Fedora 43 Update: kernel-7.0.10-101.fc43
Fedora 43 Update: mapserver-8.6.3-1.fc43
Fedora 43 Update: podofo-1.0.4-1.fc43
Fedora 43 Update: mingw-qt6-qtsvg-6.10.3-2.fc43
Fedora 43 Update: openbao-2.5.4-1.fc43
Fedora 43 Update: perl-Sereal-Encoder-5.005-1.fc43
Fedora 43 Update: perl-Sereal-Decoder-5.005-1.fc43
Fedora 43 Update: perl-Sereal-5.005-1.fc43
Fedora 43 Update: gmic-3.7.6-3.fc43
Fedora 43 Update: CImg-3.7.6-2.fc43
Fedora 44 Update: jpegxl-0.11.2-1.fc44
Fedora 44 Update: libpng-1.6.58-1.fc44
Fedora 44 Update: podofo-1.0.4-1.fc44
Fedora 44 Update: openbao-2.5.4-1.fc44
Fedora 44 Update: perl-Sereal-Encoder-5.005-1.fc44
Fedora 44 Update: perl-Sereal-Decoder-5.005-1.fc44
Fedora 44 Update: perl-Sereal-5.005-1.fc44
Fedora 44 Update: haveged-1.9.21-1.fc44
[SECURITY] Fedora 43 Update: kernel-7.0.10-101.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-146d86eefc
2026-05-29 01:26:24.644307+00:00
--------------------------------------------------------------------------------
Name : kernel
Product : Fedora 43
Version : 7.0.10
Release : 101.fc43
URL : https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package
--------------------------------------------------------------------------------
Update Information:
The 7.0.10-101/201 stable kernel updates contain a number of important fixes
across the tree.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 27 2026 Justin M. Forbes [jforbes@fedoraproject.org] [7.0.10-1]
- ata: libata-scsi: do not needlessly defer commands when using PMP with FBS (Niklas Cassel)
- ata: libata-scsi: do not use the deferred QC feature on PMPs with CBS (Niklas Cassel)
- ata: libata-scsi: do not use the deferred QC feature for ATA_DEFER_PORT (Niklas Cassel)
- ata: libata-scsi: improve readability of ata_scsi_qc_issue() (Niklas Cassel)
- smb: client: reject userspace cifs.spnego descriptions (Asim Viladi Oglu Manizada)
- ksmbd: close durable scavenger races against m_fp_list lookups (DaeMyung Kang)
- iommu/amd: Remove latent out-of-bounds access in IOMMU debugfs (Eder Zulian)
- iommu/amd: Fix illegal cap/mmio access in IOMMU debugfs (Guanghui Feng)
- drm/i915/cx0: Rename intel_clear_response_ready flag (Suraj Kandpal)
- drm/i915/cx0: Clear response ready & error bit (Suraj Kandpal)
- drm/i915/pps: Enable panel power earlier (Mika Kahola)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-146d86eefc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: mapserver-8.6.3-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1aa6743d40
2026-05-29 01:26:24.644293+00:00
--------------------------------------------------------------------------------
Name : mapserver
Product : Fedora 43
Version : 8.6.3
Release : 1.fc43
URL : https://mapserver.org
Summary : Platform for publishing spatial data and interactive mapping applications to the web
Description :
MapServer is an Open Source platform for publishing spatial data and
interactive mapping applications to the web.
--------------------------------------------------------------------------------
Update Information:
Update to mapserver-8.6.3.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 8 2026 Sandro Mani [manisandro@gmail.com] - 8.6.3-1
- Update to 8.6.3
* Wed Apr 22 2026 Sandro Mani [manisandro@gmail.com] - 8.6.2-1
- Update to 8.6.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477882 - CVE-2026-42030 mapserver: MapServer: Reflected Cross-Site Scripting (XSS) via unsanitized WMS parameter [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477882
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1aa6743d40' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: podofo-1.0.4-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-19873e3fac
2026-05-29 01:26:24.644290+00:00
--------------------------------------------------------------------------------
Name : podofo
Product : Fedora 43
Version : 1.0.4
Release : 1.fc43
URL : https://github.com/podofo/podofo
Summary : Tools and libraries to work with the PDF file format
Description :
PoDoFo is a library to work with the PDF file format. The name comes from
the first letter of PDF (Portable Document Format). A few tools to work
with PDF files are already included in the PoDoFo package.
