Kubernetes, OpenSSL, Chromium, Python 3.13, and Erlang Packages updates for Fedora

Fedora Linux 9392 Published by

Fedora 43 and Fedora 44 are receiving a major wave of security advisories that target essential system packages. The updates cover widely used tools like multiple Kubernetes branches, OpenSSL, Chromium, Python 3.13, and several Erlang networking libraries. Each package release addresses critical vulnerabilities that could otherwise allow remote attackers to execute code, bypass authentication, or crash services through crafted network requests.

Fedora 43 Update: kubernetes1.35-1.35.6-1.fc43
Fedora 43 Update: alertmanager-0.33.0-1.fc43
Fedora 43 Update: kubernetes1.34-1.34.9-1.fc43
Fedora 43 Update: kubernetes1.33-1.33.13-1.fc43
Fedora 43 Update: erlang-cowlib-2.17.1-1.fc43
Fedora 43 Update: erlang-gun-2.4.1-1.fc43
Fedora 43 Update: mingw-SDL2_image-2.8.12-1.fc43
Fedora 43 Update: erlang-cowboy-2.16.1-1.fc43
Fedora 43 Update: python3.13-3.13.14-1.fc43
Fedora 43 Update: perl-Crypt-PBKDF2-0.261630-1.fc43
Fedora 43 Update: openssl-3.5.7-1.fc43
Fedora 44 Update: yt-dlp-2026.06.09-1.fc44
Fedora 44 Update: chromium-149.0.7827.155-1.fc44
Fedora 44 Update: xdg-desktop-portal-1.22.1-1.fc44
Fedora 44 Update: alertmanager-0.33.0-1.fc44
Fedora 44 Update: kubernetes1.35-1.35.6-1.fc44
Fedora 44 Update: kubernetes1.33-1.33.13-1.fc44
Fedora 44 Update: kubernetes1.34-1.34.9-1.fc44
Fedora 44 Update: erlang-gun-2.4.1-1.fc44
Fedora 44 Update: erlang-cowlib-2.17.1-1.fc44
Fedora 44 Update: erlang-cowboy-2.16.1-1.fc44
Fedora 44 Update: mingw-SDL2_image-2.8.12-1.fc44
Fedora 44 Update: perl-Crypt-PBKDF2-0.261630-1.fc44
Fedora 44 Update: python3.13-3.13.14-1.fc44
Fedora 44 Update: 389-ds-base-3.2.2-2.fc44



[SECURITY] Fedora 43 Update: kubernetes1.35-1.35.6-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0544eff1d8
2026-06-21 01:09:26.438232+00:00
--------------------------------------------------------------------------------

Name : kubernetes1.35
Product : Fedora 43
Version : 1.35.6
Release : 1.fc43
URL : https://github.com/kubernetes/kubernetes
Summary : Open Source Production-Grade Container Scheduling And Management Platform
Description :

Production-Grade Container Scheduling and Management.
Installs kubelet, the kubernetes agent on each machine in a
cluster. The kubernetes-client sub-package,
containing kubectl, is recommended but not strictly required.
The kubernetes-client sub-package should be installed on
control plane machines.

--------------------------------------------------------------------------------
Update Information:

Update to release v1.35.6
Resolves: rhbz#2467606
Upstream fixes
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 12 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 1.35.6-1
- Update to release v1.35.6
- Resolves: rhbz#2467606
- Upstream fixes
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2467606 - CVE-2026-35469 kubernetes1.35: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2467606
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0544eff1d8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: alertmanager-0.33.0-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1ad4561f49
2026-06-21 01:09:26.438236+00:00
--------------------------------------------------------------------------------

Name : alertmanager
Product : Fedora 43
Version : 0.33.0
Release : 1.fc43
URL : https://github.com/prometheus/alertmanager
Summary : Prometheus Alertmanager
Description :
The Alertmanager handles alerts sent by client applications such as the
Prometheus server. It takes care of deduplicating, grouping, and routing them to
the correct receiver integrations such as email, PagerDuty, or OpsGenie. It also
takes care of silencing and inhibition of alerts.

--------------------------------------------------------------------------------
Update Information:

Update to 0.33.0
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 12 2026 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 0.33.0-1
- Update to 0.33.0 - Closes rhbz#2485517
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2486249 - CVE-2026-45287 alertmanager: OpenTelemetry-Go: Denial of Service due to file descriptor leak [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486249
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1ad4561f49' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: kubernetes1.34-1.34.9-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-88ab77d111
2026-06-21 01:09:26.438224+00:00
--------------------------------------------------------------------------------

Name : kubernetes1.34
Product : Fedora 43
Version : 1.34.9
Release : 1.fc43
URL : https://github.com/kubernetes/kubernetes
Summary : Open Source Production-Grade Container Scheduling And Management Platform
Description :

Production-Grade Container Scheduling and Management.
Installs kubelet, the kubernetes agent on each machine in a
cluster. The kubernetes-client sub-package,
containing kubectl, is recommended but not strictly required.
The kubernetes-client sub-package should be installed on
control plane machines.

