Fedora Security Advisories

FEDORA-2026-05d833765a Packages in this update:

• python3.12-3.12.13-1.fc44

Update description:

Update to 3.12.13

Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367

FEDORA-2026-2350c6fd8c Packages in this update:

• dr_libs-0^20241216git660795b-4.fc42

Update description:

Backport the fix for CVE-2026-29022

FEDORA-2026-6888affe44 Packages in this update:

• strongswan-6.0.4-2.fc43

Update description:

Update to address CVE-2025-9615 and CVE-2025-62291

FEDORA-2026-154efc6066 Packages in this update:

• python-lxml-html-clean-0.4.4-1.fc42

Update description:

Security update for python-lxml-html-clean

FEDORA-2026-f46fc594f3 Packages in this update:

• python-lxml-html-clean-0.4.4-1.fc44

Update description:

Security update for python-lxml-html-clean

FEDORA-2026-fdded962b2 Packages in this update:

• python-lxml-html-clean-0.4.4-1.fc43

Update description:

Security update for python-lxml-html-clean

FEDORA-EPEL-2026-8a5d339569 Packages in this update:

• xq-1.4.0-2.el10_3

Update description:

Update to 1.4.0

FEDORA-EPEL-2026-830cb46951 Packages in this update:

• xq-1.4.0-2.el10_1

Update description:

Update to 1.4.0

FEDORA-EPEL-2026-a96c428ab5 Packages in this update:

• xq-1.4.0-2.el10_2

Update description:

Update to 1.4.0

FEDORA-2026-3481aa745b Packages in this update:

• xq-1.4.0-2.fc42

Update description:

Update to 1.4.0

FEDORA-2026-f8e0af09af Packages in this update:

• xq-1.4.0-2.fc43

Update description:

Update to 1.4.0

FEDORA-EPEL-2026-dcca0faa1b Packages in this update:

• xq-1.4.0-2.el9

Update description:

Update to 1.4.0

FEDORA-2026-4bf819dfdb Packages in this update:

• dr_libs-0^20260302.fa931f3-2.fc42

Update description: dr_flac v0.13.3 - 2026-01-17

• Fix a compiler compatibility issue with some inlined assembly.
• Fix a compilation warning.

dr_mp3 v0.7.3 - 2026-01-17

• Fix an error in drmp3_open_and_read_pcm_frames_s16() and family when memory allocation fails.
• Fix some compilation warnings.

dr_wav v0.14.5 - 2026-03-03

• Fix a crash when loading files with a malformed "smpl" chunk.
• Fix a signed overflow bug with the MS-ADPCM decoder.

v0.14.4 - 2026-01-17

• Fix some compilation warnings.

FEDORA-2026-d1d665c9d5 Packages in this update:

• dr_libs-0^20260302.fa931f3-2.fc43

Update description: dr_flac v0.13.3 - 2026-01-17

• Fix a compiler compatibility issue with some inlined assembly.
• Fix a compilation warning.

dr_mp3 v0.7.3 - 2026-01-17

• Fix an error in drmp3_open_and_read_pcm_frames_s16() and family when memory allocation fails.
• Fix some compilation warnings.

dr_wav v0.14.5 - 2026-03-03

• Fix a crash when loading files with a malformed "smpl" chunk.
• Fix a signed overflow bug with the MS-ADPCM decoder.

v0.14.4 - 2026-01-17

• Fix some compilation warnings.

FEDORA-2026-c2889d2725 Packages in this update:

• dr_libs-0^20260302.fa931f3-2.fc44

Update description: dr_flac v0.13.3 - 2026-01-17

• Fix a compiler compatibility issue with some inlined assembly.
• Fix a compilation warning.

dr_mp3 v0.7.3 - 2026-01-17

• Fix an error in drmp3_open_and_read_pcm_frames_s16() and family when memory allocation fails.
• Fix some compilation warnings.

dr_wav v0.14.5 - 2026-03-03

• Fix a crash when loading files with a malformed "smpl" chunk.
• Fix a signed overflow bug with the MS-ADPCM decoder.

v0.14.4 - 2026-01-17

• Fix some compilation warnings.

FEDORA-2026-c0123ede74 Packages in this update:

• perl-Crypt-SysRandom-XS-0.011-1.fc42

Update description:

0.011 - Update data pointer on resize for rdrand; Clean up string length handling 0.010 - Disallow requesting strings with negative lengths CVE-2026-2597; Try arc4random in stdlib.h first; Correct value of PROTOTYPES keyword in XS

FEDORA-2026-7b9874a01f Packages in this update:

• perl-Crypt-SysRandom-XS-0.011-1.fc43

Update description:

0.011 - Update data pointer on resize for rdrand; Clean up string length handling 0.010 - Disallow requesting strings with negative lengths CVE-2026-2597; Try arc4random in stdlib.h first; Correct value of PROTOTYPES keyword in XS

FEDORA-2026-151bfcc2af Packages in this update:

• matrix-synapse-1.147.1-1.fc43
• rust-pythonize-0.27.0-1.fc43

Update description:

Update matrix-synapse to v1.147.1

FEDORA-EPEL-2026-19279ff82c Packages in this update:

• perl-Net-CIDR-0.27-1.el9

Update description:

This update fixes handling of leading zeroes.

The functions addr2cidr and cidrlookup may return leading zeros in a CIDR string, which may in turn be parsed as octal numbers by subsequent users. In some cases an attacker may be able to leverage this to bypass access controls based on IP addresses.

FEDORA-EPEL-2026-c2d409a4ce Packages in this update:

• perl-Net-CIDR-0.27-1.el10_1

Update description:

This update fixes handling of leading zeroes.

The functions addr2cidr and cidrlookup may return leading zeros in a CIDR string, which may in turn be parsed as octal numbers by subsequent users. In some cases an attacker may be able to leverage this to bypass access controls based on IP addresses.