Fedora 43 Update: mingw-glib2-2.86.3-3.fc43
Fedora 43 Update: k9s-0.50.18-1.fc43
Fedora 43 Update: libgit2-1.9.2-1.fc43
Fedora 43 Update: xrdp-0.10.5-1.fc43
Fedora 43 Update: xorgxrdp-0.10.5-1.fc43
Fedora 42 Update: libgit2-1.9.2-1.fc42
Fedora 42 Update: xrdp-0.10.5-1.fc42
Fedora 42 Update: xorgxrdp-0.10.5-1.fc42
Fedora 42 Update: mingw-glib2-2.84.3-3.fc42
[SECURITY] Fedora 43 Update: mingw-glib2-2.86.3-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-607c3364fd
2026-02-08 01:08:54.528065+00:00
--------------------------------------------------------------------------------
Name : mingw-glib2
Product : Fedora 43
Version : 2.86.3
Release : 3.fc43
URL : http://www.gtk.org
Summary : MinGW Windows GLib2 library
Description :
MinGW Windows Glib2 library.
--------------------------------------------------------------------------------
Update Information:
Backport fixes for CVE-2026-1484, CVE-2026-1485, CVE-2026-1489.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2026 Sandro Mani [manisandro@gmail.com] - 2.86.3-3
- Backport fixes for CVE-2026-1484, CVE-2026-1485, CVE-2026-1489
- Remove ancient, obsolete downstream patch from 2012 (RHBZ#2431179)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2433314 - CVE-2026-1484 mingw-glib2: Integer Overflow Leading to Buffer Underflow and Out-of-Bounds Write in GLib g_base64_encode() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2433314
[ 2 ] Bug #2433340 - CVE-2026-1485 mingw-glib2: Glib: Local denial of service via buffer underflow in content type parsing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2433340
[ 3 ] Bug #2433365 - CVE-2026-1489 mingw-glib2: GLib: Memory corruption via integer overflow in Unicode case conversion [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2433365
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-607c3364fd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: k9s-0.50.18-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-847455954a
2026-02-08 01:08:54.528097+00:00
--------------------------------------------------------------------------------
Name : k9s
Product : Fedora 43
Version : 0.50.18
Release : 1.fc43
URL : https://github.com/derailed/k9s
Summary : Kubernetes CLI To Manage Your Clusters In Style
Description :
Kubernetes CLI To Manage Your Clusters In Style!
--------------------------------------------------------------------------------
Update Information:
Update to version 0.50.18
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 28 2026 blinxen - 0.50.18-1
- Update to version 0.50.18 (rhbz#2428576)
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.50.16-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2417128 - CVE-2025-65965 k9s: Grype has a credential disclosure vulnerability in Grype JSON output [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417128
[ 2 ] Bug #2419039 - CVE-2024-25621 k9s: containerd local privilege escalation [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2419039
[ 3 ] Bug #2420622 - CVE-2025-47913 k9s: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2420622
[ 4 ] Bug #2424051 - [Minor Incident] CVE-2025-52881 k9s: container escape and denial of service due to arbitrary write gadgets and procfs write redirects [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2424051
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-847455954a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: libgit2-1.9.2-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c0124f91bf
2026-02-08 01:08:54.528046+00:00
--------------------------------------------------------------------------------
Name : libgit2
Product : Fedora 43
Version : 1.9.2
Release : 1.fc43
URL : https://libgit2.org/
Summary : C implementation of the Git core methods as a library with a solid API
Description :
libgit2 is a portable, pure C implementation of the Git core methods
provided as a re-entrant linkable library with a solid API, allowing
you to write native speed custom Git applications in any language
with bindings.
--------------------------------------------------------------------------------
Update Information:
Update to version 1.9.2.
Release notes:
https://github.com/libgit2/libgit2/releases/tag/v1.9.2
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 27 2026 Josh Stone [jistone@redhat.com] - 1.9.2-1
- Update to 1.9.2
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.9.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c0124f91bf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: xrdp-0.10.5-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-febea89ac3
2026-02-08 01:08:54.527996+00:00
--------------------------------------------------------------------------------
Name : xrdp
Product : Fedora 43
Version : 0.10.5
Release : 1.fc43
URL : http://www.xrdp.org/
Summary : Open source remote desktop protocol (RDP) server
Description :
xrdp provides a fully functional RDP server compatible with a wide range
of RDP clients, including FreeRDP and Microsoft RDP client.
