Fedora 43 Update: chromium-148.0.7778.178-1.fc43
Fedora 43 Update: perl-Crypt-DSA-1.20-1.fc43
Fedora 43 Update: rust-eif_build-0.2.1-7.fc43
Fedora 43 Update: haproxy-3.0.23-2.fc43
Fedora 43 Update: rust-coreos-installer-0.26.0-2.fc43
Fedora 43 Update: rust-sequoia-sqv-1.3.0-6.fc43
Fedora 43 Update: rust-afterburn-5.10.0-7.fc43
Fedora 43 Update: rust-sequoia-keystore-server-0.2.0-7.fc43
Fedora 43 Update: rust-sequoia-sq-1.3.1-11.fc43
Fedora 43 Update: rust-sequoia-sop-0.37.3-3.fc43
Fedora 43 Update: rust-sequoia-openpgp-2.3.0-1.fc43
Fedora 43 Update: rust-sequoia-git-0.6.0-2.fc43
Fedora 43 Update: rust-sequoia-octopus-librnp-1.11.1-6.fc43
Fedora 43 Update: rust-sequoia-chameleon-gnupg-0.13.1-12.fc43
Fedora 43 Update: rust-rpm-sequoia-1.10.2-2.fc43
Fedora 43 Update: curl-8.15.0-7.fc43
Fedora 43 Update: uriparser-1.0.2-1.fc43
Fedora 43 Update: editorconfig-0.12.11-1.fc43
Fedora 42 Update: perl-Crypt-DSA-1.20-1.fc42
Fedora 42 Update: haproxy-3.0.23-2.fc42
Fedora 42 Update: rust-sequoia-octopus-librnp-1.11.1-6.fc42
Fedora 42 Update: rust-sequoia-sq-1.3.1-11.fc42
Fedora 42 Update: rust-sequoia-keystore-server-0.2.0-7.fc42
Fedora 42 Update: rust-sequoia-git-0.6.0-2.fc42
Fedora 42 Update: rust-rpm-sequoia-1.10.2-2.fc42
Fedora 42 Update: rust-sequoia-sqv-1.3.0-6.fc42
Fedora 42 Update: rust-sequoia-openpgp-2.3.0-1.fc42
Fedora 42 Update: rust-sequoia-sop-0.37.3-3.fc42
Fedora 42 Update: rust-sequoia-chameleon-gnupg-0.13.1-12.fc42
Fedora 42 Update: editorconfig-0.12.11-1.fc42
Fedora 42 Update: poppler-25.02.0-6.fc42
Fedora 44 Update: perl-HTTP-Tiny-0.094-1.fc44
Fedora 44 Update: perl-Crypt-DSA-1.20-1.fc44
Fedora 44 Update: haproxy-3.0.23-2.fc44
Fedora 44 Update: rust-eif_build-0.2.1-7.fc44
Fedora 44 Update: rust-coreos-installer-0.26.0-2.fc44
Fedora 44 Update: rust-afterburn-5.10.0-7.fc44
Fedora 44 Update: editorconfig-0.12.11-1.fc44
[SECURITY] Fedora 43 Update: chromium-148.0.7778.178-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b17799ac62
2026-05-27 01:26:15.594803+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 43
Version : 148.0.7778.178
Release : 1.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 148.0.7778.178
CVE-2026-9111: Use after free in WebRTC
CVE-2026-9110: Inappropriate implementation in UI
CVE-2026-9112: Use after free in GPU
CVE-2026-9113: Out of bounds read in GPU
CVE-2026-9114: Use after free in QUIC
CVE-2026-9115: Insufficient policy enforcement in Service Worker
CVE-2026-9116: Insufficient policy enforcement in ServiceWorker
CVE-2026-9117: Type Confusion in GFX
CVE-2026-9118: Use after free in XR
CVE-2026-9119: Heap buffer overflow in WebRTC
CVE-2026-9120: Use after free in WebRTC
CVE-2026-9126: Use after free in DOM
CVE-2026-9121: Out of bounds read in GPU
CVE-2026-9122: Out of bounds read in GPU
CVE-2026-9123: Heap buffer overflow in Chromecast
CVE-2026-9124: Insufficient validation of untrusted input in Input
Update to 148.0.7778.167
CVE-2026-8509: Heap buffer overflow in WebML
CVE-2026-8510: Integer overflow in Skia
CVE-2026-8511: Use after free in UI
CVE-2026-8512: Use after free in FileSystem
CVE-2026-8513: Use after free in Input
CVE-2026-8514: Use after free in Aura
CVE-2026-8515: Use after free in HID
CVE-2026-8516: Insufficient validation of untrusted input in DataTransfer
CVE-2026-8517: Object lifecycle issue in WebShare
CVE-2026-8518: Use after free in Blink
CVE-2026-8519: Integer overflow in ANGLE
CVE-2026-8520: Race in Payments
CVE-2026-8521: Use after free in Tab Groups
CVE-2026-8522: Use after free in Downloads
CVE-2026-8523: Use after free in Mojo
CVE-2026-8558: Out of bounds write in Fonts
CVE-2026-8524: Out of bounds write in WebAudio
CVE-2026-8525: Heap buffer overflow in ANGLE
CVE-2026-8526: Out of bounds write in WebRTC
CVE-2026-8527: Insufficient validation of untrusted input in Downloads
CVE-2026-8528: Insufficient validation of untrusted input in SiteIsolation
CVE-2026-8529: Heap buffer overflow in Codecs
CVE-2026-8530: Use after free in Network
CVE-2026-8531: Heap buffer overflow in WebML
CVE-2026-8532: Integer overflow in XML
CVE-2026-8533: Use after free in Accessibility
CVE-2026-8534: Integer overflow in GPU
CVE-2026-8535: Out of bounds read in Media
CVE-2026-8536: Insufficient validation of untrusted input in ReadingMode
CVE-2026-8537: Insufficient policy enforcement in ViewTransitions
CVE-2026-8538: Insufficient validation of untrusted input in GPU
CVE-2026-8539: Script injection in SanitizerAPI
CVE-2026-8540: Type Confusion in V8
CVE-2026-8541: Out of bounds read in UI
CVE-2026-8542: Use after free in Core
CVE-2026-8543: Out of bounds read in FileSystem
CVE-2026-8544: Use after free in Media
CVE-2026-8545: Object corruption in Compositing
CVE-2026-8546: Out of bounds read in GPU
CVE-2026-8547: Insufficient policy enforcement in Passwords
CVE-2026-8548: Out of bounds write in Media
CVE-2026-8549: Use after free in Media
CVE-2026-8550: Use after free in Google Lens
CVE-2026-8551: Use after free in Downloads
CVE-2026-8552: Heap buffer overflow in GPU
CVE-2026-8553: Use after free in GPU
CVE-2026-8554: Type Confusion in ANGLE
CVE-2026-8555: Use after free in GTK
CVE-2026-8556: Inappropriate implementation in ANGLE
CVE-2026-8557: Use after free in Accessibility
CVE-2026-8559: Integer overflow in Internationalization
CVE-2026-8560: Heap buffer overflow in SwiftShader
CVE-2026-8561: Incorrect security UI in Fullscreen
CVE-2026-8562: Side-channel information leakage in Navigation
CVE-2026-8563: Insufficient policy enforcement in IFrame Sandbox
CVE-2026-8564: Incorrect security UI in Downloads
CVE-2026-8565: Inappropriate implementation in Downloads
CVE-2026-8566: Insufficient policy enforcement in Payments
CVE-2026-8567: Integer overflow in ANGLE
CVE-2026-8568: Insufficient policy enforcement in AI
CVE-2026-8569: Out of bounds write in Codecs
CVE-2026-8570: Type Confusion in V8
CVE-2026-8571: Insufficient policy enforcement in GPU
CVE-2026-8572: Insufficient policy enforcement in Network
CVE-2026-8573: Integer overflow in Codecs
CVE-2026-8574: Use after free in Core
CVE-2026-8575: Use after free in UI
CVE-2026-8576: Inappropriate implementation in CORS
CVE-2026-8577: Integer overflow in Fonts
CVE-2026-8578: Out of bounds read in GPU
CVE-2026-8579: Insufficient validation of untrusted input in Skia
CVE-2026-8580: Use after free in Mojo
CVE-2026-8581: Use after free in GPU
CVE-2026-8582: Object lifecycle issue in Dawn
CVE-2026-8583: Insufficient policy enforcement in WebXR
CVE-2026-8584: Inappropriate implementation in Views
