vim-9.2.506-2.fc43
FEDORA-2026-e3757dab23
Packages in this update:
- vim-9.2.506-2.fc43
switch to GTK4 for GVim
Fix CVE-2026-46483
Fedora Security Advisories
docker-compose-5.1.4-1.fc43
FEDORA-2026-951a6725b8
Packages in this update:
- docker-compose-5.1.4-1.fc43
- Update to release v5.1.4
- Resolves: rhbz#2480186
- Upstream fixes
- Update to release v5.1.3
- Resolves rhbz#2458697
- Resolves CVE-2026-33747: rhbz#2452188, rhbz#2452199
- Resolves CVE-2026-33748: rhbz#2453089
- Upstream fixes
docker-compose-5.1.4-1.fc44
FEDORA-2026-3316f97296
Packages in this update:
- docker-compose-5.1.4-1.fc44
- Update to release v5.1.4
- Resolves: rhbz#2480186
- Upstream fixes
- Update to release v5.1.3
- Resolves rhbz#2458697
- Resolves CVE-2026-33747: rhbz#2452188, rhbz#2452199
- Resolves CVE-2026-33748: rhbz#2453089
- Upstream fixes
mapserver-8.6.3-1.fc43
FEDORA-2026-1aa6743d40
Packages in this update:
- mapserver-8.6.3-1.fc43
Update to mapserver-8.6.3.
podofo-1.0.4-1.fc44
FEDORA-2026-5c81faa7bf
Packages in this update:
- podofo-1.0.4-1.fc44
Update to podof-1.0.4.
podofo-1.0.4-1.fc43
FEDORA-2026-19873e3fac
Packages in this update:
- podofo-1.0.4-1.fc43
Update to podof-1.0.4.
mingw-qt6-qtsvg-6.10.3-2.fc43
FEDORA-2026-b63645cad6
Packages in this update:
- mingw-qt6-qtsvg-6.10.3-2.fc43
Backport fix for CVE-2026-6210.
ansible-13.7.0-1.fc45 ansible-core-2.20.6-1.fc45
FEDORA-2026-a8a5f6b41b
Packages in this update:
- ansible-13.7.0-1.fc45
- ansible-core-2.20.6-1.fc45
Latest Ansible 13
- Close bogus CVEs
perl-libwww-perl-6.83-1.fc43
FEDORA-2026-3b48ba7dc7
Packages in this update:
- perl-libwww-perl-6.83-1.fc43
Changes:
6.83 2026-05-12 11:41:48Z
- LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects (a different scheme, host, or port) to prevent credential leakage to the redirect target. Same-origin redirects retain credentials. Opt out with allow_credentialed_redirects => 1. CVE-2026-8368 reported by Kai Zen; PoC and initial patch by Stig Palmquist. - LWP::UserAgent now refuses https to http redirects by default to prevent leaking remaining request headers and bodies over plaintext. Opt in with allow_downgrade => 1. Related hardening alongside CVE-2026-8368; PoC by Stig Palmquist.perl-libwww-perl-6.83-1.fc44
FEDORA-2026-8d1333fb52
Packages in this update:
- perl-libwww-perl-6.83-1.fc44
Changes:
6.83 2026-05-12 11:41:48Z
- LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects (a different scheme, host, or port) to prevent credential leakage to the redirect target. Same-origin redirects retain credentials. Opt out with allow_credentialed_redirects => 1. CVE-2026-8368 reported by Kai Zen; PoC and initial patch by Stig Palmquist. - LWP::UserAgent now refuses https to http redirects by default to prevent leaking remaining request headers and bodies over plaintext. Opt in with allow_downgrade => 1. Related hardening alongside CVE-2026-8368; PoC by Stig Palmquist.openbao-2.5.4-1.el8
FEDORA-EPEL-2026-7c82182eba
Packages in this update:
- openbao-2.5.4-1.el8
Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808
openbao-2.5.4-1.el9
FEDORA-EPEL-2026-89a3c4993d
Packages in this update:
- openbao-2.5.4-1.el9
Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808
openbao-2.5.4-1.fc44
FEDORA-2026-bf7889aec6
Packages in this update:
- openbao-2.5.4-1.fc44
Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808
openbao-2.5.4-1.fc42
FEDORA-2026-b7d009831a
Packages in this update:
- openbao-2.5.4-1.fc42
Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808
openbao-2.5.4-1.el10_3
FEDORA-EPEL-2026-cec027b6af
Packages in this update:
- openbao-2.5.4-1.el10_3
Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808
openbao-2.5.4-1.fc43
FEDORA-2026-d4e8f0a731
Packages in this update:
- openbao-2.5.4-1.fc43
Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808
openbao-2.5.4-1.el10_2
FEDORA-EPEL-2026-cc6a962bcc
Packages in this update:
- openbao-2.5.4-1.el10_2
Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808
libsoup3-3.6.6-8.fc44
FEDORA-2026-ce6cab40ac
Packages in this update:
- libsoup3-3.6.6-8.fc44
Patch for CVE-2026-5119
perl-HTTP-Tiny-0.094-1.fc43
FEDORA-2026-3bfb774625
Packages in this update:
- perl-HTTP-Tiny-0.094-1.fc43
0.094 - fix to prevent invalid characters in all headers, and prevent header smuggling (CVE-2026-7010)
perl-Sereal-5.005-1.fc43 perl-Sereal-Decoder-5.005-1.fc43 perl-Sereal-Encoder-5.005-1.fc43
FEDORA-2026-49c4be8260
Packages in this update:
- perl-Sereal-5.005-1.fc43
- perl-Sereal-Decoder-5.005-1.fc43
- perl-Sereal-Encoder-5.005-1.fc43
This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer.