Fedora 43 Update: krb5-1.22.2-4.fc43
Fedora 43 Update: pyOpenSSL-26.1.0-1.fc43
Fedora 43 Update: forgejo-runner-12.7.3-2.fc43
Fedora 43 Update: squid-7.5-1.fc43
Fedora 43 Update: pdns-5.0.4-1.fc43
Fedora 42 Update: pdns-5.0.4-1.fc42
Fedora 42 Update: vim-9.2.390-1.fc42
Fedora 42 Update: xorg-x11-server-Xwayland-24.1.11-1.fc42
Fedora 43 Update: gnutls-3.8.13-1.fc43
Fedora 43 Update: nano-8.5-3.fc43
Fedora 43 Update: dovecot-2.4.3-2.fc43
Fedora 44 Update: gh-2.92.0-1.fc44
Fedora 44 Update: dovecot-2.4.3-2.fc44
[SECURITY] Fedora 43 Update: krb5-1.22.2-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-684396998a
2026-05-06 16:45:18.195724+00:00
--------------------------------------------------------------------------------
Name : krb5
Product : Fedora 43
Version : 1.22.2
Release : 4.fc43
URL : https://web.mit.edu/kerberos/www/
Summary : The Kerberos network authentication system
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of sending passwords over the network in unencrypted form.
--------------------------------------------------------------------------------
Update Information:
Fix NegoEx parsing vulnerabilities (CVE-2026-40355, CVE-2026-40356)
Add upstream patches to build against openssl 4.0
Make configure.ac work with autoconf 2.73
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 28 2026 Julien Rische [jrische@redhat.com] - 1.22.2-4
- Fix NegoEx parsing vulnerabilities (CVE-2026-40355, CVE-2026-40356)
- resolves: rhbz#2463398
- resolves: rhbz#2463395
- Add upstream patches to build against openssl 4.0
- Make configure.ac work with autoconf 2.73
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2463395 - CVE-2026-40356 krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2463395
[ 2 ] Bug #2463398 - CVE-2026-40355 krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2463398
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-684396998a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: pyOpenSSL-26.1.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bc62ef0a6a
2026-05-06 16:45:18.195727+00:00
--------------------------------------------------------------------------------
Name : pyOpenSSL
Product : Fedora 43
Version : 26.1.0
Release : 1.fc43
URL : https://pyopenssl.readthedocs.org/
Summary : Python wrapper module around the OpenSSL library
Description :
High-level wrapper around a subset of the OpenSSL library, includes among others
* SSL.Connection objects, wrapping the methods of Python's portable
sockets
* Callbacks written in Python
* Extensive error-handling mechanism, mirroring OpenSSL's error codes
--------------------------------------------------------------------------------
Update Information:
Update to pyOpenSSL 26.1.0
This update adds support for cryptography v47 and fixes a single security issue:
Fixed X509Name field setters to correctly pass the value length to OpenSSL.
Previously, values containing NUL bytes would be silently truncated, causing a
divergence between the stored ASN.1 value and the value visible from Python.
Credit to BudongJW for reporting the issue. CVE-2026-40475
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 29 2026 Jeremy Cline [jeremycline@microsoft.com] - 26.1.0-1
- Update to 26.1.0
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bc62ef0a6a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: forgejo-runner-12.7.3-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-cf660bc96a
2026-05-06 16:45:18.195717+00:00
--------------------------------------------------------------------------------
Name : forgejo-runner
Product : Fedora 43
Version : 12.7.3
Release : 2.fc43
URL : https://code.forgejo.org/forgejo/runner
Summary : A daemon that fetches workflows to run from a Forgejo instance.
Description :
The Forgejo Runner is a daemon that fetches workflows to run from a Forgejo instance, executes them,
sends back with the logs and ultimately reports its success or failure.
--------------------------------------------------------------------------------
Update Information:
Update vendor dependencies to fix:
* CVE-2026-33762
* CVE-2026-33817
* CVE-2026-34165
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 23 2026 Diego Herrera [dherrera@redhat.com] - 12.7.3-2
- Backport dependency updates
* Tue Apr 21 2026 Diego Herrera [dherrera@redhat.com] - 12.7.3-1
- Update to 12.7.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2454559 - CVE-2026-34165 forgejo-runner: go-git: Denial of Service via crafted .idx file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454559
[ 2 ] Bug #2454560 - CVE-2026-33762 forgejo-runner: go-git: Denial of Service via crafted Git index file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454560
[ 3 ] Bug #2456022 - CVE-2026-33817 forgejo-runner: go.etcd.io/bbolt: Denial of Service via index out-of-range error [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456022
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-cf660bc96a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: squid-7.5-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e6a4814a4d
2026-05-06 16:45:18.195694+00:00
--------------------------------------------------------------------------------
Name : squid
Product : Fedora 43
Version : 7.5
Release : 1.fc43
URL : http://www.squid-cache.org
Summary : The Squid proxy caching server
Description :
Squid is a high-performance proxy caching server for Web clients,
supporting FTP and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.
Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.
--------------------------------------------------------------------------------
Update Information:
new version 7.5
security update
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2026 Lubo?? Uhliarik [luhliari@redhat.com] - 7:7.5-1
- new version 7.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2431445 - squid-7.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2431445
[ 2 ] Bug #2451599 - CVE-2026-33526 squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2451599
[ 3 ] Bug #2451601 - CVE-2026-32748 squid: Squid: Denial of Service via crafted ICP traffic [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2451601
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e6a4814a4d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: pdns-5.0.4-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b47d3e7e16
2026-05-06 16:45:18.195674+00:00
--------------------------------------------------------------------------------
Name : pdns
Product : Fedora 43
Version : 5.0.4
Release : 1.fc43
URL : http://powerdns.com
Summary : A modern, advanced and high performance authoritative-only name server
Description :
The PowerDNS Nameserver is a modern, advanced and high performance
authoritative-only name server. It is written from scratch and conforms
to all relevant DNS standards documents.
Furthermore, PowerDNS interfaces with almost any database.
--------------------------------------------------------------------------------
Update Information:
Update to 5.0.4
Release notes:
https://doc.powerdns.com/authoritative/changelog/5.0.html#change-5.0.4
Security advisory: https://docs.powerdns.com/authoritative/security-
advisories/powerdns-advisory-2026-05.html
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 26 2026 Morten Stevens [mstevens@fedoraproject.org] - 5.0.4-1
- Update to 5.0.4
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 5.0.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Mon Jan 12 2026 Jonathan Wakely [jwakely@fedoraproject.org] - 5.0.2-2
- Rebuilt for Boost 1.90
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2461770 - CVE-2026-33610 pdns: PowerDNS: Denial of Service due to file descriptor exhaustion from rogue primary server DNS update requests [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2461770
[ 2 ] Bug #2461772 - CVE-2026-33611 pdns: PowerDNS: Database corruption due to invalid record data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2461772
[ 3 ] Bug #2461775 - CVE-2026-33609 pdns: PowerDNS: Information disclosure via incomplete LDAP query escaping [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2461775
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b47d3e7e16' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: pdns-5.0.4-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-edc32576bb
2026-05-06 16:23:49.956298+00:00
--------------------------------------------------------------------------------
Name : pdns
Product : Fedora 42
Version : 5.0.4
Release : 1.fc42
URL : http://powerdns.com
Summary : A modern, advanced and high performance authoritative-only name server
Description :
The PowerDNS Nameserver is a modern, advanced and high performance
authoritative-only name server. It is written from scratch and conforms
to all relevant DNS standards documents.
Furthermore, PowerDNS interfaces with almost any database.