CVE-2026-8585: Inappropriate implementation in Media
CVE-2026-8586: Inappropriate implementation in Chromoting
CVE-2026-8587: Use after free in Extensions
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 20 2026 Than Ngo [than@redhat.com] - 148.0.7778.178-1
- Update to 148.0.7778.178
* CVE-2026-9111: Use after free in WebRTC
* CVE-2026-9110: Inappropriate implementation in UI
* CVE-2026-9112: Use after free in GPU
* CVE-2026-9113: Out of bounds read in GPU
* CVE-2026-9114: Use after free in QUIC
* CVE-2026-9115: Insufficient policy enforcement in Service Worker
* CVE-2026-9116: Insufficient policy enforcement in ServiceWorker
* CVE-2026-9117: Type Confusion in GFX
* CVE-2026-9118: Use after free in XR
* CVE-2026-9119: Heap buffer overflow in WebRTC
* CVE-2026-9120: Use after free in WebRTC
* CVE-2026-9126: Use after free in DOM
* CVE-2026-9121: Out of bounds read in GPU
* CVE-2026-9122: Out of bounds read in GPU
* CVE-2026-9123: Heap buffer overflow in Chromecast
* CVE-2026-9124: Insufficient validation of untrusted input in Input
- Backport upstream patches to improve auto dark image inversion logic
- Update default chromium browser config
* Fri May 15 2026 Than Ngo [than@redhat.com] - 148.0.7778.167-1
- Update to 148.0.7778.167
* CVE-2026-8509: Heap buffer overflow in WebML
* CVE-2026-8510: Integer overflow in Skia
* CVE-2026-8511: Use after free in UI
* CVE-2026-8512: Use after free in FileSystem
* CVE-2026-8513: Use after free in Input
* CVE-2026-8514: Use after free in Aura
* CVE-2026-8515: Use after free in HID
* CVE-2026-8516: Insufficient validation of untrusted input in DataTransfer
* CVE-2026-8517: Object lifecycle issue in WebShare
* CVE-2026-8518: Use after free in Blink
* CVE-2026-8519: Integer overflow in ANGLE
* CVE-2026-8520: Race in Payments
* CVE-2026-8521: Use after free in Tab Groups
* CVE-2026-8522: Use after free in Downloads
* CVE-2026-8523: Use after free in Mojo
* CVE-2026-8558: Out of bounds write in Fonts
* CVE-2026-8524: Out of bounds write in WebAudio
* CVE-2026-8525: Heap buffer overflow in ANGLE
* CVE-2026-8526: Out of bounds write in WebRTC
* CVE-2026-8527: Insufficient validation of untrusted input in Downloads
* CVE-2026-8528: Insufficient validation of untrusted input in SiteIsolation
* CVE-2026-8529: Heap buffer overflow in Codecs
* CVE-2026-8530: Use after free in Network
* CVE-2026-8531: Heap buffer overflow in WebML
* CVE-2026-8532: Integer overflow in XML
* CVE-2026-8533: Use after free in Accessibility
* CVE-2026-8534: Integer overflow in GPU
* CVE-2026-8535: Out of bounds read in Media
* CVE-2026-8536: Insufficient validation of untrusted input in ReadingMode
* CVE-2026-8537: Insufficient policy enforcement in ViewTransitions
* CVE-2026-8538: Insufficient validation of untrusted input in GPU
* CVE-2026-8539: Script injection in SanitizerAPI
* CVE-2026-8540: Type Confusion in V8
* CVE-2026-8541: Out of bounds read in UI
* CVE-2026-8542: Use after free in Core
* CVE-2026-8543: Out of bounds read in FileSystem
* CVE-2026-8544: Use after free in Media
* CVE-2026-8545: Object corruption in Compositing
* CVE-2026-8546: Out of bounds read in GPU
* CVE-2026-8547: Insufficient policy enforcement in Passwords
* CVE-2026-8548: Out of bounds write in Media
* CVE-2026-8549: Use after free in Media
* CVE-2026-8550: Use after free in Google Lens
* CVE-2026-8551: Use after free in Downloads
* CVE-2026-8552: Heap buffer overflow in GPU
* CVE-2026-8553: Use after free in GPU
* CVE-2026-8554: Type Confusion in ANGLE
* CVE-2026-8555: Use after free in GTK
* CVE-2026-8556: Inappropriate implementation in ANGLE
* CVE-2026-8557: Use after free in Accessibility
* CVE-2026-8559: Integer overflow in Internationalization
* CVE-2026-8560: Heap buffer overflow in SwiftShader
* CVE-2026-8561: Incorrect security UI in Fullscreen
* CVE-2026-8562: Side-channel information leakage in Navigation
* CVE-2026-8563: Insufficient policy enforcement in IFrame Sandbox
* CVE-2026-8564: Incorrect security UI in Downloads
* CVE-2026-8565: Inappropriate implementation in Downloads
* CVE-2026-8566: Insufficient policy enforcement in Payments
* CVE-2026-8567: Integer overflow in ANGLE
* CVE-2026-8568: Insufficient policy enforcement in AI
* CVE-2026-8569: Out of bounds write in Codecs
* CVE-2026-8570: Type Confusion in V8
* CVE-2026-8571: Insufficient policy enforcement in GPU
* CVE-2026-8572: Insufficient policy enforcement in Network
* CVE-2026-8573: Integer overflow in Codecs
* CVE-2026-8574: Use after free in Core
* CVE-2026-8575: Use after free in UI
* CVE-2026-8576: Inappropriate implementation in CORS
* CVE-2026-8577: Integer overflow in Fonts
* CVE-2026-8578: Out of bounds read in GPU
* CVE-2026-8579: Insufficient validation of untrusted input in Skia
* CVE-2026-8580: Use after free in Mojo
* CVE-2026-8581: Use after free in GPU
* CVE-2026-8582: Object lifecycle issue in Dawn
* CVE-2026-8583: Insufficient policy enforcement in WebXR
* CVE-2026-8584: Inappropriate implementation in Views
* CVE-2026-8585: Inappropriate implementation in Media
* CVE-2026-8586: Inappropriate implementation in Chromoting
* CVE-2026-8587: Use after free in Extensions
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2468370 - CVE-2026-7896 CVE-2026-7897 CVE-2026-7898 CVE-2026-7899 CVE-2026-7900 CVE-2026-7901 CVE-2026-7902 CVE-2026-7903 CVE-2026-7904 CVE-2026-7905 CVE-2026-7906 CVE-2026-7907 CVE-2026-7908 CVE-2026-7909 CVE-2026-7910 ... chromium: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2468370
[ 2 ] Bug #2477796 - CVE-2026-8509 CVE-2026-8510 CVE-2026-8511 CVE-2026-8512 CVE-2026-8513 CVE-2026-8514 CVE-2026-8515 CVE-2026-8516 CVE-2026-8517 CVE-2026-8518 CVE-2026-8519 CVE-2026-8520 CVE-2026-8521 CVE-2026-8522 CVE-2026-8523 ... chromium: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477796
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b17799ac62' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: perl-Crypt-DSA-1.20-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fdc100f74f
2026-05-27 01:26:15.594778+00:00
--------------------------------------------------------------------------------
Name : perl-Crypt-DSA
Product : Fedora 43
Version : 1.20
Release : 1.fc43
URL : https://metacpan.org/release/Crypt-DSA
Summary : Perl module for DSA signatures and key generation
Description :
Crypt::DSA is an implementation of the DSA (Digital Signature Algorithm)
signature verification system. This package provides DSA signing, signature
verification, and key generation.
