Fedora Security Advisories

FEDORA-2026-6af8517b94 Packages in this update:

• xrdp-0.10.6-2.fc42

Update description:

Close TCP socket in default configuration, because we want just Unix domain socket connections to Xvnc.

FEDORA-EPEL-2026-8d69cba26b Packages in this update:

• xrdp-0.10.6-2.el9

Update description:

Close TCP socket in default configuration, because we want just Unix domain socket connections to Xvnc.

FEDORA-2026-8aeca78af9 Packages in this update:

• xrdp-0.10.6-2.fc43

Update description:

Close TCP socket in default configuration, because we want just Unix domain socket connections to Xvnc.

FEDORA-EPEL-2026-cf191f562d Packages in this update:

• xrdp-0.10.6-2.el8

Update description:

Close TCP socket in default configuration, because we want just Unix domain socket connections to Xvnc.

FEDORA-2026-5d9b0e2c17 Packages in this update:

• haveged-1.9.22-1.fc43

Update description:

Update to 1.9.22 — fix systemd sandboxing: add ReadWritePaths=/dev/shm for semaphore creation

Backport fix for CVE-2026-41054: privilege escalation via command socket

FEDORA-2026-8fa79f47e1 Packages in this update:

• haveged-1.9.22-1.fc42

Update description:

Update to 1.9.22 — fix systemd sandboxing: add ReadWritePaths=/dev/shm for semaphore creation

Backport fix for CVE-2026-41054: privilege escalation via command socket

FEDORA-2026-66bba52149 Packages in this update:

• kernel-7.0.9-205.fc44

Update description:

The 7.0.9-105/205 stable kernel updates contain a couple if important security fixes.

FEDORA-2026-94731f4ace Packages in this update:

• kernel-7.0.9-105.fc43

Update description:

The 7.0.9-105/205 stable kernel updates contain a couple if important security fixes.

FEDORA-2026-b626e83a45 Packages in this update:

• bind-9.18.49-1.fc43
• bind-dyndb-ldap-11.11-13.fc43

Update description: Update to 9.18.49 (rhbz#2480121) Security Fixes:

• Limit resolver server list size. (CVE-2026-3592)
• Fix GSS-API resource leak. (CVE-2026-3039)
• Disable recursion, UPDATE, and NOTIFY for non-IN views. (CVE-2026-5946)
• Avoid unbounded recursion loop. (CVE-2026-5950)
• Fix outgoing zone transfers' quota issue.

Feature Changes:

• Fix CPU spikes and slow queries when cache approaches memory limit.

Bug Fixes:

• Fix named crash when processing SIG records in dynamic updates.
• Fix rndc modzone behavior for a zone in named.conf.
• Fix zone verification of NSEC3 signed zones.
• Prevent a crash when using both dns64 and filter-aaaa.
• Fixed an assertion failure when processing catalog zones.
• Prevent malicious DNSSEC zones from exhausting validator CPU.
• Fix rndc-confgen aborting on HMAC-SHA-384/512 keys above 512 bits.
• Prevent crafted queries from degrading RRL performance.
• Fix a bug in allow-query/allow-transfer catalog zone custom properties.
• Fix a memory leak issue in catalog zones.
• Fix suppressed missing-glue check in named-checkzone.
• Reject record sets too large to serve in DNS.

Source: https://downloads.isc.org/isc/bind9/9.18.49/doc/arm/html/notes.html#notes-for-bind-9-18-49

FEDORA-2026-411248c8d9 Packages in this update:

• bind-9.18.49-1.fc44
• bind-dyndb-ldap-11.11-15.fc44

Update description: Update to 9.18.49 (rhbz#2480121) Security Fixes:

• Limit resolver server list size. (CVE-2026-3592)
• Fix GSS-API resource leak. (CVE-2026-3039)
• Disable recursion, UPDATE, and NOTIFY for non-IN views. (CVE-2026-5946)
• Avoid unbounded recursion loop. (CVE-2026-5950)
• Fix outgoing zone transfers' quota issue.

