation failure in tools/publish.c (#860, #861)
- Fix NULL pointer dereference in tools/consume.c stringify_bytes() on allocation failure (#858)
- Fix file stream leak in tools/common.c read_authfile() (#859)
- Fix handling of absolute CMAKE_INSTALL_INCLUDEDIR in exported CMake targets (#849)
- amqp_literal_bytes macro now uses an explicit (void *) cast (#853)
bird-3.3.1-1.fc44
FEDORA-2026-8f225adf49
Packages in this update:
- bird-3.3.1-1.fc44
- BGP: Fix crash when incoming connection for disabled protocol arrives
- BGP: Fix parsing labelled NLRIs with no next hop
- BGP: Fix cork behavior in collision with graceful restart
- BGP: Fix crash on dumping pending export statistics
- BGP: Fix several issues in Flowspec handling
- BMP/Nest: No refeed after listener or protocol restart
- MPLS: Fix crash on reconfiguring CS_DOWN channel
- OSPF: Fix handling of LLS data length field
- OSPF: Fix OOB read in authentication check
- OSPF: Fix OOB read in Router-LSA validation
- Proto: Fix regression in protocol enabling
- Channel: Fix refeeds and reloads during graceful restart
- Export: Mitigate duplicate withdrawals
- Filters: Fix crash when setting gateway on recursive nexthops
- Filters: Fix path matching when AS path is too long
- Table: Fix RCU double-anchor
- Table: Propagate thread group config into aux
- RCU: Catch leaks sooner
See also: https://trubka.network.cz/pipermail/bird-users/2026-June/018790.html
bird-3.3.1-1.el9
FEDORA-EPEL-2026-af4408a35e
Packages in this update:
- bird-3.3.1-1.el9
- BGP: Fix crash when incoming connection for disabled protocol arrives
- BGP: Fix parsing labelled NLRIs with no next hop
- BGP: Fix cork behavior in collision with graceful restart
- BGP: Fix crash on dumping pending export statistics
- BGP: Fix several issues in Flowspec handling
- BMP/Nest: No refeed after listener or protocol restart
- MPLS: Fix crash on reconfiguring CS_DOWN channel
- OSPF: Fix handling of LLS data length field
- OSPF: Fix OOB read in authentication check
- OSPF: Fix OOB read in Router-LSA validation
- Proto: Fix regression in protocol enabling
- Channel: Fix refeeds and reloads during graceful restart
- Export: Mitigate duplicate withdrawals
- Filters: Fix crash when setting gateway on recursive nexthops
- Filters: Fix path matching when AS path is too long
- Table: Fix RCU double-anchor
- Table: Propagate thread group config into aux
- RCU: Catch leaks sooner
See also: https://trubka.network.cz/pipermail/bird-users/2026-June/018790.html
bird-3.3.1-1.el10_2
FEDORA-EPEL-2026-3dfbc6a1df
Packages in this update:
- bird-3.3.1-1.el10_2
- BGP: Fix crash when incoming connection for disabled protocol arrives
- BGP: Fix parsing labelled NLRIs with no next hop
- BGP: Fix cork behavior in collision with graceful restart
- BGP: Fix crash on dumping pending export statistics
- BGP: Fix several issues in Flowspec handling
- BMP/Nest: No refeed after listener or protocol restart
- MPLS: Fix crash on reconfiguring CS_DOWN channel
- OSPF: Fix handling of LLS data length field
- OSPF: Fix OOB read in authentication check
- OSPF: Fix OOB read in Router-LSA validation
- Proto: Fix regression in protocol enabling
- Channel: Fix refeeds and reloads during graceful restart
- Export: Mitigate duplicate withdrawals
- Filters: Fix crash when setting gateway on recursive nexthops
- Filters: Fix path matching when AS path is too long
- Table: Fix RCU double-anchor
- Table: Propagate thread group config into aux
- RCU: Catch leaks sooner
See also: https://trubka.network.cz/pipermail/bird-users/2026-June/018790.html
bird-3.3.1-1.fc43
FEDORA-2026-564680920c
Packages in this update:
- bird-3.3.1-1.fc43
- BGP: Fix crash when incoming connection for disabled protocol arrives
- BGP: Fix parsing labelled NLRIs with no next hop
- BGP: Fix cork behavior in collision with graceful restart
- BGP: Fix crash on dumping pending export statistics
- BGP: Fix several issues in Flowspec handling
- BMP/Nest: No refeed after listener or protocol restart
- MPLS: Fix crash on reconfiguring CS_DOWN channel
- OSPF: Fix handling of LLS data length field
- OSPF: Fix OOB read in authentication check
- OSPF: Fix OOB read in Router-LSA validation
- Proto: Fix regression in protocol enabling
- Channel: Fix refeeds and reloads during graceful restart
- Export: Mitigate duplicate withdrawals
- Filters: Fix crash when setting gateway on recursive nexthops
