dnsdist-2.0.3-1.fc43
FEDORA-2026-6cae4711b3
Packages in this update:
- dnsdist-2.0.3-1.fc43
Update to latest upstream
Aggregator
next-20260401: linux-next
Version:next-20260401 (linux-next)
Released:2026-04-01
USN-8139-1: cargo-c vulnerability
It was discovered that tar-rs embedded in cargo-c incorrectly handled
symlinks when unpacking a tar archive. If a user or automated system were
tricked into processing a specially crafted tar archive, a remote attacker
could use this issue to modify permissions of arbitrary directories outside
the extraction root, and possibly escalate privileges.
USN-8138-1: tar-rs vulnerability
It was discovered that tar-rs incorrectly handled symlinks when unpacking a
tar archive. If a user or automated system were tricked into processing a
specially crafted tar archive, a remote attacker could use this issue to
modify permissions of arbitrary directories outside the extraction root,
and possibly escalate privileges.
util-linux-2.41.4-7.fc44
FEDORA-2026-67cf3d6cca
Packages in this update:
- util-linux-2.41.4-7.fc44
upstream update, fixes security-related bugs
CVE-2026-27456 - mount(8) TOCTOU symlink attack via loop device. The SUID mount follows symlinks when resolving loop backing file paths. On systems where non-root users are permitted to mount loop devices (via 'user' option in fstab), this allows access to arbitrary files.
CWE-190 - Integer overflow in libblkid parse_dos_extended(). A crafted MBR disk image can cause uint32_t wraparound in EBR chain processing, causing reported partitions to not match the on-disk layout. Tools like udisks may then register a partition at logical sector 0.
util-linux-2.41.4-7.fc43
FEDORA-2026-840b40ef4c
Packages in this update:
- util-linux-2.41.4-7.fc43
upstream update, fixes security-related bugs
CVE-2026-27456 - mount(8) TOCTOU symlink attack via loop device. The SUID mount follows symlinks when resolving loop backing file paths. On systems where non-root users are permitted to mount loop devices (via 'user' option in fstab), this allows access to arbitrary files.
CWE-190 - Integer overflow in libblkid parse_dos_extended(). A crafted MBR disk image can cause uint32_t wraparound in EBR chain processing, causing reported partitions to not match the on-disk layout. Tools like udisks may then register a partition at logical sector 0.
doctl-1.154.0-1.fc42
FEDORA-2026-729f84f3b6
Packages in this update:
- doctl-1.154.0-1.fc42
update to 1.154.0
doctl-1.154.0-1.fc43
FEDORA-2026-6ad76ebb29
Packages in this update:
- doctl-1.154.0-1.fc43
update to 1.154.0
doctl-1.154.0-1.fc44
FEDORA-2026-9a360acefb
Packages in this update:
- doctl-1.154.0-1.fc44
update to 1.154.0
fido-device-onboard-0.5.5-8.fc44
FEDORA-2026-9e223ca14f
Packages in this update:
- fido-device-onboard-0.5.5-8.fc44
Automatic update for fido-device-onboard-0.5.5-8.fc44.
Changelog for fido-device-onboard * Wed Apr 01 2026 Peter Robinson <pbrobinson@fedoraproject.org> - 0.5.5-8 - Rebuild for CVE-2026-25727, CVE-2026-33056 * Sun Mar 15 2026 Benjamin A. Beasley <code@musicinmybrain.net> - 0.5.5-7 - In Fedora, update nix dependency from 0.26 to 0.31fido-device-onboard-0.5.5-8.fc43
FEDORA-2026-e6237c2efe
Packages in this update:
- fido-device-onboard-0.5.5-8.fc43
Automatic update for fido-device-onboard-0.5.5-8.fc43.
Changelog for fido-device-onboard * Wed Apr 01 2026 Peter Robinson <pbrobinson@fedoraproject.org> - 0.5.5-8 - Rebuild for CVE-2026-25727, CVE-2026-33056 * Sun Mar 15 2026 Benjamin A. Beasley <code@musicinmybrain.net> - 0.5.5-7 - In Fedora, update nix dependency from 0.26 to 0.31 * Mon Feb 02 2026 Maxwell G <maxwell@gtmx.me> - 0.5.5-6 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 * Fri Jan 16 2026 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Oct 10 2025 Maxwell G <maxwell@gtmx.me> - 0.5.5-4 - Rebuild for golang 1.25.2libpng12-1.2.57-25.fc42
FEDORA-2026-1bf9e14627
Packages in this update:
- libpng12-1.2.57-25.fc42
fix CVE-2026-25646: heap buffer overflow in png_set_quantize
libpng12-1.2.57-25.fc43
FEDORA-2026-0192882589
Packages in this update:
- libpng12-1.2.57-25.fc43
fix CVE-2026-25646: heap buffer overflow in png_set_quantize
libpng12-1.2.57-25.fc44
FEDORA-2026-3adf4e38cb
Packages in this update:
- libpng12-1.2.57-25.fc44
fix CVE-2026-25646: heap buffer overflow in png_set_quantize
libpng15-1.5.30-25.fc43
FEDORA-2026-60fce94678
Packages in this update:
- libpng15-1.5.30-25.fc43
fix CVE-2026-25646: heap buffer overflow in png_set_quantize
libpng15-1.5.30-25.fc42
FEDORA-2026-4e514c1c36
Packages in this update:
- libpng15-1.5.30-25.fc42
fix CVE-2026-25646: heap buffer overflow in png_set_quantize
libpng15-1.5.30-25.fc44
FEDORA-2026-bcba077d11
Packages in this update:
- libpng15-1.5.30-25.fc44
fix CVE-2026-25646: heap buffer overflow in png_set_quantize
libpng12-1.2.57-25.fc45
FEDORA-2026-e1669a5881
Packages in this update:
- libpng12-1.2.57-25.fc45
Automatic update for libpng12-1.2.57-25.fc45.
Changelog * Wed Apr 1 2026 Michal Hlavinka <mhlavink@redhat.com> - 1.2.57-25 - fix CVE-2026-25646: heap buffer overflow in png_set_quantize (rhbz#2438670)libpng15-1.5.30-25.fc45
FEDORA-2026-dfa60d30bc
Packages in this update:
- libpng15-1.5.30-25.fc45
Automatic update for libpng15-1.5.30-25.fc45.
Changelog * Wed Apr 1 2026 Michal Hlavinka <mhlavink@redhat.com> - 1.5.30-25 - fix CVE-2026-25646: heap buffer overflow in png_set_quantize (rhbz#2438683)libcgif-0.5.3-1.fc44
FEDORA-2026-7fd284c688
Packages in this update:
- libcgif-0.5.3-1.fc44
Version 0.5.3
- Fix potential undefined behavior in cgif_addframe which could have led to an integer overflow CVE-2026-4985