--------------------------------------------------------------------------------
Update Information:
Release notes for xrdp v0.10.5 (2026/01/27)
Security fixes
CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-
based Buffer Overflow
New features
It is now possible to start the xrdp daemon entirely unprivileged from the
service manager (#3599 #3603). If you do this certain restrictions will apply.
See https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-
root for details.
TLS pre-master secrets can now be recorded for packet captures (#3617)
Add a FuseRootReportMaxFree to work around 'no free space' issues with some file
managers (#3639)
Alternate shell names can now be passed to startwm.sh in an environment variable
for more system management control (#3624 #3651)
Updated Xorg paths in sesman.ini to include more recent distros (#3663)
Add Slovenian keyboard (#3668 #3670)
xrdpapi: Add a way to monitor connect/disconnect events (#3693)
Bug fixes
Allow an empty X11 UTF8_STRING to be pasted to the clipboard (#3580 #3582)
Fix a regression introduced in v0.10.x, where it became impossible to connect to
a VNC server which did not support the ExtendedDesktopSize encoding (#3540
#3584)
Fix a regression introduced in v0.10.x related to PAM groups handling (#3594)
Inconsistencies with [MS-RDPBCGR] have been addressed (#3608)
A reference to uninitialised data within the verify_user_pam_userpass.c module
has been fixed (#3638)
Prevent some possible crashes when the RFX encoder is resized (#3590 #3644)
Fixes a regression introduced by GFX development which prevented the JPEG
encoder from working correctly (#3649)
Fixes a regression introduced by #2974 which resulted in the xrdp PID file being
deleted unexpectedly (#3650)
Do not overwrite a VNC port set by the user when not using sesman (#3674)
Fix regression from 0.9.x when freerdp client uses /workarea (#3618 #3676)
Fixes a crash where a resize is attempted with drdynvc disabled (#3672 #3680)
getgrouplist() now compiles on MacOS (#3575)
Various Coverity warnings have been addressed (#3656)
Documentation improvements (#3665)
Internal changes
An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has
been removed (#3679)
Release notes for xorgxrdp v0.10.5 (2026/01/28)
Bug fixes
Fix bug in Chrome pointer detection (#394 #396)
Internal changes
CI: Update FreeBSD xrdp dependency (#398)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 28 2026 Bojan Smojver [bojan@rexursive.com] - 1:0.10.5-1
- Update to 0.10.5
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1:0.10.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Tue Nov 4 2025 Tom Callaway [spot@fedoraproject.org] - 1:0.10.4-4
- rebuild for new fuse3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1908387 - Windows with transparency show whatever is below
https://bugzilla.redhat.com/show_bug.cgi?id=1908387
[ 2 ] Bug #2279775 - xrdp socketdir not cleaned up on package removal
https://bugzilla.redhat.com/show_bug.cgi?id=2279775
[ 3 ] Bug #2322105 - AltGr on Spanish keyboards
https://bugzilla.redhat.com/show_bug.cgi?id=2322105
[ 4 ] Bug #2323097 - Requesting clarification on the License of xrdp rpm.
https://bugzilla.redhat.com/show_bug.cgi?id=2323097
[ 5 ] Bug #2433438 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2433438
[ 6 ] Bug #2433439 - CVE-2025-68670 xrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2433439
[ 7 ] Bug #2433440 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2433440
[ 8 ] Bug #2433441 - CVE-2025-68670 xrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2433441
[ 9 ] Bug #2433442 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2433442
[ 10 ] Bug #2433840 - xorgxrdp-0.10.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2433840
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-febea89ac3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: xorgxrdp-0.10.5-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-febea89ac3
2026-02-08 01:08:54.527996+00:00
--------------------------------------------------------------------------------
Name : xorgxrdp
Product : Fedora 43
Version : 0.10.5
Release : 1.fc43
URL : https://github.com/neutrinolabs/xorgxrdp
Summary : Implementation of xrdp backend as Xorg modules
Description :
xorgxrdp is a set of X11 modules that make Xorg act as a backend for
xrdp. Xorg with xorgxrdp is the most advanced xrdp backend with support
for screen resizing and multiple monitors.
--------------------------------------------------------------------------------
Update Information:
Release notes for xrdp v0.10.5 (2026/01/27)
Security fixes
CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-
based Buffer Overflow
New features
It is now possible to start the xrdp daemon entirely unprivileged from the
service manager (#3599 #3603). If you do this certain restrictions will apply.
