OpenSC, Crun, Cockpit, and more updates for Fedora

Fedora Linux 9308 Published by

Fedora users on versions 42 and 43 must apply security updates immediately. The advisories cover a wide range of issues including memory corruption, buffer overflows, and privilege escalation found in tools like opensc and dnsdist among others. Specific CVE identifiers have been resolved through new upstream releases for components such as libpng12, mbedtls, and util-linux. System owners can install these patches using the standard dnf upgrade command with the provided advisory references.

Fedora 42 Update: opensc-0.27.1-1.fc42
Fedora 42 Update: dnsdist-1.9.12-1.fc42
Fedora 42 Update: doctl-1.154.0-1.fc42
Fedora 42 Update: libcgif-0.5.3-1.fc42
Fedora 42 Update: libpng12-1.2.57-25.fc42
Fedora 42 Update: libpng15-1.5.30-25.fc42
Fedora 42 Update: crun-1.27-1.fc42
Fedora 43 Update: cockpit-360-1.fc43
Fedora 43 Update: mbedtls-3.6.6-1.fc43
Fedora 43 Update: dnsdist-2.0.3-1.fc43
Fedora 43 Update: util-linux-2.41.4-7.fc43
Fedora 43 Update: doctl-1.154.0-1.fc43
Fedora 43 Update: libpng12-1.2.57-25.fc43
Fedora 43 Update: fido-device-onboard-0.5.5-8.fc43
Fedora 43 Update: libcgif-0.5.3-1.fc43
Fedora 43 Update: libpng15-1.5.30-25.fc43



[SECURITY] Fedora 42 Update: opensc-0.27.1-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-de85b06438
2026-04-10 01:10:26.730915+00:00
--------------------------------------------------------------------------------

Name : opensc
Product : Fedora 42
Version : 0.27.1
Release : 1.fc42
URL : https://github.com/OpenSC/OpenSC/wiki
Summary : Smart card library and applications
Description :
OpenSC provides a set of libraries and utilities to work with smart cards. Its
main focus is on cards that support cryptographic operations, and facilitate
their use in security applications such as authentication, mail encryption and
digital signatures. OpenSC implements the PKCS#11 API so applications
supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On
the card OpenSC implements the PKCS#15 standard and aims to be compatible with
every software/card that does so, too.

--------------------------------------------------------------------------------
Update Information:

New upstream release (#2442363) fixing various security issues
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 31 2026 Jakub Jelen [jjelen@redhat.com] - 0.27.1-1
- New upstream release (#2442363) fixing various security issues:
- CVE-2025-66038 Memory corruption via improper compact-TLV length validation
- CVE-2025-66215 Stack-buffer-overflow with physical access via crafted smart card or USB device
- CVE-2025-49010 Stack-buffer-overflow via crafted smart card or USB device responses
- CVE-2025-66037 Out-of-bounds read via crafted input
- CVE-2025-13763 Several uses of potentially uninitialized memory detected by fuzzers
* Fri Jan 16 2026 Michael Catanzaro [mcatanzaro@redhat.com] - 0.26.1-6
- Fix crash when loaded by p11-kit
- SoftHSM 2.7.0 compatibility
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.26.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Wed Dec 17 2025 Jakub Jelen [jjelen@redhat.com] - 0.26.1-4
- Avoid const discard to unbreak eln build
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2442363 - opensc-0.27.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2442363
[ 2 ] Bug #2453188 - CVE-2025-66037 opensc: OpenSC: Out-of-bounds read via crafted input [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453188
[ 3 ] Bug #2453189 - CVE-2025-49010 opensc: OpenSC: Stack-buffer-overflow via crafted smart card or USB device responses [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453189
[ 4 ] Bug #2453190 - CVE-2025-66215 opensc: OpenSC: Stack-buffer-overflow with physical access via crafted smart card or USB device [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453190
[ 5 ] Bug #2453191 - CVE-2025-66038 opensc: OpenSC: Memory corruption via improper compact-TLV length validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453191
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-de85b06438' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: dnsdist-1.9.12-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-637c11815f
2026-04-10 01:10:26.730905+00:00
--------------------------------------------------------------------------------

Name : dnsdist
Product : Fedora 42
Version : 1.9.12
Release : 1.fc42
URL : https://dnsdist.org
Summary : Highly DNS-, DoS- and abuse-aware loadbalancer
Description :
dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life
is to route traffic to the best server, delivering top performance to
legitimate users while shunting or blocking abusive traffic.

--------------------------------------------------------------------------------
Update Information:

Update to latest upstream
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 1 2026 Sander Hoentjen [shoentjen@antagonist.nl] - 1.9.12-1
- Update to 1.9.12
- Fixes CVE-2026-0396, CVE-2026-0397, CVE-2026-24028, CVE-2026-24029,
CVE-2026-24030, CVE-2026-27853, CVE-2026-27854
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2419176 - dnsdist-2.0.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2419176
[ 2 ] Bug #2453419 - CVE-2026-27854 dnsdist: DNSdist: Denial of Service due to use-after-free vulnerability in Lua [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453419
[ 3 ] Bug #2453421 - CVE-2026-27853 dnsdist: dnsdist: Denial of Service via crafted DNS responses [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453421
[ 4 ] Bug #2453426 - CVE-2026-24030 dnsdist: DNSdist: Denial of Service via excessive memory allocation from DNS over QUIC or HTTP/3 payloads [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453426
[ 5 ] Bug #2453427 - CVE-2026-0397 dnsdist: dnsdist and PowerDNS: Information Disclosure via Cross-Origin Resource Sharing (CORS) Misconfiguration [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453427
[ 6 ] Bug #2453429 - CVE-2026-24029 dnsdist: dnsdist: Access Control List bypass allows unauthorized DNS over HTTPS queries [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453429
[ 7 ] Bug #2453430 - CVE-2026-0396 dnsdist: dnsdist: HTML injection via crafted DNS queries [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453430
[ 8 ] Bug #2453431 - CVE-2026-24028 dnsdist: dnsdist and PowerDNS: Denial of service or information disclosure via crafted DNS response packet [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453431
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-637c11815f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: doctl-1.154.0-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-729f84f3b6
2026-04-10 01:10:26.730895+00:00
--------------------------------------------------------------------------------

