Fedora 43 Update: goose-1.36.0-1.fc43
Fedora 43 Update: strongswan-6.0.7-2.fc43
Fedora 43 Update: httpd-2.4.68-1.fc43
Fedora 44 Update: goose-1.36.0-1.fc44
Fedora 43 Update: rsync-3.4.4-1.fc43
Fedora 43 Update: librabbitmq-0.16.0-1.fc43
Fedora 44 Update: perl-Socket-2.041-1.fc44
Fedora 44 Update: perl-Compress-Raw-Bzip2-2.218-1.fc44
Fedora 44 Update: perl-IO-Compress-2.221-1.fc44
Fedora 44 Update: perl-DBI-1.648-1.fc44
Fedora 44 Update: python-django-allauth-65.18.0-1.fc44
[SECURITY] Fedora 43 Update: goose-1.36.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-08bb036c3e
2026-06-25 16:24:07.917328+00:00
--------------------------------------------------------------------------------
Name : goose
Product : Fedora 43
Version : 1.36.0
Release : 1.fc43
URL : https://github.com/block/goose
Summary : Extensible AI agent client
Description :
Goose is your on-machine AI agent, capable of automating complex development
tasks from start to finish. More than just code suggestions, goose can build
entire projects from scratch, write and execute code, debug failures,
orchestrate workflows, and interact with external APIs - autonomously.
Whether you're prototyping an idea, refining existing code, or managing
intricate engineering pipelines, goose adapts to your workflow and executes
tasks with precision.
Designed for maximum flexibility, goose works with any LLM and supports
multi-model configuration to optimize performance and cost, seamlessly
integrates with MCP servers, and is available as both a desktop app as well as
CLI - making it the ultimate AI assistant for developers who want to move
faster and focus on innovation.
--------------------------------------------------------------------------------
Update Information:
Update goose to 1.36.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Sam Doran [sdoran@redhat.com] - 1.36.0-1
- Update goose to 1.36.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477786 - CVE-2026-42559 goose: rmcp: Unauthorized access to MCP server via DNS rebinding vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477786
[ 2 ] Bug #2477787 - CVE-2026-42559 goose: rmcp: Unauthorized access to MCP server via DNS rebinding vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477787
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-08bb036c3e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: strongswan-6.0.7-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-67a9805962
2026-06-25 16:24:07.917307+00:00
--------------------------------------------------------------------------------
Name : strongswan
Product : Fedora 43
Version : 6.0.7
Release : 2.fc43
URL : https://www.strongswan.org/
Summary : An OpenSource IPsec-based VPN and TNC solution
Description :
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key
exchange protocols in conjunction with the native NETKEY IPsec stack of the
Linux kernel.
--------------------------------------------------------------------------------
Update Information:
Addresses CVE-2026-47895 which is a theoretical RCE
Fixes CVE-2026-25075, CVE-2026-35328, CVE-2026-35329, CVE-2026-35330,
CVE-2026-35331, CVE-2026-35332, CVE-2026-35333, CVE-2026-35334
Update to address CVE-2025-9615 and CVE-2025-62291
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 14 2026 Paul Wouters [paul.wouters@aiven.io] - 6.0.7-1
- Update to 6.0.7 for CVE-2026-47895
* Fri Jun 12 2026 Yaakov Selkowitz [yselkowi@redhat.com] - 6.0.6-3
- Rebuilt for openssl 4.0
* Tue May 12 2026 Paul Wouters [paul.wouters@aiven.io] - 6.0.6-2
- updated sources
* Tue May 12 2026 Paul Wouters [paul.wouters@aiven.io] - 6.0.6-1
- Update to 6.0.6 for 8 CVEs
* Wed Mar 4 2026 Petr Men????k [pemensik@redhat.com] - 6.0.4-2
- Fix subpackages dependencies
* Wed Mar 4 2026 Paul Wouters [paul.wouters@aiven.io] - 6.0.4-1
- Update to 6.0.4 for CVE-2025-9615 and CVE-2025-62291
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 6.0.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2450414 - CVE-2026-25075 strongSwan: strongSwan: Denial of Service via integer underflow in EAP-TTLS AVP parser
https://bugzilla.redhat.com/show_bug.cgi?id=2450414
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-67a9805962' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: httpd-2.4.68-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-37947358ea
2026-06-25 16:24:07.917255+00:00
--------------------------------------------------------------------------------
Name : httpd
Product : Fedora 43
Version : 2.4.68
Release : 1.fc43
URL : https://httpd.apache.org/
Summary : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
--------------------------------------------------------------------------------
Update Information:
new version 2.4.68
fixes various security issues
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 9 2026 Lubo?? Uhliarik [luhliari@redhat.com] - 2.4.68-1
- new version 2.4.68
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2486351 - httpd-2.4.68 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2486351
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-37947358ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 44 Update: goose-1.36.0-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-00021c7c91
2026-06-25 16:08:03.982873+00:00
--------------------------------------------------------------------------------
Name : goose
Product : Fedora 44
Version : 1.36.0
Release : 1.fc44
URL : https://github.com/block/goose
Summary : Extensible AI agent client
Description :
Goose is your on-machine AI agent, capable of automating complex development
tasks from start to finish. More than just code suggestions, goose can build
entire projects from scratch, write and execute code, debug failures,
orchestrate workflows, and interact with external APIs - autonomously.