--------------------------------------------------------------------------------
Update Information:

Update to release v1.34.9
Resolves: rhbz#2467605
Upstream fixes
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 12 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 1.34.9-1
- Update to release v1.34.9
- Resolves: rhbz#2467605
- Upstream fixes
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2467605 - CVE-2026-35469 kubernetes1.34: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2467605
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-88ab77d111' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: kubernetes1.33-1.33.13-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c2a89ccca5
2026-06-21 01:09:26.438222+00:00
--------------------------------------------------------------------------------

Name : kubernetes1.33
Product : Fedora 43
Version : 1.33.13
Release : 1.fc43
URL : https://github.com/kubernetes/kubernetes
Summary : Open Source Production-Grade Container Scheduling And Management Platform
Description :

Production-Grade Container Scheduling and Management.
Installs kubelet, the kubernetes agent on each machine in a
cluster. The kubernetes-client sub-package,
containing kubectl, is recommended but not strictly required.
The kubernetes-client sub-package should be installed on
control plane machines.

--------------------------------------------------------------------------------
Update Information:

Update to release 1.33.13
Resolves: rhbz#2467604
Upstream fix
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 12 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 1.33.13-1
- Update to release 1.33.13
- Resolves: rhbz#2467604
- Upstream fix
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2467604 - CVE-2026-35469 kubernetes1.33: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2467604
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c2a89ccca5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: erlang-cowlib-2.17.1-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2aa86d411f
2026-06-21 01:09:26.438203+00:00
--------------------------------------------------------------------------------

Name : erlang-cowlib
Product : Fedora 43
Version : 2.17.1
Release : 1.fc43
URL : https://github.com/ninenines/cowlib
Summary : Support library for manipulating Web protocols
Description :
Support library for manipulating Web protocols.

--------------------------------------------------------------------------------
Update Information:

Gun ver. 2.4.1 and its dependencies
New erlang-gun
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 12 2026 Peter Lemenkov [lemenkov@gmail.com] - 2.17.1-1
- Cowlib ver. 2.17.1
* Wed Jun 10 2026 Peter Lemenkov [lemenkov@gmail.com] - 2.17.0-1
- Cowlib ver. 2.17.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2486315 - erlang-cowlib-2.17.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2486315
[ 2 ] Bug #2486350 - erlang-gun-2.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2486350
[ 3 ] Bug #2486422 - CVE-2026-43972 erlang-gun: Gun: Cross-origin cookie injection leading to session fixation and account takeover. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486422
[ 4 ] Bug #2486423 - CVE-2026-43974 erlang-gun: gun: Denial of Service via unsolicited 101 Switching Protocols response [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486423
[ 5 ] Bug #2486424 - CVE-2026-43973 erlang-gun: gun: Denial of Service via unbounded HTTP/1.1 response buffering [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486424
[ 6 ] Bug #2487823 - erlang-cowboy-2.16.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2487823
[ 7 ] Bug #2487824 - erlang-cowlib-2.17.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2487824
[ 8 ] Bug #2487833 - erlang-gun-2.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2487833
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2aa86d411f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: erlang-gun-2.4.1-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2aa86d411f
2026-06-21 01:09:26.438203+00:00
--------------------------------------------------------------------------------

Name : erlang-gun
Product : Fedora 43
Version : 2.4.1
Release : 1.fc43
URL : https://github.com/ninenines/gun
Summary : Erlang HTTP client with support for HTTP/1.1, HTTP/2, Websocket and more
Description :
Erlang HTTP client with support for HTTP/1.1, HTTP/2, Websocket and more.

--------------------------------------------------------------------------------
Update Information:

Gun ver. 2.4.1 and its dependencies
New erlang-gun
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 12 2026 Peter Lemenkov [lemenkov@gmail.com] - 2.4.1-1
- gun ver. 2.4.1
* Wed Jun 10 2026 Peter Lemenkov [lemenkov@gmail.com] - 2.4.0-1
- gun ver. 2.4.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2486315 - erlang-cowlib-2.17.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2486315
[ 2 ] Bug #2486350 - erlang-gun-2.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2486350
[ 3 ] Bug #2486422 - CVE-2026-43972 erlang-gun: Gun: Cross-origin cookie injection leading to session fixation and account takeover. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486422
[ 4 ] Bug #2486423 - CVE-2026-43974 erlang-gun: gun: Denial of Service via unsolicited 101 Switching Protocols response [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486423
[ 5 ] Bug #2486424 - CVE-2026-43973 erlang-gun: gun: Denial of Service via unbounded HTTP/1.1 response buffering [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486424
[ 6 ] Bug #2487823 - erlang-cowboy-2.16.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2487823
[ 7 ] Bug #2487824 - erlang-cowlib-2.17.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2487824
[ 8 ] Bug #2487833 - erlang-gun-2.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2487833
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2aa86d411f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: mingw-SDL2_image-2.8.12-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bc38ebdf4c
2026-06-21 01:09:26.438205+00:00
--------------------------------------------------------------------------------

Name : mingw-SDL2_image
Product : Fedora 43
Version : 2.8.12
Release : 1.fc43
URL : https://github.com/libsdl-org/SDL_image
Summary : MinGW Windows port of the Image loading library for SDL2
Description :
Simple DirectMedia Layer (SDL2) is a cross-platform multimedia library
designed to provide fast access to the graphics frame buffer and audio
device. This package contains a simple library for loading images of
various formats (BMP, PPM, PCX, GIF, JPEG, PNG) as SDL2 surfaces.

