Fedora Security Advisories

ansible-collection-ansible-posix-2.2.1-1.fc45

4 days 9 hours ago
FEDORA-2026-4a0c61a43f Packages in this update:
  • ansible-collection-ansible-posix-2.2.1-1.fc45
Update description:

Automatic update for ansible-collection-ansible-posix-2.2.1-1.fc45.

Changelog * Wed Jul 8 2026 Maxwell G <maxwell@gtmx.me> - 2.2.1-1 - Update to 2.2.1. Fixes rhbz#2479556. - Mitigates CVE-2026-11837 (rhbz#2487430, rhbz#2487431, rhbz#2487432)

c-ares-1.34.7-1.fc43

4 days 18 hours ago
FEDORA-2026-727e84b289 Packages in this update:
  • c-ares-1.34.7-1.fc43
Update description:
  • update to 1.34.7
  • fixes CVE-2026-33630 (GHSA-6wfj-rwm7-3542) and GHSA-pjmc-gx33-gc76 and GHSA-jv8r-gqr9-68wj

c-ares-1.34.7-1.fc44

4 days 18 hours ago
FEDORA-2026-950a662010 Packages in this update:
  • c-ares-1.34.7-1.fc44
Update description:
  • update to 1.34.7
  • fixes CVE-2026-33630 (GHSA-6wfj-rwm7-3542) and GHSA-pjmc-gx33-gc76 and GHSA-jv8r-gqr9-68wj

openssh-10.2p1-12.fc44

4 days 20 hours ago
FEDORA-2026-a80275b42d Packages in this update:
  • openssh-10.2p1-12.fc44
Update description:

Improve GSS KEX algorithms documentation

  • CVE-2026-55653: Fix double free in openssh DH-GEX client path during FIPS known-group validation that leads to client-side denial of service
  • CVE-2026-55654: Fix heap out-of-bounds read during GSSAPI indicator cleanup due to missing NULL terminator
  • CVE-2026-55655: Fix MITM of X11 forwarding via abstract UNIX socket pre-binding

openssh-10.2p1-11.fc44

4 days 21 hours ago
FEDORA-2026-a2c682a975 Packages in this update:
  • openssh-10.2p1-11.fc44
Update description:
  • CVE-2026-55653: Fix double free in openssh DH-GEX client path during FIPS known-group validation that leads to client-side denial of service
  • CVE-2026-55654: Fix heap out-of-bounds read during GSSAPI indicator cleanup due to missing NULL terminator
  • CVE-2026-55655: Fix MITM of X11 forwarding via abstract UNIX socket pre-binding

openssh-10.0p1-10.fc43

4 days 21 hours ago
FEDORA-2026-95b955a09b Packages in this update:
  • openssh-10.0p1-10.fc43
Update description:
  • CVE-2026-55653: Fix double free in openssh DH-GEX client path during FIPS known-group validation that leads to client-side denial of service
  • CVE-2026-55654: Fix heap out-of-bounds read during GSSAPI indicator cleanup due to missing NULL terminator
  • CVE-2026-55655: Fix MITM of X11 forwarding via abstract UNIX socket pre-binding

perl-Imager-1.033-1.fc43

4 days 22 hours ago
FEDORA-2026-38f958d25a Packages in this update:
  • perl-Imager-1.033-1.fc43
Update description:

1.033 - CVE-2026-14454: Fix mishandling of large EXIF IFD entry count values — treated as negative numbers, could lead to allocation failure and program exit - JPEG: depend on Imager 1.033 for the EXIF fix - Fix thread context object reference count leak in bumpmap and bumpmap_complex filters - TIFF: fix a leak from processing the TIFF warnings buffer (introduced in Imager 1.021)

perl-Imager-1.033-1.fc44

4 days 22 hours ago
FEDORA-2026-5f5efe281d Packages in this update:
  • perl-Imager-1.033-1.fc44
Update description:

1.033 - CVE-2026-14454: Fix mishandling of large EXIF IFD entry count values — treated as negative numbers, could lead to allocation failure and program exit - JPEG: depend on Imager 1.033 for the EXIF fix - Fix thread context object reference count leak in bumpmap and bumpmap_complex filters - TIFF: fix a leak from processing the TIFF warnings buffer (introduced in Imager 1.021)

xrdp-0.10.6.1-1.fc43

4 days 23 hours ago
FEDORA-2026-bd0a75766f Packages in this update:
  • xrdp-0.10.6.1-1.fc43
Update description: Release notes for xrdp v0.10.6.1 (2026/07/06) General announcements

This release fixes 10 vulnerabilities and 1 regression introduced by a vulnerability fix in the previous release.

If you like xrdp, please consider sponsoring or donating to the project. We accept financial contributions through Open Collective, and direct donations to individual developers via GitHub Sponsors are also welcome.

