Aggregator

FEDORA-2026-8d8aee6aaf Packages in this update:

• python-uv-build-0.11.9-1.fc42
• rust-astral-tokio-tar-0.6.1-1.fc42
• uv-0.11.9-1.fc42

Update description:

Update uv and python-uv-build to 0.11.9. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.

FEDORA-2026-a8100094df Packages in this update:

• python-uv-build-0.11.9-1.fc43
• rust-astral-tokio-tar-0.6.1-1.fc43
• uv-0.11.9-1.fc43

Update description:

Update uv and python-uv-build to 0.11.9. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.

FEDORA-2026-7aacc8ea7d Packages in this update:

• python-uv-build-0.11.9-1.fc44
• rust-astral-tokio-tar-0.6.1-1.fc44
• uv-0.11.9-1.fc44

Update description:

Update uv and python-uv-build to 0.11.9. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.

FEDORA-2026-145c8d1a93 Packages in this update:

• python-uv-build-0.11.9-1.fc45
• rust-astral-tokio-tar-0.6.1-1.fc45
• uv-0.11.9-1.fc45

Update description:

Update uv and python-uv-build to 0.11.9. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.

FEDORA-2026-1273c7855d Packages in this update:

• opencryptoki-3.26.0-3.fc44

Update description:

Fix CVE-2026-23893, Privilege Escalation or Data Exposure via Symlink Following

FEDORA-2026-6c3b6ec624 Packages in this update:

• opencryptoki-3.26.0-3.fc43

Update description:

Fix CVE-2026-23893, Privilege Escalation or Data Exposure via Symlink Following

FEDORA-2026-13e696d26f Packages in this update:

• opencryptoki-3.26.0-3.fc42

Update description:

Fix CVE-2026-23893, Privilege Escalation or Data Exposure via Symlink Following

FEDORA-2026-3cfb30c1fb Packages in this update:

• nix-2.31.5-1.fc42

Update description:

• update to 2.31.5: fixes high GHSA-vh5x-56v6-4368 and moderate GHSA-gr92-w2r5-qw5p
• https://discourse.nixos.org/t/security-advisory-local-privilege-escalation-in-lix-and-nix/77407
• https://github.com/NixOS/nix/security/advisories/GHSA-vh5x-56v6-4368

FEDORA-2026-d63e3968e8 Packages in this update:

• opencryptoki-3.26.0-3.fc45

Update description:

Automatic update for opencryptoki-3.26.0-3.fc45.

Changelog * Tue May 5 2026 Than Ngo <than@redhat.com> - 3.26.0-3 - Fix rhbz#2432016: CVE-2026-23893, Privilege Escalation or Data Exposure via Symlink Following

FEDORA-2026-5dfbb9ed69 Packages in this update:

• nix-2.31.5-1.fc43

Update description:

• update to 2.31.5: fixes high GHSA-vh5x-56v6-4368 and moderate GHSA-gr92-w2r5-qw5p
• https://discourse.nixos.org/t/security-advisory-local-privilege-escalation-in-lix-and-nix/77407
• https://github.com/NixOS/nix/security/advisories/GHSA-vh5x-56v6-4368

Version:next-20260504 (linux-next) Released:2026-05-04

FEDORA-2026-d5f140eb90 Packages in this update:

• gnutls-3.8.13-1.fc43

Update description:

Update to 3.8.13, fixes, like 13 CVEs.

FEDORA-2026-668d2793e8 Packages in this update:

• gnutls-3.8.13-1.fc44

Update description:

Update to 3.8.13, fixes, like 13 CVEs.

Michał Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local attacker could possibly use this issue to overwrite arbitrary files.

It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-40685) It was discovered that Exim incorrectly handled processing of UTF-8 trailing characters. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-40686) It was discovered that Exim incorrectly handled SPA authenticator input. An authenticated user could possibly use this issue to execute arbitrary code. (CVE-2026-40687)

It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-4873) It was discovered that curl incorrectly reused certain HTTP Negotiate connections. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-5545) It was discovered that curl incorrectly reused certain SMB connections. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-5773) It was discovered that curl could leak proxy credentials when handling redirects in some configurations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6253) It was discovered that curl could leak cookies because of stale custom cookie host handling in some requests. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6276) It was discovered that curl could leak .netrc credentials when reusing proxy connections in some situations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6429) It was discovered that curl could leak Digest authentication state when switching proxies in some situations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-7168)

FEDORA-2026-0f43f09cd9 Packages in this update:

• nodejs20-20.20.2-4.fc42

Update description:

Update for nodejs20

Version:7.1-rc2 (mainline) Released:2026-05-03 Source:linux-7.1-rc2.tar.gz Patch:full (incremental)

FEDORA-EPEL-2026-a9ba2c8be0 Packages in this update:

• gnuplot-6.0.4-2.el10_3

Update description:

Bump on EPEL10, fixes a security issue (rhbz#2357751)