Fedora Security Advisories

librabbitmq-0.17.0-1.fc43

5 days 6 hours ago
FEDORA-2026-436ef78874 Packages in this update:
  • librabbitmq-0.17.0-1.fc43
Update description: Version 0.17.0 - 2026-07-01 Security
  • Fix size_t overflow in amqp_decode_bytes bounds check leading to out-of-bounds read (GHSA-jgjf-7fwf-f3c7, #888)
  • Fix heap buffer overflow in amqp_frame_to_bytes for oversized body frames (GHSA-hfjv-vcp3-39wh, #892)
Added
  • librabbitmq-tools fall back to the AMQP_URL environment variable when no connection options are given on the command line (#887)
Fixed
  • Fix undefined behavior in amqp_decode_properties when decoding content-header property flags (#883, #885)
  • Fix ioctlsocket type mismatch on Windows (#890)
  • Document buffer lifetime requirement of amqp_decode_table's encoded buffer to prevent use-after-free misuse (#895)
Changed
  • librabbitmq-tools now enable default SSL certificate verification paths unless --no-default-cert-paths is passed (fixes #868, #893)
  • Building the tools now requires POPT v1.14 or newer (#889)

librabbitmq-0.17.0-1.fc44

5 days 6 hours ago
FEDORA-2026-fc2f661416 Packages in this update:
  • librabbitmq-0.17.0-1.fc44
Update description: Version 0.17.0 - 2026-07-01 Security
  • Fix size_t overflow in amqp_decode_bytes bounds check leading to out-of-bounds read (GHSA-jgjf-7fwf-f3c7, #888)
  • Fix heap buffer overflow in amqp_frame_to_bytes for oversized body frames (GHSA-hfjv-vcp3-39wh, #892)
Added
  • librabbitmq-tools fall back to the AMQP_URL environment variable when no connection options are given on the command line (#887)
Fixed
  • Fix undefined behavior in amqp_decode_properties when decoding content-header property flags (#883, #885)
  • Fix ioctlsocket type mismatch on Windows (#890)
  • Document buffer lifetime requirement of amqp_decode_table's encoded buffer to prevent use-after-free misuse (#895)
Changed
  • librabbitmq-tools now enable default SSL certificate verification paths unless --no-default-cert-paths is passed (fixes #868, #893)
  • Building the tools now requires POPT v1.14 or newer (#889)

composer-2.10.2-1.el9

5 days 6 hours ago
FEDORA-EPEL-2026-1e765d4f0c Packages in this update:
  • composer-2.10.2-1.el9
Update description: Version 2.10.2 - 2026-07-01
  • Security: Validate package names (GHSA-499r-g7pc-vmp9)
  • Security: Validate package bin paths against path traversal (GHSA-gjfg-22fp-rrxx)
  • Security: Sanitize URL-embedded usernames/token in verbose output (GHSA-g6xq-892h-64w3)
  • Security: Only follow HTTP redirects from HTTP responses (#12948)
  • Security: Prevent phar metadata unserialization on unsafe PHP versions (#12946)
  • Security: Sanitize JSON parse errors in http responses to avoid leaking response body data (#12959)
  • Added warning output in self-update command when using a soon-to-be EOL version (#12920)
  • Added download retry when a GitHub codeload URL returns a 400 (#12962)
  • Fixed audit command to output the audit result to stdout (#12904)
  • Fixed backspace characters being output to non-decorated output (#12925)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)
  • Fixed provider packages hiding suggestions for the package they provide themselves (#12933)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)

