Aggregator

Version:7.0 (mainline) Released:2026-04-12 Source:linux-7.0.tar.xz PGP Signature:linux-7.0.tar.sign Patch:full

FEDORA-EPEL-2026-d5cc2324a0 Packages in this update:

• asterisk-18.26.4-1.el9

Update description:

Update to Asterisk 18.26.4, addressing numerous security vulnerabilities accumulated since the long-stale 18.12.1 package. The following CVEs are fixed in this update:

• CVE-2022-26498 (fixed in 18.13.0): use-after-free in chan_ooh323
• CVE-2022-42705 (fixed in 18.15.0): use-after-free in res_pjsip_pubsub
• CVE-2022-37325 (fixed in 18.15.1): crash in H323 channel via malformed IE
• CVE-2023-37457 (fixed in 18.20.0): buffer overflow in PJSIP_HEADER function
• CVE-2023-49294 (fixed in 18.20.1): arbitrary file read via AMI GetConfig
• CVE-2023-49786 (fixed in 18.20.1): DTLS race condition causing DoS
• CVE-2024-35190 (fixed in 18.23.1): unauthorized SIP requests matched as endpoint
• CVE-2024-42365 (fixed in 18.24.2): Write=originate allows code execution
• CVE-2024-42491 (fixed in 18.25.0): crash via malformed Contact/Record-Route URI
• CVE-2025-49832 (fixed in 18.26.3): DoS/RCE in res_stir_shaken
• CVE-2025-47779 (fixed in 18.26.2): identity forging via malformed From header
• CVE-2025-1131 (fixed in 18.26.3): local privilege escalation via safe_asterisk
• CVE-2025-54995 (fixed in 18.26.4): resource exhaustion via RTP port leak

FEDORA-EPEL-2026-f2281acb03 Packages in this update:

• asterisk-18.26.4-1.el8

Update description:

Update to Asterisk 18.26.4, addressing numerous security vulnerabilities accumulated since the long-stale 18.12.1 package. The following CVEs are fixed in this update:

• CVE-2022-26498 (fixed in 18.13.0): use-after-free in chan_ooh323
• CVE-2022-42705 (fixed in 18.15.0): use-after-free in res_pjsip_pubsub
• CVE-2022-37325 (fixed in 18.15.1): crash in H323 channel via malformed IE
• CVE-2023-37457 (fixed in 18.20.0): buffer overflow in PJSIP_HEADER function
• CVE-2023-49294 (fixed in 18.20.1): arbitrary file read via AMI GetConfig
• CVE-2023-49786 (fixed in 18.20.1): DTLS race condition causing DoS
• CVE-2024-35190 (fixed in 18.23.1): unauthorized SIP requests matched as endpoint
• CVE-2024-42365 (fixed in 18.24.2): Write=originate allows code execution
• CVE-2024-42491 (fixed in 18.25.0): crash via malformed Contact/Record-Route URI
• CVE-2025-49832 (fixed in 18.26.3): DoS/RCE in res_stir_shaken
• CVE-2025-47779 (fixed in 18.26.2): identity forging via malformed From header
• CVE-2025-1131 (fixed in 18.26.3): local privilege escalation via safe_asterisk
• CVE-2025-54995 (fixed in 18.26.4): resource exhaustion via RTP port leak

FEDORA-2026-38d71393c1 Packages in this update:

• asterisk-18.26.4-1.fc44

Update description:

Update to Asterisk 18.26.4, addressing numerous security vulnerabilities accumulated since the long-stale 18.12.1 package. The following CVEs are fixed in this update:

• CVE-2022-26498 (fixed in 18.13.0): use-after-free in chan_ooh323
• CVE-2022-42705 (fixed in 18.15.0): use-after-free in res_pjsip_pubsub
• CVE-2022-37325 (fixed in 18.15.1): crash in H323 channel via malformed IE
• CVE-2023-37457 (fixed in 18.20.0): buffer overflow in PJSIP_HEADER function
• CVE-2023-49294 (fixed in 18.20.1): arbitrary file read via AMI GetConfig
• CVE-2023-49786 (fixed in 18.20.1): DTLS race condition causing DoS
• CVE-2024-35190 (fixed in 18.23.1): unauthorized SIP requests matched as endpoint
• CVE-2024-42365 (fixed in 18.24.2): Write=originate allows code execution
• CVE-2024-42491 (fixed in 18.25.0): crash via malformed Contact/Record-Route URI
• CVE-2025-49832 (fixed in 18.26.3): DoS/RCE in res_stir_shaken
• CVE-2025-47779 (fixed in 18.26.2): identity forging via malformed From header
• CVE-2025-1131 (fixed in 18.26.3): local privilege escalation via safe_asterisk
• CVE-2025-54995 (fixed in 18.26.4): resource exhaustion via RTP port leak

Also fixes F44FailsToInstall for asterisk-snmp (BZ#2433748).

FEDORA-2026-80b21debe7 Packages in this update:

• asterisk-18.26.4-1.fc43

Update description:

Update to Asterisk 18.26.4, addressing numerous security vulnerabilities accumulated since the long-stale 18.12.1 package. The following CVEs are fixed in this update:

• CVE-2022-26498 (fixed in 18.13.0): use-after-free in chan_ooh323
• CVE-2022-42705 (fixed in 18.15.0): use-after-free in res_pjsip_pubsub
• CVE-2022-37325 (fixed in 18.15.1): crash in H323 channel via malformed IE
• CVE-2023-37457 (fixed in 18.20.0): buffer overflow in PJSIP_HEADER function
• CVE-2023-49294 (fixed in 18.20.1): arbitrary file read via AMI GetConfig
• CVE-2023-49786 (fixed in 18.20.1): DTLS race condition causing DoS
• CVE-2024-35190 (fixed in 18.23.1): unauthorized SIP requests matched as endpoint
• CVE-2024-42365 (fixed in 18.24.2): Write=originate allows code execution
• CVE-2024-42491 (fixed in 18.25.0): crash via malformed Contact/Record-Route URI
• CVE-2025-49832 (fixed in 18.26.3): DoS/RCE in res_stir_shaken
• CVE-2025-47779 (fixed in 18.26.2): identity forging via malformed From header
• CVE-2025-1131 (fixed in 18.26.3): local privilege escalation via safe_asterisk
• CVE-2025-54995 (fixed in 18.26.4): resource exhaustion via RTP port leak

Also fixes F44FailsToInstall for asterisk-snmp (BZ#2433748).

FEDORA-2026-98decbde87 Packages in this update:

• asterisk-18.26.4-1.fc42

Update description:

Update to Asterisk 18.26.4, addressing numerous security vulnerabilities accumulated since the long-stale 18.12.1 package. The following CVEs are fixed in this update:

• CVE-2022-26498 (fixed in 18.13.0): use-after-free in chan_ooh323
• CVE-2022-42705 (fixed in 18.15.0): use-after-free in res_pjsip_pubsub
• CVE-2022-37325 (fixed in 18.15.1): crash in H323 channel via malformed IE
• CVE-2023-37457 (fixed in 18.20.0): buffer overflow in PJSIP_HEADER function
• CVE-2023-49294 (fixed in 18.20.1): arbitrary file read via AMI GetConfig
• CVE-2023-49786 (fixed in 18.20.1): DTLS race condition causing DoS
• CVE-2024-35190 (fixed in 18.23.1): unauthorized SIP requests matched as endpoint
• CVE-2024-42365 (fixed in 18.24.2): Write=originate allows code execution
• CVE-2024-42491 (fixed in 18.25.0): crash via malformed Contact/Record-Route URI
• CVE-2025-49832 (fixed in 18.26.3): DoS/RCE in res_stir_shaken
• CVE-2025-47779 (fixed in 18.26.2): identity forging via malformed From header
• CVE-2025-1131 (fixed in 18.26.3): local privilege escalation via safe_asterisk
• CVE-2025-54995 (fixed in 18.26.4): resource exhaustion via RTP port leak

Also fixes F44FailsToInstall for asterisk-snmp (BZ#2433748).

