Fedora 42 Update: bind-dyndb-ldap-11.11-10.fc42
Fedora 42 Update: bind-9.18.47-1.fc42
Fedora 42 Update: roundcubemail-1.6.15-1.fc42
Fedora 43 Update: opensc-0.27.1-1.fc43
Fedora 43 Update: python-biopython-1.87-1.fc43
Fedora 43 Update: cef-146.0.9^chromium146.0.7680.164-1.fc43
Fedora 43 Update: python-pydicom-3.0.2-1.fc43
Fedora 43 Update: roundcubemail-1.6.15-1.fc43
[SECURITY] Fedora 42 Update: bind-dyndb-ldap-11.11-10.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7f3f640fbf
2026-04-09 03:36:41.952456+00:00
--------------------------------------------------------------------------------
Name : bind-dyndb-ldap
Product : Fedora 42
Version : 11.11
Release : 10.fc42
URL : https://releases.pagure.org/bind-dyndb-ldap
Summary : LDAP back-end plug-in for BIND
Description :
This package provides an LDAP back-end plug-in for BIND. It features
support for dynamic updates and internal caching, to lift the load
off of your LDAP server.
--------------------------------------------------------------------------------
Update Information:
Update to 9.18.47 (rhbz#2440561)
Security Fixes:
Fix unbounded NSEC3 iterations when validating referrals to unsigned
delegations. (CVE-2026-1519)
Source:
https://downloads.isc.org/isc/bind9/9.18.47/doc/arm/html/notes.html#notes-for-
bind-9-18-47
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 25 2026 Petr Men????k [pemensik@redhat.com] - 11.11-10
- Rebuild for BIND 9.18.47 (rhbz#2440561)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2440561 - bind-9.18.47 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2440561
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7f3f640fbf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: bind-9.18.47-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7f3f640fbf
2026-04-09 03:36:41.952456+00:00
--------------------------------------------------------------------------------
Name : bind
Product : Fedora 42
Version : 9.18.47
Release : 1.fc42
URL : https://www.isc.org/downloads/bind/
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Description :
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.
--------------------------------------------------------------------------------
Update Information:
Update to 9.18.47 (rhbz#2440561)
Security Fixes:
Fix unbounded NSEC3 iterations when validating referrals to unsigned
delegations. (CVE-2026-1519)
Source:
https://downloads.isc.org/isc/bind9/9.18.47/doc/arm/html/notes.html#notes-for-
bind-9-18-47
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 25 2026 Petr Men????k [pemensik@redhat.com] - 32:9.18.47-1
- Update to 9.18.47 (rhbz#2440561)
* Wed Jan 28 2026 Petr Men????k [pemensik@redhat.com] - 32:9.18.44-2
- Create /var/named directories for bind-chroot (RHEL-132053)
- Add forgotten _libdir/named into bind-chroot tmpfiles
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2440561 - bind-9.18.47 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2440561
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7f3f640fbf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: roundcubemail-1.6.15-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-051825ca18
2026-04-09 03:36:41.952460+00:00
--------------------------------------------------------------------------------
Name : roundcubemail
Product : Fedora 42
Version : 1.6.15
Release : 1.fc42
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.
--------------------------------------------------------------------------------
Update Information:
Version 1.6.15
This is a security update to the stable version 1.6 of Roundcube Webmail.
It provides fixes to some regressions introduced in the previous release as well
a recently reported security vulnerability:
SVG Animate FUNCIRI Attribute Bypass ??? Remote Image Loading via
fill/filter/stroke, reported by class_nzm.
This version is considered stable and we recommend to update all productive
installations of Roundcube 1.6.x with it. Please do backup your data before
updating!