--------------------------------------------------------------------------------
Update Information:

Update to SDL2_image 2.8.12, fixes CVE-2026-35444.
--------------------------------------------------------------------------------
ChangeLog:

* Fri May 15 2026 Sandro Mani [manisandro@gmail.com] - 2.8.12-1
- Update to 2.8.12
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.8.8-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Mon Dec 8 2025 Sandro Mani [manisandro@gmail.com] - 2.8.8-3
- Rebuild (libtiff)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2455891 - CVE-2026-35444 mingw-SDL2_image: SDL_image: Information disclosure via crafted XCF files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2455891
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bc38ebdf4c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: erlang-cowboy-2.16.1-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2aa86d411f
2026-06-21 01:09:26.438203+00:00
--------------------------------------------------------------------------------

Name : erlang-cowboy
Product : Fedora 43
Version : 2.16.1
Release : 1.fc43
URL : https://github.com/ninenines/cowboy
Summary : Small, fast, modular HTTP server written in Erlang
Description :
Small, fast, modular HTTP server written in Erlang.

--------------------------------------------------------------------------------
Update Information:

Gun ver. 2.4.1 and its dependencies
New erlang-gun
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 12 2026 Peter Lemenkov [lemenkov@gmail.com] - 2.16.1-1
- Cowboy ver. 2.16.1
* Wed Jun 10 2026 Peter Lemenkov [lemenkov@gmail.com] - 2.16.0-1
- Cowboy ver. 2.16.0
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.12.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2486315 - erlang-cowlib-2.17.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2486315
[ 2 ] Bug #2486350 - erlang-gun-2.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2486350
[ 3 ] Bug #2486422 - CVE-2026-43972 erlang-gun: Gun: Cross-origin cookie injection leading to session fixation and account takeover. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486422
[ 4 ] Bug #2486423 - CVE-2026-43974 erlang-gun: gun: Denial of Service via unsolicited 101 Switching Protocols response [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486423
[ 5 ] Bug #2486424 - CVE-2026-43973 erlang-gun: gun: Denial of Service via unbounded HTTP/1.1 response buffering [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486424
[ 6 ] Bug #2487823 - erlang-cowboy-2.16.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2487823
[ 7 ] Bug #2487824 - erlang-cowlib-2.17.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2487824
[ 8 ] Bug #2487833 - erlang-gun-2.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2487833
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2aa86d411f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: python3.13-3.13.14-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2deb979d80
2026-06-21 01:09:26.438193+00:00
--------------------------------------------------------------------------------

Name : python3.13
Product : Fedora 43
Version : 3.13.14
Release : 1.fc43
URL : https://www.python.org/
Summary : Version 3.13 of the Python interpreter
Description :
Python 3.13 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

The python3.13 package provides the "python3.13" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.13-libs package,
which should be installed automatically along with python3.13.
The remaining parts of the Python standard library are broken out into the
python3.13-tkinter and python3.13-test packages, which may need to be installed
separately.

Documentation for Python is provided in the python3.13-docs package.

Packages containing additional libraries for Python are generally named with
the "python3.13-" prefix.

--------------------------------------------------------------------------------
Update Information:

New Python release including bugfixes and security fixes.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 11 2026 Karolina Surma [ksurma@redhat.com] - 3.13.14-1
- Update to Python 3.13.14
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2457943 - CVE-2026-1502 python3.13: Python: HTTP header injection via CR/LF in proxy tunnel headers [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457943
[ 2 ] Bug #2458015 - CVE-2026-6100 python3.13: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458015
[ 3 ] Bug #2458223 - CVE-2026-4786 python3.13: Python: Arbitrary code execution via command injection in webbrowser.open() API [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458223
[ 4 ] Bug #2484194 - CVE-2026-7210 python3.13: Python/Expat: Denial of Service via crafted XML document [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484194
[ 5 ] Bug #2484559 - CVE-2026-3276 python3.13: Python unicodedata: Denial of Service due to excessive CPU consumption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484559
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2deb979d80' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: perl-Crypt-PBKDF2-0.261630-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e8231b773d
2026-06-21 01:09:26.438190+00:00
--------------------------------------------------------------------------------

Name : perl-Crypt-PBKDF2
Product : Fedora 43
Version : 0.261630
Release : 1.fc43
URL : https://metacpan.org/release/Crypt-PBKDF2
Summary : The PBKDF2 password hashing algorithm
Description :
PBKDF2 is a secure password hashing algorithm that uses the techniques of "key
strengthening" to make the complexity of a brute-force attack arbitrarily high.
PBKDF2 uses any other cryptographic hash or cipher (by convention, usually
HMAC-SHA2, but Crypt::PBKDF2 is fully pluggable), and allows for an arbitrary
number of iterations of the hashing function, and a nearly unlimited output
hash size (up to 2**32-1 times the size of the output of the backend hash).
The hash is salted, as any password hash should be, and the salt may also be of
arbitrary size.