The PoDoFo library is a free, portable C++ library which includes classes
to parse PDF files and modify their contents into memory. The changes can be
written back to disk easily. The parser can also be used to extract
information from a PDF file (for example the parser could be used in a PDF
viewer). Besides parsing PoDoFo includes also very simple classes to create
your own PDF files. All classes are documented so it is easy to start writing
your own application using PoDoFo.
--------------------------------------------------------------------------------
Update Information:
Update to podof-1.0.4.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 20 2026 Sandro Mani [manisandro@gmail.com] - 1.0.4-1
- Update to 1.0.4
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.0.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Mon Dec 8 2025 Sandro Mani [manisandro@gmail.com] - 1.0.3-2
- Rebuild (libtiff)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477832 - CVE-2026-44348 podofo0.10: PoDoFo: Denial of service due to double-free vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477832
[ 2 ] Bug #2477835 - CVE-2026-44348 podofo: PoDoFo: Denial of service due to double-free vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477835
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-19873e3fac' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: mingw-qt6-qtsvg-6.10.3-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b63645cad6
2026-05-29 01:26:24.644288+00:00
--------------------------------------------------------------------------------
Name : mingw-qt6-qtsvg
Product : Fedora 43
Version : 6.10.3
Release : 2.fc43
URL : http://qt.io/
Summary : Qt6 for Windows - QtSvg component
Description :
This package contains the Qt software toolkit for developing
cross-platform applications.
This is the Windows version of Qt, for use in conjunction with the
Fedora Windows cross-compiler.
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2026-6210.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 20 2026 Sandro Mani [manisandro@gmail.com] - 6.10.3-2
- Backport fix for CVE-2026-6210
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477890 - CVE-2026-6210 mingw-qt5-qtsvg: Qt SVG: Denial of Service via crafted SVG image [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477890
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b63645cad6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: openbao-2.5.4-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d4e8f0a731
2026-05-29 01:26:24.644274+00:00
--------------------------------------------------------------------------------
Name : openbao
Product : Fedora 43
Version : 2.5.4
Release : 1.fc43
URL : https://openbao.org
Summary : A tool for securely accessing secrets
Description :
Openbao secures, stores, and tightly controls access to tokens, passwords,
certificates, API keys, and other secrets in modern computing. Openbao handles
leasing, key revocation, key rolling, and auditing. Through a unified API, users
can access an encrypted Key/Value store and network encryption-as-a-service, or
generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH
credentials, and more.
--------------------------------------------------------------------------------
Update Information:
Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405,
and CVE-2026-45808
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 20 2026 Dave Dykstra - 2.5.4-1
- update to upstream 2.5.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2480200 - openbao-2.5.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2480200
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d4e8f0a731' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: perl-Sereal-Encoder-5.005-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-49c4be8260
2026-05-29 01:26:24.644257+00:00
--------------------------------------------------------------------------------
Name : perl-Sereal-Encoder
Product : Fedora 43
Version : 5.005
Release : 1.fc43
URL : https://metacpan.org/release/Sereal-Encoder
Summary : Perl serialization into Sereal format
Description :
This library implements an efficient, compact-output, and feature-rich
serializer using a binary protocol called Sereal.
--------------------------------------------------------------------------------
Update Information:
This update includes a security fix to make sure that COPY tags cannot be used
to read past end of the buffer.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 20 2026 Paul Howarth - 5.005-1
- Update to 5.005
- Update spec to document changes from version 5
- Security fixes in decoder
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 5.004-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2480052 - perl-Sereal-Decoder-5.005 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2480052
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-49c4be8260' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: perl-Sereal-Decoder-5.005-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-49c4be8260
2026-05-29 01:26:24.644257+00:00
--------------------------------------------------------------------------------
Name : perl-Sereal-Decoder
Product : Fedora 43
Version : 5.005
Release : 1.fc43
URL : https://metacpan.org/release/Sereal-Decoder
Summary : Perl deserialization for Sereal format
Description :
This library implements a deserializer for an efficient, compact-output,
and feature-rich binary protocol called Sereal.
