Fedora Security Advisories

• trafficserver-9.2.13-1.el8

Resolves: CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling

Changes with Apache Traffic Server 9.2.13 #12834 - Make 9.2.x buildable on macOS 26 #12909 - Updating make/configure for hdrrwr lib includes #13038 - 9.2.x: Fix prev_is_cr flag handling in chunked encoding parser #13039 - 9.2.x: HttpSM - make sure we have a valid buffer to write on.

• corosync-3.1.9-4.fc42

Security fix for CVE-2026-35091 and CVE-2026-35092

• corosync-3.1.10-2.fc43

Security fix for CVE-2026-35091 and CVE-2026-35092

• corosync-3.1.10-5.fc44

Security fix for CVE-2026-35091 and CVE-2026-35092

• yarnpkg-1.22.22-18.fc44

Refresh vendor bundle, fixes CVE-2026-4800.

• yarnpkg-1.22.22-18.el10_3

Refresh vendor bundle, fixes CVE-2026-4800.

• yarnpkg-1.22.22-18.fc42

Refresh vendor bundle, fixes CVE-2026-4800.

• yarnpkg-1.22.22-18.el9

Refresh vendor bundle, fixes CVE-2026-4800.

• yarnpkg-1.22.22-18.fc43

Refresh vendor bundle, fixes CVE-2026-4800.

Update vendor bundle.

• mingw-exiv2-0.28.8-1.fc43

Update to exiv2-0.28.8.

• mingw-exiv2-0.28.8-1.fc42

Update to exiv2-0.28.8.

• mingw-exiv2-0.28.8-1.fc44

Update to exiv2-0.28.8.

• mingw-python3-3.11.15-1.fc44

Update to python-3.11.15.

• mingw-python3-3.11.15-1.fc43

Update to python-3.11.15.

• mingw-python3-3.11.15-1.fc42

Update to python-3.11.15.

• mingw-openexr-3.4.8-1.fc44

Update to 3.4.8.

• vim-9.2.280-1.fc42

Security fix for CVE-2026-34714

• vim-9.2.280-1.fc43

patchlevel 280

Security fix for CVE-2026-34714

• libmicrohttpd-1.0.3-1.fc42

Update to 1.0.3-1

• libmicrohttpd-1.0.3-1.fc43

Update to 1.0.3-1