python-click-8.1.7-7.el10_2
FEDORA-EPEL-2026-f98849630c
Packages in this update:
- python-click-8.1.7-7.el10_2
Security fix for CVE-2026-7246
Aggregator
python-click-8.1.7-7.el10_3
FEDORA-EPEL-2026-a0e68dfa17
Packages in this update:
- python-click-8.1.7-7.el10_3
Security fix for CVE-2026-7246
USN-8232-1: Django vulnerabilities
It was discovered that Django did not vary cached response headers on
cookies when sessions were not modified while SESSION_SAVE_EVERY_REQUEST
was enabled. A remote attacker could possibly use this issue to steal a
user's session. (CVE-2026-35192)
Kyle Agronick and Jacob Walls discovered that Django incorrectly handled
ASGI requests with missing or understated Content-Length header values.
A remote attacker could possibly use this issue to cause Django to use
excessive resources, leading to a denial of service. (CVE-2026-5766)
Ahmad Sadeddin discovered that Django UpdateCacheMiddleware incorrectly
cached requests where the Vary header contained an asterisk. A remote
attacker could possibly use this issue to obtain sensitive information.
(CVE-2026-6907)
python-click-8.1.7-12.fc43
FEDORA-2026-599dafe4ae
Packages in this update:
- python-click-8.1.7-12.fc43
Security fix for CVE-2026-7246
gh-2.92.0-1.el10_3
FEDORA-EPEL-2026-66ed147b70
Packages in this update:
- gh-2.92.0-1.el10_3
Update to 2.92.0 and make telemetry sending opt in.
gh-2.92.0-1.fc44
FEDORA-2026-5df889949e
Packages in this update:
- gh-2.92.0-1.fc44
Update to 2.92.0 and make telemetry sending opt in.
next-20260505: linux-next
Version:next-20260505 (linux-next)
Released:2026-05-05
rust-astral-tokio-tar-0.6.1-1.el9
FEDORA-EPEL-2026-76e7234279
Packages in this update:
- rust-astral-tokio-tar-0.6.1-1.el9
Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.
rust-astral-tokio-tar-0.6.1-1.el10_3 uv-0.11.9-1.el10_3
FEDORA-EPEL-2026-4b95f570ed
Packages in this update:
- rust-astral-tokio-tar-0.6.1-1.el10_3
- uv-0.11.9-1.el10_3
Update uv to 0.11.9. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.
python-uv-build-0.11.9-1.fc42 rust-astral-tokio-tar-0.6.1-1.fc42 uv-0.11.9-1.fc42
FEDORA-2026-8d8aee6aaf
Packages in this update:
- python-uv-build-0.11.9-1.fc42
- rust-astral-tokio-tar-0.6.1-1.fc42
- uv-0.11.9-1.fc42
Update uv and python-uv-build to 0.11.9. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.
python-uv-build-0.11.9-1.fc43 rust-astral-tokio-tar-0.6.1-1.fc43 uv-0.11.9-1.fc43
FEDORA-2026-a8100094df
Packages in this update:
- python-uv-build-0.11.9-1.fc43
- rust-astral-tokio-tar-0.6.1-1.fc43
- uv-0.11.9-1.fc43
Update uv and python-uv-build to 0.11.9. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.
python-uv-build-0.11.9-1.fc44 rust-astral-tokio-tar-0.6.1-1.fc44 uv-0.11.9-1.fc44
FEDORA-2026-7aacc8ea7d
Packages in this update:
- python-uv-build-0.11.9-1.fc44
- rust-astral-tokio-tar-0.6.1-1.fc44
- uv-0.11.9-1.fc44
Update uv and python-uv-build to 0.11.9. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.
python-uv-build-0.11.9-1.fc45 rust-astral-tokio-tar-0.6.1-1.fc45 uv-0.11.9-1.fc45
FEDORA-2026-145c8d1a93
Packages in this update:
- python-uv-build-0.11.9-1.fc45
- rust-astral-tokio-tar-0.6.1-1.fc45
- uv-0.11.9-1.fc45
Update uv and python-uv-build to 0.11.9. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.
opencryptoki-3.26.0-3.fc44
FEDORA-2026-1273c7855d
Packages in this update:
- opencryptoki-3.26.0-3.fc44
Fix CVE-2026-23893, Privilege Escalation or Data Exposure via Symlink Following
opencryptoki-3.26.0-3.fc43
FEDORA-2026-6c3b6ec624
Packages in this update:
- opencryptoki-3.26.0-3.fc43
Fix CVE-2026-23893, Privilege Escalation or Data Exposure via Symlink Following
opencryptoki-3.26.0-3.fc42
FEDORA-2026-13e696d26f
Packages in this update:
- opencryptoki-3.26.0-3.fc42
Fix CVE-2026-23893, Privilege Escalation or Data Exposure via Symlink Following
nix-2.31.5-1.fc42
FEDORA-2026-3cfb30c1fb
Packages in this update:
- nix-2.31.5-1.fc42
- update to 2.31.5: fixes high GHSA-vh5x-56v6-4368 and moderate GHSA-gr92-w2r5-qw5p
- https://discourse.nixos.org/t/security-advisory-local-privilege-escalation-in-lix-and-nix/77407
- https://github.com/NixOS/nix/security/advisories/GHSA-vh5x-56v6-4368
opencryptoki-3.26.0-3.fc45
FEDORA-2026-d63e3968e8
Packages in this update:
- opencryptoki-3.26.0-3.fc45
Automatic update for opencryptoki-3.26.0-3.fc45.
Changelog * Tue May 5 2026 Than Ngo <than@redhat.com> - 3.26.0-3 - Fix rhbz#2432016: CVE-2026-23893, Privilege Escalation or Data Exposure via Symlink Followingnix-2.31.5-1.fc43
FEDORA-2026-5dfbb9ed69
Packages in this update:
- nix-2.31.5-1.fc43
- update to 2.31.5: fixes high GHSA-vh5x-56v6-4368 and moderate GHSA-gr92-w2r5-qw5p
- https://discourse.nixos.org/t/security-advisory-local-privilege-escalation-in-lix-and-nix/77407
- https://github.com/NixOS/nix/security/advisories/GHSA-vh5x-56v6-4368
next-20260504: linux-next
Version:next-20260504 (linux-next)
Released:2026-05-04