DSA (Digital Signature Algorithm) signatures are no longer considered to be
adequate for security. This module should only be used for verifying old
signatures and should not be used for new signatures. That being said, some
technologies still require DSA signatures even now. Consider using other
solutions or explicitly not using DSA signatures. Crypt-DSA-GMP is a possible
replacement.
--------------------------------------------------------------------------------
Update Information:
This update fixes a couple of security issues:
Replace two arg open (CVE-2026-8704)
Replace rand() with a cryptographically-secure source of random data for seed
generation (CVE-2026-8700)
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 18 2026 Paul Howarth - 1.20-1
- Update to 1.20
- This module is now marked as deprecated: Crypt-DSA-GMP is a possible
replacement
- Improve the call to IPC::Open3::open3
- Replace two arg open (CVE-2026-8704)
- Replace rand() (CVE-2026-8700)
- Add a security policy
- Add use warnings
- Typo fix (CPAN RT#86424)
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.19-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2479633 - CVE-2026-8700 perl-Crypt-DSA: perl-Crypt-DSA: Weakening of cryptographic security via predictable seed generation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2479633
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fdc100f74f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-eif_build-0.2.1-7.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-507f965d21
2026-05-27 01:26:15.594757+00:00
--------------------------------------------------------------------------------
Name : rust-eif_build
Product : Fedora 43
Version : 0.2.1
Release : 7.fc43
URL : https://crates.io/crates/eif_build
Summary : CLI tool to create EIF files for AWS Nitro Enclaves
Description :
This CLI tool provides a low level path to assemble an enclave image
format (EIF) file used in AWS Nitro Enclaves.
--------------------------------------------------------------------------------
Update Information:
Rebuild with version 0.10.79 of the openssl crate which includes fixes for the
following security issues:
CVE-2026-41676 / GHSA-pqf5-4pqq-29f5
CVE-2026-41677 / GHSA-xmgf-hq76-4vx2
CVE-2026-41678 / GHSA-8c75-8mhr-p7r9
CVE-2026-41681 / GHSA-ghm9-cr32-g9qj
CVE-2026-41898 / GHSA-hppc-g8h3-xhp3
CVE-2026-42327 / GHSA-xp3w-r5p5-63rr
CVE-2026-44662 / GHSA-xv59-967r-8726
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 0.2.1-7
- Rebuild for rust-openssl
CVE-2026-{41676,41677,41678,41681,41898,42327,44662}
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-507f965d21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: haproxy-3.0.23-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-164a1e3151
2026-05-27 01:26:15.594760+00:00
--------------------------------------------------------------------------------
Name : haproxy
Product : Fedora 43
Version : 3.0.23
Release : 2.fc43
URL : https://www.haproxy.org/
Summary : Reliable, high-performance TCP/HTTP load-balancing reverse proxy
Description :
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
availability environments. Indeed, it can:
- route HTTP requests depending on statically assigned cookies
- spread load among several servers while assuring server persistence
through the use of HTTP cookies
- switch to backup servers in the event a main one fails
- accept connections to special ports dedicated to service monitoring
- stop accepting connections without breaking existing ones
- add, modify, and delete HTTP headers in both directions
- block requests matching particular patterns
- report detailed status to authenticated users from a URI intercepted
from the application
--------------------------------------------------------------------------------
Update Information:
Upgrade to 3.0.23 (see https://www.haproxy.org/download/3.0/src/CHANGELOG for
full upstream changelog)
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 18 2026 Robert Scheck [robert@fedoraproject.org] - 3.0.23-2
- Revert to permissions 0755 for root:root on /var/lib/haproxy
* Sat May 16 2026 Robert Scheck [robert@fedoraproject.org] - 3.0.23-1
- Upgrade to 3.0.23
- Spec file cleanup and modernization (thanks to Xose Vazquez Perez)
* Thu Apr 16 2026 Tom Callaway [spot@fedoraproject.org] - 3.0.19-1
- update to 3.0.19
* Tue Mar 3 2026 Tom Callaway [spot@fedoraproject.org] - 3.0.17-1
- update to 3.0.17, lua 5.5
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 3.0.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2413003 - CVE-2025-11230 haproxy: denial of service vulnerability in HAProxy mjson library
https://bugzilla.redhat.com/show_bug.cgi?id=2413003
[ 2 ] Bug #2457920 - CVE-2026-33555 haproxy: HAProxy: Request smuggling via HTTP/3 parser desynchronization
https://bugzilla.redhat.com/show_bug.cgi?id=2457920
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-164a1e3151' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-coreos-installer-0.26.0-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b242a3b068
2026-05-27 01:26:15.594754+00:00
--------------------------------------------------------------------------------
Name : rust-coreos-installer
Product : Fedora 43
Version : 0.26.0
Release : 2.fc43
URL : https://crates.io/crates/coreos-installer
Summary : Installer for Fedora CoreOS and RHEL CoreOS
Description :
coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal
machines (or, occasionally, to virtual machines).
--------------------------------------------------------------------------------
Update Information:
Rebuild with version 0.10.79 of the openssl crate which includes fixes for the
following security issues:
CVE-2026-41676 / GHSA-pqf5-4pqq-29f5
CVE-2026-41677 / GHSA-xmgf-hq76-4vx2
CVE-2026-41678 / GHSA-8c75-8mhr-p7r9
CVE-2026-41681 / GHSA-ghm9-cr32-g9qj
CVE-2026-41898 / GHSA-hppc-g8h3-xhp3
CVE-2026-42327 / GHSA-xp3w-r5p5-63rr
CVE-2026-44662 / GHSA-xv59-967r-8726
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 0.26.0-2
- Rebuild for rust-openssl CVE-2026-{41676,41677,41678,41681,41898,42327,44662}
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b242a3b068' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-sequoia-sqv-1.3.0-6.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-38d57d2e7a
2026-05-27 01:26:15.594744+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-sqv
Product : Fedora 43
Version : 1.3.0
Release : 6.fc43
URL : https://crates.io/crates/sequoia-sqv
Summary : Simple OpenPGP signature verification program
Description :
A simple OpenPGP signature verification program.
--------------------------------------------------------------------------------
Update Information:
Update sequoia-openpgp to version 2.3.0.
This includes three security relevant fixes (assigned CVE-2026-42783,
CVE-2026-42784, and CVE-not-assigned-yet), see "Notable fixes" in the release
notes: https://gitlab.com/sequoia-pgp/sequoia/-/raw/openpgp/v2.3.0/openpgp/NEWS
This update includes rebuilds of all affected applications to pick up the fixes
for these issues.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 1.3.0-6
- Rebuild for sequoia-openpgp v2.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2469048 - rust-sequoia-openpgp-2.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2469048
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-38d57d2e7a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-afterburn-5.10.0-7.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7b69143f64
2026-05-27 01:26:15.594752+00:00
--------------------------------------------------------------------------------
Name : rust-afterburn
Product : Fedora 43
Version : 5.10.0
Release : 7.fc43
URL : https://crates.io/crates/afterburn
Summary : Simple cloud provider agent
Description :
A simple cloud provider agent.