--------------------------------------------------------------------------------
Update Information:
Update to 5.0.4
Release notes:
https://doc.powerdns.com/authoritative/changelog/5.0.html#change-5.0.4
Security advisory: https://docs.powerdns.com/authoritative/security-
advisories/powerdns-advisory-2026-05.html
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 26 2026 Morten Stevens [mstevens@fedoraproject.org] - 5.0.4-1
- Update to 5.0.4
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 5.0.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Mon Jan 12 2026 Jonathan Wakely [jwakely@fedoraproject.org] - 5.0.2-2
- Rebuilt for Boost 1.90
* Thu Dec 18 2025 Morten Stevens [mstevens@fedoraproject.org] - 5.0.2-1
- Update to 5.0.2
* Fri Dec 5 2025 Orion Poplawski [orion@nwra.com] - 5.0.1-2
- Rebuild for yaml-cpp 0.8 (epel10)
* Thu Oct 30 2025 Morten Stevens [mstevens@fedoraproject.org] - 5.0.1-1
- Update to 5.0.1
- Enable backend lmdb
* Thu Sep 25 2025 Morten Stevens [mstevens@fedoraproject.org] - 5.0.0-1
- Update to 5.0.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2461770 - CVE-2026-33610 pdns: PowerDNS: Denial of Service due to file descriptor exhaustion from rogue primary server DNS update requests [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2461770
[ 2 ] Bug #2461772 - CVE-2026-33611 pdns: PowerDNS: Database corruption due to invalid record data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2461772
[ 3 ] Bug #2461775 - CVE-2026-33609 pdns: PowerDNS: Information disclosure via incomplete LDAP query escaping [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2461775
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-edc32576bb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: vim-9.2.390-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-11d7d4d8f3
2026-05-07 01:26:58.144749+00:00
--------------------------------------------------------------------------------
Name : vim
Product : Fedora 42
Version : 9.2.390
Release : 1.fc42
URL : https://www.vim.org/
Summary : The VIM editor
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor. Vi was the first real screen-based editor for UNIX, and is
still very popular. VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2026-39881
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 24 2026 Zdenek Dohnal [zdohnal@redhat.com] - 2:9.2.390-1
- patchlevel 390
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2456722 - CVE-2026-39881 vim: Vim: Arbitrary code execution via command injection in NetBeans interface
https://bugzilla.redhat.com/show_bug.cgi?id=2456722
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-11d7d4d8f3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: xorg-x11-server-Xwayland-24.1.11-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0174d1953a
2026-05-07 01:26:58.144752+00:00
--------------------------------------------------------------------------------
Name : xorg-x11-server-Xwayland
Product : Fedora 42
Version : 24.1.11
Release : 1.fc42
URL : http://www.x.org
Summary : Xwayland
Description :
Xwayland is an X server for running X clients under Wayland.
--------------------------------------------------------------------------------
Update Information:
Update to xwayland 24.1.11
Update to xwayland 24.1.10, CVE fix for: CVE-2026-33999, CVE-2026-34000,
CVE-2026-34001,
CVE-2026-34002, CVE-2026-34003
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2026 Olivier Fourdan [ofourdan@redhat.com] - 24.1.11-1
- Update to xwayland 24.1.11
* Tue Apr 14 2026 Olivier Fourdan [ofourdan@redhat.com] - 24.1.10-1
- Update to xwayland 24.1.10
- CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001,
CVE-2026-34002, CVE-2026-34003
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 24.1.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2458206 - xorg-x11-server-Xwayland-24.1.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2458206
[ 2 ] Bug #2460141 - [abrt] xorg-x11-server-Xwayland: Xwayland killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=2460141
[ 3 ] Bug #2463215 - xorg-x11-server-Xwayland-24.1.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2463215
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0174d1953a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: gnutls-3.8.13-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d5f140eb90
2026-05-07 01:08:17.601161+00:00
--------------------------------------------------------------------------------
Name : gnutls
Product : Fedora 43
Version : 3.8.13
Release : 1.fc43
URL : http://www.gnutls.org/
Summary : A TLS protocol implementation
Description :
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
protocols and technologies around them. It provides a simple C language
application programming interface (API) to access the secure communications
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
other required structures.
--------------------------------------------------------------------------------
Update Information:
Update to 3.8.13, fixes, like 13 CVEs.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 4 2026 Alexander Sosedkin [asosedkin@redhat.com] - 3.8.13-1
- Update to 3.8.13
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d5f140eb90' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nano-8.5-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d0a0f1c3d2
2026-05-07 01:08:17.601152+00:00
--------------------------------------------------------------------------------
Name : nano
Product : Fedora 43
Version : 8.5
Release : 3.fc43
URL : https://www.nano-editor.org
Summary : A small text editor
Description :
GNU nano is a small and friendly text editor.
