[SECURITY] Fedora 43 Update: openbao-2.5.2-1.fc43
[SECURITY] Fedora 43 Update: bind9-next-9.21.20-1.fc43
[SECURITY] Fedora 43 Update: openbao-2.5.2-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a9c2a486a6
2026-04-03 00:50:26.407477+00:00
--------------------------------------------------------------------------------
Name : openbao
Product : Fedora 43
Version : 2.5.2
Release : 1.fc43
URL : https://openbao.org
Summary : A tool for securely accessing secrets
Description :
Openbao secures, stores, and tightly controls access to tokens, passwords,
certificates, API keys, and other secrets in modern computing. Openbao handles
leasing, key revocation, key rolling, and auditing. Through a unified API, users
can access an encrypted Key/Value store and network encryption-as-a-service, or
generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH
credentials, and more.
--------------------------------------------------------------------------------
Update Information:
Update to upstream 2.5.2, including fixes for CVE-2026-33757 and CVE-2026-33758
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 25 2026 Dave Dykstra - 2.5.2-1
- update to upstream 2.5.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2452352 - CVE-2026-33757 openbao: lack of user confirmation for OpenBao OIDC direct callback mode [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2452352
[ 2 ] Bug #2452355 - CVE-2026-33758 openbao: reflected XSS in OpenBao OIDC authentication error message [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2452355
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a9c2a486a6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: bind9-next-9.21.20-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a6efefa854
2026-04-03 00:50:26.407464+00:00
--------------------------------------------------------------------------------
Name : bind9-next
Product : Fedora 43
Version : 9.21.20
Release : 1.fc43
URL : https://www.isc.org/downloads/bind/
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Description :
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.
--------------------------------------------------------------------------------
Update Information:
Update to 9.21.20 (rhbz#2440560)
Security Fixes:
Fix unbounded NSEC3 iterations when validating referrals to unsigned
delegations. (CVE-2026-1519)
Fix memory leaks in code preparing DNSSEC proofs of non-existence.
(CVE-2026-3104)
Prevent a crash in code processing queries containing a TKEY record.
(CVE-2026-3119)
Fix a stack use-after-return flaw in SIG(0) handling code. (CVE-2026-3591)
New Features:
Provide response round-trip time (RTT) counters via statistics channel.
Introduce max-delegation-servers configuration option.
Bug Fixes:
Fix parsing key inactivation time in KASP code.
Fix the handling of key statements defined inside views.
Update to 9.21.19
Security Fixes:
Fix a use-after-free error in dns_client_resolve() triggered by a DNAME
response.
Fix a NULL pointer dereference in qp-trie cache code.
Immediately remove purged ADB names and entries from the SIEVE list.
Feature Changes:
Record query time for all dnstap responses.
Optimize TCP source port selection on Linux.
and multiple bug fixes.
Update to 9.21.18
Feature Changes:
Enable minimal ANY answers by default.
Lowercase the NSEC Next Domain Name field.
Update requirements for system test suite.
Bug Fixes:
Make catalog zone names and member zones' entry names case-insensitive. [GL
#5693]
Fix implementation of BRID and HHIT record types. [GL #5710]
Fix implementation of DSYNC record type. [GL #5711]
Fix response policy and catalog zones to work with $INCLUDE directive.
Source:
https://downloads.isc.org/isc/bind9/9.21.20/doc/arm/html/notes.html#notes-for-
bind-9-21-20
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 25 2026 Petr Men????k [pemensik@redhat.com] - 32:9.21.20-1
- Update to 9.21.20 (rhbz#2440560)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2440560 - bind9-next-9.21.20 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2440560
[ 2 ] Bug #2451573 - CVE-2026-3591 bind9-next: BIND: Unauthorized access due to use-after-return vulnerability in DNS query handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2451573
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a6efefa854' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
