Fedora Security Advisories

FEDORA-EPEL-2026-82451c4348 Packages in this update:

• objfw-1.5.4-1.el8

Update description:

Update to 1.5.4. Fixes a buffer overflow caused by integer promotion rules in OFBMPImageFormatHandler and OFQOIImageFormatHandler.

Update to 1.5.3

FEDORA-EPEL-2026-9638648de3 Packages in this update:

• objfw-1.5.4-1.el10_3

Update description:

Update to 1.5.4. Fixes a buffer overflow caused by integer promotion rules in OFBMPImageFormatHandler and OFQOIImageFormatHandler.

Update to 1.5.3

FEDORA-2026-dd875b58bb Packages in this update:

• objfw-1.5.4-1.fc43

Update description:

Update to 1.5.4. Fixes a buffer overflow caused by integer promotion rules in OFBMPImageFormatHandler and OFQOIImageFormatHandler.

Update to 1.5.3

FEDORA-2026-c1a5a2ae2e Packages in this update:

• objfw-1.5.4-1.fc42

Update description:

Update to 1.5.4. Fixes a buffer overflow caused by integer promotion rules in OFBMPImageFormatHandler and OFQOIImageFormatHandler.

Update to 1.5.3

FEDORA-EPEL-2026-b7aa3a90db Packages in this update:

• perl-Crypt-PasswdMD5-1.4.3-1.el10_2

Update description:

This update uses a cryptographically strong random number source rather than perl's rand() function to generate random salt values when required (CVE-2026-6659)

FEDORA-EPEL-2026-aeb533f7cc Packages in this update:

• perl-Crypt-PasswdMD5-1.4.3-1.el10_3

Update description:

This update uses a cryptographically strong random number source rather than perl's rand() function to generate random salt values when required (CVE-2026-6659)

FEDORA-EPEL-2026-44e2e43519 Packages in this update:

• perl-Crypt-PasswdMD5-1.4.3-1.el9

Update description:

This update uses a cryptographically strong random number source rather than perl's rand() function to generate random salt values when required (CVE-2026-6659)

FEDORA-2026-96c8ae7dbe Packages in this update:

• perl-Crypt-PasswdMD5-1.4.3-1.fc43

Update description:

This update uses a cryptographically strong random number source rather than perl's rand() function to generate random salt values when required (CVE-2026-6659)

FEDORA-2026-30d86fe986 Packages in this update:

• perl-Crypt-PasswdMD5-1.4.3-1.fc44

Update description:

This update uses a cryptographically strong random number source rather than perl's rand() function to generate random salt values when required (CVE-2026-6659)

FEDORA-EPEL-2026-cabae86b4e Packages in this update:

• perl-Crypt-PasswdMD5-1.4.3-1.el8

Update description:

This update uses a cryptographically strong random number source rather than perl's rand() function to generate random salt values when required (CVE-2026-6659)

FEDORA-2026-5f1dfcb5c8 Packages in this update:

• perl-Crypt-PasswdMD5-1.4.3-1.fc45

Update description:

Automatic update for perl-Crypt-PasswdMD5-1.4.3-1.fc45.

Changelog * Sat May 23 2026 Paul Howarth <paul@city-fan.org> - 1.4.3-1 - Update to 1.43 - Replace use of the cryptographically weak rand() function with the much stronger Crypt::URandom::urandom() (GH#3, CVE-2026-6659, rhbz#2479575) - Add Encode, Exporter, ExtUtils::MakeMaker to Makefile.PL - Add files AI_POLICY.md and SECURITY.md

FEDORA-2026-dd9cd16b18 Packages in this update:

• nginx-1.30.2-1.fc43
• nginx-mod-brotli-1.0.0~rc-10.fc43
• nginx-mod-fancyindex-0.6.0-5.fc43
• nginx-mod-headers-more-0.39-10.fc43
• nginx-mod-modsecurity-1.0.4-11.fc43
• nginx-mod-naxsi-1.6-18.fc43
• nginx-mod-vts-0.2.4-10.fc43

Update description:

nginx-mod-brotli:

• Rebuild for 1.30.2

nginx-mod-fancyindex:

• Rebuild for 1.30.2

nginx-mod-naxsi:

• Rebuild for 1.30.2

nginx-mod-headers-more:

• Rebuild for 1.30.2

nginx-mod-vts:

• Rebuild for 1.30.2

nginx-mod-modsecurity:

• Rebuild for 1.30.2

nginx:

• update to 1.30.2
• fixes CVE-2026-9256

FEDORA-2026-da68d7bf53 Packages in this update:

• nginx-1.30.2-1.fc44
• nginx-mod-brotli-1.0.0~rc-10.fc44
• nginx-mod-fancyindex-0.6.0-5.fc44
• nginx-mod-headers-more-0.39-10.fc44
• nginx-mod-js-challenge-0^20230517.gitda6852d-8.fc44
• nginx-mod-modsecurity-1.0.4-11.fc44
• nginx-mod-naxsi-1.6-18.fc44
• nginx-mod-vts-0.2.4-10.fc44

Update description:

nginx-mod-headers-more:

• Rebuild for 1.30.2

nginx-mod-vts:

• Rebuild for 1.30.2

nginx-mod-fancyindex:

• Rebuild for 1.30.2

nginx-mod-brotli:

• Rebuild for 1.30.2

nginx-mod-naxsi:

• Rebuild for 1.30.2

nginx-mod-js-challenge:

• Rebuild for 1.30.2

nginx-mod-modsecurity:

• Rebuild for 1.30.2

nginx:

• update to 1.30.2
• fixes CVE-2026-9256

FEDORA-EPEL-2026-cb90c89045 Packages in this update:

• netatalk-4.4.3-1.el10_2

Update description:

4.4.3 release

FEDORA-EPEL-2026-b4a86bd068 Packages in this update:

• netatalk-4.4.3-1.el10_3

Update description:

4.4.3 Release

FEDORA-2026-9fd50b2ff1 Packages in this update:

• netatalk-4.4.3-1.fc43

Update description:

4.4.3 Release

FEDORA-2026-e7e7bb2417 Packages in this update:

• netatalk-4.4.3-1.fc44

Update description:

4.4.3 Release

FEDORA-EPEL-2026-e7b8776a02 Packages in this update:

• libssh2-1.11.1-6.el9

Update description:

This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.

FEDORA-EPEL-2026-afcb3443a1 Packages in this update:

• libssh2-1.11.1-6.el10_2

Update description:

This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.

FEDORA-EPEL-2026-afd26ad447 Packages in this update:

• libssh2-1.11.1-6.el10_3

Update description:

This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.