Security fixes
  • CVE-2026-41252
  • CVE-2026-41521
  • CVE-2026-44178
  • CVE-2026-42218
  • CVE-2026-44978
  • CVE-2026-54538
  • CVE-2026-55238
  • CVE-2026-55626
  • CVE-2026-55639
  • CVE-2026-55645
New features
  • None
Bug fixes
  • regression: Fix SEGV in xrdp when running over TLS (#3793)

xrdp-0.10.6.1-1.fc44

4 days 23 hours ago
FEDORA-2026-05c06fa0a8 Packages in this update:
  • xrdp-0.10.6.1-1.fc44
Update description: Release notes for xrdp v0.10.6.1 (2026/07/06) General announcements

This release fixes 10 vulnerabilities and 1 regression introduced by a vulnerability fix in the previous release.

If you like xrdp, please consider sponsoring or donating to the project. We accept financial contributions through Open Collective, and direct donations to individual developers via GitHub Sponsors are also welcome.

Security fixes
  • CVE-2026-41252
  • CVE-2026-41521
  • CVE-2026-44178
  • CVE-2026-42218
  • CVE-2026-44978
  • CVE-2026-54538
  • CVE-2026-55238
  • CVE-2026-55626
  • CVE-2026-55639
  • CVE-2026-55645
New features
  • None
Bug fixes
  • regression: Fix SEGV in xrdp when running over TLS (#3793)

xrdp-0.10.6.1-1.el9

4 days 23 hours ago
FEDORA-EPEL-2026-329eff5f4b Packages in this update:
  • xrdp-0.10.6.1-1.el9
Update description: Release notes for xrdp v0.10.6.1 (2026/07/06) General announcements

This release fixes 10 vulnerabilities and 1 regression introduced by a vulnerability fix in the previous release.

If you like xrdp, please consider sponsoring or donating to the project. We accept financial contributions through Open Collective, and direct donations to individual developers via GitHub Sponsors are also welcome.

Security fixes
  • CVE-2026-41252
  • CVE-2026-41521
  • CVE-2026-44178
  • CVE-2026-42218
  • CVE-2026-44978
  • CVE-2026-54538
  • CVE-2026-55238
  • CVE-2026-55626
  • CVE-2026-55639
  • CVE-2026-55645
New features
  • None
Bug fixes
  • regression: Fix SEGV in xrdp when running over TLS (#3793)

xrdp-0.10.6.1-1.el8

4 days 23 hours ago
FEDORA-EPEL-2026-85c16c2007 Packages in this update:
  • xrdp-0.10.6.1-1.el8
Update description: Release notes for xrdp v0.10.6.1 (2026/07/06) General announcements

This release fixes 10 vulnerabilities and 1 regression introduced by a vulnerability fix in the previous release.

If you like xrdp, please consider sponsoring or donating to the project. We accept financial contributions through Open Collective, and direct donations to individual developers via GitHub Sponsors are also welcome.

Security fixes
  • CVE-2026-41252
  • CVE-2026-41521
  • CVE-2026-44178
  • CVE-2026-42218
  • CVE-2026-44978
  • CVE-2026-54538
  • CVE-2026-55238
  • CVE-2026-55626
  • CVE-2026-55639
  • CVE-2026-55645
New features
  • None
Bug fixes
  • regression: Fix SEGV in xrdp when running over TLS (#3793)

upower-1.91.3-2.fc43

5 days ago
FEDORA-2026-ce80ea7afe Packages in this update:
  • upower-1.91.3-2.fc43
Update description:

upower 1.91.3:

  • Feature: up-device-battery: Prefer "Standard" over "Fast" charging (!316 (merged), #344 (closed))
  • Fix: Resolve potential leaks (!327 (merged))
  • Fix: Potential out-of-bound access (!328 (merged))
  • Fix: Improve access control (!326 (merged))
  • Fix: Remove unused codes (!329 (merged))
  • Fix: Fix for Asus Battery Charge Threshold Detection (!330 (merged), #347 (closed))

upower-1.91.3-1.fc44

5 days ago
FEDORA-2026-e5305cffc2 Packages in this update:
  • upower-1.91.3-1.fc44
Update description:

upower 1.91.3:

  • Feature: up-device-battery: Prefer "Standard" over "Fast" charging (!316 (merged), #344 (closed))
  • Fix: Resolve potential leaks (!327 (merged))
  • Fix: Potential out-of-bound access (!328 (merged))
  • Fix: Improve access control (!326 (merged))
  • Fix: Remove unused codes (!329 (merged))
  • Fix: Fix for Asus Battery Charge Threshold Detection (!330 (merged), #347 (closed))
Checked
44 minutes 49 seconds ago