--------------------------------------------------------------------------------
Update Information:
This update includes a security fix to make sure that COPY tags cannot be used
to read past end of the buffer.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 20 2026 Paul Howarth - 5.005-1
- Update to 5.005 (rhbz#2480052)
- Update bundled Zstd to 1.5.7, and other changes
- Update spec to document changes from version 5
- Security fixes - make sure that COPY tags cannot be used to read past end
of buffer
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 5.004-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2480052 - perl-Sereal-Decoder-5.005 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2480052
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-49c4be8260' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: perl-Sereal-5.005-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-49c4be8260
2026-05-29 01:26:24.644257+00:00
--------------------------------------------------------------------------------
Name : perl-Sereal
Product : Fedora 43
Version : 5.005
Release : 1.fc43
URL : https://metacpan.org/release/Sereal
Summary : Fast, compact, powerful binary (de-)serialization
Description :
Sereal is an efficient, compact-output, binary and feature-rich serialization
protocol. The Perl encoder is implemented as the Sereal::Encoder module, the
Perl decoder correspondingly as Sereal::Decoder. This Sereal module is a very
thin wrapper around both Sereal::Encoder and Sereal::Decoder. It depends on
both and loads both.
--------------------------------------------------------------------------------
Update Information:
This update includes a security fix to make sure that COPY tags cannot be used
to read past end of the buffer.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 20 2026 Paul Howarth - 5.005-1
- Update to 5.005
- Update spec to document changes from version 5
- Security fixes in decoder
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 5.004-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2480052 - perl-Sereal-Decoder-5.005 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2480052
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-49c4be8260' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: gmic-3.7.6-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-86596f9cbc
2026-05-29 01:26:24.644217+00:00
--------------------------------------------------------------------------------
Name : gmic
Product : Fedora 43
Version : 3.7.6
Release : 3.fc43
URL : http://gmic.eu/
Summary : GREYC's Magic for Image Computing
Description :
G'MIC is an open and full-featured framework for image processing, providing
several different user interfaces to convert/manipulate/filter/visualize
generic image datasets, from 1d scalar signals to 3d+t sequences of
multi-spectral volumetric images.
--------------------------------------------------------------------------------
Update Information:
bump version + fix two cves
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 15 2026 josef radinger [cheese@nosuchhost.net] - 3.7.6-2
- disable patch1
* Fri May 15 2026 josef radinger [cheese@nosuchhost.net] - 3.7.6-1
- bump verson
* Fri May 8 2026 josef radinger [cheese@nosuchhost.net] - 3.7.5-1
- bump version
* Sat Apr 18 2026 Orion Poplawski [orion@nwra.com] - 3.7.4-3
- Rebuild with hdf5 2.1.1
* Wed Apr 15 2026 Daniel P. Berrang?? [berrange@redhat.com] - 3.7.4-2
- Fix FTBFS with latest gimp
* Fri Mar 20 2026 josef radinger [cheese@nosuchhost.net] - 3.7.4-1
- bump version
* Wed Mar 18 2026 josef radinger [cheese@nosuchhost.net] - 3.7.3-1
- bump version
* Fri Feb 27 2026 josef radinger [cheese@nosuchhost.net] - 3.7.2-1
- bump version
* Fri Feb 13 2026 josef radinger [cheese@nosuchhost.net] - 3.7.0-1
- bump version
* Thu Jan 29 2026 Nicolas Chauvet [kwizart@gmail.com] - 3.6.6-4
- Rebuilt for OpenCV 4.13
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 3.6.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2464129 - gmic-3.7.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2464129
[ 2 ] Bug #2467995 - CVE-2026-42146 CImg: CImg Library: Denial of Service via crafted BMP file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2467995
[ 3 ] Bug #2476569 - CVE-2026-42144 CImg: integer overflow in PNM size check bypasses memory guard (_load_pnm) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2476569
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-86596f9cbc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: CImg-3.7.6-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-86596f9cbc
2026-05-29 01:26:24.644217+00:00
--------------------------------------------------------------------------------
Name : CImg
Product : Fedora 43
Version : 3.7.6
Release : 2.fc43
URL : https://github.com/dtschump/CImg
Summary : C++ Template Image Processing Toolkit
Description :
The CImg Library is an open-source C++ toolkit for image processing.
