Aggregator

haveged-1.9.26-1.fc43

5 days 7 hours ago
FEDORA-2026-5ddd0941a8 Packages in this update:
  • haveged-1.9.26-1.fc43
Update description:

Update to 1.9.26. Fixes two regressions introduced in 1.9.24:

  • Fix 100% CPU spin when --no-command is used (BZ#2492029): socket_fd was uninitialized (defaulting to 0), causing the daemon loop to call accept4() on stdin in a tight loop.

  • Fix initramfs switch-root failure caused by --no-command (BZ#2491739): add a separate haveged-initramfs.service for use inside the initramfs, so the switch-root mechanism works. Prevents emergency mode on systems where haveged was started but not enabled.

Update to 1.9.25 — fix initramfs switch-root failure (BZ#2491739).

The v1.9.24 haveged.service with --no-command broke the initramfs switch-root handoff, causing emergency mode on systems where haveged was started but not enabled. Fix: add a separate haveged-initramfs.service for use inside the initramfs.

Update to 1.9.24. Disable command mode in long-running service (--no-command flag). Enable PrivateNetwork=true in systemd service. Remove SELinux policy module (no longer needed without command mode).

Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle (annocheck is a security inspection and cannot be disabled via inspections section)

Update to 1.9.23-2: - Add SELinux policy module to allow semaphore creation in /dev/shm - Add rpminspect.yaml to waive pre-existing annocheck false positive

Security fixes in 1.9.23-1: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

haveged-1.9.26-1.fc44

5 days 7 hours ago
FEDORA-2026-28f26f5294 Packages in this update:
  • haveged-1.9.26-1.fc44
Update description:

Update to 1.9.26. Fixes two regressions introduced in 1.9.24:

  • Fix 100% CPU spin when --no-command is used (BZ#2492029): socket_fd was uninitialized (defaulting to 0), causing the daemon loop to call accept4() on stdin in a tight loop.

  • Fix initramfs switch-root failure caused by --no-command (BZ#2491739): add a separate haveged-initramfs.service for use inside the initramfs, so the switch-root mechanism works. Prevents emergency mode on systems where haveged was started but not enabled.

Update to 1.9.25 — fix initramfs switch-root failure (BZ#2491739).

The v1.9.24 haveged.service with --no-command broke the initramfs switch-root handoff, causing emergency mode on systems where haveged was started but not enabled. Fix: add a separate haveged-initramfs.service for use inside the initramfs.

Update to 1.9.24. Disable command mode in long-running service (--no-command flag). Enable PrivateNetwork=true in systemd service. Remove SELinux policy module (no longer needed without command mode).

Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle (annocheck is a security inspection and cannot be disabled via inspections section)

Update to 1.9.23-2: - Add SELinux policy module to allow semaphore creation in /dev/shm - Add rpminspect.yaml to waive pre-existing annocheck false positive

Security fixes in 1.9.23-1: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

caddy-2.10.2-9.el10_3

5 days 13 hours ago
FEDORA-EPEL-2026-6f59aff531 Packages in this update:
  • caddy-2.10.2-9.el10_3
Update description:

Security update resolving 22 CVEs across both caddy itself and its vendored libraries.

haveged-1.9.25-1.el9

5 days 17 hours ago
FEDORA-EPEL-2026-74f2be0676 Packages in this update:
  • haveged-1.9.25-1.el9
Update description:

Update to 1.9.25 — fix initramfs switch-root failure (BZ#2491739).

The v1.9.24 haveged.service with --no-command broke the initramfs switch-root handoff, causing emergency mode on systems where haveged was started but not enabled. Fix: add a separate haveged-initramfs.service for use inside the initramfs.

Update to 1.9.24. Disable command mode in long-running service (--no-command flag). Enable PrivateNetwork=true in systemd service. Remove SELinux policy module (no longer needed without command mode).

Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle (annocheck is a security inspection and cannot be disabled via inspections section)

Update to 1.9.23-2: - Add SELinux policy module to allow semaphore creation in /dev/shm - Add rpminspect.yaml to waive pre-existing annocheck false positive

Security fixes in 1.9.23-1: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

haveged-1.9.25-1.el10_3

5 days 17 hours ago
FEDORA-EPEL-2026-40258434d5 Packages in this update:
  • haveged-1.9.25-1.el10_3
Update description:

Update to 1.9.25 — fix initramfs switch-root failure (BZ#2491739).