See https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-
root for details.
TLS pre-master secrets can now be recorded for packet captures (#3617)
Add a FuseRootReportMaxFree to work around 'no free space' issues with some file
managers (#3639)
Alternate shell names can now be passed to startwm.sh in an environment variable
for more system management control (#3624 #3651)
Updated Xorg paths in sesman.ini to include more recent distros (#3663)
Add Slovenian keyboard (#3668 #3670)
xrdpapi: Add a way to monitor connect/disconnect events (#3693)
Bug fixes
Allow an empty X11 UTF8_STRING to be pasted to the clipboard (#3580 #3582)
Fix a regression introduced in v0.10.x, where it became impossible to connect to
a VNC server which did not support the ExtendedDesktopSize encoding (#3540
#3584)
Fix a regression introduced in v0.10.x related to PAM groups handling (#3594)
Inconsistencies with [MS-RDPBCGR] have been addressed (#3608)
A reference to uninitialised data within the verify_user_pam_userpass.c module
has been fixed (#3638)
Prevent some possible crashes when the RFX encoder is resized (#3590 #3644)
Fixes a regression introduced by GFX development which prevented the JPEG
encoder from working correctly (#3649)
Fixes a regression introduced by #2974 which resulted in the xrdp PID file being
deleted unexpectedly (#3650)
Do not overwrite a VNC port set by the user when not using sesman (#3674)
Fix regression from 0.9.x when freerdp client uses /workarea (#3618 #3676)
Fixes a crash where a resize is attempted with drdynvc disabled (#3672 #3680)
getgrouplist() now compiles on MacOS (#3575)
Various Coverity warnings have been addressed (#3656)
Documentation improvements (#3665)
Internal changes
An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has
been removed (#3679)
Release notes for xorgxrdp v0.10.5 (2026/01/28)
Bug fixes
Fix bug in Chrome pointer detection (#394 #396)
Internal changes
CI: Update FreeBSD xrdp dependency (#398)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2026 Bojan Smojver [bojan@rexursive.com] - 0.10.5-1
- Update to 0.10.5
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.10.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1908387 - Windows with transparency show whatever is below
https://bugzilla.redhat.com/show_bug.cgi?id=1908387
[ 2 ] Bug #2279775 - xrdp socketdir not cleaned up on package removal
https://bugzilla.redhat.com/show_bug.cgi?id=2279775
[ 3 ] Bug #2322105 - AltGr on Spanish keyboards
https://bugzilla.redhat.com/show_bug.cgi?id=2322105
[ 4 ] Bug #2323097 - Requesting clarification on the License of xrdp rpm.
https://bugzilla.redhat.com/show_bug.cgi?id=2323097
[ 5 ] Bug #2433438 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2433438
[ 6 ] Bug #2433439 - CVE-2025-68670 xrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2433439
[ 7 ] Bug #2433440 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2433440
[ 8 ] Bug #2433441 - CVE-2025-68670 xrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2433441
[ 9 ] Bug #2433442 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2433442
[ 10 ] Bug #2433840 - xorgxrdp-0.10.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2433840
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-febea89ac3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: libgit2-1.9.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-57ba9d6f85
2026-02-08 00:51:49.071229+00:00
--------------------------------------------------------------------------------
Name : libgit2
Product : Fedora 42
Version : 1.9.2
Release : 1.fc42
URL : https://libgit2.org/
Summary : C implementation of the Git core methods as a library with a solid API
Description :
libgit2 is a portable, pure C implementation of the Git core methods
provided as a re-entrant linkable library with a solid API, allowing
you to write native speed custom Git applications in any language
with bindings.
--------------------------------------------------------------------------------
Update Information:
Update to version 1.9.2.
Release notes:
https://github.com/libgit2/libgit2/releases/tag/v1.9.2
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 27 2026 Josh Stone [jistone@redhat.com] - 1.9.2-1
- Update to 1.9.2
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.9.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-57ba9d6f85' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: xrdp-0.10.5-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b409dad73e
2026-02-08 00:51:49.071197+00:00
--------------------------------------------------------------------------------
Name : xrdp
Product : Fedora 42
Version : 0.10.5
Release : 1.fc42
URL : http://www.xrdp.org/
Summary : Open source remote desktop protocol (RDP) server
Description :
xrdp provides a fully functional RDP server compatible with a wide range
of RDP clients, including FreeRDP and Microsoft RDP client.
