openbao-2.5.4-1.el10_2
FEDORA-EPEL-2026-cc6a962bcc
Packages in this update:
- openbao-2.5.4-1.el10_2
Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808
Fedora Security Advisories
libsoup3-3.6.6-8.fc44
FEDORA-2026-ce6cab40ac
Packages in this update:
- libsoup3-3.6.6-8.fc44
Patch for CVE-2026-5119
perl-HTTP-Tiny-0.094-1.fc43
FEDORA-2026-3bfb774625
Packages in this update:
- perl-HTTP-Tiny-0.094-1.fc43
0.094 - fix to prevent invalid characters in all headers, and prevent header smuggling (CVE-2026-7010)
perl-Sereal-5.005-1.fc43 perl-Sereal-Decoder-5.005-1.fc43 perl-Sereal-Encoder-5.005-1.fc43
FEDORA-2026-49c4be8260
Packages in this update:
- perl-Sereal-5.005-1.fc43
- perl-Sereal-Decoder-5.005-1.fc43
- perl-Sereal-Encoder-5.005-1.fc43
This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer.
perl-Sereal-5.005-1.fc44 perl-Sereal-Decoder-5.005-1.fc44 perl-Sereal-Encoder-5.005-1.fc44
FEDORA-2026-26bb3fe2c6
Packages in this update:
- perl-Sereal-5.005-1.fc44
- perl-Sereal-Decoder-5.005-1.fc44
- perl-Sereal-Encoder-5.005-1.fc44
This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer.
cockpit-362-1.fc44
FEDORA-2026-ac9d9c87c8
Packages in this update:
- cockpit-362-1.fc44
Automatic update for cockpit-362-1.fc44.
Changelog for cockpit * Wed May 20 2026 Packit <hello@packit.dev> - 362-1 - Bug fixes and translation updates - Fix arbitrary code execution via specially crafted logs page link (CVE-2026-4802)cockpit-362-1.fc43
FEDORA-2026-58cee40a55
Packages in this update:
- cockpit-362-1.fc43
Automatic update for cockpit-362-1.fc43.
Changelog for cockpit * Wed May 20 2026 Packit <hello@packit.dev> - 362-1 - Bug fixes and translation updates - Fix arbitrary code execution via specially crafted logs page link (CVE-2026-4802)unbound-1.25.1-1.fc44
FEDORA-2026-49f37e16aa
Packages in this update:
- unbound-1.25.1-1.fc44
- Fix CVE-2026-33278, Possible remote code execution during DNSSEC validation. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
- Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, cookie, padding EDNS options. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
- Fix CVE-2026-42959, Crash during DNSSEC validation of malicious content. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
- Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew Griffiths from 'calif.io' for the report.
- Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
- Fix CVE-2026-41292, Parsing a long list of incoming EDNS options degrades performance. Thanks to GitHub user 'N0zoM1z0', also Qifan Zhang from Palo Alto Networks, for the report.
- Fix CVE-2026-42534, Jostle logic bypass degrades resolution performance. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
- Fix CVE-2026-42923, Degradation of service with unbounded NSEC3 hash calculations. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
- Fix CVE-2026-42960, Possible cache poisoning attack while following delegation. Thanks to TaoFei Guo from Peking University, Yang Luo and JianJun Chen, Tsinghua University, for the report.
- Fix CVE-2026-44390, Unbounded name compression in certain cases causes degradation of service. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
- Fix CVE-2026-44608, Use after free and crash in RPZ code. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Swapped sources signature source number with systemd unit to have them close.
Update to 1.25.0 (rhbz#2463781) Feature changes:- Improved TTL 0 handling
- Reload also certificates on reload if they have changed
- Allow control-interface specification also of port.
- Added new tls-protocols option. Can disable TLS 1.2 explicitly.
And bug fixes.
Remove merged patches.
Source: https://nlnetlabs.nl/projects/unbound/download/#unbound-1-25-0
unbound-1.25.1-1.fc43
FEDORA-2026-3223ded15e
Packages in this update:
- unbound-1.25.1-1.fc43
- Fix CVE-2026-33278, Possible remote code execution during DNSSEC validation. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
- Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, cookie, padding EDNS options. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
- Fix CVE-2026-42959, Crash during DNSSEC validation of malicious content. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
- Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew Griffiths from 'calif.io' for the report.
- Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
- Fix CVE-2026-41292, Parsing a long list of incoming EDNS options degrades performance. Thanks to GitHub user 'N0zoM1z0', also Qifan Zhang from Palo Alto Networks, for the report.
- Fix CVE-2026-42534, Jostle logic bypass degrades resolution performance. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
- Fix CVE-2026-42923, Degradation of service with unbounded NSEC3 hash calculations. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
- Fix CVE-2026-42960, Possible cache poisoning attack while following delegation. Thanks to TaoFei Guo from Peking University, Yang Luo and JianJun Chen, Tsinghua University, for the report.
- Fix CVE-2026-44390, Unbounded name compression in certain cases causes degradation of service. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
- Fix CVE-2026-44608, Use after free and crash in RPZ code. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Swapped sources signature source number with systemd unit to have them close.
CImg-3.7.6-2.fc43 gmic-3.7.6-3.fc43
FEDORA-2026-86596f9cbc
Packages in this update:
- CImg-3.7.6-2.fc43
- gmic-3.7.6-3.fc43
bump version + fix two cves
perl-HTTP-Tiny-0.094-1.fc44
FEDORA-2026-703a749924
Packages in this update:
- perl-HTTP-Tiny-0.094-1.fc44
0.094 - fix to prevent invalid characters in all headers, and prevent header smuggling (CVE-2026-7010)
firefox-151.0-2.fc44
FEDORA-2026-f3409cf313
Packages in this update:
- firefox-151.0-2.fc44
Updated to latest upstream (151.0)
haveged-1.9.21-1.fc43
FEDORA-2026-43e2722e8f
Packages in this update:
- haveged-1.9.21-1.fc43
Backport fix for CVE-2026-41054: privilege escalation via command socket
haveged-1.9.21-1.fc44
FEDORA-2026-12643837bd
Packages in this update:
- haveged-1.9.21-1.fc44
Backport fix for CVE-2026-41054: privilege escalation via command socket
haveged-1.9.21-1.fc42
FEDORA-2026-7fcffd5c31
Packages in this update:
- haveged-1.9.21-1.fc42
Backport fix for CVE-2026-41054: privilege escalation via command socket
haveged-1.9.21-1.el10_2
FEDORA-EPEL-2026-ca77194ac0
Packages in this update:
- haveged-1.9.21-1.el10_2
Backport fix for CVE-2026-41054: privilege escalation via command socket
haveged-1.9.21-1.el10_3
FEDORA-EPEL-2026-b3a94630f0
Packages in this update:
- haveged-1.9.21-1.el10_3
Backport fix for CVE-2026-41054: privilege escalation via command socket
haveged-1.9.21-1.el9
FEDORA-EPEL-2026-efe6be3dfa
Packages in this update:
- haveged-1.9.21-1.el9
Backport fix for CVE-2026-41054: privilege escalation via command socket
haveged-1.9.14-2.el8
FEDORA-EPEL-2026-56fb074420
Packages in this update:
- haveged-1.9.14-2.el8
Backport fix for CVE-2026-41054: privilege escalation via command socket
kernel-7.0.9-104.fc43
FEDORA-2026-3f85a4eba7
Packages in this update:
- kernel-7.0.9-104.fc43
The 7.0.9-104/204 kernels contain a fix for a SKBFL_SHARED_FRAG page-cache corruption vulnerability as well as some mitigations for PinTheft