--------------------------------------------------------------------------------
Update Information:
Rebuild with version 0.10.79 of the openssl crate which includes fixes for the
following security issues:
CVE-2026-41676 / GHSA-pqf5-4pqq-29f5
CVE-2026-41677 / GHSA-xmgf-hq76-4vx2
CVE-2026-41678 / GHSA-8c75-8mhr-p7r9
CVE-2026-41681 / GHSA-ghm9-cr32-g9qj
CVE-2026-41898 / GHSA-hppc-g8h3-xhp3
CVE-2026-42327 / GHSA-xp3w-r5p5-63rr
CVE-2026-44662 / GHSA-xv59-967r-8726
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 5.10.0-7
- Rebuild for rust-openssl CVE-2026-{41676,41677,41678,41681,41898,42327,44662}
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7b69143f64' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-sequoia-keystore-server-0.2.0-7.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-38d57d2e7a
2026-05-27 01:26:15.594744+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-keystore-server
Product : Fedora 43
Version : 0.2.0
Release : 7.fc43
URL : https://crates.io/crates/sequoia-keystore-server
Summary : Sequoia keystore daemon
Description :
Sequoia keystore daemon.
--------------------------------------------------------------------------------
Update Information:
Update sequoia-openpgp to version 2.3.0.
This includes three security relevant fixes (assigned CVE-2026-42783,
CVE-2026-42784, and CVE-not-assigned-yet), see "Notable fixes" in the release
notes: https://gitlab.com/sequoia-pgp/sequoia/-/raw/openpgp/v2.3.0/openpgp/NEWS
This update includes rebuilds of all affected applications to pick up the fixes
for these issues.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 0.2.0-7
- Rebuild for sequoia-openpgp v2.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2469048 - rust-sequoia-openpgp-2.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2469048
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-38d57d2e7a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-sequoia-sq-1.3.1-11.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-38d57d2e7a
2026-05-27 01:26:15.594744+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-sq
Product : Fedora 43
Version : 1.3.1
Release : 11.fc43
URL : https://crates.io/crates/sequoia-sq
Summary : Command-line frontends for Sequoia
Description :
Command-line frontends for Sequoia.
--------------------------------------------------------------------------------
Update Information:
Update sequoia-openpgp to version 2.3.0.
This includes three security relevant fixes (assigned CVE-2026-42783,
CVE-2026-42784, and CVE-not-assigned-yet), see "Notable fixes" in the release
notes: https://gitlab.com/sequoia-pgp/sequoia/-/raw/openpgp/v2.3.0/openpgp/NEWS
This update includes rebuilds of all affected applications to pick up the fixes
for these issues.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 1.3.1-11
- Rebuild for sequoia-openpgp v2.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2469048 - rust-sequoia-openpgp-2.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2469048
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-38d57d2e7a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-sequoia-sop-0.37.3-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-38d57d2e7a
2026-05-27 01:26:15.594744+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-sop
Product : Fedora 43
Version : 0.37.3
Release : 3.fc43
URL : https://crates.io/crates/sequoia-sop
Summary : Implementation of the Stateless OpenPGP Interface using Sequoia
Description :
An implementation of the Stateless OpenPGP Interface using Sequoia.
--------------------------------------------------------------------------------
Update Information:
Update sequoia-openpgp to version 2.3.0.
This includes three security relevant fixes (assigned CVE-2026-42783,
CVE-2026-42784, and CVE-not-assigned-yet), see "Notable fixes" in the release
notes: https://gitlab.com/sequoia-pgp/sequoia/-/raw/openpgp/v2.3.0/openpgp/NEWS
This update includes rebuilds of all affected applications to pick up the fixes
for these issues.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 0.37.3-3
- Rebuild for sequoia-openpgp v2.3.0
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.37.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2469048 - rust-sequoia-openpgp-2.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2469048
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-38d57d2e7a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-sequoia-openpgp-2.3.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-38d57d2e7a
2026-05-27 01:26:15.594744+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-openpgp
Product : Fedora 43
Version : 2.3.0
Release : 1.fc43
URL : https://crates.io/crates/sequoia-openpgp
Summary : OpenPGP data types and associated machinery
Description :
OpenPGP data types and associated machinery.
--------------------------------------------------------------------------------
Update Information:
Update sequoia-openpgp to version 2.3.0.
This includes three security relevant fixes (assigned CVE-2026-42783,
CVE-2026-42784, and CVE-not-assigned-yet), see "Notable fixes" in the release
notes: https://gitlab.com/sequoia-pgp/sequoia/-/raw/openpgp/v2.3.0/openpgp/NEWS
This update includes rebuilds of all affected applications to pick up the fixes
for these issues.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 2.3.0-1
- Update to version 2.3.0; Fixes RHBZ#2469048
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2469048 - rust-sequoia-openpgp-2.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2469048
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-38d57d2e7a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-sequoia-git-0.6.0-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-38d57d2e7a
2026-05-27 01:26:15.594744+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-git
Product : Fedora 43
Version : 0.6.0
Release : 2.fc43
URL : https://crates.io/crates/sequoia-git
Summary : Tool for managing and enforcing a commit signing policy
Description :
A tool for managing and enforcing a commit signing policy.
--------------------------------------------------------------------------------
Update Information:
Update sequoia-openpgp to version 2.3.0.
This includes three security relevant fixes (assigned CVE-2026-42783,
CVE-2026-42784, and CVE-not-assigned-yet), see "Notable fixes" in the release
notes: https://gitlab.com/sequoia-pgp/sequoia/-/raw/openpgp/v2.3.0/openpgp/NEWS
This update includes rebuilds of all affected applications to pick up the fixes
for these issues.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 0.6.0-2
- Rebuild for sequoia-openpgp v2.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2469048 - rust-sequoia-openpgp-2.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2469048
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-38d57d2e7a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-sequoia-octopus-librnp-1.11.1-6.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-38d57d2e7a
2026-05-27 01:26:15.594744+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-octopus-librnp
Product : Fedora 43
Version : 1.11.1
Release : 6.fc43
URL : https://crates.io/crates/sequoia-octopus-librnp
Summary : Reimplementation of RNP's interface using Sequoia for use with Thunderbird
Description :
Reimplementation of RNP's interface using Sequoia for use with
Thunderbird.
--------------------------------------------------------------------------------
Update Information:
Update sequoia-openpgp to version 2.3.0.
This includes three security relevant fixes (assigned CVE-2026-42783,
CVE-2026-42784, and CVE-not-assigned-yet), see "Notable fixes" in the release
notes: https://gitlab.com/sequoia-pgp/sequoia/-/raw/openpgp/v2.3.0/openpgp/NEWS
This update includes rebuilds of all affected applications to pick up the fixes
for these issues.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 1.11.1-6
- Rebuild for sequoia-openpgp v2.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2469048 - rust-sequoia-openpgp-2.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2469048
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-38d57d2e7a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-sequoia-chameleon-gnupg-0.13.1-12.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-38d57d2e7a
2026-05-27 01:26:15.594744+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-chameleon-gnupg
Product : Fedora 43
Version : 0.13.1
Release : 12.fc43
URL : https://crates.io/crates/sequoia-chameleon-gnupg
Summary : Sequoia's reimplementation of the GnuPG interface
Description :
Sequoia's reimplementation of the GnuPG interface.
--------------------------------------------------------------------------------
Update Information:
Update sequoia-openpgp to version 2.3.0.
