Fedora 43 Update: mingw-libxslt-1.1.43-4.fc43
Fedora 42 Update: mingw-python3-3.11.14-5.fc42
Fedora 42 Update: mingw-libxslt-1.1.43-4.fc42
Fedora 42 Update: mariadb11.8-11.8.5-1.fc42
Fedora 42 Update: rpki-client-9.7-1.fc42
Fedora 42 Update: cpp-httplib-0.30.1-5.fc42
Fedora 42 Update: mingw-libtasn1-4.21.0-1.fc42
Fedora 43 Update: curl-8.15.0-5.fc43
Fedora 43 Update: mariadb11.8-11.8.5-1.fc43
Fedora 43 Update: rclone-1.72.1-1.fc43
Fedora 43 Update: rpki-client-9.7-1.fc43
Fedora 43 Update: cpp-httplib-0.30.1-5.fc43
Fedora 43 Update: mingw-python3-3.11.14-5.fc43
Fedora 43 Update: mingw-libtasn1-4.21.0-1.fc43
[SECURITY] Fedora 43 Update: mingw-libxslt-1.1.43-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-84be018d47
2026-01-22 01:06:41.044181+00:00
--------------------------------------------------------------------------------
Name : mingw-libxslt
Product : Fedora 43
Version : 1.1.43
Release : 4.fc43
URL : https://gitlab.gnome.org/GNOME/libxslt
Summary : MinGW Windows Library providing the Gnome XSLT engine
Description :
This C library allows to transform XML files into other XML files
(or HTML, text, ...) using the standard XSLT stylesheet transformation
mechanism. To use it you need to have a version of libxml2 >= 2.6.27
installed. The xsltproc command is a command line interface to the XSLT engine
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2025-11731 and proposed fix for CVE-2025-10911
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 13 2026 Sandro Mani [manisandro@gmail.com] - 1.1.43-4
- Backport fix for CVE-2025-11731 and proposed fix for CVE-2025-10911
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2398129 - CVE-2025-10911 mingw-libxslt: use-after-free with key data stored cross-RVT [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398129
[ 2 ] Bug #2403696 - CVE-2025-11731 mingw-libxslt: Type Confusion in exsltFuncResultCompfunction of libxslt [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2403696
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-84be018d47' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: mingw-python3-3.11.14-5.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-01a62f2cfd
2026-01-22 01:14:01.609533+00:00
--------------------------------------------------------------------------------
Name : mingw-python3
Product : Fedora 42
Version : 3.11.14
Release : 5.fc42
URL : https://www.python.org/
Summary : MinGW Windows python3
Description :
MinGW Windows python3
--------------------------------------------------------------------------------
Update Information:
Backport proposed fix for CVE-2025-13836.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 13 2026 Sandro Mani [manisandro@gmail.com] - 3.11.14-5
- Backport proposed fix for CVE-2025-13836
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2428930 - CVE-2025-13836 mingw-python3: Excessive read buffering DoS in http.client [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2428930
[ 2 ] Bug #2428940 - CVE-2025-13836 mingw-python3: Excessive read buffering DoS in http.client [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2428940
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-01a62f2cfd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: mingw-libxslt-1.1.43-4.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-00347cea5e
2026-01-22 01:14:01.609531+00:00
--------------------------------------------------------------------------------
Name : mingw-libxslt
Product : Fedora 42
Version : 1.1.43
Release : 4.fc42
URL : https://gitlab.gnome.org/GNOME/libxslt
Summary : MinGW Windows Library providing the Gnome XSLT engine
Description :
This C library allows to transform XML files into other XML files
(or HTML, text, ...) using the standard XSLT stylesheet transformation
mechanism. To use it you need to have a version of libxml2 >= 2.6.27
installed. The xsltproc command is a command line interface to the XSLT engine
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2025-11731 and proposed fix for CVE-2025-10911
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 13 2026 Sandro Mani [manisandro@gmail.com] - 1.1.43-4
- Backport fix for CVE-2025-11731 and proposed fix for CVE-2025-10911
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2398129 - CVE-2025-10911 mingw-libxslt: use-after-free with key data stored cross-RVT [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398129
[ 2 ] Bug #2403696 - CVE-2025-11731 mingw-libxslt: Type Confusion in exsltFuncResultCompfunction of libxslt [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2403696
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-00347cea5e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: mariadb11.8-11.8.5-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f677c523ec
2026-01-22 01:14:01.609517+00:00
--------------------------------------------------------------------------------
Name : mariadb11.8
Product : Fedora 42
Version : 11.8.5
Release : 1.fc42
URL : http://mariadb.org
Summary : A very fast and robust SQL database server
Description :
MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded
SQL database server. It is a client/server implementation consisting of
a server daemon (mariadbd) and many different client programs and libraries.
