Aggregator

It was discovered that FRR did not correctly handle certain network requests. A remote attacker could possibly use this issue to gain unauthorized access to resources.

FEDORA-2026-631b9d535c Packages in this update:

• flatpak-builder-1.4.8-1.fc42

Update description:

This update includes a fix for CVE-2026-39977. See also: the upstream advisory

FEDORA-2026-25ff246b4f Packages in this update:

• flatpak-builder-1.4.8-1.fc43

Update description:

This update includes a fix for CVE-2026-39977. See also: the upstream advisory

FEDORA-2026-5e62b78a0c Packages in this update:

• flatpak-builder-1.4.8-1.fc44

Update description:

This update includes a fix for CVE-2026-39977. See also: the upstream advisory

FEDORA-2026-2af3865ebf Packages in this update:

• pypy-7.3.21-8.fc43

Update description:

JIT translation fix for bootstraping, require openssl 3 and fix CVE-2026-25645 and CVE-2025-8869

FEDORA-2026-fdc024ddc3 Packages in this update:

• pypy-7.3.21-8.fc44

Update description:

JIT translation fix for bootstraping, require openssl 3 and fix CVE-2026-25645 and CVE-2025-8869

FEDORA-2026-ae330775b9 Packages in this update:

• pypy-7.3.21-8.fc45

Update description:

JIT translation fix for bootstraping, require openssl 3 and fix CVE-2026-25645 and CVE-2025-8869

FEDORA-2026-adc66b374a Packages in this update:

• xdg-dbus-proxy-0.1.7-1.fc42

Update description:

Update the package, including fix for CVE-2026-34080. See also: upstream security advisory

FEDORA-2026-9518314403 Packages in this update:

• xdg-dbus-proxy-0.1.7-1.fc43

Update description:

Update the package, including fix for CVE-2026-34080. See also: upstream security advisory

FEDORA-2026-205fd328d2 Packages in this update:

• xdg-dbus-proxy-0.1.7-1.fc44

Update description:

Update the package, including fix for CVE-2026-34080. See also: upstream security advisory

FEDORA-2026-78adb25141 Packages in this update:

• libexif-0.6.26-1.fc43

Update description:

Update to 0.6.26, fixing several CVEs

https://github.com/libexif/libexif/releases/tag/v0.6.26

FEDORA-2026-fd361a6f7f Packages in this update:

• libexif-0.6.26-1.fc44

Update description:

Update to 0.6.26, fixing several CVEs

https://github.com/libexif/libexif/releases/tag/v0.6.26

FEDORA-2026-b01307dc4d Packages in this update:

• libexif-0.6.26-1.fc42

Update description:

Update to 0.6.26, fixing several CVEs

https://github.com/libexif/libexif/releases/tag/v0.6.26

USN-8138-1 fixed a vulnerability in tar-rs. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that tar-rs incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the extraction root, and possibly escalate privileges.

FEDORA-2026-156e6bfb27 Packages in this update:

• buildah-1.43.1-1.fc42
• podman-5.8.2-1.fc42
• skopeo-1.22.2-1.fc42

Update description:

Automatic update for buildah-1.43.1-1.fc42, skopeo-1.22.2-1.fc42, podman-5.8.2-1.fc42.

Changelog for buildah * Wed Apr 08 2026 Packit <hello@packit.dev> - 2:1.43.1-1 - Update to 1.43.1 upstream release Changelog for skopeo * Tue Apr 14 2026 Packit <hello@packit.dev> - 1:1.22.2-1 - Update to 1.22.2 upstream release * Fri Apr 10 2026 Lokesh Mandvekar <lsm5@redhat.com> - 1:1.22.1-2 - TMT: fix ref in plan * Thu Apr 09 2026 Packit <hello@packit.dev> - 1:1.22.1-1 - Update to 1.22.1 upstream release Changelog for podman * Tue Apr 14 2026 Packit <hello@packit.dev> - 5:5.8.2-1 - Update to 5.8.2 upstream release

Security fix for CVE-2026-34986

FEDORA-2026-75c2b7868a Packages in this update:

• buildah-1.43.1-1.fc43
• podman-5.8.2-1.fc43
• skopeo-1.22.2-1.fc43

Update description:

Automatic update for skopeo-1.22.2-1.fc43, podman-5.8.2-1.fc43, buildah-1.43.1-1.fc43.

Changelog for skopeo * Tue Apr 14 2026 Packit <hello@packit.dev> - 1:1.22.2-1 - Update to 1.22.2 upstream release * Fri Apr 10 2026 Lokesh Mandvekar <lsm5@redhat.com> - 1:1.22.1-2 - TMT: fix ref in plan * Thu Apr 09 2026 Packit <hello@packit.dev> - 1:1.22.1-1 - Update to 1.22.1 upstream release Changelog for podman * Tue Apr 14 2026 Packit <hello@packit.dev> - 5:5.8.2-1 - Update to 5.8.2 upstream release Changelog for buildah * Wed Apr 08 2026 Packit <hello@packit.dev> - 2:1.43.1-1 - Update to 1.43.1 upstream release

Security fix for CVE-2026-34986

FEDORA-2026-605559bfe2 Packages in this update:

• buildah-1.43.1-1.fc44
• podman-5.8.2-1.fc44
• skopeo-1.22.2-1.fc44

Update description:

Automatic update for buildah-1.43.1-1.fc44, podman-5.8.2-1.fc44, skopeo-1.22.2-1.fc44.

Changelog for buildah * Wed Apr 08 2026 Packit <hello@packit.dev> - 2:1.43.1-1 - Update to 1.43.1 upstream release Changelog for podman * Tue Apr 14 2026 Packit <hello@packit.dev> - 5:5.8.2-1 - Update to 5.8.2 upstream release Changelog for skopeo * Tue Apr 14 2026 Packit <hello@packit.dev> - 1:1.22.2-1 - Update to 1.22.2 upstream release * Fri Apr 10 2026 Lokesh Mandvekar <lsm5@redhat.com> - 1:1.22.1-2 - TMT: fix ref in plan * Thu Apr 09 2026 Packit <hello@packit.dev> - 1:1.22.1-1 - Update to 1.22.1 upstream release

Security fix for CVE-2026-34986

USN-8168-1 fixed a vulnerability in Rust. This update provides the corresponding update to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that tar-rs embedded in rustc incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the extraction root, and possibly escalate privileges.

Version:next-20260414 (linux-next) Released:2026-04-14