This includes three security relevant fixes (assigned CVE-2026-42783,
CVE-2026-42784, and CVE-not-assigned-yet), see "Notable fixes" in the release
notes: https://gitlab.com/sequoia-pgp/sequoia/-/raw/openpgp/v2.3.0/openpgp/NEWS
This update includes rebuilds of all affected applications to pick up the fixes
for these issues.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 0.13.1-12
- Rebuild for sequoia-openpgp v2.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2469048 - rust-sequoia-openpgp-2.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2469048
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-38d57d2e7a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-rpm-sequoia-1.10.2-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-38d57d2e7a
2026-05-27 01:26:15.594744+00:00
--------------------------------------------------------------------------------
Name : rust-rpm-sequoia
Product : Fedora 43
Version : 1.10.2
Release : 2.fc43
URL : https://crates.io/crates/rpm-sequoia
Summary : Implementation of the RPM PGP interface using Sequoia
Description :
An implementation of the RPM PGP interface using Sequoia.
--------------------------------------------------------------------------------
Update Information:
Update sequoia-openpgp to version 2.3.0.
This includes three security relevant fixes (assigned CVE-2026-42783,
CVE-2026-42784, and CVE-not-assigned-yet), see "Notable fixes" in the release
notes: https://gitlab.com/sequoia-pgp/sequoia/-/raw/openpgp/v2.3.0/openpgp/NEWS
This update includes rebuilds of all affected applications to pick up the fixes
for these issues.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 1.10.2-2
- Rebuild for sequoia-openpgp v2.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2469048 - rust-sequoia-openpgp-2.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2469048
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-38d57d2e7a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: curl-8.15.0-7.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d0bcb866d0
2026-05-27 01:26:15.594735+00:00
--------------------------------------------------------------------------------
Name : curl
Product : Fedora 43
Version : 8.15.0
Release : 7.fc43
URL : https://curl.se/
Summary : A utility for getting files from remote servers (FTP, HTTP, and others)
Description :
curl is a command line tool for transferring data with URL syntax, supporting
FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP
uploading, HTTP form based upload, proxies, cookies, user+password
authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer
resume, proxy tunneling and a busload of other useful tricks.
--------------------------------------------------------------------------------
Update Information:
fix Out of bounds read for cookie path (CVE-2025-9086)
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Jan Macku [jamacku@redhat.com] - 8.15.0-7
- fix Out of bounds read for cookie path (CVE-2025-9086)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2458839 - CVE-2025-9086 curl: Out of bounds read for cookie path [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2458839
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d0bcb866d0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: uriparser-1.0.2-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-aa5877c5ba
2026-05-27 01:26:15.594741+00:00
--------------------------------------------------------------------------------
Name : uriparser
Product : Fedora 43
Version : 1.0.2
Release : 1.fc43
URL : https://uriparser.github.io/
Summary : URI parsing library - RFC 3986
Description :
Uriparser is a strictly RFC 3986 compliant URI parsing library written
in C. uriparser is cross-platform, fast, supports Unicode and is
licensed under the New BSD license.
--------------------------------------------------------------------------------
Update Information:
Update to uriparser-1.0.2.
Update to uriparser-1.0.1.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Sandro Mani [manisandro@gmail.com] - 1.0.2-1
- Update to 1.0.2
* Thu Apr 30 2026 Sandro Mani [manisandro@gmail.com] - 1.0.1-1
- Update to 1.0.1
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2463210 - CVE-2026-42371 uriparser: uriparser: Denial of Service via numeric truncation with oversized URIs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2463210
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-aa5877c5ba' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: editorconfig-0.12.11-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5f8f8d3024
2026-05-27 01:26:15.594739+00:00
--------------------------------------------------------------------------------
Name : editorconfig
Product : Fedora 43
Version : 0.12.11
Release : 1.fc43
URL : https://github.com/editorconfig/editorconfig-core-c
Summary : Parser for EditorConfig files written in C
Description :
EditorConfig makes it easy to maintain the correct coding style when
switching between different text editors and between different projects.
The EditorConfig project maintains a file format and plugins for various
text editors which allow this file format to be read and used by those
editors.
--------------------------------------------------------------------------------
Update Information:
Update to 0.12.11: security fix for CVE-2026-40489.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.12.11-1
- Update to 0.12.11 (close RHBZ#2458650)
- Fixes CVE-2026-40489
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2458650 - editorconfig-0.12.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2458650
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5f8f8d3024' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: perl-Crypt-DSA-1.20-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ffe3625a50
2026-05-27 01:11:26.838895+00:00
--------------------------------------------------------------------------------
Name : perl-Crypt-DSA
Product : Fedora 42
Version : 1.20
Release : 1.fc42
URL : https://metacpan.org/release/Crypt-DSA
Summary : Perl module for DSA signatures and key generation
Description :
Crypt::DSA is an implementation of the DSA (Digital Signature Algorithm)
signature verification system. This package provides DSA signing, signature
verification, and key generation.
DSA (Digital Signature Algorithm) signatures are no longer considered to be
adequate for security. This module should only be used for verifying old
signatures and should not be used for new signatures. That being said, some
technologies still require DSA signatures even now. Consider using other
solutions or explicitly not using DSA signatures. Crypt-DSA-GMP is a possible
replacement.
--------------------------------------------------------------------------------
Update Information:
This update fixes a couple of security issues:
Replace two arg open (CVE-2026-8704)
Replace rand() with a cryptographically-secure source of random data for seed
generation (CVE-2026-8700)
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 18 2026 Paul Howarth - 1.20-1
- Update to 1.20
- This module is now marked as deprecated: Crypt-DSA-GMP is a possible
replacement
- Improve the call to IPC::Open3::open3
- Replace two arg open (CVE-2026-8704)
- Replace rand() (CVE-2026-8700)
- Add a security policy
- Add use warnings
- Typo fix (CPAN RT#86424)
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.19-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.19-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2479633 - CVE-2026-8700 perl-Crypt-DSA: perl-Crypt-DSA: Weakening of cryptographic security via predictable seed generation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2479633
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ffe3625a50' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: haproxy-3.0.23-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d790d66a08
2026-05-27 01:11:26.838882+00:00
--------------------------------------------------------------------------------
Name : haproxy
Product : Fedora 42
Version : 3.0.23
Release : 2.fc42
URL : https://www.haproxy.org/
Summary : Reliable, high-performance TCP/HTTP load-balancing reverse proxy
Description :
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
availability environments. Indeed, it can:
- route HTTP requests depending on statically assigned cookies
- spread load among several servers while assuring server persistence
through the use of HTTP cookies
- switch to backup servers in the event a main one fails
- accept connections to special ports dedicated to service monitoring
- stop accepting connections without breaking existing ones
- add, modify, and delete HTTP headers in both directions
- block requests matching particular patterns
- report detailed status to authenticated users from a URI intercepted
from the application
--------------------------------------------------------------------------------
Update Information:
Upgrade to 3.0.23 (see https://www.haproxy.org/download/3.0/src/CHANGELOG for
full upstream changelog)
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 18 2026 Robert Scheck [robert@fedoraproject.org] - 3.0.23-2
- Revert to permissions 0755 for root:root on /var/lib/haproxy
* Sat May 16 2026 Robert Scheck [robert@fedoraproject.org] - 3.0.23-1
- Upgrade to 3.0.23
- Spec file cleanup and modernization (thanks to Xose Vazquez Perez)
* Thu Apr 16 2026 Tom Callaway [spot@fedoraproject.org] - 3.0.19-1
- update to 3.0.19
* Tue Mar 3 2026 Tom Callaway [spot@fedoraproject.org] - 3.0.17-1
- update to 3.0.17, lua 5.5
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 3.0.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 3.0.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sat Feb 1 2025 Bj??rn Esser [besser82@fedoraproject.org] - 3.0.5-3
- Add explicit BR: libxcrypt-devel
* Fri Jan 17 2025 Fedora Release Engineering [releng@fedoraproject.org] - 3.0.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2413003 - CVE-2025-11230 haproxy: denial of service vulnerability in HAProxy mjson library
https://bugzilla.redhat.com/show_bug.cgi?id=2413003
[ 2 ] Bug #2457920 - CVE-2026-33555 haproxy: HAProxy: Request smuggling via HTTP/3 parser desynchronization
https://bugzilla.redhat.com/show_bug.cgi?id=2457920
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d790d66a08' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: rust-sequoia-octopus-librnp-1.11.1-6.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8df732be8a
2026-05-27 01:11:26.838873+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-octopus-librnp
Product : Fedora 42
Version : 1.11.1
Release : 6.fc42
URL : https://crates.io/crates/sequoia-octopus-librnp
Summary : Reimplementation of RNP's interface using Sequoia for use with Thunderbird
Description :
Reimplementation of RNP's interface using Sequoia for use with
Thunderbird.