It consists in a single header file 'CImg.h' providing a minimal set of C++
classes and methods that can be used in your own sources, to load/save,
process and display images. Very portable, efficient and easy to use,
it's a pleasant library for developping image processing algorithms in C++.
--------------------------------------------------------------------------------
Update Information:
bump version + fix two cves
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 16 2026 josef radinger [cheese@nosuchhost.net] - 1:3.7.6-2
- rebuild for new gmic-buildoverride
* Fri May 15 2026 josef radinger [cheese@nosuchhost.net] - 1:3.7.6-1
- bump version
* Tue May 5 2026 josef radinger [cheese@nosuchhost.net] - 1:3.7.5-1
- bump version
* Fri Feb 20 2026 josef radinger [cheese@nosuchhost.net] - 1:3.7.4-1
- bump version
* Wed Feb 18 2026 josef radinger [cheese@nosuchhost.net] - 1:3.7.3-1
- bump version
* Fri Feb 13 2026 josef radinger [cheese@nosuchhost.net] - 1:3.7.2-1
- bump version
* Fri Feb 13 2026 josef radinger [cheese@nosuchhost.net] - 1:3.7.0-1
- bump version
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1:3.6.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1:3.6.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Sat Jan 3 2026 josef radinger [cheese@nosuchhost.net] - 1:3.6.6-1
- bump version
- remove now unneeded patches
* Thu Dec 18 2025 josef radinger [cheese@nosuchhost.net] - 1:3.6.5-2
- bump version
- add patch https://github.com/GreycLab/CImg/commit/94f00eb0302a9db7aa8ea4034fb48a8a4dbbbb8e.patch
and https://github.com/GreycLab/CImg/commit/50674b2dcfe004673f629bbb37bc9c960f2ae614.patch (modified)
to fix compile error for i686 https://github.com/GreycLab/CImg/issues/471
* Mon Nov 24 2025 josef radinger [cheese@nosuchhost.net] - 1:3.6.4-1
- bump version
* Thu Nov 20 2025 josef radinger [cheese@nosuchhost.net] - 1:3.6.3-1
- bump version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2464129 - gmic-3.7.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2464129
[ 2 ] Bug #2467995 - CVE-2026-42146 CImg: CImg Library: Denial of Service via crafted BMP file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2467995
[ 3 ] Bug #2476569 - CVE-2026-42144 CImg: integer overflow in PNM size check bypasses memory guard (_load_pnm) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2476569
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-86596f9cbc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: jpegxl-0.11.2-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-aa2e960a9f
2026-05-29 01:10:57.991219+00:00
--------------------------------------------------------------------------------
Name : jpegxl
Product : Fedora 44
Version : 0.11.2
Release : 1.fc44
URL : https://jpeg.org/jpegxl/
Summary : JPEG XL image format reference implementation
Description :
This package contains a reference implementation of JPEG XL (encoder and
decoder).
--------------------------------------------------------------------------------
Update Information:
Update to version 0.11.2. Resolves CVE-2025-12474 and CVE-2026-1837.
Release notes: https://github.com/libjxl/libjxl/releases/tag/v0.11.2
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 26 2026 Fabio Valentini [decathorpe@gmail.com] - 1:0.11.2-1
- Update to version 0.11.2; Fixes RHBZ#2438459
* Tue May 26 2026 Richard Shaw [hobbes1069@gmail.com] - 1:0.11.1-11
- Rebuild for OpenEXR 3.4.12.
* Mon May 25 2026 Fabio Valentini [decathorpe@gmail.com] - 1:0.11.1-10
- Skip tests on s390x entirely due to cmake / gtest regressions
* Mon May 25 2026 Richard Shaw [hobbes1069@gmail.com] - 1:0.11.1-9
- Rebuild for OpenEXR 3.4.12.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2438459 - jpegxl-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2438459
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-aa2e960a9f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: libpng-1.6.58-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-67c1138ed2
2026-05-29 01:10:57.991217+00:00
--------------------------------------------------------------------------------
Name : libpng
Product : Fedora 44
Version : 1.6.58
Release : 1.fc44
URL : http://www.libpng.org/pub/png/
Summary : A library of functions for manipulating PNG image format files
Description :
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files. PNG
is a bit-mapped graphics format similar to the GIF format. PNG was
created to replace the GIF format, since GIF uses a patented data
compression algorithm.
