Fedora 43 Update: firefox-152.0.6-1.fc43
Fedora 43 Update: rust-cargo-rpmstatus-0.2.5-2.fc43
Fedora 43 Update: rust-opendal-0.55.0-2.fc43
Fedora 43 Update: perl-DBI-1.650-1.fc43
Fedora 43 Update: ansible-collection-ansible-posix-2.2.1-1.fc43
Fedora 43 Update: mingw-glib2-2.86.5-2.fc43
Fedora 44 Update: freerdp-3.29.0-1.fc44
Fedora 44 Update: ImageMagick-7.1.2.27-1.fc44
Fedora 44 Update: perl-HTTP-Date-6.08-1.fc44
Fedora 44 Update: rust-cargo-rpmstatus-0.2.5-2.fc44
Fedora 44 Update: rust-opendal-0.55.0-2.fc44
Fedora 44 Update: mingw-glib2-2.88.2-2.fc44
Fedora 44 Update: ansible-collection-ansible-posix-2.2.1-1.fc44
[SECURITY] Fedora 43 Update: firefox-152.0.6-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-365cce949c
2026-07-17 01:08:58.262282+00:00
--------------------------------------------------------------------------------
Name : firefox
Product : Fedora 43
Version : 152.0.6
Release : 1.fc43
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
--------------------------------------------------------------------------------
Update Information:
New upstream release (152.0.6)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 14 2026 Martin Stransky [stransky@redhat.com] - 152.0.6-1
- Updated to latest upstream (152.0.6)
* Fri Jul 10 2026 Martin Stransky [stransky@redhat.com] - 152.0.4-3
- Added rhbz#2458184 - Drop -fcf-protection flag
* Tue Jul 7 2026 Martin Stransky [stransky@redhat.com] - 152.0.4-2
- Remove Fedora 40/41 tweaks.
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-365cce949c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-cargo-rpmstatus-0.2.5-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6d5a7be3b9
2026-07-17 01:08:58.262257+00:00
--------------------------------------------------------------------------------
Name : rust-cargo-rpmstatus
Product : Fedora 43
Version : 0.2.5
Release : 2.fc43
URL : https://crates.io/crates/cargo-rpmstatus
Summary : Cargo-tree for RPM packaging
Description :
Cargo-tree for RPM packaging.
--------------------------------------------------------------------------------
Update Information:
Update to 0.2.5 (with dependency updates only), and further update some
dependencies. Particularly, quick-xml 0.41 fixes RUSTSEC-2026-0194 and
RUSTSEC-2026-0195.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 8 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.2.5-2
- Update some dependencies
- quick-xml 0.41 fixes RUSTSEC-2026-0194, RUSTSEC-2026-0195
* Wed Jul 8 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.2.5-1
- Update to version 0.2.5; Fixes RHBZ#2423511
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6d5a7be3b9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-opendal-0.55.0-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5e3ab17662
2026-07-17 01:08:58.262249+00:00
--------------------------------------------------------------------------------
Name : rust-opendal
Product : Fedora 43
Version : 0.55.0
Release : 2.fc43
URL : https://crates.io/crates/opendal
Summary : Apache OpenDAL: One Layer, All Storage
Description :
OpenDAL is an Open Data Access Layer that enables seamless
interaction with diverse storage services.
--------------------------------------------------------------------------------
Update Information:
Update quick-xml to 0.41 (RUSTSEC-2026-0194, RUSTSEC-2026-0195)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 8 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.55.0-2
- Update quick-xml to 0.41 (RUSTSEC-2026-0194, RUSTSEC-2026-0195)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5e3ab17662' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: perl-DBI-1.650-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-71d7e4d1da
2026-07-17 01:08:58.262233+00:00
--------------------------------------------------------------------------------
Name : perl-DBI
Product : Fedora 43
Version : 1.650
Release : 1.fc43
URL : http://dbi.perl.org/
Summary : A database access API for perl
Description :
DBI is a database access Application Programming Interface (API) for
the Perl Language. The DBI API Specification defines a set of
functions, variables and conventions that provide a consistent
database interface independent of the actual database being used.