--------------------------------------------------------------------------------
Update Information:
Update sequoia-openpgp to version 2.3.0.
This includes three security relevant fixes (assigned CVE-2026-42783,
CVE-2026-42784, and CVE-not-assigned-yet), see "Notable fixes" in the release
notes: https://gitlab.com/sequoia-pgp/sequoia/-/raw/openpgp/v2.3.0/openpgp/NEWS
This update includes rebuilds of all affected applications to pick up the fixes
for these issues.
Update to version 1.10.2. Addresses CVE-2026-2625.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 1.11.1-6
- Rebuild for sequoia-openpgp v2.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2461620 - rust-rpm-sequoia-1.10.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2461620
[ 2 ] Bug #2469048 - rust-sequoia-openpgp-2.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2469048
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8df732be8a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: rust-sequoia-sq-1.3.1-11.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8df732be8a
2026-05-27 01:11:26.838873+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-sq
Product : Fedora 42
Version : 1.3.1
Release : 11.fc42
URL : https://crates.io/crates/sequoia-sq
Summary : Command-line frontends for Sequoia
Description :
Command-line frontends for Sequoia.
--------------------------------------------------------------------------------
Update Information:
Update sequoia-openpgp to version 2.3.0.
This includes three security relevant fixes (assigned CVE-2026-42783,
CVE-2026-42784, and CVE-not-assigned-yet), see "Notable fixes" in the release
notes: https://gitlab.com/sequoia-pgp/sequoia/-/raw/openpgp/v2.3.0/openpgp/NEWS
This update includes rebuilds of all affected applications to pick up the fixes
for these issues.
Update to version 1.10.2. Addresses CVE-2026-2625.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 1.3.1-11
- Rebuild for sequoia-openpgp v2.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2461620 - rust-rpm-sequoia-1.10.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2461620
[ 2 ] Bug #2469048 - rust-sequoia-openpgp-2.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2469048
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8df732be8a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: rust-sequoia-keystore-server-0.2.0-7.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8df732be8a
2026-05-27 01:11:26.838873+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-keystore-server
Product : Fedora 42
Version : 0.2.0
Release : 7.fc42
URL : https://crates.io/crates/sequoia-keystore-server
Summary : Sequoia keystore daemon
Description :
Sequoia keystore daemon.
--------------------------------------------------------------------------------
Update Information:
Update sequoia-openpgp to version 2.3.0.
This includes three security relevant fixes (assigned CVE-2026-42783,
CVE-2026-42784, and CVE-not-assigned-yet), see "Notable fixes" in the release
notes: https://gitlab.com/sequoia-pgp/sequoia/-/raw/openpgp/v2.3.0/openpgp/NEWS
This update includes rebuilds of all affected applications to pick up the fixes
for these issues.
Update to version 1.10.2. Addresses CVE-2026-2625.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 0.2.0-7
- Rebuild for sequoia-openpgp v2.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2461620 - rust-rpm-sequoia-1.10.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2461620
[ 2 ] Bug #2469048 - rust-sequoia-openpgp-2.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2469048
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8df732be8a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: rust-sequoia-git-0.6.0-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8df732be8a
2026-05-27 01:11:26.838873+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-git
Product : Fedora 42
Version : 0.6.0
Release : 2.fc42
URL : https://crates.io/crates/sequoia-git
Summary : Tool for managing and enforcing a commit signing policy
Description :
A tool for managing and enforcing a commit signing policy.
--------------------------------------------------------------------------------
Update Information:
Update sequoia-openpgp to version 2.3.0.
This includes three security relevant fixes (assigned CVE-2026-42783,
CVE-2026-42784, and CVE-not-assigned-yet), see "Notable fixes" in the release
notes: https://gitlab.com/sequoia-pgp/sequoia/-/raw/openpgp/v2.3.0/openpgp/NEWS
This update includes rebuilds of all affected applications to pick up the fixes
for these issues.
Update to version 1.10.2. Addresses CVE-2026-2625.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 0.6.0-2
- Rebuild for sequoia-openpgp v2.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2461620 - rust-rpm-sequoia-1.10.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2461620
[ 2 ] Bug #2469048 - rust-sequoia-openpgp-2.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2469048
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8df732be8a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: rust-rpm-sequoia-1.10.2-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8df732be8a
2026-05-27 01:11:26.838873+00:00
--------------------------------------------------------------------------------
Name : rust-rpm-sequoia
Product : Fedora 42
Version : 1.10.2
Release : 2.fc42
URL : https://crates.io/crates/rpm-sequoia
Summary : Implementation of the RPM PGP interface using Sequoia
Description :
An implementation of the RPM PGP interface using Sequoia.
--------------------------------------------------------------------------------
Update Information:
Update sequoia-openpgp to version 2.3.0.
This includes three security relevant fixes (assigned CVE-2026-42783,
CVE-2026-42784, and CVE-not-assigned-yet), see "Notable fixes" in the release
notes: https://gitlab.com/sequoia-pgp/sequoia/-/raw/openpgp/v2.3.0/openpgp/NEWS
This update includes rebuilds of all affected applications to pick up the fixes
for these issues.
Update to version 1.10.2. Addresses CVE-2026-2625.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 1.10.2-2
- Rebuild for sequoia-openpgp v2.3.0
* Sat Apr 25 2026 Fabio Valentini [decathorpe@gmail.com] - 1.10.2-1
- Update to version 1.10.2; Fixes RHBZ#2461620
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2461620 - rust-rpm-sequoia-1.10.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2461620
[ 2 ] Bug #2469048 - rust-sequoia-openpgp-2.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2469048
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8df732be8a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: rust-sequoia-sqv-1.3.0-6.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8df732be8a
2026-05-27 01:11:26.838873+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-sqv
Product : Fedora 42
Version : 1.3.0
Release : 6.fc42
URL : https://crates.io/crates/sequoia-sqv
Summary : Simple OpenPGP signature verification program
Description :
A simple OpenPGP signature verification program.
--------------------------------------------------------------------------------
Update Information:
Update sequoia-openpgp to version 2.3.0.
This includes three security relevant fixes (assigned CVE-2026-42783,
CVE-2026-42784, and CVE-not-assigned-yet), see "Notable fixes" in the release
notes: https://gitlab.com/sequoia-pgp/sequoia/-/raw/openpgp/v2.3.0/openpgp/NEWS
This update includes rebuilds of all affected applications to pick up the fixes
for these issues.