Libpng should be installed if you need to manipulate PNG format image
files.
--------------------------------------------------------------------------------
Update Information:
updated to 1.6.58
1.6.58 is released with a fix for a simple correctness bug (not a security
issue) this time: png_get_PLTE() returns stale palette data when either gamma
correction or alpha-compositing is the only transform applied. Like the issues
addressed in the previous release, this bug was a regression introduced in the
fix for CVE-2026-33416 in 1.6.56.
1.6.57 is released with fixes for the following security vulnerability:
CVE-2026-34757 (medium severity): Use-after-free memory bug in the chunk setter
API. The hIST variant has existed since version 1.0.9, but the PLTE and tRNS
ones are regressions introduced in the fix for CVE-2026-33416 in 1.6.56 (oops).
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 21 2026 Michal Hlavinka [mhlavink@redhat.com] - 2:1.6.58-1
- updated to 1.6.58 (#2456815)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2460625 - CVE-2026-22020 libpng: OpenJDK: Update LibPNG (Oracle CPU 2026-04) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460625
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-67c1138ed2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: podofo-1.0.4-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5c81faa7bf
2026-05-29 01:10:57.991179+00:00
--------------------------------------------------------------------------------
Name : podofo
Product : Fedora 44
Version : 1.0.4
Release : 1.fc44
URL : https://github.com/podofo/podofo
Summary : Tools and libraries to work with the PDF file format
Description :
PoDoFo is a library to work with the PDF file format. The name comes from
the first letter of PDF (Portable Document Format). A few tools to work
with PDF files are already included in the PoDoFo package.
The PoDoFo library is a free, portable C++ library which includes classes
to parse PDF files and modify their contents into memory. The changes can be
written back to disk easily. The parser can also be used to extract
information from a PDF file (for example the parser could be used in a PDF
viewer). Besides parsing PoDoFo includes also very simple classes to create
your own PDF files. All classes are documented so it is easy to start writing
your own application using PoDoFo.
--------------------------------------------------------------------------------
Update Information:
Update to podof-1.0.4.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 20 2026 Sandro Mani [manisandro@gmail.com] - 1.0.4-1
- Update to 1.0.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477832 - CVE-2026-44348 podofo0.10: PoDoFo: Denial of service due to double-free vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477832
[ 2 ] Bug #2477835 - CVE-2026-44348 podofo: PoDoFo: Denial of service due to double-free vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477835
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5c81faa7bf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: openbao-2.5.4-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bf7889aec6
2026-05-29 01:10:57.991167+00:00
--------------------------------------------------------------------------------
Name : openbao
Product : Fedora 44
Version : 2.5.4
Release : 1.fc44
URL : https://openbao.org
Summary : A tool for securely accessing secrets
Description :
Openbao secures, stores, and tightly controls access to tokens, passwords,
certificates, API keys, and other secrets in modern computing. Openbao handles
leasing, key revocation, key rolling, and auditing. Through a unified API, users
can access an encrypted Key/Value store and network encryption-as-a-service, or
generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH
credentials, and more.
--------------------------------------------------------------------------------
Update Information:
Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405,
and CVE-2026-45808
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 20 2026 Dave Dykstra - 2.5.4-1
- update to upstream 2.5.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2480200 - openbao-2.5.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2480200
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bf7889aec6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: perl-Sereal-Encoder-5.005-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-26bb3fe2c6
2026-05-29 01:10:57.991127+00:00
--------------------------------------------------------------------------------
Name : perl-Sereal-Encoder
Product : Fedora 44
Version : 5.005
Release : 1.fc44
URL : https://metacpan.org/release/Sereal-Encoder
Summary : Perl serialization into Sereal format
Description :
This library implements an efficient, compact-output, and feature-rich
serializer using a binary protocol called Sereal.