Whether you're prototyping an idea, refining existing code, or managing
intricate engineering pipelines, goose adapts to your workflow and executes
tasks with precision.
Designed for maximum flexibility, goose works with any LLM and supports
multi-model configuration to optimize performance and cost, seamlessly
integrates with MCP servers, and is available as both a desktop app as well as
CLI - making it the ultimate AI assistant for developers who want to move
faster and focus on innovation.
--------------------------------------------------------------------------------
Update Information:
Update goose to 1.36.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Sam Doran [sdoran@redhat.com] - 1.36.0-1
- Update goose to 1.36.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477786 - CVE-2026-42559 goose: rmcp: Unauthorized access to MCP server via DNS rebinding vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477786
[ 2 ] Bug #2477787 - CVE-2026-42559 goose: rmcp: Unauthorized access to MCP server via DNS rebinding vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477787
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-00021c7c91' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rsync-3.4.4-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a04e445b3f
2026-06-26 01:14:26.672392+00:00
--------------------------------------------------------------------------------
Name : rsync
Product : Fedora 43
Version : 3.4.4
Release : 1.fc43
URL : https://rsync.samba.org/
Summary : A program for synchronizing files over a network
Description :
Rsync uses a reliable algorithm to bring remote and host files into
sync very quickly. Rsync is fast because it just sends the differences
in the files over the network instead of sending the complete
files. Rsync is often used as a very powerful mirroring process or
just as a more capable replacement for the rcp command. A technical
report which describes the rsync algorithm is included in this
package.
--------------------------------------------------------------------------------
Update Information:
New version 3.4.4 with multiple regression fixes. This update also fixes the
following CVEs: CVE-2026-29518 CVE-2026-43617 CVE-2026-43618 CVE-2026-43619
CVE-2026-43620 CVE-2026-45232
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 8 2026 Michal Ruprich [mruprich@redhat.com] - 3.4.4-1
- New version 3.4.4
* Fri May 29 2026 Michal Ruprich [mruprich@redhat.com] - 3.4.3-1
- New version 3.4.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2463360 - rsync-3.4.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2463360
[ 2 ] Bug #2480388 - CVE-2026-45232 rsync: Rsync: Denial of Service via malformed HTTP proxy response [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2480388
[ 3 ] Bug #2486185 - rsync-3.4.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2486185
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a04e445b3f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: librabbitmq-0.16.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-454722e3d8
2026-06-26 01:14:26.672373+00:00
--------------------------------------------------------------------------------
Name : librabbitmq
Product : Fedora 43
Version : 0.16.0
Release : 1.fc43
URL : https://github.com/alanxz/rabbitmq-c
Summary : Client library for AMQP
Description :
This is a C-language AMQP client library for use with AMQP servers
speaking protocol versions 0-9-1.