Update to version 1.10.2. Addresses CVE-2026-2625.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 1.3.0-6
- Rebuild for sequoia-openpgp v2.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2461620 - rust-rpm-sequoia-1.10.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2461620
[ 2 ] Bug #2469048 - rust-sequoia-openpgp-2.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2469048
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8df732be8a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: rust-sequoia-openpgp-2.3.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8df732be8a
2026-05-27 01:11:26.838873+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-openpgp
Product : Fedora 42
Version : 2.3.0
Release : 1.fc42
URL : https://crates.io/crates/sequoia-openpgp
Summary : OpenPGP data types and associated machinery
Description :
OpenPGP data types and associated machinery.
--------------------------------------------------------------------------------
Update Information:
Update sequoia-openpgp to version 2.3.0.
This includes three security relevant fixes (assigned CVE-2026-42783,
CVE-2026-42784, and CVE-not-assigned-yet), see "Notable fixes" in the release
notes: https://gitlab.com/sequoia-pgp/sequoia/-/raw/openpgp/v2.3.0/openpgp/NEWS
This update includes rebuilds of all affected applications to pick up the fixes
for these issues.
Update to version 1.10.2. Addresses CVE-2026-2625.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 2.3.0-1
- Update to version 2.3.0; Fixes RHBZ#2469048
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2461620 - rust-rpm-sequoia-1.10.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2461620
[ 2 ] Bug #2469048 - rust-sequoia-openpgp-2.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2469048
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8df732be8a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: rust-sequoia-sop-0.37.3-3.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8df732be8a
2026-05-27 01:11:26.838873+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-sop
Product : Fedora 42
Version : 0.37.3
Release : 3.fc42
URL : https://crates.io/crates/sequoia-sop
Summary : Implementation of the Stateless OpenPGP Interface using Sequoia
Description :
An implementation of the Stateless OpenPGP Interface using Sequoia.
--------------------------------------------------------------------------------
Update Information:
Update sequoia-openpgp to version 2.3.0.
This includes three security relevant fixes (assigned CVE-2026-42783,
CVE-2026-42784, and CVE-not-assigned-yet), see "Notable fixes" in the release
notes: https://gitlab.com/sequoia-pgp/sequoia/-/raw/openpgp/v2.3.0/openpgp/NEWS
This update includes rebuilds of all affected applications to pick up the fixes
for these issues.
Update to version 1.10.2. Addresses CVE-2026-2625.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 0.37.3-3
- Rebuild for sequoia-openpgp v2.3.0
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.37.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2461620 - rust-rpm-sequoia-1.10.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2461620
[ 2 ] Bug #2469048 - rust-sequoia-openpgp-2.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2469048
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8df732be8a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: rust-sequoia-chameleon-gnupg-0.13.1-12.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8df732be8a
2026-05-27 01:11:26.838873+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-chameleon-gnupg
Product : Fedora 42
Version : 0.13.1
Release : 12.fc42
URL : https://crates.io/crates/sequoia-chameleon-gnupg
Summary : Sequoia's reimplementation of the GnuPG interface
Description :
Sequoia's reimplementation of the GnuPG interface.
--------------------------------------------------------------------------------
Update Information:
Update sequoia-openpgp to version 2.3.0.
This includes three security relevant fixes (assigned CVE-2026-42783,
CVE-2026-42784, and CVE-not-assigned-yet), see "Notable fixes" in the release
notes: https://gitlab.com/sequoia-pgp/sequoia/-/raw/openpgp/v2.3.0/openpgp/NEWS
This update includes rebuilds of all affected applications to pick up the fixes
for these issues.
Update to version 1.10.2. Addresses CVE-2026-2625.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 0.13.1-12
- Rebuild for sequoia-openpgp v2.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2461620 - rust-rpm-sequoia-1.10.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2461620
[ 2 ] Bug #2469048 - rust-sequoia-openpgp-2.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2469048
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8df732be8a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: editorconfig-0.12.11-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0d79204363
2026-05-27 01:11:26.838864+00:00
--------------------------------------------------------------------------------
Name : editorconfig
Product : Fedora 42
Version : 0.12.11
Release : 1.fc42
URL : https://github.com/editorconfig/editorconfig-core-c
Summary : Parser for EditorConfig files written in C
Description :
EditorConfig makes it easy to maintain the correct coding style when
switching between different text editors and between different projects.
The EditorConfig project maintains a file format and plugins for various
text editors which allow this file format to be read and used by those
editors.
--------------------------------------------------------------------------------
Update Information:
Update to 0.12.11: security fix for CVE-2026-40489.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.12.11-1
- Update to 0.12.11 (close RHBZ#2458650)
- Fixes CVE-2026-40489
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2458650 - editorconfig-0.12.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2458650
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0d79204363' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: poppler-25.02.0-6.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2bdb132e40
2026-05-27 01:11:26.838869+00:00
--------------------------------------------------------------------------------
Name : poppler
Product : Fedora 42
Version : 25.02.0
Release : 6.fc42
URL : https://poppler.freedesktop.org/
Summary : PDF rendering library
Description :
poppler is a PDF rendering library.
--------------------------------------------------------------------------------
Update Information:
This update fixes CVE-2025-52885 and CVE-2025-43718
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Marek Kasik [mkasik@redhat.com] - 25.02.0-6
- Fix CVE-2025-43718 and CVE-2025-52885
- Resolves: #2401098, #2403486
* Sun Feb 1 2026 Elliott Sales de Andrade [quantum.analyst@gmail.com] - 25.02.0-5
- Add gobject-introspection Requires back to glib subpackage
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2401098 - CVE-2025-43718 poppler: Poppler stack overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2401098
[ 2 ] Bug #2403486 - CVE-2025-52885 poppler: Use-After-Free in StructTreeRoot class [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2403486
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2bdb132e40' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: perl-HTTP-Tiny-0.094-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-703a749924
2026-05-27 00:52:09.102320+00:00
--------------------------------------------------------------------------------
Name : perl-HTTP-Tiny
Product : Fedora 44
Version : 0.094
Release : 1.fc44
URL : https://metacpan.org/release/HTTP-Tiny
Summary : Small, simple, correct HTTP/1.1 client
Description :
This is a very simple HTTP/1.1 client, designed for doing simple GET requests
without the overhead of a large framework like LWP::UserAgent.
It is more correct and more complete than HTTP::Lite. It supports proxies
(currently only non-authenticating ones) and redirection. It also correctly
resumes after EINTR.
--------------------------------------------------------------------------------
Update Information:
0.094 - fix to prevent invalid characters in all headers, and prevent header
smuggling (CVE-2026-7010)
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 20 2026 Jitka Plesnikova [jplesnik@redhat.com] - 0.094-1
- 0.094 bump (rhbz#2478249)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2478249 - perl-HTTP-Tiny-0.094 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2478249
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-703a749924' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: perl-Crypt-DSA-1.20-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-cdcb20089b
2026-05-27 00:52:09.102274+00:00
--------------------------------------------------------------------------------
Name : perl-Crypt-DSA
Product : Fedora 44
Version : 1.20
Release : 1.fc44
URL : https://metacpan.org/release/Crypt-DSA
Summary : Perl module for DSA signatures and key generation
Description :
Crypt::DSA is an implementation of the DSA (Digital Signature Algorithm)
signature verification system. This package provides DSA signing, signature
verification, and key generation.
DSA (Digital Signature Algorithm) signatures are no longer considered to be
adequate for security. This module should only be used for verifying old
signatures and should not be used for new signatures. That being said, some
technologies still require DSA signatures even now. Consider using other
solutions or explicitly not using DSA signatures. Crypt-DSA-GMP is a possible
replacement.