The base package contains the standard MariaDB/MySQL client programs and
utilities.
--------------------------------------------------------------------------------
Update Information:
MariaDB 11.8.5
Release notes: https://mariadb.com/docs/release-notes/community-
server/11.8/11.8.5
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2025 Pavol Sloboda [psloboda@redhat.com] - 3:11.8.5-1
- Rebase to 11.8.5
* Wed Oct 29 2025 Lukas Javorsky [ljavorsk@redhat.com] - 3:11.8.3-5
- Revert to soft static allocation of MariaDB and MySQL sysusers.d files
* Wed Oct 29 2025 Nikola Davidova [ndavidov@redhat.com] - 3:11.8.3-4
- Bump release for tmpfiles.d change
* Tue Sep 30 2025 Petr Khartskhaev [pkhartsk@redhat.com] - 3:11.8.3-3
- Bump release for package rebuild
* Tue Aug 12 2025 Michal Schorm [mschorm@redhat.com] - 3:11.8.3-2
- Bump release for package rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2413295 - mariadb11.8-11.8.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2413295
[ 2 ] Bug #2417695 - CVE-2025-13699 mariadb11.8: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417695
[ 3 ] Bug #2417697 - CVE-2025-13699 mariadb11.8: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417697
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f677c523ec' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rpki-client-9.7-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d2431d8ac0
2026-01-22 01:14:01.609553+00:00
--------------------------------------------------------------------------------
Name : rpki-client
Product : Fedora 42
Version : 9.7
Release : 1.fc42
URL : https://www.rpki-client.org/
Summary : OpenBSD RPKI validator to support BGP Origin Validation
Description :
The OpenBSD rpki-client is a free, easy-to-use implementation of the
Resource Public Key Infrastructure (RPKI) for Relying Parties (RP) to
facilitate validation of the Route Origin of a BGP announcement. The
program queries the RPKI repository system, downloads and validates
Route Origin Authorisations (ROAs) and finally outputs Validated ROA
Payloads (VRPs) in the configuration format of OpenBGPD, BIRD, and
also as CSV or JSON objects for consumption by other routing stacks.
--------------------------------------------------------------------------------
Update Information:
rpki-client 9.7
The Canonical Cache Representation underwent a breaking change after the
adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a
SIDROPS working group item. Apart from several CMS-related cosmetics it now uses
a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-
client 9.6's .ccr files and vice versa.
Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody
showed interest in deploying this and there are other, widely supported ways of
exchanging operational contact information such as RDAP. RFC 6493 is undergoing
a status review to be marked as historic:
https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-
historic/
Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
Fixed two reliability issues: one where a malicious RPKI Certification Authority
can trigger a crash, one where malicious Trust Anchor can provoke memory
exhaustion.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 13 2026 Robert Scheck [robert@fedoraproject.org] 9.7-1
- Upgrade to 9.7 (#2429390)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2429390 - rpki-client-9.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2429390
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d2431d8ac0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: cpp-httplib-0.30.1-5.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3b0e5b457d
2026-01-22 01:14:01.609543+00:00
--------------------------------------------------------------------------------
Name : cpp-httplib
Product : Fedora 42
Version : 0.30.1
Release : 5.fc42
URL : https://github.com/yhirose/cpp-httplib
Summary : A C++11 single-file header-only cross platform HTTP/HTTPS library
Description :
A C++11 single-file header-only cross platform HTTP/HTTPS library.
It's extremely easy to setup. Just include the httplib.h file in your code!