--------------------------------------------------------------------------------
Update Information:
1.650 bump - Fix CVE-2026-14739, CVE-2026-14740 and CVE-2026-14380
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 8 2026 Jitka Plesnikova [jplesnik@redhat.com] - 1.650-1
- 1.650 bump (rhbz#2497765) - Fix CVE-2026-14739, CVE-2026-14740 and CVE-2026-14380
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2497765 - perl-DBI-1.650 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2497765
[ 2 ] Bug #2498112 - CVE-2026-14739 perl-DBI: DBI: Heap overflow when preparsing SQL statements with excessive placeholders [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2498112
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-71d7e4d1da' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: ansible-collection-ansible-posix-2.2.1-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-50e5126be4
2026-07-17 01:08:58.262226+00:00
--------------------------------------------------------------------------------
Name : ansible-collection-ansible-posix
Product : Fedora 43
Version : 2.2.1
Release : 1.fc43
URL : https://galaxy.ansible.com/ui/repo/published/ansible/posix
Summary : Ansible Collection targeting POSIX and POSIX-ish platforms
Description :
Ansible Collection targeting POSIX and POSIX-ish platforms.
--------------------------------------------------------------------------------
Update Information:
Update to 2.2.1. Fixes rhbz#2479556.
Mitigates CVE-2026-11837 (rhbz#2487430, rhbz#2487431, rhbz#2487432)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 8 2026 Maxwell G [maxwell@gtmx.me] - 2.2.1-1
- Update to 2.2.1. Fixes rhbz#2479556.
- Mitigates CVE-2026-11837 (rhbz#2487430, rhbz#2487431, rhbz#2487432)
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.1.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.1.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2479556 - ansible-collection-ansible-posix-2.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479556
[ 2 ] Bug #2487430 - CVE-2026-11837 ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2487430
[ 3 ] Bug #2487431 - CVE-2026-11837 ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown [fedora-44]
https://bugzilla.redhat.com/show_bug.cgi?id=2487431
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-50e5126be4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: mingw-glib2-2.86.5-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8e39f35701
2026-07-17 01:08:58.262236+00:00
--------------------------------------------------------------------------------
Name : mingw-glib2
Product : Fedora 43
Version : 2.86.5
Release : 2.fc43
URL : http://www.gtk.org
Summary : MinGW Windows GLib2 library
Description :
MinGW Windows Glib2 library.
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2026-58016.
Update to glib-2.86.5.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 8 2026 Sandro Mani [manisandro@gmail.com] - 2.86.5-2
- Backport fix for CVE-2026-58016
* Thu Jul 2 2026 Sandro Mani [manisandro@gmail.com] - 2.86.5-1
- Update to 2.86.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2494867 - CVE-2026-58010 mingw-glib2: buffer over-read in glib/gvariant-serialiser.c via gvs_tuple_is_normal() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2494867
[ 2 ] Bug #2494871 - CVE-2026-58011 mingw-glib2: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid GDateTime [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2494871
[ 3 ] Bug #2494874 - CVE-2026-58012 mingw-glib2: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2494874
[ 4 ] Bug #2494886 - CVE-2026-58016 mingw-glib2: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml" [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2494886
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8e39f35701' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: freerdp-3.29.0-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a9bfa4361b
2026-07-17 00:51:59.635506+00:00
--------------------------------------------------------------------------------
Name : freerdp
Product : Fedora 44
Version : 3.29.0
Release : 1.fc44
URL : http://www.freerdp.com/
Summary : Free implementation of the Remote Desktop Protocol (RDP)
Description :
The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP
project.
xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows
machines, xrdp and VirtualBox.
--------------------------------------------------------------------------------
Update Information:
Update to 3.29.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 15 2026 Ondrej Holy [oholy@redhat.com] - 2:3.29.0-1
- Update to 3.29.0
Resolves: rhbz#2499994
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2499994 - freerdp-3.29.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2499994
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a9bfa4361b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: ImageMagick-7.1.2.27-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b45924b5e5
2026-07-17 00:51:59.635495+00:00
--------------------------------------------------------------------------------
Name : ImageMagick
Product : Fedora 44
Version : 7.1.2.27
Release : 1.fc44
URL : https://imagemagick.org/
Summary : An X application for displaying and manipulating images
Description :
ImageMagick is an image display and manipulation tool for the X
Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,
and Photo CD image formats. It can resize, rotate, sharpen, color
reduce, or add special effects to an image, and when finished you can
either save the completed work in the original format or a different
one. ImageMagick also includes command line programs for creating
animated or transparent .gifs, creating composite images, creating
thumbnail images, and more.