--------------------------------------------------------------------------------
Update Information:
This update includes a security fix to make sure that COPY tags cannot be used
to read past end of the buffer.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 20 2026 Paul Howarth - 5.005-1
- Update to 5.005
- Update spec to document changes from version 5
- Security fixes in decoder
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2480052 - perl-Sereal-Decoder-5.005 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2480052
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-26bb3fe2c6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: perl-Sereal-Decoder-5.005-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-26bb3fe2c6
2026-05-29 01:10:57.991127+00:00
--------------------------------------------------------------------------------
Name : perl-Sereal-Decoder
Product : Fedora 44
Version : 5.005
Release : 1.fc44
URL : https://metacpan.org/release/Sereal-Decoder
Summary : Perl deserialization for Sereal format
Description :
This library implements a deserializer for an efficient, compact-output,
and feature-rich binary protocol called Sereal.
--------------------------------------------------------------------------------
Update Information:
This update includes a security fix to make sure that COPY tags cannot be used
to read past end of the buffer.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 20 2026 Paul Howarth - 5.005-1
- Update to 5.005 (rhbz#2480052)
- Update bundled Zstd to 1.5.7, and other changes
- Update spec to document changes from version 5
- Security fixes - make sure that COPY tags cannot be used to read past end
of buffer
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2480052 - perl-Sereal-Decoder-5.005 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2480052
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-26bb3fe2c6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: perl-Sereal-5.005-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-26bb3fe2c6
2026-05-29 01:10:57.991127+00:00
--------------------------------------------------------------------------------
Name : perl-Sereal
Product : Fedora 44
Version : 5.005
Release : 1.fc44
URL : https://metacpan.org/release/Sereal
Summary : Fast, compact, powerful binary (de-)serialization
Description :
Sereal is an efficient, compact-output, binary and feature-rich serialization
protocol. The Perl encoder is implemented as the Sereal::Encoder module, the
Perl decoder correspondingly as Sereal::Decoder. This Sereal module is a very
thin wrapper around both Sereal::Encoder and Sereal::Decoder. It depends on
both and loads both.
--------------------------------------------------------------------------------
Update Information:
This update includes a security fix to make sure that COPY tags cannot be used
to read past end of the buffer.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 20 2026 Paul Howarth - 5.005-1
- Update to 5.005
- Update spec to document changes from version 5
- Security fixes in decoder
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2480052 - perl-Sereal-Decoder-5.005 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2480052
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-26bb3fe2c6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: haveged-1.9.21-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-12643837bd
2026-05-29 01:10:57.991053+00:00
--------------------------------------------------------------------------------
Name : haveged
Product : Fedora 44
Version : 1.9.21
Release : 1.fc44
URL : https://github.com/jirka-h/haveged
Summary : A Linux entropy source using the HAVEGE algorithm
Description :
A Linux entropy source using the HAVEGE algorithm
Haveged is a user space entropy daemon which is not dependent upon the
standard mechanisms for harvesting randomness for the system entropy
pool. This is important in systems with high entropy needs or limited
user interaction (e.g. headless servers).
Haveged uses HAVEGE (HArdware Volatile Entropy Gathering and Expansion)
to maintain a 1M pool of random bytes used to fill /dev/random
whenever the supply of random bits in /dev/random falls below the low
water mark of the device. The principle inputs to haveged are the
sizes of the processor instruction and data caches used to setup the
HAVEGE collector. The haveged default is a 4kb data cache and a 16kb
instruction cache. On machines with a cpuid instruction, haveged will
attempt to select appropriate values from internal tables.
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2026-41054: privilege escalation via command socket
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 20 2026 Jirka Hladky [hladky.jiri@gmail.com] - 1.9.21-1
- Update to 1.9.21
- Security fix: CVE-2026-41054 ??? privilege escalation via command socket
- Fix semaphore error handling (SEM_FAILED vs NULL)
- Fix /dev/shm permissions (use 01777 with sticky bit)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2480051 - CVE-2026-41054 haveged: privilege escalation via command socket
https://bugzilla.redhat.com/show_bug.cgi?id=2480051
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-12643837bd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