Feature Changes:

• Fix CPU spikes and slow queries when cache approaches memory limit.

Bug Fixes:

• Fix named crash when processing SIG records in dynamic updates.
• Fix rndc modzone behavior for a zone in named.conf.
• Fix zone verification of NSEC3 signed zones.
• Prevent a crash when using both dns64 and filter-aaaa.
• Fixed an assertion failure when processing catalog zones.
• Prevent malicious DNSSEC zones from exhausting validator CPU.
• Fix rndc-confgen aborting on HMAC-SHA-384/512 keys above 512 bits.
• Prevent crafted queries from degrading RRL performance.
• Fix a bug in allow-query/allow-transfer catalog zone custom properties.
• Fix a memory leak issue in catalog zones.
• Fix suppressed missing-glue check in named-checkzone.
• Reject record sets too large to serve in DNS.

Source: https://downloads.isc.org/isc/bind9/9.18.49/doc/arm/html/notes.html#notes-for-bind-9-18-49

FEDORA-EPEL-2026-86e966dca4 Packages in this update:

• pdns-5.0.5-1.el10_3

Update description:

• Update to 5.0.5
• Fix for CVE-2026-42000, CVE-2026-42001, CVE-2026-42002, CVE-2026-41999, CVE-2026-42396

Security Advisory: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html

FEDORA-EPEL-2026-533c3439ba Packages in this update:

• pdns-5.0.5-1.el10_2

Update description:

• Update to 5.0.5
• Fix for CVE-2026-42000, CVE-2026-42001, CVE-2026-42002, CVE-2026-41999, CVE-2026-42396

Security Advisory: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html

FEDORA-2026-a6e5b1263b Packages in this update:

• pdns-5.0.5-1.fc44

Update description:

• Update to 5.0.5
• Fix for CVE-2026-42000, CVE-2026-42001, CVE-2026-42002, CVE-2026-41999, CVE-2026-42396

Security Advisory: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html

FEDORA-2026-6458693037 Packages in this update:

• pdns-5.0.5-1.fc43

Update description:

• Update to 5.0.5
• Fix for CVE-2026-42000, CVE-2026-42001, CVE-2026-42002, CVE-2026-41999, CVE-2026-42396

Security Advisory: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html

FEDORA-EPEL-2026-78a69d7632 Packages in this update:

• perl-Sereal-Decoder-4.018-2.el9

Update description:

This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer.

FEDORA-EPEL-2026-9c8dc0ea44 Packages in this update:

• perl-Sereal-Decoder-4.018-2.el8

Update description:

This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer.

FEDORA-EPEL-2026-daf86178f8 Packages in this update:

• perl-Sereal-5.006-1.el10_3
• perl-Sereal-Decoder-5.006-1.el10_3
• perl-Sereal-Encoder-5.006-1.el10_3

Update description:

This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer.

FEDORA-2026-d275a6eaac Packages in this update:

• docker-compose-5.1.4-1.fc42

Update description:

• Update to release v5.1.4
• Resolves: rhbz#2480186
• Upstream fixes

• Update to release v5.1.3
• Resolves rhbz#2458697
• Resolves CVE-2026-33747: rhbz#2452188, rhbz#2452199
• Resolves CVE-2026-33748: rhbz#2453089
• Upstream fixes

FEDORA-2026-e3757dab23 Packages in this update:

• vim-9.2.506-2.fc43

Update description:

switch to GTK4 for GVim

Fix CVE-2026-46483

FEDORA-2026-951a6725b8 Packages in this update:

• docker-compose-5.1.4-1.fc43

Update description:

• Update to release v5.1.4
• Resolves: rhbz#2480186
• Upstream fixes

• Update to release v5.1.3
• Resolves rhbz#2458697
• Resolves CVE-2026-33747: rhbz#2452188, rhbz#2452199
• Resolves CVE-2026-33748: rhbz#2453089
• Upstream fixes