The v1.9.24 haveged.service with --no-command broke the initramfs switch-root handoff, causing emergency mode on systems where haveged was started but not enabled. Fix: add a separate haveged-initramfs.service for use inside the initramfs.

Update to 1.9.24. Disable command mode in long-running service (--no-command flag). Enable PrivateNetwork=true in systemd service. Remove SELinux policy module (no longer needed without command mode).

Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle (annocheck is a security inspection and cannot be disabled via inspections section)

Update to 1.9.23-2: - Add SELinux policy module to allow semaphore creation in /dev/shm - Add rpminspect.yaml to waive pre-existing annocheck false positive

Security fixes in 1.9.23-1: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

haveged-1.9.25-1.el10_2

5 days 17 hours ago
FEDORA-EPEL-2026-504948f7d0 Packages in this update:
  • haveged-1.9.25-1.el10_2
Update description:

Update to 1.9.25 — fix initramfs switch-root failure (BZ#2491739).

The v1.9.24 haveged.service with --no-command broke the initramfs switch-root handoff, causing emergency mode on systems where haveged was started but not enabled. Fix: add a separate haveged-initramfs.service for use inside the initramfs.

Update to 1.9.24. Disable command mode in long-running service (--no-command flag). Enable PrivateNetwork=true in systemd service. Remove SELinux policy module (no longer needed without command mode).

Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle (annocheck is a security inspection and cannot be disabled via inspections section)

Update to 1.9.23-2: - Add SELinux policy module to allow semaphore creation in /dev/shm - Add rpminspect.yaml to waive pre-existing annocheck false positive

Security fixes in 1.9.23-1: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

haveged-1.9.25-1.fc43

5 days 17 hours ago
FEDORA-2026-6a17c7864b Packages in this update:
  • haveged-1.9.25-1.fc43
Update description:

Update to 1.9.25 — fix initramfs switch-root failure (BZ#2491739).

The v1.9.24 haveged.service with --no-command broke the initramfs switch-root handoff, causing emergency mode on systems where haveged was started but not enabled. Fix: add a separate haveged-initramfs.service for use inside the initramfs.

Update to 1.9.24. Disable command mode in long-running service (--no-command flag). Enable PrivateNetwork=true in systemd service. Remove SELinux policy module (no longer needed without command mode).

Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle (annocheck is a security inspection and cannot be disabled via inspections section)

Update to 1.9.23-2: - Add SELinux policy module to allow semaphore creation in /dev/shm - Add rpminspect.yaml to waive pre-existing annocheck false positive

Security fixes in 1.9.23-1: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

haveged-1.9.25-1.fc44

5 days 17 hours ago
FEDORA-2026-cf1b1b3d16 Packages in this update:
  • haveged-1.9.25-1.fc44
Update description:

Update to 1.9.25 — fix initramfs switch-root failure (BZ#2491739).

The v1.9.24 haveged.service with --no-command broke the initramfs switch-root handoff, causing emergency mode on systems where haveged was started but not enabled. Fix: add a separate haveged-initramfs.service for use inside the initramfs.

Update to 1.9.24. Disable command mode in long-running service (--no-command flag). Enable PrivateNetwork=true in systemd service. Remove SELinux policy module (no longer needed without command mode).

Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle (annocheck is a security inspection and cannot be disabled via inspections section)

Update to 1.9.23-2: - Add SELinux policy module to allow semaphore creation in /dev/shm - Add rpminspect.yaml to waive pre-existing annocheck false positive

Security fixes in 1.9.23-1: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined

caddy-2.10.2-9.fc43

5 days 19 hours ago
FEDORA-2026-3dc324bd9a Packages in this update:
  • caddy-2.10.2-9.fc43
Update description:

Security update resolving 22 CVEs across both caddy itself and its vendored libraries.

caddy-2.10.2-9.fc44

5 days 23 hours ago
FEDORA-2026-950cac64f2 Packages in this update:
  • caddy-2.10.2-9.fc44
Update description:

Security update resolving 17 CVEs across both caddy itself and its vendored libraries.