Fedora Security Advisories

FEDORA-2026-f8b0e6c297 Packages in this update:

• kubernetes1.35-1.35.6-1.fc45

Update description:

Automatic update for kubernetes1.35-1.35.6-1.fc45.

Changelog * Fri Jun 12 2026 Bradley G Smith <bradley.g.smith@gmail.com> - 1.35.6-1 - Update to release v1.35.6 - Resolves: rhbz#2467606 - Upstream fixes

FEDORA-2026-18d1f457ba Packages in this update:

• kubernetes1.34-1.34.9-1.fc45

Update description:

Automatic update for kubernetes1.34-1.34.9-1.fc45.

Changelog * Fri Jun 12 2026 Bradley G Smith <bradley.g.smith@gmail.com> - 1.34.9-1 - Update to release v1.34.9 - Resolves: rhbz#2467605 - Upstream fixes

FEDORA-2026-05251d4863 Packages in this update:

• kubernetes1.33-1.33.13-1.fc45

Update description:

Automatic update for kubernetes1.33-1.33.13-1.fc45.

Changelog * Fri Jun 12 2026 Bradley G Smith <bradley.g.smith@gmail.com> - 1.33.13-1 - Update to release 1.33.13 - Resolves: rhbz#2467604 - Upstream fix

FEDORA-2026-bc38ebdf4c Packages in this update:

• mingw-SDL2_image-2.8.12-1.fc43

Update description:

Update to SDL2_image 2.8.12, fixes CVE-2026-35444.

FEDORA-2026-6f328b5020 Packages in this update:

• mingw-SDL2_image-2.8.12-1.fc44

Update description:

Update to SDL2_image 2.8.12, fixes CVE-2026-35444.

FEDORA-EPEL-2026-bc7538a3d7 Packages in this update:

• ImageMagick-6.9.13.50-1.el8

Update description:

Update to 6.9.13.50

Summary

This update fixes several security vulnerabilities, including multiple high-severity CVEs: Security fixes

• CVE-2026-33901 (High) — Heap buffer overflow in the MVG decoder that could result in an out-of-bounds write when processing a crafted image.
• CVE-2026-33908 (High) — Recursive DestroyXMLTree() call with no depth limit causes stack exhaustion when processing deeply nested XML structures, resulting in a Denial of Service (DoS).
• CVE-2026-40310 (High) — Heap out-of-bounds write in the JP2 encoder triggered when a user specifies an invalid sampling index.

Additional security and bug fixes are included in the upstream releases between 6.9.13.25 and 6.9.13.49. See the upstream release history at: https://github.com/ImageMagick/ImageMagick6/releases

FEDORA-EPEL-2026-49c3a0ffa2 Packages in this update:

• ImageMagick-6.9.13.50-1.el9

Update description:

Update to 6.9.13.50

Summary

This update fixes several security vulnerabilities, including multiple high-severity CVEs: Security fixes

• CVE-2026-33901 (High) — Heap buffer overflow in the MVG decoder that could result in an out-of-bounds write when processing a crafted image.
• CVE-2026-33908 (High) — Recursive DestroyXMLTree() call with no depth limit causes stack exhaustion when processing deeply nested XML structures, resulting in a Denial of Service (DoS).
• CVE-2026-40310 (High) — Heap out-of-bounds write in the JP2 encoder triggered when a user specifies an invalid sampling index.

Additional security and bug fixes are included in the upstream releases between 6.9.13.25 and 6.9.13.49. See the upstream release history at: https://github.com/ImageMagick/ImageMagick6/releases

FEDORA-2026-2aa86d411f Packages in this update:

• erlang-cowboy-2.16.1-1.fc43
• erlang-cowlib-2.17.1-1.fc43
• erlang-gun-2.4.1-1.fc43

Update description:

Gun ver. 2.4.1 and its dependencies

New erlang-gun

FEDORA-2026-c17ea7a74d Packages in this update:

• erlang-cowboy-2.16.1-1.fc44
• erlang-cowlib-2.17.1-1.fc44
• erlang-gun-2.4.1-1.fc44

Update description:

Gun ver. 2.4.1 and its dependencies

New erlang-gun

FEDORA-EPEL-2026-c3411b0a11 Packages in this update:

• python3.13-3.13.14-1.el10_2

Update description:

New Python release including bugfixes and security fixes.

FEDORA-EPEL-2026-625598ba74 Packages in this update:

• python3.13-3.13.14-1.el10_3

Update description:

New Python release including bugfixes and security fixes.

FEDORA-EPEL-2026-29b6bdb776 Packages in this update:

• python3.13-3.13.14-1.el9

Update description:

New Python release including bugfixes and security fixes.

FEDORA-2026-a2c583a4ab Packages in this update:

• python3.14-3.14.6-1.fc44
• python3-docs-3.14.6-1.fc44

Update description:

New Python release including bugfixes and security fixes.

FEDORA-2026-2deb979d80 Packages in this update:

• python3.13-3.13.14-1.fc43

Update description:

New Python release including bugfixes and security fixes.

FEDORA-2026-dfc9182263 Packages in this update:

• python3.13-3.13.14-1.fc44

Update description:

New Python version including bugfixes and security fixes.

FEDORA-2026-5b12cc327e Packages in this update:

• perl-Crypt-PBKDF2-0.261630-1.fc44

Update description:

This update addresses a number of security issues:

• Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641)
• Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638)
• Use a constant-time comparison in validate to avoid timing attacks (CVE-2017-20240)

FEDORA-EPEL-2026-02984212ed Packages in this update:

• perl-Crypt-PBKDF2-0.261630-1.el10_3

Update description:

This update addresses a number of security issues:

• Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641)
• Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638)
• Use a constant-time comparison in validate to avoid timing attacks (CVE-2017-20240)

FEDORA-EPEL-2026-ee9885ce31 Packages in this update:

• perl-Crypt-PBKDF2-0.261630-1.el10_2

Update description:

This update addresses a number of security issues:

• Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641)
• Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638)
• Use a constant-time comparison in validate to avoid timing attacks (CVE-2017-20240)

FEDORA-EPEL-2026-c5b8fc5fd2 Packages in this update:

• perl-Crypt-PBKDF2-0.261630-1.el9

Update description:

This update addresses a number of security issues:

• Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641)
• Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638)
• Use a constant-time comparison in validate to avoid timing attacks (CVE-2017-20240)

FEDORA-2026-e8231b773d Packages in this update:

• perl-Crypt-PBKDF2-0.261630-1.fc43

Update description:

This update addresses a number of security issues:

• Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641)
• Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638)
• Use a constant-time comparison in validate to avoid timing attacks (CVE-2017-20240)