--------------------------------------------------------------------------------
Update Information:

This update addresses a number of security issues:
Change the default hash algorithm to HMAC-SHA256, and increase the default
number of iterations to 600,000, in line with current OWASP recommendations
(CVE-2026-9641)
Generate salts using Crypt::URandom (a strong system RNG) instead of perl's
builtin rand(), which is not cryptographically secure (CVE-2026-9638)
Use a constant-time comparison in validate to avoid timing attacks
(CVE-2017-20240)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 12 2026 Paul Howarth - 0.261630-1
- Update to 0.261630 (rhbz#2488228)
- Change the default hash algorithm to HMAC-SHA256, and increase the default
number of iterations to 600,000, in line with current OWASP recommendations
(CVE-2026-9641)
- Generate salts using Crypt::URandom (a strong system RNG) instead of perl's
builtin rand(), which is not cryptographically secure (CVE-2026-9638)
- Use a constant-time comparison in 'validate' to avoid timing attacks
(CVE-2017-20240)
- Switch to Module::Build::Tiny flow
- Package new README file
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.161520-25
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2488228 - perl-Crypt-PBKDF2-0.261630 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2488228
[ 2 ] Bug #2488894 - CVE-2017-20240 perl-Crypt-PBKDF2: information disclosure via timing attack [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488894
[ 3 ] Bug #2488896 - CVE-2026-9641 perl-Crypt-PBKDF2: weak default algorithm and insufficient iterations [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488896
[ 4 ] Bug #2488899 - CVE-2026-9638 perl-Crypt-PBKDF2: generation of insecure random values for salts [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488899
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e8231b773d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: openssl-3.5.7-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-840334a045
2026-06-21 01:09:26.438169+00:00
--------------------------------------------------------------------------------

Name : openssl
Product : Fedora 43
Version : 3.5.7
Release : 1.fc43
URL : http://www.openssl.org/
Summary : Utilities from the general purpose cryptography library with TLS implementation
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

--------------------------------------------------------------------------------
Update Information:

Rebase to OpenSSL 3.5.7
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 10 2026 Dmitry Belyavskiy [dbelyavs@redhat.com] - 1:3.5.7-1
- Rebase to OpenSSL 3.5.7
Resolves: CVE-2026-45447
Resolves: CVE-2026-34182
Resolves: CVE-2026-34183
Resolves: CVE-2026-42764
Resolves: CVE-2026-45445
Resolves: CVE-2026-7383
Resolves: CVE-2026-9076
Resolves: CVE-2026-34180
Resolves: CVE-2026-34181
Resolves: CVE-2026-42766
Resolves: CVE-2026-42767
Resolves: CVE-2026-42768
Resolves: CVE-2026-42769
Resolves: CVE-2026-42770
Resolves: CVE-2026-45446
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-840334a045' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: yt-dlp-2026.06.09-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bb702c613b
2026-06-21 00:58:50.478417+00:00
--------------------------------------------------------------------------------

Name : yt-dlp
Product : Fedora 44
Version : 2026.06.09
Release : 1.fc44
URL : https://github.com/yt-dlp/yt-dlp
Summary : A command-line program to download videos from online video platforms
Description :
yt-dlp is a command-line program to download videos from many different online
video platforms, such as youtube.com. The project is a fork of youtube-dl with
additional features and fixes.

--------------------------------------------------------------------------------
Update Information:

Update to 2026.06.09. Fixes rhbz#2487407.
Mitigates CVE-2026-50019, CVE-2026-50023, CVE-2026-50574
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 19 2026 Maxwell G [maxwell@gtmx.me] - 2026.06.09-1
- Update to 2026.06.09. Fixes rhbz#2487407.
- Mitigates CVE-2026-50019, CVE-2026-50023, CVE-2026-50574
* Fri Jun 5 2026 Maxwell G [maxwell@gtmx.me] - 2026.03.17-3
- Add Python 3.15 support patches
* Thu Jun 4 2026 Python Maint - 2026.03.17-2
- Rebuilt for Python 3.15
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2487407 - yt-dlp-2026.06.09 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2487407
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bb702c613b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: chromium-149.0.7827.155-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-650bd96540
2026-06-21 00:58:50.478412+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 44
Version : 149.0.7827.155
Release : 1.fc44
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 149.0.7827.155
CVE-2026-12437: Use after free in WebShare
CVE-2026-12438: Inappropriate implementation in WebView
CVE-2026-12439: Use after free in Digital Credentials
CVE-2026-12440: Use after free in DigitalCredentials
CVE-2026-12441: Use after free in File Input
CVE-2026-12442: Use after free in Passwords
CVE-2026-12443: Use after free in Web Authentication
CVE-2026-12444: Out of bounds read in Chromoting
CVE-2026-12445: Use after free in Extensions
CVE-2026-12446: Insufficient data validation in Passwords
CVE-2026-12447: Heap buffer overflow in WebRTC
CVE-2026-12448: Inappropriate implementation in WebView
CVE-2026-12449: Use after free in Chromoting
CVE-2026-12450: Inappropriate implementation in Media
CVE-2026-12451: Use after free in DigitalCredentials
CVE-2026-12452: Use after free in Downloads
CVE-2026-12453: Insufficient validation of untrusted input in Input
CVE-2026-12454: Race in Safe Browsing
CVE-2026-12455: Use after free in Tab Strip
CVE-2026-12456: Insufficient validation of untrusted input in Extensions
CVE-2026-12457: Insufficient data validation in Extensions
CVE-2026-12458: Incorrect security UI in Passwords
CVE-2026-12459: Inappropriate implementation in Serial
CVE-2026-12460: Insufficient policy enforcement in File System Access
CVE-2026-12461: Out of bounds read in WebRTC
CVE-2026-12462: Use after free in Media
CVE-2026-12463: Inappropriate implementation in Views
CVE-2026-12464: Use after free in Browser
CVE-2026-12465: Insufficient validation of untrusted input in Metrics
CVE-2026-12466: Heap buffer overflow in WebRTC
CVE-2026-12467: Use after free in Extensions
CVE-2026-12468: Inappropriate implementation in Updater
CVE-2026-12469: Uninitialized Use in GPU
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 17 2026 Than Ngo [than@redhat.com] - 149.0.7827.155-1
- Update to 149.0.7827.155
* CVE-2026-12437: Use after free in WebShare
* CVE-2026-12438: Inappropriate implementation in WebView
* CVE-2026-12439: Use after free in Digital Credentials
* CVE-2026-12440: Use after free in DigitalCredentials
* CVE-2026-12441: Use after free in File Input
* CVE-2026-12442: Use after free in Passwords
* CVE-2026-12443: Use after free in Web Authentication
* CVE-2026-12444: Out of bounds read in Chromoting
* CVE-2026-12445: Use after free in Extensions
* CVE-2026-12446: Insufficient data validation in Passwords
* CVE-2026-12447: Heap buffer overflow in WebRTC
* CVE-2026-12448: Inappropriate implementation in WebView
* CVE-2026-12449: Use after free in Chromoting
* CVE-2026-12450: Inappropriate implementation in Media
* CVE-2026-12451: Use after free in DigitalCredentials
* CVE-2026-12452: Use after free in Downloads
* CVE-2026-12453: Insufficient validation of untrusted input in Input
* CVE-2026-12454: Race in Safe Browsing
* CVE-2026-12455: Use after free in Tab Strip
* CVE-2026-12456: Insufficient validation of untrusted input in Extensions
* CVE-2026-12457: Insufficient data validation in Extensions
* CVE-2026-12458: Incorrect security UI in Passwords
* CVE-2026-12459: Inappropriate implementation in Serial
* CVE-2026-12460: Insufficient policy enforcement in File System Access
* CVE-2026-12461: Out of bounds read in WebRTC
* CVE-2026-12462: Use after free in Media
* CVE-2026-12463: Inappropriate implementation in Views
* CVE-2026-12464: Use after free in Browser
* CVE-2026-12465: Insufficient validation of untrusted input in Metrics
* CVE-2026-12466: Heap buffer overflow in WebRTC
* CVE-2026-12467: Use after free in Extensions
* CVE-2026-12468: Inappropriate implementation in Updater
* CVE-2026-12469: Uninitialized Use in GPU
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-650bd96540' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: xdg-desktop-portal-1.22.1-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d8f8abf763
2026-06-21 00:58:50.478409+00:00
--------------------------------------------------------------------------------

Name : xdg-desktop-portal
Product : Fedora 44
Version : 1.22.1
Release : 1.fc44
URL : https://github.com/flatpak/xdg-desktop-portal/
Summary : Portal frontend service to flatpak
Description :
xdg-desktop-portal works by exposing a series of D-Bus interfaces known as
portals under a well-known name (org.freedesktop.portal.Desktop) and object
path (/org/freedesktop/portal/desktop). The portal interfaces include APIs for
file access, opening URIs, printing and others.

--------------------------------------------------------------------------------
Update Information:

Update to 1.22.1
It fixes CVE-2026-55888 and CVE-2026-55889.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 18 2026 Ondrej Holy [oholy@redhat.com] - 1.22.1-1
- Update to 1.22.1 (#2489997)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2489997 - xdg-desktop-portal-1.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2489997
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d8f8abf763' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: alertmanager-0.33.0-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-87b103f151
2026-06-21 00:58:50.478393+00:00
--------------------------------------------------------------------------------

Name : alertmanager
Product : Fedora 44
Version : 0.33.0
Release : 1.fc44
URL : https://github.com/prometheus/alertmanager
Summary : Prometheus Alertmanager
Description :
The Alertmanager handles alerts sent by client applications such as the
Prometheus server. It takes care of deduplicating, grouping, and routing them to
the correct receiver integrations such as email, PagerDuty, or OpsGenie. It also
takes care of silencing and inhibition of alerts.

