Fedora Security Advisories

FEDORA-EPEL-2026-533c3439ba Packages in this update:

• pdns-5.0.5-1.el10_2

Update description:

• Update to 5.0.5
• Fix for CVE-2026-42000, CVE-2026-42001, CVE-2026-42002, CVE-2026-41999, CVE-2026-42396

Security Advisory: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html

FEDORA-2026-a6e5b1263b Packages in this update:

• pdns-5.0.5-1.fc44

Update description:

• Update to 5.0.5
• Fix for CVE-2026-42000, CVE-2026-42001, CVE-2026-42002, CVE-2026-41999, CVE-2026-42396

Security Advisory: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html

FEDORA-2026-6458693037 Packages in this update:

• pdns-5.0.5-1.fc43

Update description:

• Update to 5.0.5
• Fix for CVE-2026-42000, CVE-2026-42001, CVE-2026-42002, CVE-2026-41999, CVE-2026-42396

Security Advisory: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html

FEDORA-EPEL-2026-78a69d7632 Packages in this update:

• perl-Sereal-Decoder-4.018-2.el9

Update description:

This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer.

FEDORA-EPEL-2026-9c8dc0ea44 Packages in this update:

• perl-Sereal-Decoder-4.018-2.el8

Update description:

This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer.

FEDORA-EPEL-2026-daf86178f8 Packages in this update:

• perl-Sereal-5.006-1.el10_3
• perl-Sereal-Decoder-5.006-1.el10_3
• perl-Sereal-Encoder-5.006-1.el10_3

Update description:

This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer.

FEDORA-2026-d275a6eaac Packages in this update:

• docker-compose-5.1.4-1.fc42

Update description:

• Update to release v5.1.4
• Resolves: rhbz#2480186
• Upstream fixes

• Update to release v5.1.3
• Resolves rhbz#2458697
• Resolves CVE-2026-33747: rhbz#2452188, rhbz#2452199
• Resolves CVE-2026-33748: rhbz#2453089
• Upstream fixes

FEDORA-2026-e3757dab23 Packages in this update:

• vim-9.2.506-2.fc43

Update description:

switch to GTK4 for GVim

Fix CVE-2026-46483

FEDORA-2026-951a6725b8 Packages in this update:

• docker-compose-5.1.4-1.fc43

Update description:

• Update to release v5.1.4
• Resolves: rhbz#2480186
• Upstream fixes

• Update to release v5.1.3
• Resolves rhbz#2458697
• Resolves CVE-2026-33747: rhbz#2452188, rhbz#2452199
• Resolves CVE-2026-33748: rhbz#2453089
• Upstream fixes

FEDORA-2026-3316f97296 Packages in this update:

• docker-compose-5.1.4-1.fc44

Update description:

• Update to release v5.1.4
• Resolves: rhbz#2480186
• Upstream fixes

• Update to release v5.1.3
• Resolves rhbz#2458697
• Resolves CVE-2026-33747: rhbz#2452188, rhbz#2452199
• Resolves CVE-2026-33748: rhbz#2453089
• Upstream fixes

FEDORA-2026-1aa6743d40 Packages in this update:

• mapserver-8.6.3-1.fc43

Update description:

Update to mapserver-8.6.3.

FEDORA-2026-5c81faa7bf Packages in this update:

• podofo-1.0.4-1.fc44

Update description:

Update to podof-1.0.4.

FEDORA-2026-19873e3fac Packages in this update:

• podofo-1.0.4-1.fc43

Update description:

Update to podof-1.0.4.

FEDORA-2026-b63645cad6 Packages in this update:

• mingw-qt6-qtsvg-6.10.3-2.fc43

Update description:

Backport fix for CVE-2026-6210.

FEDORA-2026-a8a5f6b41b Packages in this update:

• ansible-13.7.0-1.fc45
• ansible-core-2.20.6-1.fc45

Update description:

Latest Ansible 13

• Close bogus CVEs

FEDORA-2026-3b48ba7dc7 Packages in this update:

• perl-libwww-perl-6.83-1.fc43

Update description:

Changes:

6.83 2026-05-12 11:41:48Z

- LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects (a different scheme, host, or port) to prevent credential leakage to the redirect target. Same-origin redirects retain credentials. Opt out with allow_credentialed_redirects => 1. CVE-2026-8368 reported by Kai Zen; PoC and initial patch by Stig Palmquist. - LWP::UserAgent now refuses https to http redirects by default to prevent leaking remaining request headers and bodies over plaintext. Opt in with allow_downgrade => 1. Related hardening alongside CVE-2026-8368; PoC by Stig Palmquist.

FEDORA-2026-8d1333fb52 Packages in this update:

• perl-libwww-perl-6.83-1.fc44

Update description:

Changes:

6.83 2026-05-12 11:41:48Z

- LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects (a different scheme, host, or port) to prevent credential leakage to the redirect target. Same-origin redirects retain credentials. Opt out with allow_credentialed_redirects => 1. CVE-2026-8368 reported by Kai Zen; PoC and initial patch by Stig Palmquist. - LWP::UserAgent now refuses https to http redirects by default to prevent leaking remaining request headers and bodies over plaintext. Opt in with allow_downgrade => 1. Related hardening alongside CVE-2026-8368; PoC by Stig Palmquist.

FEDORA-EPEL-2026-7c82182eba Packages in this update:

• openbao-2.5.4-1.el8

Update description:

Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808

FEDORA-EPEL-2026-89a3c4993d Packages in this update:

• openbao-2.5.4-1.el9

Update description:

Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808

FEDORA-2026-bf7889aec6 Packages in this update:

• openbao-2.5.4-1.fc44

Update description:

Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808