--------------------------------------------------------------------------------
Update Information:
Release notes for xrdp v0.10.5 (2026/01/27)
Security fixes
CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-
based Buffer Overflow
New features
It is now possible to start the xrdp daemon entirely unprivileged from the
service manager (#3599 #3603). If you do this certain restrictions will apply.
See https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-
root for details.
TLS pre-master secrets can now be recorded for packet captures (#3617)
Add a FuseRootReportMaxFree to work around 'no free space' issues with some file
managers (#3639)
Alternate shell names can now be passed to startwm.sh in an environment variable
for more system management control (#3624 #3651)
Updated Xorg paths in sesman.ini to include more recent distros (#3663)
Add Slovenian keyboard (#3668 #3670)
xrdpapi: Add a way to monitor connect/disconnect events (#3693)
Bug fixes
Allow an empty X11 UTF8_STRING to be pasted to the clipboard (#3580 #3582)
Fix a regression introduced in v0.10.x, where it became impossible to connect to
a VNC server which did not support the ExtendedDesktopSize encoding (#3540
#3584)
Fix a regression introduced in v0.10.x related to PAM groups handling (#3594)
Inconsistencies with [MS-RDPBCGR] have been addressed (#3608)
A reference to uninitialised data within the verify_user_pam_userpass.c module
has been fixed (#3638)
Prevent some possible crashes when the RFX encoder is resized (#3590 #3644)
Fixes a regression introduced by GFX development which prevented the JPEG
encoder from working correctly (#3649)
Fixes a regression introduced by #2974 which resulted in the xrdp PID file being
deleted unexpectedly (#3650)
Do not overwrite a VNC port set by the user when not using sesman (#3674)
Fix regression from 0.9.x when freerdp client uses /workarea (#3618 #3676)
Fixes a crash where a resize is attempted with drdynvc disabled (#3672 #3680)
getgrouplist() now compiles on MacOS (#3575)
Various Coverity warnings have been addressed (#3656)
Documentation improvements (#3665)
Internal changes
An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has
been removed (#3679)
Release notes for xorgxrdp v0.10.5 (2026/01/28)
Bug fixes
Fix bug in Chrome pointer detection (#394 #396)
Internal changes
CI: Update FreeBSD xrdp dependency (#398)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 28 2026 Bojan Smojver [bojan@rexursive.com] - 1:0.10.5-1
- Update to 0.10.5
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1:0.10.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Tue Nov 4 2025 Tom Callaway [spot@fedoraproject.org] - 1:0.10.4-4
- rebuild for new fuse3
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1:0.10.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1908387 - Windows with transparency show whatever is below
https://bugzilla.redhat.com/show_bug.cgi?id=1908387
[ 2 ] Bug #2279775 - xrdp socketdir not cleaned up on package removal
https://bugzilla.redhat.com/show_bug.cgi?id=2279775
[ 3 ] Bug #2322105 - AltGr on Spanish keyboards
https://bugzilla.redhat.com/show_bug.cgi?id=2322105
[ 4 ] Bug #2323097 - Requesting clarification on the License of xrdp rpm.
https://bugzilla.redhat.com/show_bug.cgi?id=2323097
[ 5 ] Bug #2433438 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2433438
[ 6 ] Bug #2433439 - CVE-2025-68670 xrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2433439
[ 7 ] Bug #2433440 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2433440
[ 8 ] Bug #2433441 - CVE-2025-68670 xrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2433441
[ 9 ] Bug #2433442 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2433442
[ 10 ] Bug #2433840 - xorgxrdp-0.10.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2433840
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b409dad73e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: xorgxrdp-0.10.5-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b409dad73e
2026-02-08 00:51:49.071197+00:00
--------------------------------------------------------------------------------
Name : xorgxrdp
Product : Fedora 42
Version : 0.10.5
Release : 1.fc42
URL : https://github.com/neutrinolabs/xorgxrdp
Summary : Implementation of xrdp backend as Xorg modules
Description :
xorgxrdp is a set of X11 modules that make Xorg act as a backend for
xrdp. Xorg with xorgxrdp is the most advanced xrdp backend with support
for screen resizing and multiple monitors.
--------------------------------------------------------------------------------
Update Information:
Release notes for xrdp v0.10.5 (2026/01/27)
Security fixes
CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-
based Buffer Overflow
New features
It is now possible to start the xrdp daemon entirely unprivileged from the
service manager (#3599 #3603). If you do this certain restrictions will apply.