composer-2.10.2-1.el10_3

5 days 6 hours ago
FEDORA-EPEL-2026-6a8ea7a52d Packages in this update:
  • composer-2.10.2-1.el10_3
Update description: Version 2.10.2 - 2026-07-01
  • Security: Validate package names (GHSA-499r-g7pc-vmp9)
  • Security: Validate package bin paths against path traversal (GHSA-gjfg-22fp-rrxx)
  • Security: Sanitize URL-embedded usernames/token in verbose output (GHSA-g6xq-892h-64w3)
  • Security: Only follow HTTP redirects from HTTP responses (#12948)
  • Security: Prevent phar metadata unserialization on unsafe PHP versions (#12946)
  • Security: Sanitize JSON parse errors in http responses to avoid leaking response body data (#12959)
  • Added warning output in self-update command when using a soon-to-be EOL version (#12920)
  • Added download retry when a GitHub codeload URL returns a 400 (#12962)
  • Fixed audit command to output the audit result to stdout (#12904)
  • Fixed backspace characters being output to non-decorated output (#12925)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)
  • Fixed provider packages hiding suggestions for the package they provide themselves (#12933)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)

composer-2.10.2-1.fc44

5 days 6 hours ago
FEDORA-2026-22ba02bee3 Packages in this update:
  • composer-2.10.2-1.fc44
Update description: Version 2.10.2 - 2026-07-01
  • Security: Validate package names (GHSA-499r-g7pc-vmp9)
  • Security: Validate package bin paths against path traversal (GHSA-gjfg-22fp-rrxx)
  • Security: Sanitize URL-embedded usernames/token in verbose output (GHSA-g6xq-892h-64w3)
  • Security: Only follow HTTP redirects from HTTP responses (#12948)
  • Security: Prevent phar metadata unserialization on unsafe PHP versions (#12946)
  • Security: Sanitize JSON parse errors in http responses to avoid leaking response body data (#12959)
  • Added warning output in self-update command when using a soon-to-be EOL version (#12920)
  • Added download retry when a GitHub codeload URL returns a 400 (#12962)
  • Fixed audit command to output the audit result to stdout (#12904)
  • Fixed backspace characters being output to non-decorated output (#12925)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)
  • Fixed provider packages hiding suggestions for the package they provide themselves (#12933)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)

composer-2.10.2-1.fc43

5 days 6 hours ago
FEDORA-2026-3017b1bec1 Packages in this update:
  • composer-2.10.2-1.fc43
Update description: Version 2.10.2 - 2026-07-01
  • Security: Validate package names (GHSA-499r-g7pc-vmp9)
  • Security: Validate package bin paths against path traversal (GHSA-gjfg-22fp-rrxx)
  • Security: Sanitize URL-embedded usernames/token in verbose output (GHSA-g6xq-892h-64w3)
  • Security: Only follow HTTP redirects from HTTP responses (#12948)
  • Security: Prevent phar metadata unserialization on unsafe PHP versions (#12946)
  • Security: Sanitize JSON parse errors in http responses to avoid leaking response body data (#12959)
  • Added warning output in self-update command when using a soon-to-be EOL version (#12920)
  • Added download retry when a GitHub codeload URL returns a 400 (#12962)
  • Fixed audit command to output the audit result to stdout (#12904)
  • Fixed backspace characters being output to non-decorated output (#12925)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)
  • Fixed provider packages hiding suggestions for the package they provide themselves (#12933)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)

composer-2.10.2-1.el10_2

5 days 6 hours ago
FEDORA-EPEL-2026-084df34b74 Packages in this update:
  • composer-2.10.2-1.el10_2
Update description: Version 2.10.2 - 2026-07-01
  • Security: Validate package names (GHSA-499r-g7pc-vmp9)
  • Security: Validate package bin paths against path traversal (GHSA-gjfg-22fp-rrxx)
  • Security: Sanitize URL-embedded usernames/token in verbose output (GHSA-g6xq-892h-64w3)
  • Security: Only follow HTTP redirects from HTTP responses (#12948)
  • Security: Prevent phar metadata unserialization on unsafe PHP versions (#12946)
  • Security: Sanitize JSON parse errors in http responses to avoid leaking response body data (#12959)
  • Added warning output in self-update command when using a soon-to-be EOL version (#12920)
  • Added download retry when a GitHub codeload URL returns a 400 (#12962)
  • Fixed audit command to output the audit result to stdout (#12904)
  • Fixed backspace characters being output to non-decorated output (#12925)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)
  • Fixed provider packages hiding suggestions for the package they provide themselves (#12933)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)
Checked
48 minutes 13 seconds ago