- Filters: Fix path matching when AS path is too long
- Table: Fix RCU double-anchor
- Table: Propagate thread group config into aux
- RCU: Catch leaks sooner
See also: https://trubka.network.cz/pipermail/bird-users/2026-June/018790.html
bird-3.3.1-1.el10_3
FEDORA-EPEL-2026-50135c9a61
Packages in this update:
- bird-3.3.1-1.el10_3
- BGP: Fix crash when incoming connection for disabled protocol arrives
- BGP: Fix parsing labelled NLRIs with no next hop
- BGP: Fix cork behavior in collision with graceful restart
- BGP: Fix crash on dumping pending export statistics
- BGP: Fix several issues in Flowspec handling
- BMP/Nest: No refeed after listener or protocol restart
- MPLS: Fix crash on reconfiguring CS_DOWN channel
- OSPF: Fix handling of LLS data length field
- OSPF: Fix OOB read in authentication check
- OSPF: Fix OOB read in Router-LSA validation
- Proto: Fix regression in protocol enabling
- Channel: Fix refeeds and reloads during graceful restart
- Export: Mitigate duplicate withdrawals
- Filters: Fix crash when setting gateway on recursive nexthops
- Filters: Fix path matching when AS path is too long
- Table: Fix RCU double-anchor
- Table: Propagate thread group config into aux
- RCU: Catch leaks sooner
See also: https://trubka.network.cz/pipermail/bird-users/2026-June/018790.html
bird-3.3.1-1.el8
FEDORA-EPEL-2026-80fc55f890
Packages in this update:
- bird-3.3.1-1.el8
- BGP: Fix crash when incoming connection for disabled protocol arrives
- BGP: Fix parsing labelled NLRIs with no next hop
- BGP: Fix cork behavior in collision with graceful restart
- BGP: Fix crash on dumping pending export statistics
- BGP: Fix several issues in Flowspec handling
- BMP/Nest: No refeed after listener or protocol restart
- MPLS: Fix crash on reconfiguring CS_DOWN channel
- OSPF: Fix handling of LLS data length field
- OSPF: Fix OOB read in authentication check
- OSPF: Fix OOB read in Router-LSA validation
- Proto: Fix regression in protocol enabling
- Channel: Fix refeeds and reloads during graceful restart
- Export: Mitigate duplicate withdrawals
- Filters: Fix crash when setting gateway on recursive nexthops
- Filters: Fix path matching when AS path is too long
- Table: Fix RCU double-anchor
- Table: Propagate thread group config into aux
- RCU: Catch leaks sooner
See also: https://trubka.network.cz/pipermail/bird-users/2026-June/018790.html
perl-HTTP-Daemon-6.17-1.fc43
FEDORA-2026-f276b2154e
Packages in this update:
- perl-HTTP-Daemon-6.17-1.fc43
Changes:
6.17 2026-05-19 23:11:06Z
- Fix CVE-2026-8450 (affects 6.15 and earlier): 2-arg open() in send_file() enabled RCE / arbitrary file write / response-body exfiltration when a string argument was derived from attacker- influenced input. send_file() now uses 3-arg open() with an explicit '<' read mode, so the path is always treated as a literal filename and 2-arg open() shell-magic shapes ('| cmd', 'cmd |', '> path', etc.) are no longer interpreted. send_file() now also returns '0E0' (true zero) on a successful zero-byte transfer so callers can distinguish empty file from open failure (undef). See https://www.cve.org/CVERecord?id=CVE-2026-8450 for the advisory. Reported and patched by Stig Palmquist (stigtsp). (Stig Palmquist, Olaf Alders)
perl-HTTP-Daemon-6.17-1.fc44
FEDORA-2026-8982379b5c
Packages in this update:
- perl-HTTP-Daemon-6.17-1.fc44
Changes:
6.17 2026-05-19 23:11:06Z
- Fix CVE-2026-8450 (affects 6.15 and earlier): 2-arg open() in send_file() enabled RCE / arbitrary file write / response-body exfiltration when a string argument was derived from attacker- influenced input. send_file() now uses 3-arg open() with an explicit '<' read mode, so the path is always treated as a literal filename and 2-arg open() shell-magic shapes ('| cmd', 'cmd |', '> path', etc.) are no longer interpreted. send_file() now also returns '0E0' (true zero) on a successful zero-byte transfer so callers can distinguish empty file from open failure (undef). See https://www.cve.org/CVERecord?id=CVE-2026-8450 for the advisory. Reported and patched by Stig Palmquist (stigtsp). (Stig Palmquist, Olaf Alders)
perl-Net-Statsd-0.13-1.fc44
FEDORA-2026-9c71664439
Packages in this update:
- perl-Net-Statsd-0.13-1.fc44
Metric names and values are now validated to ensure they do not contain characters below ASCII 32 (including newlines), colon (":") or pipe ("|") characters that might allow metric injection. Offending calls now croak.