See https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-
root for details.
TLS pre-master secrets can now be recorded for packet captures (#3617)
Add a FuseRootReportMaxFree to work around 'no free space' issues with some file
managers (#3639)
Alternate shell names can now be passed to startwm.sh in an environment variable
for more system management control (#3624 #3651)
Updated Xorg paths in sesman.ini to include more recent distros (#3663)
Add Slovenian keyboard (#3668 #3670)
xrdpapi: Add a way to monitor connect/disconnect events (#3693)
Bug fixes
Allow an empty X11 UTF8_STRING to be pasted to the clipboard (#3580 #3582)
Fix a regression introduced in v0.10.x, where it became impossible to connect to
a VNC server which did not support the ExtendedDesktopSize encoding (#3540
#3584)
Fix a regression introduced in v0.10.x related to PAM groups handling (#3594)
Inconsistencies with [MS-RDPBCGR] have been addressed (#3608)
A reference to uninitialised data within the verify_user_pam_userpass.c module
has been fixed (#3638)
Prevent some possible crashes when the RFX encoder is resized (#3590 #3644)
Fixes a regression introduced by GFX development which prevented the JPEG
encoder from working correctly (#3649)
Fixes a regression introduced by #2974 which resulted in the xrdp PID file being
deleted unexpectedly (#3650)
Do not overwrite a VNC port set by the user when not using sesman (#3674)
Fix regression from 0.9.x when freerdp client uses /workarea (#3618 #3676)
Fixes a crash where a resize is attempted with drdynvc disabled (#3672 #3680)
getgrouplist() now compiles on MacOS (#3575)
Various Coverity warnings have been addressed (#3656)
Documentation improvements (#3665)
Internal changes
An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has
been removed (#3679)
Release notes for xorgxrdp v0.10.5 (2026/01/28)
Bug fixes
Fix bug in Chrome pointer detection (#394 #396)
Internal changes
CI: Update FreeBSD xrdp dependency (#398)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2026 Bojan Smojver [bojan@rexursive.com] - 0.10.5-1
- Update to 0.10.5
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.10.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.10.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1908387 - Windows with transparency show whatever is below
https://bugzilla.redhat.com/show_bug.cgi?id=1908387
[ 2 ] Bug #2279775 - xrdp socketdir not cleaned up on package removal
https://bugzilla.redhat.com/show_bug.cgi?id=2279775
[ 3 ] Bug #2322105 - AltGr on Spanish keyboards
https://bugzilla.redhat.com/show_bug.cgi?id=2322105
[ 4 ] Bug #2323097 - Requesting clarification on the License of xrdp rpm.
https://bugzilla.redhat.com/show_bug.cgi?id=2323097
[ 5 ] Bug #2433438 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2433438
[ 6 ] Bug #2433439 - CVE-2025-68670 xrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2433439
[ 7 ] Bug #2433440 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2433440
[ 8 ] Bug #2433441 - CVE-2025-68670 xrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2433441
[ 9 ] Bug #2433442 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2433442
[ 10 ] Bug #2433840 - xorgxrdp-0.10.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2433840
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b409dad73e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: mingw-glib2-2.84.3-3.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2c53d4d272
2026-02-08 00:51:49.071245+00:00
--------------------------------------------------------------------------------
Name : mingw-glib2
Product : Fedora 42
Version : 2.84.3
Release : 3.fc42
URL : http://www.gtk.org
Summary : MinGW Windows GLib2 library
Description :
MinGW Windows Glib2 library.
--------------------------------------------------------------------------------
Update Information:
Backport fixes for CVE-2026-1484, CVE-2026-1485, CVE-2026-1489.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 14 2025 Sandro Mani [manisandro@gmail.com] - 2.84.3-3
- Backport patch for CVE-2025-13601
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2433314 - CVE-2026-1484 mingw-glib2: Integer Overflow Leading to Buffer Underflow and Out-of-Bounds Write in GLib g_base64_encode() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2433314
[ 2 ] Bug #2433340 - CVE-2026-1485 mingw-glib2: Glib: Local denial of service via buffer underflow in content type parsing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2433340
[ 3 ] Bug #2433365 - CVE-2026-1489 mingw-glib2: GLib: Memory corruption via integer overflow in Unicode case conversion [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2433365
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2c53d4d272' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