FEDORA-2026-29f4f47ade Packages in this update:

• micropython-1.28.0-1.fc43

Update description:

Update to 1.28.0

FEDORA-2026-52a9a687f0 Packages in this update:

• micropython-1.28.0-1.fc44

Update description:

Update to 1.28.0

FEDORA-2026-d619d8d077 Packages in this update:

• micropython-1.28.0-1.fc45

Update description:

Automatic update for micropython-1.28.0-1.fc45.

Changelog * Mon Apr 6 2026 Lumír Balhar <lbalhar@redhat.com> - 1.28.0-1 - Update to 1.28.0 - Security fix for CVE-2026-1998 - Update mbedtls submodule to 3.6.6 - mbedtls security fixes for CVE-2026-25834, CVE-2026-34871, CVE-2026-25833 - CVE-2025-52496, CVE-2025-52497, CVE-2025-49087, CVE-2025-54764, CVE-2025-59438 Resolves: rhbz#2455368, rhbz#2376688, rhbz#2376701, rhbz#2382261, rhbz#2405245, rhbz#2405374, rhbz#2437327, rhbz#2454032, rhbz#2454086, rhbz#2454213

FEDORA-2026-4b112416d8 Packages in this update:

• perl-Net-CIDR-Lite-0.23-1.fc42

Update description:

This update addresses two security issues regarding incorrect handling of malformed IPv6 addresses:

• Fix IPv4 mapped IPv6 packed length (CVE-2026-40199)
• Reject invalid uncompressed IPv6 (CVE-2026-40198)

FEDORA-2026-0a7ed21996 Packages in this update:

• perl-Net-CIDR-Lite-0.23-1.fc43

Update description:

This update addresses two security issues regarding incorrect handling of malformed IPv6 addresses:

• Fix IPv4 mapped IPv6 packed length (CVE-2026-40199)
• Reject invalid uncompressed IPv6 (CVE-2026-40198)

FEDORA-EPEL-2026-b1230525c8 Packages in this update:

• perl-Net-CIDR-Lite-0.23-1.el10_3

Update description:

This update addresses two security issues regarding incorrect handling of malformed IPv6 addresses:

• Fix IPv4 mapped IPv6 packed length (CVE-2026-40199)
• Reject invalid uncompressed IPv6 (CVE-2026-40198)

FEDORA-2026-fe487aa625 Packages in this update:

• perl-Net-CIDR-Lite-0.23-1.fc44

Update description:

This update addresses two security issues regarding incorrect handling of malformed IPv6 addresses:

• Fix IPv4 mapped IPv6 packed length (CVE-2026-40199)
• Reject invalid uncompressed IPv6 (CVE-2026-40198)

FEDORA-EPEL-2026-a41029a8e0 Packages in this update:

• perl-Net-CIDR-Lite-0.23-1.el10_2

Update description:

This update addresses two security issues regarding incorrect handling of malformed IPv6 addresses:

• Fix IPv4 mapped IPv6 packed length (CVE-2026-40199)
• Reject invalid uncompressed IPv6 (CVE-2026-40198)

FEDORA-EPEL-2026-2db32adfde Packages in this update:

• perl-Net-CIDR-Lite-0.23-1.el10_1

Update description:

This update addresses two security issues regarding incorrect handling of malformed IPv6 addresses:

• Fix IPv4 mapped IPv6 packed length (CVE-2026-40199)
• Reject invalid uncompressed IPv6 (CVE-2026-40198)

FEDORA-EPEL-2026-019655b9ea Packages in this update:

• perl-Net-CIDR-Lite-0.23-1.el8

Update description:

This update addresses two security issues regarding incorrect handling of malformed IPv6 addresses:

• Fix IPv4 mapped IPv6 packed length (CVE-2026-40199)
• Reject invalid uncompressed IPv6 (CVE-2026-40198)

Version:6.19.12 (stable) Released:2026-04-11 Source:linux-6.19.12.tar.xz PGP Signature:linux-6.19.12.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.19.12

Version:6.18.22 (longterm) Released:2026-04-11 Source:linux-6.18.22.tar.xz PGP Signature:linux-6.18.22.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.18.22