--------------------------------------------------------------------------------
Update Information:

Update to 0.33.0
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 12 2026 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 0.33.0-1
- Update to 0.33.0 - Closes rhbz#2485517
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2486249 - CVE-2026-45287 alertmanager: OpenTelemetry-Go: Denial of Service due to file descriptor leak [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486249
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-87b103f151' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: kubernetes1.35-1.35.6-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b56d6f4b79
2026-06-21 00:58:50.478382+00:00
--------------------------------------------------------------------------------

Name : kubernetes1.35
Product : Fedora 44
Version : 1.35.6
Release : 1.fc44
URL : https://github.com/kubernetes/kubernetes
Summary : Open Source Production-Grade Container Scheduling And Management Platform
Description :

Production-Grade Container Scheduling and Management.
Installs kubelet, the kubernetes agent on each machine in a
cluster. The kubernetes-client sub-package,
containing kubectl, is recommended but not strictly required.
The kubernetes-client sub-package should be installed on
control plane machines.

--------------------------------------------------------------------------------
Update Information:

Update to release v1.35.6
Resolves: rhbz#2467606
Upstream fixes
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 12 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 1.35.6-1
- Update to release v1.35.6
- Resolves: rhbz#2467606
- Upstream fixes
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2467606 - CVE-2026-35469 kubernetes1.35: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2467606
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b56d6f4b79' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: kubernetes1.33-1.33.13-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-da02662d41
2026-06-21 00:58:50.478372+00:00
--------------------------------------------------------------------------------

Name : kubernetes1.33
Product : Fedora 44
Version : 1.33.13
Release : 1.fc44
URL : https://github.com/kubernetes/kubernetes
Summary : Open Source Production-Grade Container Scheduling And Management Platform
Description :

Production-Grade Container Scheduling and Management.
Installs kubelet, the kubernetes agent on each machine in a
cluster. The kubernetes-client sub-package,
containing kubectl, is recommended but not strictly required.
The kubernetes-client sub-package should be installed on
control plane machines.

--------------------------------------------------------------------------------
Update Information:

Update to release 1.33.13
Resolves: rhbz#2467604
Upstream fix
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 12 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 1.33.13-1
- Update to release 1.33.13
- Resolves: rhbz#2467604
- Upstream fix
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2467604 - CVE-2026-35469 kubernetes1.33: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2467604
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-da02662d41' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: kubernetes1.34-1.34.9-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-eee09dc43b
2026-06-21 00:58:50.478369+00:00
--------------------------------------------------------------------------------

Name : kubernetes1.34
Product : Fedora 44
Version : 1.34.9
Release : 1.fc44
URL : https://github.com/kubernetes/kubernetes
Summary : Open Source Production-Grade Container Scheduling And Management Platform
Description :

Production-Grade Container Scheduling and Management.
Installs kubelet, the kubernetes agent on each machine in a
cluster. The kubernetes-client sub-package,
containing kubectl, is recommended but not strictly required.
The kubernetes-client sub-package should be installed on
control plane machines.

--------------------------------------------------------------------------------
Update Information:

Update to release v1.34.9
Resolves: rhbz#2467605
Upstream fixes
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 12 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 1.34.9-1
- Update to release v1.34.9
- Resolves: rhbz#2467605
- Upstream fixes
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2467605 - CVE-2026-35469 kubernetes1.34: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2467605
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-eee09dc43b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: erlang-gun-2.4.1-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c17ea7a74d
2026-06-21 00:58:50.478354+00:00
--------------------------------------------------------------------------------

Name : erlang-gun
Product : Fedora 44
Version : 2.4.1
Release : 1.fc44
URL : https://github.com/ninenines/gun
Summary : Erlang HTTP client with support for HTTP/1.1, HTTP/2, Websocket and more
Description :
Erlang HTTP client with support for HTTP/1.1, HTTP/2, Websocket and more.

--------------------------------------------------------------------------------
Update Information:

Gun ver. 2.4.1 and its dependencies
New erlang-gun
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 12 2026 Peter Lemenkov [lemenkov@gmail.com] - 2.4.1-1
- gun ver. 2.4.1
* Wed Jun 10 2026 Peter Lemenkov [lemenkov@gmail.com] - 2.4.0-1
- gun ver. 2.4.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2486315 - erlang-cowlib-2.17.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2486315
[ 2 ] Bug #2486350 - erlang-gun-2.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2486350
[ 3 ] Bug #2486422 - CVE-2026-43972 erlang-gun: Gun: Cross-origin cookie injection leading to session fixation and account takeover. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486422
[ 4 ] Bug #2486423 - CVE-2026-43974 erlang-gun: gun: Denial of Service via unsolicited 101 Switching Protocols response [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486423
[ 5 ] Bug #2486424 - CVE-2026-43973 erlang-gun: gun: Denial of Service via unbounded HTTP/1.1 response buffering [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486424
[ 6 ] Bug #2487823 - erlang-cowboy-2.16.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2487823
[ 7 ] Bug #2487824 - erlang-cowlib-2.17.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2487824
[ 8 ] Bug #2487833 - erlang-gun-2.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2487833
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c17ea7a74d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: erlang-cowlib-2.17.1-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c17ea7a74d
2026-06-21 00:58:50.478354+00:00
--------------------------------------------------------------------------------