--------------------------------------------------------------------------------
Update Information:
Update to 0.30.1
Denial of service (DOS) using zip bomb (CVE-2026-22776)
CRLF injection in http headers (CVE-2026-21428)
Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust (CVE-2025-66577)
https://github.com/yhirose/cpp-httplib/releases/tag/v0.30.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 13 2026 Petr Men????k [pemensik@redhat.com] - 0.30.1-5
- Switch to GCC 15 test fix with active PR
* Tue Jan 13 2026 Petr Men????k [pemensik@redhat.com] - 0.30.1-4
- Drop 32 bit support like upstream did
* Mon Jan 12 2026 Petr Men????k [pemensik@redhat.com] - 0.30.1-3
- fixup! Fix tests in last release
* Mon Jan 12 2026 Petr Men????k [pemensik@redhat.com] - 0.30.1-2
- Fix tests in last release
* Mon Jan 12 2026 Petr Men????k [pemensik@redhat.com] - 0.30.1-1
- Update to 0.30.1 (rhbz#2406686)
* Sat Aug 30 2025 Orion Poplawski [orion@nwra.com] - 0.26.0-1
- Update to 0.26.0 (CVE-2025-53629)
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.20.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Fri May 9 2025 Orion Poplawski [orion@nwra.com] - 0.20.1-1
- Update to 0.20.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2364284 - CVE-2025-46728 cpp-httplib: cpp-httplib has Unbounded Memory Allocation in Chunked/No-Length Requests [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2364284
[ 2 ] Bug #2379431 - CVE-2025-53629 cpp-httplib: cpp-httplib Unbounded Memory Allocation in Chunked/No-Length Requests Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2379431
[ 3 ] Bug #2419548 - CVE-2025-66570 cpp-httplib: cpp-httplib Untrusted HTTP Header Handling [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2419548
[ 4 ] Bug #2419631 - CVE-2025-66577 cpp-httplib: cpp-httplib Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2419631
[ 5 ] Bug #2426699 - CVE-2026-21428 cpp-httplib: cpp-httplib: Server-Side Request Forgery via header injection [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2426699
[ 6 ] Bug #2428893 - CVE-2026-22776 cpp-httplib: cpp-httplib: Denial of Service due to excessive memory usage from compressed HTTP request bodies [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2428893
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3b0e5b457d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: mingw-libtasn1-4.21.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-4ed69f3065
2026-01-22 01:14:01.609529+00:00
--------------------------------------------------------------------------------
Name : mingw-libtasn1
Product : Fedora 42
Version : 4.21.0
Release : 1.fc42
URL : http://www.gnu.org/software/libtasn1/
Summary : MinGW Windows libtasn1 library
Description :
libtasn1 is the ASN.1 library used in GNUTLS.
This package contains the MinGW Windows cross compiled libtasn1 library.
--------------------------------------------------------------------------------
Update Information:
Update to 4.21.0, fixes CVE-2025-13151.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 13 2026 Sandro Mani [manisandro@gmail.com] - 4.21.0-1
- Update to 4.21.0
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 4.20.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Wed Feb 12 2025 Sandro Mani [manisandro@gmail.com] - 4.20.0-1
- Update to 4.20.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2427834 - CVE-2025-13151 mingw-libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2427834
[ 2 ] Bug #2427836 - CVE-2025-13151 mingw-libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2427836
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-4ed69f3065' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: curl-8.15.0-5.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e27b23af78
2026-01-22 01:06:41.044244+00:00
--------------------------------------------------------------------------------
Name : curl
Product : Fedora 43
Version : 8.15.0
Release : 5.fc43
URL : https://curl.se/
Summary : A utility for getting files from remote servers (FTP, HTTP, and others)
Description :
curl is a command line tool for transferring data with URL syntax, supporting
FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP
uploading, HTTP form based upload, proxies, cookies, user+password
authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer
resume, proxy tunneling and a busload of other useful tricks.
