Aggregator

ImageMagick-6.9.13.50-1.el8

Fedora Security Advisories
5 days 21 hours ago
FEDORA-EPEL-2026-bc7538a3d7 Packages in this update:
  • ImageMagick-6.9.13.50-1.el8
Update description:

Update to 6.9.13.50

Summary

This update fixes several security vulnerabilities, including multiple high-severity CVEs: Security fixes

  • CVE-2026-33901 (High) — Heap buffer overflow in the MVG decoder that could result in an out-of-bounds write when processing a crafted image.
  • CVE-2026-33908 (High) — Recursive DestroyXMLTree() call with no depth limit causes stack exhaustion when processing deeply nested XML structures, resulting in a Denial of Service (DoS).
  • CVE-2026-40310 (High) — Heap out-of-bounds write in the JP2 encoder triggered when a user specifies an invalid sampling index.

Additional security and bug fixes are included in the upstream releases between 6.9.13.25 and 6.9.13.49. See the upstream release history at: https://github.com/ImageMagick/ImageMagick6/releases

ImageMagick-6.9.13.50-1.el9

Fedora Security Advisories
5 days 21 hours ago
FEDORA-EPEL-2026-49c3a0ffa2 Packages in this update:
  • ImageMagick-6.9.13.50-1.el9
Update description:

Update to 6.9.13.50

Summary

This update fixes several security vulnerabilities, including multiple high-severity CVEs: Security fixes

  • CVE-2026-33901 (High) — Heap buffer overflow in the MVG decoder that could result in an out-of-bounds write when processing a crafted image.
  • CVE-2026-33908 (High) — Recursive DestroyXMLTree() call with no depth limit causes stack exhaustion when processing deeply nested XML structures, resulting in a Denial of Service (DoS).
  • CVE-2026-40310 (High) — Heap out-of-bounds write in the JP2 encoder triggered when a user specifies an invalid sampling index.

Additional security and bug fixes are included in the upstream releases between 6.9.13.25 and 6.9.13.49. See the upstream release history at: https://github.com/ImageMagick/ImageMagick6/releases

perl-Crypt-PBKDF2-0.261630-1.fc44

Fedora Security Advisories
6 days 2 hours ago
FEDORA-2026-5b12cc327e Packages in this update:
  • perl-Crypt-PBKDF2-0.261630-1.fc44
Update description:

This update addresses a number of security issues:

  • Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641)
  • Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638)
  • Use a constant-time comparison in validate to avoid timing attacks (CVE-2017-20240)

perl-Crypt-PBKDF2-0.261630-1.el10_3

Fedora Security Advisories
6 days 2 hours ago
FEDORA-EPEL-2026-02984212ed Packages in this update:
  • perl-Crypt-PBKDF2-0.261630-1.el10_3
Update description:

This update addresses a number of security issues:

  • Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641)
  • Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638)
  • Use a constant-time comparison in validate to avoid timing attacks (CVE-2017-20240)

perl-Crypt-PBKDF2-0.261630-1.el10_2

Fedora Security Advisories
6 days 2 hours ago
FEDORA-EPEL-2026-ee9885ce31 Packages in this update:
  • perl-Crypt-PBKDF2-0.261630-1.el10_2
Update description:

This update addresses a number of security issues:

  • Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641)
  • Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638)
  • Use a constant-time comparison in validate to avoid timing attacks (CVE-2017-20240)