Name : erlang-cowlib
Product : Fedora 44
Version : 2.17.1
Release : 1.fc44
URL : https://github.com/ninenines/cowlib
Summary : Support library for manipulating Web protocols
Description :
Support library for manipulating Web protocols.

--------------------------------------------------------------------------------
Update Information:

Gun ver. 2.4.1 and its dependencies
New erlang-gun
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 12 2026 Peter Lemenkov [lemenkov@gmail.com] - 2.17.1-1
- Cowlib ver. 2.17.1
* Wed Jun 10 2026 Peter Lemenkov [lemenkov@gmail.com] - 2.17.0-1
- Cowlib ver. 2.17.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2486315 - erlang-cowlib-2.17.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2486315
[ 2 ] Bug #2486350 - erlang-gun-2.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2486350
[ 3 ] Bug #2486422 - CVE-2026-43972 erlang-gun: Gun: Cross-origin cookie injection leading to session fixation and account takeover. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486422
[ 4 ] Bug #2486423 - CVE-2026-43974 erlang-gun: gun: Denial of Service via unsolicited 101 Switching Protocols response [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486423
[ 5 ] Bug #2486424 - CVE-2026-43973 erlang-gun: gun: Denial of Service via unbounded HTTP/1.1 response buffering [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486424
[ 6 ] Bug #2487823 - erlang-cowboy-2.16.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2487823
[ 7 ] Bug #2487824 - erlang-cowlib-2.17.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2487824
[ 8 ] Bug #2487833 - erlang-gun-2.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2487833
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c17ea7a74d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: erlang-cowboy-2.16.1-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c17ea7a74d
2026-06-21 00:58:50.478354+00:00
--------------------------------------------------------------------------------

Name : erlang-cowboy
Product : Fedora 44
Version : 2.16.1
Release : 1.fc44
URL : https://github.com/ninenines/cowboy
Summary : Small, fast, modular HTTP server written in Erlang
Description :
Small, fast, modular HTTP server written in Erlang.

--------------------------------------------------------------------------------
Update Information:

Gun ver. 2.4.1 and its dependencies
New erlang-gun
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 12 2026 Peter Lemenkov [lemenkov@gmail.com] - 2.16.1-1
- Cowboy ver. 2.16.1
* Wed Jun 10 2026 Peter Lemenkov [lemenkov@gmail.com] - 2.16.0-1
- Cowboy ver. 2.16.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2486315 - erlang-cowlib-2.17.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2486315
[ 2 ] Bug #2486350 - erlang-gun-2.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2486350
[ 3 ] Bug #2486422 - CVE-2026-43972 erlang-gun: Gun: Cross-origin cookie injection leading to session fixation and account takeover. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486422
[ 4 ] Bug #2486423 - CVE-2026-43974 erlang-gun: gun: Denial of Service via unsolicited 101 Switching Protocols response [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486423
[ 5 ] Bug #2486424 - CVE-2026-43973 erlang-gun: gun: Denial of Service via unbounded HTTP/1.1 response buffering [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486424
[ 6 ] Bug #2487823 - erlang-cowboy-2.16.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2487823
[ 7 ] Bug #2487824 - erlang-cowlib-2.17.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2487824
[ 8 ] Bug #2487833 - erlang-gun-2.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2487833
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c17ea7a74d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: mingw-SDL2_image-2.8.12-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6f328b5020
2026-06-21 00:58:50.478360+00:00
--------------------------------------------------------------------------------

Name : mingw-SDL2_image
Product : Fedora 44
Version : 2.8.12
Release : 1.fc44
URL : https://github.com/libsdl-org/SDL_image
Summary : MinGW Windows port of the Image loading library for SDL2
Description :
Simple DirectMedia Layer (SDL2) is a cross-platform multimedia library
designed to provide fast access to the graphics frame buffer and audio
device. This package contains a simple library for loading images of
various formats (BMP, PPM, PCX, GIF, JPEG, PNG) as SDL2 surfaces.