--------------------------------------------------------------------------------
Update Information:
Version 0.16.0 - 2026-06-08
Security
Fix out-of-bounds read via undersized frames in amqp_handle_input
(GHSA-9mmv-r8g3-qp46, #878)
Fix client crash when server negotiates frame_max below the AMQP protocol
minimum (GHSA-jh48-qjf5-fx5v)
Added
Add amqp_bytes_from_buffer macro to create amqp_bytes_t from an arbitrary byte
buffer with explicit length (#856, #866)
Fixed
Fix NULL pointer dereferences on allocation failure in tools/publish.c (#860,
#861)
Fix NULL pointer dereference in tools/consume.c stringify_bytes() on allocation
failure (#858)
Fix file stream leak in tools/common.c read_authfile() (#859)
Fix handling of absolute CMAKE_INSTALL_INCLUDEDIR in exported CMake targets
(#849)
Changed
amqp_literal_bytes macro now uses an explicit (void *) cast (#853)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 10 2026 Remi Collet [remi@remirepo.net] - 0.16.0-1
- update to 0.16.0
- re-license spec file to CECILL-2.1
- spec file cleanup
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-454722e3d8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: perl-Socket-2.041-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-91d6cb99f7
2026-06-26 00:58:32.039521+00:00
--------------------------------------------------------------------------------
Name : perl-Socket
Product : Fedora 44
Version : 2.041
Release : 1.fc44
URL : https://metacpan.org/release/Socket
Summary : Networking constants and support functions
Description :
This Perl module provides a variety of constants, structure manipulators and
other functions related to socket-based networking. The values and functions
provided are useful when used in conjunction with Perl core functions such as
socket(), setsockopt() and bind(). It also provides several other support
functions, mostly for dealing with conversions of network addresses between
human-readable and native binary forms, and for hostname resolver operations.
--------------------------------------------------------------------------------
Update Information:
2.041- BUGFIXES - Fix reuse of STRLEN len variable in pack_ip_mreq_source()
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2026 Jitka Plesnikova [jplesnik@redhat.com] - 4:2.041-1
- 2.041 bump (rhbz#2461914)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2489098 - CVE-2026-12087 perl-Socket: perl-Socket: Information Disclosure due to Out-of-Bounds Read [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489098
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-91d6cb99f7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: perl-Compress-Raw-Bzip2-2.218-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7ecfdcf0e3
2026-06-26 00:58:32.039516+00:00
--------------------------------------------------------------------------------
Name : perl-Compress-Raw-Bzip2
Product : Fedora 44
Version : 2.218
Release : 1.fc44
URL : https://metacpan.org/release/Compress-Raw-Bzip2
Summary : Low-level interface to bzip2 compression library
Description :
This module provides a Perl interface to the bzip2 compression library.
It is used by IO::Compress::Bzip2.
--------------------------------------------------------------------------------
Update Information:
perl-Compress-Taw-Bzip2 - Updated to 2.218
perl-IO-Compress - Updated to 2.221 - Fix CVE-2025-15649, CVE-2026-48959,
CVE-2026-48961, CVE-2026-48962
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 9 2026 Paul Howarth - 2.218-1
- 2.218 bump (rhbz#2445591)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2445591 - perl-Compress-Raw-Bzip2-2.218 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2445591
[ 2 ] Bug #2483254 - CVE-2026-48962 perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483254
[ 3 ] Bug #2489171 - CVE-2025-15649 perl-IO-Compress: perl-IO-Compress: Denial of Service via malformed DOS date in zip header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489171
[ 4 ] Bug #2489766 - CVE-2026-48961 perl-IO-Compress: IO::Compress: Denial of Service in zipdetails CLI tool via malformed Info-ZIP Unix Extra Field [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489766
[ 5 ] Bug #2489781 - CVE-2026-48959 perl-IO-Compress: perl-IO-Compress: CPU exhaustion via per-byte read loop in fastForward [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489781
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7ecfdcf0e3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: perl-IO-Compress-2.221-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7ecfdcf0e3
2026-06-26 00:58:32.039516+00:00
--------------------------------------------------------------------------------
Name : perl-IO-Compress
Product : Fedora 44
Version : 2.221
Release : 1.fc44
URL : https://metacpan.org/release/IO-Compress
Summary : Read and write compressed data
Description :
This distribution provides a Perl interface to allow reading and writing of
compressed data created with the zlib and bzip2 libraries.
IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951,
RFC 1952 (i.e. gzip) and zip files/buffers.