--------------------------------------------------------------------------------
Update Information:
This update fixes a couple of security issues:
Replace two arg open (CVE-2026-8704)
Replace rand() with a cryptographically-secure source of random data for seed
generation (CVE-2026-8700)
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 18 2026 Paul Howarth - 1.20-1
- Update to 1.20
- This module is now marked as deprecated: Crypt-DSA-GMP is a possible
replacement
- Improve the call to IPC::Open3::open3
- Replace two arg open (CVE-2026-8704)
- Replace rand() (CVE-2026-8700)
- Add a security policy
- Add use warnings
- Typo fix (CPAN RT#86424)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2479633 - CVE-2026-8700 perl-Crypt-DSA: perl-Crypt-DSA: Weakening of cryptographic security via predictable seed generation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2479633
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-cdcb20089b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: haproxy-3.0.23-2.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-53196fc291
2026-05-27 00:52:09.102242+00:00
--------------------------------------------------------------------------------
Name : haproxy
Product : Fedora 44
Version : 3.0.23
Release : 2.fc44
URL : https://www.haproxy.org/
Summary : Reliable, high-performance TCP/HTTP load-balancing reverse proxy
Description :
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
availability environments. Indeed, it can:
- route HTTP requests depending on statically assigned cookies
- spread load among several servers while assuring server persistence
through the use of HTTP cookies
- switch to backup servers in the event a main one fails
- accept connections to special ports dedicated to service monitoring
- stop accepting connections without breaking existing ones
- add, modify, and delete HTTP headers in both directions
- block requests matching particular patterns
- report detailed status to authenticated users from a URI intercepted
from the application
--------------------------------------------------------------------------------
Update Information:
Upgrade to 3.0.23 (see https://www.haproxy.org/download/3.0/src/CHANGELOG for
full upstream changelog)
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 18 2026 Robert Scheck [robert@fedoraproject.org] - 3.0.23-2
- Revert to permissions 0755 for root:root on /var/lib/haproxy
* Sat May 16 2026 Robert Scheck [robert@fedoraproject.org] - 3.0.23-1
- Upgrade to 3.0.23
- Spec file cleanup and modernization (thanks to Xose Vazquez Perez)
* Thu Apr 16 2026 Tom Callaway [spot@fedoraproject.org] - 3.0.19-1
- update to 3.0.19
* Tue Mar 3 2026 Tom Callaway [spot@fedoraproject.org] - 3.0.17-1
- update to 3.0.17, lua 5.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2413003 - CVE-2025-11230 haproxy: denial of service vulnerability in HAProxy mjson library
https://bugzilla.redhat.com/show_bug.cgi?id=2413003
[ 2 ] Bug #2457920 - CVE-2026-33555 haproxy: HAProxy: Request smuggling via HTTP/3 parser desynchronization
https://bugzilla.redhat.com/show_bug.cgi?id=2457920
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-53196fc291' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: rust-eif_build-0.2.1-7.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-32c3ca78ef
2026-05-27 00:52:09.102239+00:00
--------------------------------------------------------------------------------
Name : rust-eif_build
Product : Fedora 44
Version : 0.2.1
Release : 7.fc44
URL : https://crates.io/crates/eif_build
Summary : CLI tool to create EIF files for AWS Nitro Enclaves
Description :
This CLI tool provides a low level path to assemble an enclave image
format (EIF) file used in AWS Nitro Enclaves.
--------------------------------------------------------------------------------
Update Information:
Rebuild with version 0.10.79 of the openssl crate which includes fixes for the
following security issues:
CVE-2026-41676 / GHSA-pqf5-4pqq-29f5
CVE-2026-41677 / GHSA-xmgf-hq76-4vx2
CVE-2026-41678 / GHSA-8c75-8mhr-p7r9
CVE-2026-41681 / GHSA-ghm9-cr32-g9qj
CVE-2026-41898 / GHSA-hppc-g8h3-xhp3
CVE-2026-42327 / GHSA-xp3w-r5p5-63rr
CVE-2026-44662 / GHSA-xv59-967r-8726
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 0.2.1-7
- Rebuild for rust-openssl
CVE-2026-{41676,41677,41678,41681,41898,42327,44662}
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-32c3ca78ef' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: rust-coreos-installer-0.26.0-2.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-eeb94c0e5e
2026-05-27 00:52:09.102236+00:00
--------------------------------------------------------------------------------
Name : rust-coreos-installer
Product : Fedora 44
Version : 0.26.0
Release : 2.fc44
URL : https://crates.io/crates/coreos-installer
Summary : Installer for Fedora CoreOS and RHEL CoreOS
Description :
coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal
machines (or, occasionally, to virtual machines).
--------------------------------------------------------------------------------
Update Information:
Rebuild with version 0.10.79 of the openssl crate which includes fixes for the
following security issues:
CVE-2026-41676 / GHSA-pqf5-4pqq-29f5
CVE-2026-41677 / GHSA-xmgf-hq76-4vx2
CVE-2026-41678 / GHSA-8c75-8mhr-p7r9
CVE-2026-41681 / GHSA-ghm9-cr32-g9qj
CVE-2026-41898 / GHSA-hppc-g8h3-xhp3
CVE-2026-42327 / GHSA-xp3w-r5p5-63rr
CVE-2026-44662 / GHSA-xv59-967r-8726
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 0.26.0-2
- Rebuild for rust-openssl CVE-2026-{41676,41677,41678,41681,41898,42327,44662}
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-eeb94c0e5e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: rust-afterburn-5.10.0-7.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8dcbc497bb
2026-05-27 00:52:09.102234+00:00
--------------------------------------------------------------------------------
Name : rust-afterburn
Product : Fedora 44
Version : 5.10.0
Release : 7.fc44
URL : https://crates.io/crates/afterburn
Summary : Simple cloud provider agent
Description :
A simple cloud provider agent.
--------------------------------------------------------------------------------
Update Information:
Rebuild with version 0.10.79 of the openssl crate which includes fixes for the
following security issues:
CVE-2026-41676 / GHSA-pqf5-4pqq-29f5
CVE-2026-41677 / GHSA-xmgf-hq76-4vx2
CVE-2026-41678 / GHSA-8c75-8mhr-p7r9
CVE-2026-41681 / GHSA-ghm9-cr32-g9qj
CVE-2026-41898 / GHSA-hppc-g8h3-xhp3
CVE-2026-42327 / GHSA-xp3w-r5p5-63rr
CVE-2026-44662 / GHSA-xv59-967r-8726
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Fabio Valentini [decathorpe@gmail.com] - 5.10.0-7
- Rebuild for rust-openssl CVE-2026-{41676,41677,41678,41681,41898,42327,44662}
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8dcbc497bb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: editorconfig-0.12.11-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-4fb6f57673
2026-05-27 00:52:09.102220+00:00
--------------------------------------------------------------------------------
Name : editorconfig
Product : Fedora 44
Version : 0.12.11
Release : 1.fc44
URL : https://github.com/editorconfig/editorconfig-core-c
Summary : Parser for EditorConfig files written in C
Description :
EditorConfig makes it easy to maintain the correct coding style when
switching between different text editors and between different projects.
The EditorConfig project maintains a file format and plugins for various
text editors which allow this file format to be read and used by those
editors.
--------------------------------------------------------------------------------
Update Information:
Update to 0.12.11: security fix for CVE-2026-40489.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.12.11-1
- Update to 0.12.11 (close RHBZ#2458650)
- Fixes CVE-2026-40489
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2458650 - editorconfig-0.12.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2458650
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-4fb6f57673' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