--------------------------------------------------------------------------------
Update Information:
fix broken TLS options for threaded LDAPS (CVE-2025-14017)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 19 2026 Jan Macku [jamacku@redhat.com] - 8.15.0-5
- fix broken TLS options for threaded LDAPS (CVE-2025-14017)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2428031 - CVE-2025-14017 curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2428031
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e27b23af78' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: mariadb11.8-11.8.5-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-297c251448
2026-01-22 01:06:41.044166+00:00
--------------------------------------------------------------------------------
Name : mariadb11.8
Product : Fedora 43
Version : 11.8.5
Release : 1.fc43
URL : http://mariadb.org
Summary : A very fast and robust SQL database server
Description :
MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded
SQL database server. It is a client/server implementation consisting of
a server daemon (mariadbd) and many different client programs and libraries.
The base package contains the standard MariaDB/MySQL client programs and
utilities.
--------------------------------------------------------------------------------
Update Information:
MariaDB 11.8.5
Release notes: https://mariadb.com/docs/release-notes/community-
server/11.8/11.8.5
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2025 Pavol Sloboda [psloboda@redhat.com] - 3:11.8.5-1
- Rebase to 11.8.5
* Wed Oct 29 2025 Lukas Javorsky [ljavorsk@redhat.com] - 3:11.8.3-5
- Revert to soft static allocation of MariaDB and MySQL sysusers.d files
* Wed Oct 29 2025 Nikola Davidova [ndavidov@redhat.com] - 3:11.8.3-4
- Bump release for tmpfiles.d change
* Tue Sep 30 2025 Petr Khartskhaev [pkhartsk@redhat.com] - 3:11.8.3-3
- Bump release for package rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2413295 - mariadb11.8-11.8.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2413295
[ 2 ] Bug #2417695 - CVE-2025-13699 mariadb11.8: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417695
[ 3 ] Bug #2417697 - CVE-2025-13699 mariadb11.8: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417697
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-297c251448' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: rclone-1.72.1-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3de3ece93a
2026-01-22 01:06:41.044225+00:00
--------------------------------------------------------------------------------
Name : rclone
Product : Fedora 43
Version : 1.72.1
Release : 1.fc43
URL : https://github.com/rclone/rclone
Summary : Rsync for cloud storage
Description :
"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive,
Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex
Files.
--------------------------------------------------------------------------------
Update Information:
Update to 1.72.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 13 2026 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.72.1-1
- Update to 1.72.1 - Closes rhbz#2421018
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2420627 - CVE-2025-47913 rclone: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2420627
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3de3ece93a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: rpki-client-9.7-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0d27571013
2026-01-22 01:06:41.044223+00:00
--------------------------------------------------------------------------------
Name : rpki-client
Product : Fedora 43
Version : 9.7
Release : 1.fc43
URL : https://www.rpki-client.org/
Summary : OpenBSD RPKI validator to support BGP Origin Validation
Description :
The OpenBSD rpki-client is a free, easy-to-use implementation of the
Resource Public Key Infrastructure (RPKI) for Relying Parties (RP) to
facilitate validation of the Route Origin of a BGP announcement. The
program queries the RPKI repository system, downloads and validates
Route Origin Authorisations (ROAs) and finally outputs Validated ROA
Payloads (VRPs) in the configuration format of OpenBGPD, BIRD, and
also as CSV or JSON objects for consumption by other routing stacks.
--------------------------------------------------------------------------------
Update Information:
rpki-client 9.7
The Canonical Cache Representation underwent a breaking change after the
adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a
SIDROPS working group item. Apart from several CMS-related cosmetics it now uses
a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-
client 9.6's .ccr files and vice versa.
Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody
showed interest in deploying this and there are other, widely supported ways of
exchanging operational contact information such as RDAP. RFC 6493 is undergoing
a status review to be marked as historic:
https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-
historic/
Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
Fixed two reliability issues: one where a malicious RPKI Certification Authority
can trigger a crash, one where malicious Trust Anchor can provoke memory
exhaustion.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 13 2026 Robert Scheck [robert@fedoraproject.org] 9.7-1
- Upgrade to 9.7 (#2429390)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2429390 - rpki-client-9.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2429390
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0d27571013' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: cpp-httplib-0.30.1-5.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e50e41fcea
2026-01-22 01:06:41.044206+00:00
--------------------------------------------------------------------------------
Name : cpp-httplib
Product : Fedora 43
Version : 0.30.1
Release : 5.fc43
URL : https://github.com/yhirose/cpp-httplib
Summary : A C++11 single-file header-only cross platform HTTP/HTTPS library
Description :
A C++11 single-file header-only cross platform HTTP/HTTPS library.
