Aggregator

FEDORA-2026-32260bab12 Packages in this update:

• nuclei-3.8.0-1.fc43

Update description:

Update to nuclei 3.8.0 to patch CVE-2026-5160.

FEDORA-2026-fb3e461878 Packages in this update:

• binaryen-126-1.fc43

Update description:

Fixes CVE-2025-14956 .

FEDORA-2026-3831e11232 Packages in this update:

• binaryen-126-1.fc42

Update description:

Fixes CVE-2025-14956 .

FEDORA-2026-2ba1fcb195 Packages in this update:

• nuclei-3.8.0-1.fc44

Update description:

Update to nuclei 3.8.0 to patch CVE-2026-5160.

SeungMyung Lee discovered that Rack::Session did not properly reject cookies upon decryption failure. A remote attacker could use this issue to manipulate session contents and possibly gain unauthorized access.

FEDORA-2026-2e8a8fd35b Packages in this update:

• miniupnpd-2.3.10-1.fc42

Update description:

2026/03/24: fix missing fclose and potential double free in option file parsing

2026/03/23: upnphttp.c: fix removal of quotes in ParseHttpHeaders() minixml.c: fix buffer read overflow

2026/02/05: Rewrite permission line parser

2025/05/26: Fix false negative filtered STUN CGNAT test result for unsupported servers #825

2025/05/24: Fix Mac OS X 10.9 build

2025/05/15: build: teststun executable

2025/04/28: pf: fix delete_pinhole for openbsd. Was broken since miniupnpd 2.3.7

2025/04/26 Fix parsing of interfaces names starting with a digit nftables: add counter for DNAT rule (ENABLE_NFT_RULE_COUNTER in config.h) nftables: improve scripts to support already existing tables

FEDORA-2026-5f908cb040 Packages in this update:

• miniupnpd-2.3.10-1.fc43

Update description:

2026/03/24: fix missing fclose and potential double free in option file parsing

2026/03/23: upnphttp.c: fix removal of quotes in ParseHttpHeaders() minixml.c: fix buffer read overflow

2026/02/05: Rewrite permission line parser

2025/05/26: Fix false negative filtered STUN CGNAT test result for unsupported servers #825

2025/05/24: Fix Mac OS X 10.9 build

2025/05/15: build: teststun executable

2025/04/28: pf: fix delete_pinhole for openbsd. Was broken since miniupnpd 2.3.7

2025/04/26 Fix parsing of interfaces names starting with a digit nftables: add counter for DNAT rule (ENABLE_NFT_RULE_COUNTER in config.h) nftables: improve scripts to support already existing tables

FEDORA-EPEL-2026-fca0ff7545 Packages in this update:

• ngtcp2-1.22.1-1.el9

Update description: Update to 1.22.1 (rhbz#2452790)

• Fixes CVE-2026-40170

FEDORA-EPEL-2026-146c20fe60 Packages in this update:

• ngtcp2-1.22.1-1.el10_3

Update description: Update to 1.22.1 (rhbz#2452790)

• Fixes CVE-2026-40170

FEDORA-2026-a0f25484e9 Packages in this update:

• ngtcp2-1.22.1-1.fc43

Update description: Update to 1.22.1 (rhbz#2452790)

• Fixes CVE-2026-40170

FEDORA-2026-705eb9cf95 Packages in this update:

• ngtcp2-1.22.1-1.fc44

Update description: Update to 1.22.1 (rhbz#2452790)

• Fixes CVE-2026-40170

It was discovered that RapidJSON did not properly protect against integer overflows in certain instances when parsing JSON text. A remote attacker could possibly use this issue to craft a malicious JSON file, that when read by RapidJSON, would lead to an elevation of privilege, resulting in the potential disclosure of sensitive information.

FEDORA-2026-f933979509 Packages in this update:

• miniupnpd-2.3.10-1.fc44

Update description:

2026/03/24: fix missing fclose and potential double free in option file parsing

2026/03/23: upnphttp.c: fix removal of quotes in ParseHttpHeaders() minixml.c: fix buffer read overflow

2026/02/05: Rewrite permission line parser

2025/05/26: Fix false negative filtered STUN CGNAT test result for unsupported servers #825

2025/05/24: Fix Mac OS X 10.9 build

2025/05/15: build: teststun executable

2025/04/28: pf: fix delete_pinhole for openbsd. Was broken since miniupnpd 2.3.7

2025/04/26 Fix parsing of interfaces names starting with a digit nftables: add counter for DNAT rule (ENABLE_NFT_RULE_COUNTER in config.h) nftables: improve scripts to support already existing tables

Version:next-20260420 (linux-next) Released:2026-04-20

FEDORA-2026-d08c298940 Packages in this update:

• openssh-9.9p1-14.fc42

Update description:

Fixes high severity CVE: - CVE-2026-35385: Fix privilege escalation via scp legacy protocol when not in preserving file mode

FEDORA-2026-93679cc7c2 Packages in this update:

• openssh-10.2p1-8.fc44

Update description:

• CVE-2026-35385: Fix privilege escalation via scp legacy protocol when not in preserving file mode
• CVE-2026-35388: Add connection multiplexing confirmation for proxy-mode multiplexing sessions
• CVE-2026-35387: Fix incomplete application of PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms with regard to ECDSA keys
• CVE-2026-35414: Fix mishandling of authorized_keys principals option
• CVE-2026-35386: Add validation rules to usernames and hostnames set for ProxyJump/-J on the commandline

FEDORA-2026-2cedc95af8 Packages in this update:

• openssh-10.0p1-9.fc43

Update description:

• CVE-2026-35385: Fix privilege escalation via scp legacy protocol when not in preserving file mode
• CVE-2026-35388: Add connection multiplexing confirmation for proxy-mode multiplexing sessions
• CVE-2026-35387: Fix incomplete application of PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms with regard to ECDSA keys
• CVE-2026-35414: Fix mishandling of authorized_keys principals option
• CVE-2026-35386: Add validation rules to usernames and hostnames set for ProxyJump/-J on the commandline

FEDORA-2026-e860be4db8 Packages in this update:

• sudo-1.9.17-7.p2.fc43

Update description:

Fix CVE-2026-35535

FEDORA-2026-6894ade78f Packages in this update:

• sudo-1.9.17-8.p2.fc44

Update description:

Fix CVE-2026-35535