ImageMagick is one of your choices if you need a program to manipulate
and display images. If you want to develop your own applications
which use ImageMagick code or APIs, you need to install
ImageMagick-devel as well.
--------------------------------------------------------------------------------
Update Information:
Update to 7.1.2.27
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 13 2026 Luya Tshimbalanga [luya@fedoraproject.org] - 1:7.1.2.27-1
- Update to version 7.1.2.27
- Resolves: rhbz#2441780
* Sat Jul 11 2026 Luya Tshimbalanga [luya@fedoraproject.org] - 1:7.1.2.23-2
- Update source URL address
* Thu Jun 4 2026 Packit [hello@packit.dev] - 1:7.1.2.23-1
- Update to version 7.1.2.23
- Resolves: rhbz#2441780
* Sat May 30 2026 Richard Shaw [hobbes1069@gmail.com] - 1:7.1.2.13-4
- Rebuild for OpenColorIO 2.5.2.
* Sun May 17 2026 Packit [hello@packit.dev] - 1:7.1.2.23-1
- Update to version 7.1.2.23
- Resolves: rhbz#2441780
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2379980 - CVE-2025-53101 ImageMagick: ImageMagick Stack Buffer Overflow [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2379980
[ 2 ] Bug #2379981 - CVE-2025-53015 ImageMagick: ImageMagick unbounded loop [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2379981
[ 3 ] Bug #2379982 - CVE-2025-53019 ImageMagick: ImageMagick Memory Leak [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2379982
[ 4 ] Bug #2388308 - CVE-2025-55160 ImageMagick: ImageMagick: Undefined Behavior [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2388308
[ 5 ] Bug #2388309 - CVE-2025-55005 ImageMagick: ImageMagick: heap-buffer overflow [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2388309
[ 6 ] Bug #2388311 - CVE-2025-55154 ImageMagick: ImageMagick: integer overflows in MNG magnification [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2388311
[ 7 ] Bug #2388312 - CVE-2025-55004 ImageMagick: ImageMagick: heap-buffer overflow [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2388312
[ 8 ] Bug #2391120 - CVE-2025-55298 ImageMagick: ImageMagick Format String Bug in InterpretImageFilename leads to arbitrary code execution [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2391120
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b45924b5e5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: perl-HTTP-Date-6.08-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8cec3cbf5b
2026-07-17 00:51:59.635497+00:00
--------------------------------------------------------------------------------
Name : perl-HTTP-Date
Product : Fedora 44
Version : 6.08
Release : 1.fc44
URL : https://metacpan.org/release/HTTP-Date
Summary : Date conversion routines
Description :
This module provides functions that deal the date formats used by the HTTP
protocol (and then some more). Only the first two functions, time2str() and
str2time(), are exported by default.
--------------------------------------------------------------------------------
Update Information:
Changes:
6.08 2026-07-09 02:04:21Z
- [SECURITY] Reject input longer than 64 characters in parse_date()
to prevent quadratic regex backtracking (a denial of service) on
hostile date strings. Fixes CVE-2026-14741. (Olaf Alders)
6.07 2026-06-25 15:12:09Z
- Add test with Time::Zone (GH#25) (Michal Josef ??pa??ek)
- Add test with bad Time::Zone string (GH#26) (Michal Josef ??pa??ek)
- Add tests with negative time (GH#26) (Michal Josef ??pa??ek)
- Replace all instances of \d with [0-9] in regular expressions to
reject non-ASCII Unicode digits, with a regression test (GH#27)
(Robert Rothenberg)
- Reject malformed ISO 8601 timezones with a doubled colon (GH#31)
(Olaf Alders)
- Document day/month/year ordering for numeric dates (GH#32) (Olaf
Alders)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 13 2026 Michal Josef ??pa??ek [mspacek@redhat.com] - 6.08-1
- 6.08 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2492991 - perl-HTTP-Date-6.08 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2492991
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8cec3cbf5b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 44 Update: rust-cargo-rpmstatus-0.2.5-2.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-08f5aab9ed
2026-07-17 00:51:59.635446+00:00
--------------------------------------------------------------------------------
Name : rust-cargo-rpmstatus
Product : Fedora 44
Version : 0.2.5
Release : 2.fc44
URL : https://crates.io/crates/cargo-rpmstatus
Summary : Cargo-tree for RPM packaging
Description :
Cargo-tree for RPM packaging.