It's extremely easy to setup. Just include the httplib.h file in your code!
--------------------------------------------------------------------------------
Update Information:
Update to 0.30.1
Denial of service (DOS) using zip bomb (CVE-2026-22776)
CRLF injection in http headers (CVE-2026-21428)
Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust (CVE-2025-66577)
https://github.com/yhirose/cpp-httplib/releases/tag/v0.30.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 13 2026 Petr Men????k [pemensik@redhat.com] - 0.30.1-5
- Switch to GCC 15 test fix with active PR
* Tue Jan 13 2026 Petr Men????k [pemensik@redhat.com] - 0.30.1-4
- Drop 32 bit support like upstream did
* Mon Jan 12 2026 Petr Men????k [pemensik@redhat.com] - 0.30.1-3
- fixup! Fix tests in last release
* Mon Jan 12 2026 Petr Men????k [pemensik@redhat.com] - 0.30.1-2
- Fix tests in last release
* Mon Jan 12 2026 Petr Men????k [pemensik@redhat.com] - 0.30.1-1
- Update to 0.30.1 (rhbz#2406686)
* Sat Aug 30 2025 Orion Poplawski [orion@nwra.com] - 0.26.0-1
- Update to 0.26.0 (CVE-2025-53629)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2338561 - cpp-httplib-0.26.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2338561
[ 2 ] Bug #2419549 - CVE-2025-66570 cpp-httplib: cpp-httplib Untrusted HTTP Header Handling [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2419549
[ 3 ] Bug #2419632 - CVE-2025-66577 cpp-httplib: cpp-httplib Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2419632
[ 4 ] Bug #2426700 - CVE-2026-21428 cpp-httplib: cpp-httplib: Server-Side Request Forgery via header injection [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2426700
[ 5 ] Bug #2428894 - CVE-2026-22776 cpp-httplib: cpp-httplib: Denial of Service due to excessive memory usage from compressed HTTP request bodies [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2428894
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e50e41fcea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: mingw-python3-3.11.14-5.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-009cb3c02a
2026-01-22 01:06:41.044184+00:00
--------------------------------------------------------------------------------
Name : mingw-python3
Product : Fedora 43
Version : 3.11.14
Release : 5.fc43
URL : https://www.python.org/
Summary : MinGW Windows python3
Description :
MinGW Windows python3
--------------------------------------------------------------------------------
Update Information:
Backport proposed fix for CVE-2025-13836.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 13 2026 Sandro Mani [manisandro@gmail.com] - 3.11.14-5
- Backport proposed fix for CVE-2025-13836
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2428930 - CVE-2025-13836 mingw-python3: Excessive read buffering DoS in http.client [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2428930
[ 2 ] Bug #2428940 - CVE-2025-13836 mingw-python3: Excessive read buffering DoS in http.client [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2428940
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-009cb3c02a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: mingw-libtasn1-4.21.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0dfbd2a5e2
2026-01-22 01:06:41.044179+00:00
--------------------------------------------------------------------------------
Name : mingw-libtasn1
Product : Fedora 43
Version : 4.21.0
Release : 1.fc43
URL : http://www.gnu.org/software/libtasn1/
Summary : MinGW Windows libtasn1 library
Description :
libtasn1 is the ASN.1 library used in GNUTLS.
This package contains the MinGW Windows cross compiled libtasn1 library.
--------------------------------------------------------------------------------
Update Information:
Update to 4.21.0, fixes CVE-2025-13151.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 13 2026 Sandro Mani [manisandro@gmail.com] - 4.21.0-1
- Update to 4.21.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2427834 - CVE-2025-13151 mingw-libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2427834
[ 2 ] Bug #2427836 - CVE-2025-13151 mingw-libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2427836
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0dfbd2a5e2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