CHANGELOG
Fix regression where mail search would fail on non-ascii search criteria
(#10121)
Fix regression where some data url images could get ignored/lost (#10128)
Fix SVG Animate FUNCIRI Attribute Bypass ??? Remote Image Loading via
fill/filter/stroke
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Remi Collet [remi@remirepo.net] - 1.6.15-1
- update to 1.6.15
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2454784 - CVE-2026-35543 roundcubemail: Roundcube Webmail: Information disclosure and access-control bypass via animated SVG in email [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454784
[ 2 ] Bug #2454786 - CVE-2026-35545 roundcubemail: Roundcube Webmail: Information disclosure and access-control bypass via SVG content in email. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454786
[ 3 ] Bug #2454793 - CVE-2026-35538 CVE-2026-35539 CVE-2026-35540 CVE-2026-35541 CVE-2026-35542 CVE-2026-35544 roundcubemail: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454793
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-051825ca18' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: opensc-0.27.1-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-4440b00e25
2026-04-09 03:21:08.450905+00:00
--------------------------------------------------------------------------------
Name : opensc
Product : Fedora 43
Version : 0.27.1
Release : 1.fc43
URL : https://github.com/OpenSC/OpenSC/wiki
Summary : Smart card library and applications
Description :
OpenSC provides a set of libraries and utilities to work with smart cards. Its
main focus is on cards that support cryptographic operations, and facilitate
their use in security applications such as authentication, mail encryption and
digital signatures. OpenSC implements the PKCS#11 API so applications
supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On
the card OpenSC implements the PKCS#15 standard and aims to be compatible with
every software/card that does so, too.
--------------------------------------------------------------------------------
Update Information:
New upstream release (#2442363) fixing various security issues:
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 31 2026 Jakub Jelen [jjelen@redhat.com] - 0.27.1-1
- New upstream release (#2442363) fixing various security issues:
- CVE-2025-66038 Memory corruption via improper compact-TLV length validation
- CVE-2025-66215 Stack-buffer-overflow with physical access via crafted smart card or USB device
- CVE-2025-49010 Stack-buffer-overflow via crafted smart card or USB device responses
- CVE-2025-66037 Out-of-bounds read via crafted input
- CVE-2025-13763 Several uses of potentially uninitialized memory detected by fuzzers
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2442363 - opensc-0.27.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2442363
[ 2 ] Bug #2453188 - CVE-2025-66037 opensc: OpenSC: Out-of-bounds read via crafted input [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453188
[ 3 ] Bug #2453189 - CVE-2025-49010 opensc: OpenSC: Stack-buffer-overflow via crafted smart card or USB device responses [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453189
[ 4 ] Bug #2453190 - CVE-2025-66215 opensc: OpenSC: Stack-buffer-overflow with physical access via crafted smart card or USB device [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453190
[ 5 ] Bug #2453191 - CVE-2025-66038 opensc: OpenSC: Memory corruption via improper compact-TLV length validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453191
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-4440b00e25' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: python-biopython-1.87-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2953954ff3
2026-04-09 03:21:08.450887+00:00
--------------------------------------------------------------------------------
Name : python-biopython
Product : Fedora 43
Version : 1.87
Release : 1.fc43
URL : https://biopython.org/
Summary : Python tools for computational molecular biology
Description :
A set of freely available Python tools for computational molecular
biology.
--------------------------------------------------------------------------------
Update Information:
Release 1.87
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 31 2026 Antonio Trande [sagitter@fedoraproject.org] - 1.87-1
- Release 1.87
* Mon Feb 23 2026 Tom???? Hrn??iar [thrnciar@redhat.com] - 1.86-4