--------------------------------------------------------------------------------
Update Information:
fix CVE-2026-6842 and CVE-29026-6843
Resolves: CVE-2026-6842
Resolves: CVE-2026-6843
Resolves: rhbz#2455127
Resolves: rhbz#2455314
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 30 2026 Luk???? Zaoral [lzaoral@redhat.com] - 8.5-3
- fix CVE-2026-6842 and CVE-29026-6843
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2455127 - [Security] Format String Vulnerability in nano's statusline() via errormessage Buffer
https://bugzilla.redhat.com/show_bug.cgi?id=2455127
[ 2 ] Bug #2460502 - CVE-2026-6842 nano: nano: Local attacker can inject malicious .desktop launcher due to insecure directory permissions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460502
[ 3 ] Bug #2460503 - CVE-2026-6843 nano: nano: Format string vulnerability leads to Denial of Service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460503
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d0a0f1c3d2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: dovecot-2.4.3-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-51dba40a65
2026-05-07 01:08:17.601135+00:00
--------------------------------------------------------------------------------
Name : dovecot
Product : Fedora 43
Version : 2.4.3
Release : 2.fc43
URL : https://www.dovecot.org/
Summary : Secure imap and pop3 server
Description :
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
primarily in mind. It also contains a small POP3 server. It supports mail
in either of maildir or mbox formats.
The SQL drivers and authentication plug-ins are in their subpackages.
--------------------------------------------------------------------------------
Update Information:
updated to 2.4.3 which includes several security fixes
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 16 2026 Tom Callaway [spot@fedoraproject.org] - 1:2.4.3-2
- rebuild
* Wed Apr 8 2026 Michal Hlavinka [mhlavink@redhat.com] - 1:2.4.3-1
- updated to 2.4.3 (#2452164)
* Fri Feb 27 2026 Tom Callaway [spot@fedoraproject.org] - 1:2.4.2-6
- rebuild for lua 5.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2452241 - CVE-2026-27858 dovecot: denial of service via crafted message before authentication [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2452241
[ 2 ] Bug #2452245 - CVE-2026-27857 dovecot: denial of service via specially crafted NOOP command [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2452245
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-51dba40a65' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: gh-2.92.0-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5df889949e
2026-05-07 00:51:26.512946+00:00
--------------------------------------------------------------------------------
Name : gh
Product : Fedora 44
Version : 2.92.0
Release : 1.fc44
URL : https://github.com/cli/cli
Summary : GitHub's official command line tool
Description :
A command-line interface to GitHub for use in your terminal or your scripts.
gh is a tool designed to enhance your workflow when working with GitHub. It
provides a seamless way to interact with GitHub repositories and perform various
actions right from the command line, eliminating the need to switch between your
terminal and the GitHub website.
--------------------------------------------------------------------------------
Update Information:
Update to 2.92.0 and make telemetry sending opt in.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 4 2026 Maxwell G [maxwell@gtmx.me] - 2.92.0-1
- Update to 2.92.0. Fixes rhbz#2451741.
* Fri Apr 24 2026 Maxwell G [maxwell@gtmx.me] - 2.91.0-3
- Make telemetry sending opt in
* Fri Apr 24 2026 Maxwell G [maxwell@gtmx.me] - 2.91.0-1
- Update to 2.91.0. Fixes rhbz#2451741.
* Thu Mar 12 2026 Packit [hello@packit.dev] - 2.88.1-1
- Update to 2.88.1 upstream release
- Resolves: rhbz#2446304
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2458931 - CVE-2026-39984 gh: improper certificate validation in verifier [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458931
[ 2 ] Bug #2458984 - CVE-2026-5160 gh: github.com/yuin/goldmark/renderer/html: Cross-site Scripting due to improper URL validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458984
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5df889949e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: dovecot-2.4.3-2.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-4349d04c20
2026-05-07 00:51:26.512880+00:00
--------------------------------------------------------------------------------
Name : dovecot
Product : Fedora 44
Version : 2.4.3
Release : 2.fc44
URL : https://www.dovecot.org/
Summary : Secure imap and pop3 server
Description :
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
primarily in mind. It also contains a small POP3 server. It supports mail
in either of maildir or mbox formats.
The SQL drivers and authentication plug-ins are in their subpackages.
--------------------------------------------------------------------------------
Update Information:
updated to 2.4.3 which includes several security fixes
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 16 2026 Tom Callaway [spot@fedoraproject.org] - 1:2.4.3-2
- rebuild
* Wed Apr 8 2026 Michal Hlavinka [mhlavink@redhat.com] - 1:2.4.3-1
- updated to 2.4.3 (#2452164)
* Fri Feb 27 2026 Tom Callaway [spot@fedoraproject.org] - 1:2.4.2-6
- rebuild for lua 5.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2452241 - CVE-2026-27858 dovecot: denial of service via crafted message before authentication [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2452241
[ 2 ] Bug #2452245 - CVE-2026-27857 dovecot: denial of service via specially crafted NOOP command [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2452245
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-4349d04c20' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
