Fedora Security Advisories

• strongswan-6.0.6-1.el8

Update to 6.0.6 to fix a bunch of security issues: CVE-2026-25075, CVE-2026-35328, CVE-2026-35329, CVE-2026-35330, CVE-2026-35331, CVE-2026-35332, CVE-2026-35333, CVE-2026-35334, CVE-2026-25075, CVE-2025-9615, CVE-2025-62291

• perl-Cpanel-JSON-XS-4.41-1.el8

This update addresses a number of bugs including these security issues:

• Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
• Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)

• perl-Cpanel-JSON-XS-4.41-1.el9

This update addresses a number of bugs including these security issues:

• Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
• Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)

• perl-Cpanel-JSON-XS-4.41-1.fc43

This update addresses a number of bugs including these security issues:

• Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
• Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)

• perl-Cpanel-JSON-XS-4.41-1.el10_3

This update addresses a number of bugs including these security issues:

• Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
• Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)

• perl-Cpanel-JSON-XS-4.41-1.el10_2

This update addresses a number of bugs including these security issues:

• Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
• Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)

• perl-Cpanel-JSON-XS-4.41-1.fc44

This update addresses a number of bugs including these security issues:

• Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
• Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)

• rubygem-yard-0.9.37-5.fc43

Backport 0.9.41 / 0.9.44 fixes for possible path traversal issues

• rubygem-yard-0.9.40-2.fc44

Backport 0.9.41 / 0.9.44 fixes for possible path traversal issues

• strongswan-6.0.6-1.el9

Update to 6.0.6 to fix CVE-2026-35328, CVE-2026-35329, CVE-2026-35330, CVE-2026-35331, CVE-2026-35332, CVE-2026-35333, CVE-2026-35334, CVE-2026-25075, CVE-2025-9615, CVE-2025-62291

• rust-sequoia-cert-store-0.7.3-1.fc43
• rust-sequoia-chameleon-gnupg-0.13.1-13.fc43
• rust-sequoia-octopus-librnp-1.11.1-7.fc43
• rust-sequoia-sop-0.37.3-4.fc43
• rust-sequoia-sq-1.3.1-12.fc43
• rust-sequoia-wot-0.15.2-1.fc43

• Update the sequoia-wot crate to version 0.15.2.
• Update the sequoia-keystore crate to version 0.7.3.

This includes a rebuild of all dependent applications to address three low-severity security vulnerabilities in sequoia-wot:

• https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/77605b2f
• https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/81210321
• https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/dd2ffb50

• rust-sequoia-cert-store-0.7.3-1.fc44
• rust-sequoia-chameleon-gnupg-0.13.1-13.fc44
• rust-sequoia-octopus-librnp-1.11.1-7.fc44
• rust-sequoia-sop-0.37.3-4.fc44
• rust-sequoia-sq-1.3.1-12.fc44
• rust-sequoia-wot-0.15.2-1.fc44

• Update the sequoia-wot crate to version 0.15.2.
• Update the sequoia-keystore crate to version 0.7.3.

This includes a rebuild of all dependent applications to address three low-severity security vulnerabilities in sequoia-wot:

• https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/77605b2f
• https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/81210321
• https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/dd2ffb50

• dolphin-emu-2503a-16.fc45

Automatic update for dolphin-emu-2503a-16.fc45.

• strongswan-6.0.6-1.el10_3

Fixes CVE-2026-35328, CVE-2026-35329, CVE-2026-35330, CVE-2026-35331, CVE-2026-35332, CVE-2026-35333, CVE-2026-35334, CVE-2026-25075, CVE-2025-9615, CVE-2025-62291

• kernel-7.0.10-201.fc44

The 7.0.10-101/201 stable kernel updates contain a number of important fixes across the tree.

• kernel-7.0.10-101.fc43

The 7.0.10-101/201 stable kernel updates contain a number of important fixes across the tree.

• perl-Crypt-Argon2-0.031-1.fc43
• perl-Dist-Build-0.028-1.fc43
• perl-ExtUtils-Builder-0.020-1.fc43
• perl-ExtUtils-Builder-Compiler-0.036-1.fc43

Update to 0.031 #2477035 #2481131 fixes CVE-2026-8463

• perl-Crypt-Argon2-0.031-1.fc44
• perl-Dist-Build-0.028-1.fc44
• perl-ExtUtils-Builder-0.020-1.fc44
• perl-ExtUtils-Builder-Compiler-0.036-1.fc44

Update to 0.031 #2477035 #2481131 fixes CVE-2026-8463

• perl-Crypt-Argon2-0.031-1.fc45
• perl-Dist-Build-0.028-1.fc45
• perl-ExtUtils-Builder-0.020-1.fc45
• perl-ExtUtils-Builder-Compiler-0.036-1.fc45

Update perl-Crypt-Argon2 to 0.031 #2477035 #2481131 fixes CVE-2026-8463

• pie-1.4.5-1.fc44

This release contains vulnerability fixes for the following security advisories:

• GHSA-h842-vjwg-pxxx - Sudo-elevated arbitrary file deletion via extra.pie-installed-binary metadata in UninstallUsingUnlink
• GHSA-pm6p-666q-hvj5 - Sudo-elevated root code execution via TOCTOU between self-update verify and write
• GHSA-f67f-c344-cqqr - PIE self-update accepts any historically-attested pie.phar (rollback gap)
• GHSA-vcv4-gmjc-mxvq - php-ext.build-path traversal escapes PIE's vendor extract directory
• GHSA-8xmh-xrvp-hwrf - WindowsInstall::copyExtraFile lacks destination containment check (Windows-only path traversal)
• GHSA-p4j8-36rr-gjfq - Self-update attestation verification is scoped to --owner=php, not --repo=php/pie