- Fix invalid extras in %pyproject_buildrequires -x
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.86-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2423524 - CVE-2025-68463 python-biopython: python-biopython: Information disclosure via XML External Entity (XXE) vulnerability in Bio.Entrez [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2423524
[ 2 ] Bug #2423525 - CVE-2025-68463 python-biopython: python-biopython: Information disclosure via XML External Entity (XXE) vulnerability in Bio.Entrez [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2423525
[ 3 ] Bug #2452984 - python-biopython-1.87 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2452984
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2953954ff3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: cef-146.0.9^chromium146.0.7680.164-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a67eba175f
2026-04-09 03:21:08.450885+00:00
--------------------------------------------------------------------------------
Name : cef
Product : Fedora 43
Version : 146.0.9^chromium146.0.7680.164
Release : 1.fc43
URL : https://bitbucket.org/chromiumembedded/cef
Summary : Chromium Embedded Framework
Description :
CEF is an embeddable build of Chromium, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to cef-146.0.9+g3ca6a87 + chromium 146.0.7680.164
High CVE-2026-4673: Heap buffer overflow in WebAudio
High CVE-2026-4674: Out of bounds read in CSS
High CVE-2026-4675: Heap buffer overflow in WebGL
High CVE-2026-4676: Use after free in Dawn
High CVE-2026-4677: Out of bounds read in WebAudio
High CVE-2026-4678: Use after free in WebGPU
High CVE-2026-4679: Integer overflow in Fonts
High CVE-2026-4680: Use after free in FedCM
CVE-2026-4439: Out of bounds memory access in WebGL
CVE-2026-4440: Out of bounds read and write in WebGL
CVE-2026-4441: Use after free in Base
CVE-2026-4442: Heap buffer overflow in CSS
CVE-2026-4443: Heap buffer overflow in WebAudio
CVE-2026-4444: Stack buffer overflow in WebRTC
CVE-2026-4445: Use after free in WebRTC
CVE-2026-4446: Use after free in WebRTC
CVE-2026-4447: Inappropriate implementation in V8
CVE-2026-4448: Heap buffer overflow in ANGLE
CVE-2026-4449: Use after free in Blink
CVE-2026-4450: Out of bounds write in V8
CVE-2026-4451: Insufficient validation of untrusted input in Navigation
CVE-2026-4452: Integer overflow in ANGLE
CVE-2026-4453: Integer overflow in Dawn
CVE-2026-4454: Use after free in Network
CVE-2026-4455: Heap buffer overflow in PDFium
CVE-2026-4456: Use after free in Digital Credentials API
CVE-2026-4457: Type Confusion in V8
CVE-2026-4458: Use after free in Extensions
CVE-2026-4459: Out of bounds read and write in WebAudio
CVE-2026-4460: Out of bounds read in Skia
CVE-2026-4461: Inappropriate implementation in V8
CVE-2026-4462: Out of bounds read in Blink
CVE-2026-4463: Heap buffer overflow in WebRTC
CVE-2026-4464: Integer overflow in ANGLE
CVE-2026-3909: Out of bounds write in Ski
CVE-2026-3909: Out of bounds write in Skia
CVE-2026-3910: Inappropriate implementation in V8
CVE-2026-3913: Heap buffer overflow in WebML
CVE-2026-3914: Integer overflow in WebML
CVE-2026-3915: Heap buffer overflow in WebML
CVE-2026-3916: Out of bounds read in Web Speech
CVE-2026-3917: Use after free in Agents
CVE-2026-3909: Out of bounds write in Skia
CVE-2026-3910: Inappropriate implementation in V8
CVE-2026-3913: Heap buffer overflow in WebML
CVE-2026-3914: Integer overflow in WebML
CVE-2026-3915: Heap buffer overflow in WebML
CVE-2026-3916: Out of bounds read in Web Speech
CVE-2026-3917: Use after free in Agents
CVE-2026-3918: Use after free in WebMCP
CVE-2026-3919: Use after free in Extensions
CVE-2026-3920: Out of bounds memory access in WebML
CVE-2026-3921: Use after free in TextEncoding
CVE-2026-3922: Use after free in MediaStream
CVE-2026-3923: Use after free in WebMIDI
CVE-2026-3924: Use after free in WindowDialog
CVE-2026-3925: Incorrect security UI in LookalikeChecks
CVE-2026-3926: Out of bounds read in V8
CVE-2026-3927: Incorrect security UI in PictureInPicture
CVE-2026-3928: Insufficient policy enforcement in Extensions
CVE-2026-3929: Side-channel information leakage in ResourceTiming
CVE-2026-3930: Unsafe navigation in Navigation
CVE-2026-3931: Heap buffer overflow in Skia
CVE-2026-3932: Insufficient policy enforcement in PDF
CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