--------------------------------------------------------------------------------
Update Information:
Update to 0.2.5 (with dependency updates only), and further update some
dependencies. Particularly, quick-xml 0.41 fixes RUSTSEC-2026-0194 and
RUSTSEC-2026-0195.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 8 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.2.5-2
- Update some dependencies
- quick-xml 0.41 fixes RUSTSEC-2026-0194, RUSTSEC-2026-0195
* Wed Jul 8 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.2.5-1
- Update to version 0.2.5; Fixes RHBZ#2423511
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-08f5aab9ed' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: rust-opendal-0.55.0-2.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e465328a8d
2026-07-17 00:51:59.635443+00:00
--------------------------------------------------------------------------------
Name : rust-opendal
Product : Fedora 44
Version : 0.55.0
Release : 2.fc44
URL : https://crates.io/crates/opendal
Summary : Apache OpenDAL: One Layer, All Storage
Description :
OpenDAL is an Open Data Access Layer that enables seamless
interaction with diverse storage services.
--------------------------------------------------------------------------------
Update Information:
Update quick-xml to 0.41 (RUSTSEC-2026-0194, RUSTSEC-2026-0195)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 8 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.55.0-2
- Update quick-xml to 0.41 (RUSTSEC-2026-0194, RUSTSEC-2026-0195)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e465328a8d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: mingw-glib2-2.88.2-2.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7bf2937528
2026-07-17 00:51:59.635430+00:00
--------------------------------------------------------------------------------
Name : mingw-glib2
Product : Fedora 44
Version : 2.88.2
Release : 2.fc44
URL : http://www.gtk.org
Summary : MinGW Windows GLib2 library
Description :
MinGW Windows Glib2 library.
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2026-58016.
Update to glib-2.88.2.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 8 2026 Sandro Mani [manisandro@gmail.com] - 2.88.2-2
- Backport fix for CVE-2026-58016
* Thu Jul 2 2026 Sandro Mani [manisandro@gmail.com] - 2.88.2-1
- Update to 2.88.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2494867 - CVE-2026-58010 mingw-glib2: buffer over-read in glib/gvariant-serialiser.c via gvs_tuple_is_normal() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2494867
[ 2 ] Bug #2494871 - CVE-2026-58011 mingw-glib2: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid GDateTime [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2494871
[ 3 ] Bug #2494874 - CVE-2026-58012 mingw-glib2: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2494874
[ 4 ] Bug #2494877 - CVE-2026-58013 mingw-glib2: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend" [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2494877
[ 5 ] Bug #2494881 - CVE-2026-58014 mingw-glib2: off-by-one error in glib/gkeyfile.c via "g_key_file_get_locale_string_list" [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2494881
[ 6 ] Bug #2494884 - CVE-2026-58015 mingw-glib2: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2494884
[ 7 ] Bug #2494886 - CVE-2026-58016 mingw-glib2: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml" [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2494886
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7bf2937528' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: ansible-collection-ansible-posix-2.2.1-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0f941ecaa6
2026-07-17 00:51:59.635391+00:00
--------------------------------------------------------------------------------
Name : ansible-collection-ansible-posix
Product : Fedora 44
Version : 2.2.1
Release : 1.fc44
URL : https://galaxy.ansible.com/ui/repo/published/ansible/posix
Summary : Ansible Collection targeting POSIX and POSIX-ish platforms
Description :
Ansible Collection targeting POSIX and POSIX-ish platforms.
--------------------------------------------------------------------------------
Update Information:
Update to 2.2.1. Fixes rhbz#2479556.
Mitigates CVE-2026-11837 (rhbz#2487430, rhbz#2487431, rhbz#2487432)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 8 2026 Maxwell G [maxwell@gtmx.me] - 2.2.1-1
- Update to 2.2.1. Fixes rhbz#2479556.
- Mitigates CVE-2026-11837 (rhbz#2487430, rhbz#2487431, rhbz#2487432)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2479556 - ansible-collection-ansible-posix-2.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479556
[ 2 ] Bug #2487430 - CVE-2026-11837 ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2487430
[ 3 ] Bug #2487431 - CVE-2026-11837 ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown [fedora-44]
https://bugzilla.redhat.com/show_bug.cgi?id=2487431
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0f941ecaa6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new