--------------------------------------------------------------------------------
Update Information:

Update to SDL2_image 2.8.12, fixes CVE-2026-35444.
--------------------------------------------------------------------------------
ChangeLog:

* Fri May 15 2026 Sandro Mani [manisandro@gmail.com] - 2.8.12-1
- Update to 2.8.12
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2455891 - CVE-2026-35444 mingw-SDL2_image: SDL_image: Information disclosure via crafted XCF files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2455891
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6f328b5020' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: perl-Crypt-PBKDF2-0.261630-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5b12cc327e
2026-06-21 00:58:50.478340+00:00
--------------------------------------------------------------------------------

Name : perl-Crypt-PBKDF2
Product : Fedora 44
Version : 0.261630
Release : 1.fc44
URL : https://metacpan.org/release/Crypt-PBKDF2
Summary : The PBKDF2 password hashing algorithm
Description :
PBKDF2 is a secure password hashing algorithm that uses the techniques of "key
strengthening" to make the complexity of a brute-force attack arbitrarily high.
PBKDF2 uses any other cryptographic hash or cipher (by convention, usually
HMAC-SHA2, but Crypt::PBKDF2 is fully pluggable), and allows for an arbitrary
number of iterations of the hashing function, and a nearly unlimited output
hash size (up to 2**32-1 times the size of the output of the backend hash).
The hash is salted, as any password hash should be, and the salt may also be of
arbitrary size.

--------------------------------------------------------------------------------
Update Information:

This update addresses a number of security issues:
Change the default hash algorithm to HMAC-SHA256, and increase the default
number of iterations to 600,000, in line with current OWASP recommendations
(CVE-2026-9641)
Generate salts using Crypt::URandom (a strong system RNG) instead of perl's
builtin rand(), which is not cryptographically secure (CVE-2026-9638)
Use a constant-time comparison in validate to avoid timing attacks
(CVE-2017-20240)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 12 2026 Paul Howarth - 0.261630-1
- Update to 0.261630 (rhbz#2488228)
- Change the default hash algorithm to HMAC-SHA256, and increase the default
number of iterations to 600,000, in line with current OWASP recommendations
(CVE-2026-9641)
- Generate salts using Crypt::URandom (a strong system RNG) instead of perl's
builtin rand(), which is not cryptographically secure (CVE-2026-9638)
- Use a constant-time comparison in 'validate' to avoid timing attacks
(CVE-2017-20240)
- Switch to Module::Build::Tiny flow
- Package new README file
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2488228 - perl-Crypt-PBKDF2-0.261630 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2488228
[ 2 ] Bug #2488894 - CVE-2017-20240 perl-Crypt-PBKDF2: information disclosure via timing attack [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488894
[ 3 ] Bug #2488896 - CVE-2026-9641 perl-Crypt-PBKDF2: weak default algorithm and insufficient iterations [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488896
[ 4 ] Bug #2488899 - CVE-2026-9638 perl-Crypt-PBKDF2: generation of insecure random values for salts [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488899
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5b12cc327e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: python3.13-3.13.14-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dfc9182263
2026-06-21 00:58:50.478342+00:00
--------------------------------------------------------------------------------

Name : python3.13
Product : Fedora 44
Version : 3.13.14
Release : 1.fc44
URL : https://www.python.org/
Summary : Version 3.13 of the Python interpreter
Description :
Python 3.13 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

The python3.13 package provides the "python3.13" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.13-libs package,
which should be installed automatically along with python3.13.
The remaining parts of the Python standard library are broken out into the
python3.13-tkinter and python3.13-test packages, which may need to be installed
separately.

Documentation for Python is provided in the python3.13-docs package.

Packages containing additional libraries for Python are generally named with
the "python3.13-" prefix.

--------------------------------------------------------------------------------
Update Information:

New Python version including bugfixes and security fixes.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 11 2026 Karolina Surma [ksurma@redhat.com] - 3.13.14-1
- Update to Python 3.13.14
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2457943 - CVE-2026-1502 python3.13: Python: HTTP header injection via CR/LF in proxy tunnel headers [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457943
[ 2 ] Bug #2458015 - CVE-2026-6100 python3.13: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458015
[ 3 ] Bug #2458223 - CVE-2026-4786 python3.13: Python: Arbitrary code execution via command injection in webbrowser.open() API [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458223
[ 4 ] Bug #2484194 - CVE-2026-7210 python3.13: Python/Expat: Denial of Service via crafted XML document [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484194
[ 5 ] Bug #2484559 - CVE-2026-3276 python3.13: Python unicodedata: Denial of Service due to excessive CPU consumption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484559
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dfc9182263' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: 389-ds-base-3.2.2-2.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6d00814a85
2026-06-21 00:58:50.478284+00:00
--------------------------------------------------------------------------------

Name : 389-ds-base
Product : Fedora 44
Version : 3.2.2
Release : 2.fc44
URL : https://www.port389.org
Summary : 389 Directory Server (base)
Description :
389 Directory Server is an LDAPv3 compliant server. The base package includes
the LDAP server and command line utilities for server administration.

--------------------------------------------------------------------------------
Update Information:

Resolves: CVE-2026-9064
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 4 2026 Viktor Ashirov [vashirov@redhat.com] - 3.2.2-1
- Bump version to 3.2.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2480099 - CVE-2026-9064 389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2480099
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6d00814a85' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new


OBS Studio 32.2.0 Beta 1 Fixes Black Screens and Streamlines Source Setup for Faster Recordings

Python311, Ansible-Core, and Joserfc updates for SUSE

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...