CVE-2026-3935: Incorrect security UI in WebAppInstalls
CVE-2026-3936: Use after free in WebView
CVE-2026-3937: Incorrect security UI in Downloads
CVE-2026-3938: Insufficient policy enforcement in Clipboard
CVE-2026-3939: Insufficient policy enforcement in PDF
CVE-2026-3940: Insufficient policy enforcement in DevTools
CVE-2026-3941: Insufficient policy enforcement in DevTools
CVE-2026-3942: Incorrect security UI in PictureInPicture
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 31 2026 Hoshino Lina [lina@lina.yt] - 146.0.9^chromium146.0.7680.164-1
- Update to cef-146.0.9+g3ca6a87
* Wed Mar 25 2026 Than Ngo [than@redhat.com] - 146.0.6^chromium146.0.7680.164-1
- Update to 146.0.7680.164
- * High CVE-2026-4673: Heap buffer overflow in WebAudio
- * High CVE-2026-4674: Out of bounds read in CSS
- * High CVE-2026-4675: Heap buffer overflow in WebGL
- * High CVE-2026-4676: Use after free in Dawn
- * High CVE-2026-4677: Out of bounds read in WebAudio
- * High CVE-2026-4678: Use after free in WebGPU
- * High CVE-2026-4679: Integer overflow in Fonts
- * High CVE-2026-4680: Use after free in FedCM
* Wed Mar 25 2026 Than Ngo [than@redhat.com] - 146.0.6^chromium146.0.7680.153-1
- Update to 146.0.7680.153
- * CVE-2026-4439: Out of bounds memory access in WebGL
- * CVE-2026-4440: Out of bounds read and write in WebGL
- * CVE-2026-4441: Use after free in Base
- * CVE-2026-4442: Heap buffer overflow in CSS
- * CVE-2026-4443: Heap buffer overflow in WebAudio
- * CVE-2026-4444: Stack buffer overflow in WebRTC
- * CVE-2026-4445: Use after free in WebRTC
- * CVE-2026-4446: Use after free in WebRTC
- * CVE-2026-4447: Inappropriate implementation in V8
- * CVE-2026-4448: Heap buffer overflow in ANGLE
- * CVE-2026-4449: Use after free in Blink
- * CVE-2026-4450: Out of bounds write in V8
- * CVE-2026-4451: Insufficient validation of untrusted input in Navigation
- * CVE-2026-4452: Integer overflow in ANGLE
- * CVE-2026-4453: Integer overflow in Dawn
- * CVE-2026-4454: Use after free in Network
- * CVE-2026-4455: Heap buffer overflow in PDFium
- * CVE-2026-4456: Use after free in Digital Credentials API
- * CVE-2026-4457: Type Confusion in V8
- * CVE-2026-4458: Use after free in Extensions
- * CVE-2026-4459: Out of bounds read and write in WebAudio
- * CVE-2026-4460: Out of bounds read in Skia
- * CVE-2026-4461: Inappropriate implementation in V8
- * CVE-2026-4462: Out of bounds read in Blink
- * CVE-2026-4463: Heap buffer overflow in WebRTC
- * CVE-2026-4464: Integer overflow in ANGLE
* Wed Mar 25 2026 Than Ngo [than@redhat.com] - 146.0.6^chromium146.0.7680.80-1
- Update to 146.0.7680.80
- * CVE-2026-3909: Out of bounds write in Ski
* Wed Mar 25 2026 Than Ngo [than@redhat.com] - 146.0.6^chromium146.0.7680.75-1
- Update to 146.0.7680.75
- * CVE-2026-3909: Out of bounds write in Skia
- * CVE-2026-3910: Inappropriate implementation in V8
* Wed Mar 25 2026 Than Ngo [than@redhat.com] - 146.0.6^chromium146.0.7680.71-1
- Update to 146.0.7680.71
- * CVE-2026-3913: Heap buffer overflow in WebML
- * CVE-2026-3914: Integer overflow in WebML
- * CVE-2026-3915: Heap buffer overflow in WebML
- * CVE-2026-3916: Out of bounds read in Web Speech
- * CVE-2026-3917: Use after free in Agents
- * CVE-2026-3918: Use after free in WebMCP
- * CVE-2026-3919: Use after free in Extensions
- * CVE-2026-3920: Out of bounds memory access in WebML
- * CVE-2026-3921: Use after free in TextEncoding
- * CVE-2026-3922: Use after free in MediaStream
- * CVE-2026-3923: Use after free in WebMIDI
- * CVE-2026-3924: Use after free in WindowDialog
- * CVE-2026-3925: Incorrect security UI in LookalikeChecks
- * CVE-2026-3926: Out of bounds read in V8
- * CVE-2026-3927: Incorrect security UI in PictureInPicture
- * CVE-2026-3928: Insufficient policy enforcement in Extensions
- * CVE-2026-3929: Side-channel information leakage in ResourceTiming
- * CVE-2026-3930: Unsafe navigation in Navigation
- * CVE-2026-3931: Heap buffer overflow in Skia
- * CVE-2026-3932: Insufficient policy enforcement in PDF
- * CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
- * CVE-2026-3935: Incorrect security UI in WebAppInstalls
- * CVE-2026-3936: Use after free in WebView
- * CVE-2026-3937: Incorrect security UI in Downloads
- * CVE-2026-3938: Insufficient policy enforcement in Clipboard
- * CVE-2026-3939: Insufficient policy enforcement in PDF
- * CVE-2026-3940: Insufficient policy enforcement in DevTools