The following modules used to be distributed separately, but are now
included with the IO-Compress distribution:
* Compress-Zlib
* IO-Compress-Zlib
* IO-Compress-Bzip2
* IO-Compress-Base
--------------------------------------------------------------------------------
Update Information:
perl-Compress-Taw-Bzip2 - Updated to 2.218
perl-IO-Compress - Updated to 2.221 - Fix CVE-2025-15649, CVE-2026-48959,
CVE-2026-48961, CVE-2026-48962
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 22 2026 Jitka Plesnikova [jplesnik@redhat.com] - 2.221-1
- 2.221 bump (rhbz#2489325)
Fixed CVE-2026-48961, CVE-2026-48962, CVE-2026-48959
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2445591 - perl-Compress-Raw-Bzip2-2.218 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2445591
[ 2 ] Bug #2483254 - CVE-2026-48962 perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483254
[ 3 ] Bug #2489171 - CVE-2025-15649 perl-IO-Compress: perl-IO-Compress: Denial of Service via malformed DOS date in zip header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489171
[ 4 ] Bug #2489766 - CVE-2026-48961 perl-IO-Compress: IO::Compress: Denial of Service in zipdetails CLI tool via malformed Info-ZIP Unix Extra Field [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489766
[ 5 ] Bug #2489781 - CVE-2026-48959 perl-IO-Compress: perl-IO-Compress: CPU exhaustion via per-byte read loop in fastForward [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489781
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7ecfdcf0e3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: perl-DBI-1.648-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-134fcb8549
2026-06-26 00:58:32.039514+00:00
--------------------------------------------------------------------------------
Name : perl-DBI
Product : Fedora 44
Version : 1.648
Release : 1.fc44
URL : http://dbi.perl.org/
Summary : A database access API for perl
Description :
DBI is a database access Application Programming Interface (API) for
the Perl Language. The DBI API Specification defines a set of
functions, variables and conventions that provide a consistent
database interface independent of the actual database being used.
--------------------------------------------------------------------------------
Update Information:
Update to 1.648; Fix CVE-2026-9698 and CVE-2026-10879
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 4 2026 Jitka Plesnikova [jplesnik@redhat.com] - 1.648-1
- 1.648 bump (rhbz#2484824)
- Fix CVE-2026-9698 and CVE-2026-10879
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2488910 - CVE-2026-9698 perl-DBI: DBI: Buffer overflow in error handling can lead to arbitrary code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488910
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-134fcb8549' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: python-django-allauth-65.18.0-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2c5cde060d
2026-06-26 00:58:32.039493+00:00
--------------------------------------------------------------------------------
Name : python-django-allauth
Product : Fedora 44
Version : 65.18.0
Release : 1.fc44
URL : https://allauth.org/
Summary : Integrated set of Django authentication apps
Description :
Integrated set of Django applications addressing authentication, registration,
account management as well as 3rd party (social) account authentication.
Most existing Django apps that address the problem of social authentication
focus on just that. You typically need to integrate another app in order to
support authentication via a local account.
This approach separates the worlds of local and social authentication. However,
there are common scenarios to be dealt with in both worlds. For example, an
e-mail address passed along by an OpenID provider is not guaranteed to be
verified. So, before hooking an OpenID account up to a local account the e-mail
address must be verified. So, e-mail verification needs to be present in both
worlds.
Integrating both worlds is quite a tedious process. It is definitely not a
matter of simply adding one social authentication app, and one local account
registration app to your INSTALLED_APPS list.
This is the reason this project got started ??? to offer a fully integrated
authentication app that allows for both local and social authentication, with
flows that just work.
--------------------------------------------------------------------------------
Update Information:
Update to the latest django-allauth
Fixes CVE-2026-27982
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 16 2026 Michel Lind [salimma@fedoraproject.org] - 65.18.0-1
- Update to version 65.18.0; Resolves RHBZ#2334129
- Fixes CVE-2026-27982: Open redirect via crafted URL in SAML IdP initiated
SSO
* Sat Jun 6 2026 Python Maint - 65.8.1-3
- Rebuilt for Python 3.15
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2334129 - python-django-allauth-65.18.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2334129
[ 2 ] Bug #2444766 - CVE-2026-27982 python-django-allauth: django-allauth: Open redirect via crafted URL in SAML IdP initiated SSO [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444766
[ 3 ] Bug #2458667 - python-django-allauth fails to build with Python 3.15: AssertionError: assert 'Flow.PROVIDER_SIGNUP' == 'provider_signup'
https://bugzilla.redhat.com/show_bug.cgi?id=2458667
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2c5cde060d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