- * CVE-2026-3941: Insufficient policy enforcement in DevTools
- * CVE-2026-3942: Incorrect security UI in PictureInPicture
- Fix build errors
- Refresh patches for new upstream changes
- Remove patches merged by upstream
- Hoshino Lina: Update to cef-146.0.6+g68649e2 (rhbz#2450085)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2451647 - cef-146.0.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451647
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a67eba175f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: python-pydicom-3.0.2-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f5c971af6c
2026-04-09 03:21:08.450877+00:00
--------------------------------------------------------------------------------
Name : python-pydicom
Product : Fedora 43
Version : 3.0.2
Release : 1.fc43
URL : https://github.com/darcymason/pydicom
Summary : Read, modify and write DICOM files with python code
Description :
pydicom is a pure python package for working with DICOM files. It was made for
inspecting and modifying DICOM data in an easy "pythonic" way. The
modifications can be written again to a new file.
pydicom is not a DICOM server, and is not primarily about viewing images. It is
designed to let you manipulate data elements in DICOM files with python code.
Limitations -- the main limitation of the current version is that compressed
pixel data (e.g. JPEG) cannot be altered in an intelligent way as it can for
uncompressed pixels. Files can always be read and saved, but compressed pixel
data cannot easily be modified.
Documentation is available at https://pydicom.github.io/pydicom
--------------------------------------------------------------------------------
Update Information:
Patch release for security advisory
CVE-2026-32711. A crafted
DICOMDIR could create a path traversal by setting ReferencedFileID to a path
outside the File-set root.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 31 2026 Packit [hello@packit.dev] - 3.0.2-1
- Update to 3.0.2 upstream release
- Resolves: rhbz#2449267
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 3.0.1-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2449267 - python-pydicom-3.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449267
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f5c971af6c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: roundcubemail-1.6.15-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8ba1a085a9
2026-04-09 03:21:08.450860+00:00
--------------------------------------------------------------------------------
Name : roundcubemail
Product : Fedora 43
Version : 1.6.15
Release : 1.fc43
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.
--------------------------------------------------------------------------------
Update Information:
Version 1.6.15
This is a security update to the stable version 1.6 of Roundcube Webmail.
It provides fixes to some regressions introduced in the previous release as well
a recently reported security vulnerability:
SVG Animate FUNCIRI Attribute Bypass ??? Remote Image Loading via
fill/filter/stroke, reported by class_nzm.
This version is considered stable and we recommend to update all productive
installations of Roundcube 1.6.x with it. Please do backup your data before
updating!
CHANGELOG
Fix regression where mail search would fail on non-ascii search criteria
(#10121)
Fix regression where some data url images could get ignored/lost (#10128)
Fix SVG Animate FUNCIRI Attribute Bypass ??? Remote Image Loading via
fill/filter/stroke
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Remi Collet [remi@remirepo.net] - 1.6.15-1
- update to 1.6.15
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2454784 - CVE-2026-35543 roundcubemail: Roundcube Webmail: Information disclosure and access-control bypass via animated SVG in email [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454784
[ 2 ] Bug #2454786 - CVE-2026-35545 roundcubemail: Roundcube Webmail: Information disclosure and access-control bypass via SVG content in email. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454786
[ 3 ] Bug #2454793 - CVE-2026-35538 CVE-2026-35539 CVE-2026-35540 CVE-2026-35541 CVE-2026-35542 CVE-2026-35544 roundcubemail: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454793
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8ba1a085a9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