Name : doctl
Product : Fedora 42
Version : 1.154.0
Release : 1.fc42
URL : https://github.com/digitalocean/doctl
Summary : The official command line interface for the DigitalOcean API
Description :
The official command line interface for the DigitalOcean API.

--------------------------------------------------------------------------------
Update Information:

update to 1.154.0
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 1 2026 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.154.0-1
- Update to 1.154.0 - Closes rhbz#2448615
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2452189 - CVE-2026-33747 doctl: BuildKit: Arbitrary file write and code execution via untrusted frontend [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2452189
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-729f84f3b6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: libcgif-0.5.3-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7716e480cb
2026-04-10 01:10:26.730884+00:00
--------------------------------------------------------------------------------

Name : libcgif
Product : Fedora 42
Version : 0.5.3
Release : 1.fc42
URL : https://github.com/dloebl/cgif
Summary : A fast and lightweight GIF encoder
Description :
A fast and lightweight GIF encoder that can create GIF animations and images.

Summary of the main features:

- user-defined global or local color-palette with up to 256 colors
(limit of the GIF format)
- size-optimizations for GIF animations:
- option to set a pixel to transparent if it has identical color in the
previous frame (transparency optimization)
- do encoding just for the rectangular area that differs from the previous
frame (width/height optimization)
- fast: a GIF with 256 colors and 1024x1024 pixels can be created in below
50 ms even on a minimalistic system
- MIT license (permissive)
- different options for GIF animations: static image, N repetitions, infinite
repetitions
- additional source-code for verifying the encoder after making changes
- user-defined delay time from one frame to the next (can be set independently
for each frame)
- source-code conforms to the C99 standard

--------------------------------------------------------------------------------
Update Information:

Version 0.5.3
Fix potential undefined behavior in cgif_addframe which could have led to an
integer overflow CVE-2026-4985
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 1 2026 Remi Collet [remi@remirepo.net] - 0.5.3-1
- update to 0.5.3
* Tue Mar 31 2026 Remi Collet [remi@remirepo.net] - 0.5.2-2
- fix potential undefined behavior in cgif_addframe
CVE-2026-4985
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2452785 - CVE-2026-4985 libcgif: dloebl CGIF: Denial of Service via integer overflow in GIF image handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2452785
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7716e480cb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: libpng12-1.2.57-25.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1bf9e14627
2026-04-10 01:10:26.730890+00:00
--------------------------------------------------------------------------------

Name : libpng12
Product : Fedora 42
Version : 1.2.57
Release : 25.fc42
URL : http://www.libpng.org/pub/png/
Summary : Old version of libpng, needed to run old binaries
Description :
The libpng12 package provides libpng 1.2, an older version of the libpng
library for manipulating PNG (Portable Network Graphics) image format files.
This version should be used only if you are unable to use the current
version of libpng.

--------------------------------------------------------------------------------
Update Information:

fix CVE-2026-25646: heap buffer overflow in png_set_quantize
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 1 2026 Michal Hlavinka [mhlavink@redhat.com] - 1.2.57-25
- fix CVE-2026-25646: heap buffer overflow in png_set_quantize (rhbz#2438670)
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.2.57-24
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.2.57-23
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2438670 - CVE-2026-25646 libpng12: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2438670
[ 2 ] Bug #2438682 - CVE-2026-25646 libpng12: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438682
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1bf9e14627' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: libpng15-1.5.30-25.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-4e514c1c36
2026-04-10 01:10:26.730887+00:00
--------------------------------------------------------------------------------

Name : libpng15
Product : Fedora 42
Version : 1.5.30
Release : 25.fc42
URL : http://www.libpng.org/pub/png/
Summary : Old version of libpng, needed to run old binaries
Description :
The libpng15 package provides libpng 1.5, an older version of the libpng.
library for manipulating PNG (Portable Network Graphics) image format files.
This version should be used only if you are unable to use the current
version of libpng.

--------------------------------------------------------------------------------
Update Information:

fix CVE-2026-25646: heap buffer overflow in png_set_quantize
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 1 2026 Michal Hlavinka [mhlavink@redhat.com] - 1.5.30-25
- fix CVE-2026-25646: heap buffer overflow in png_set_quantize (rhbz#2438683)
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.5.30-24
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.5.30-23
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2438671 - CVE-2026-25646 libpng15: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2438671
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-4e514c1c36' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: crun-1.27-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-32cf2c53f7
2026-04-10 01:10:26.730864+00:00
--------------------------------------------------------------------------------

Name : crun
Product : Fedora 42
Version : 1.27
Release : 1.fc42
URL : https://github.com/containers/crun
Summary : OCI runtime written in C
Description :
crun is a OCI runtime

--------------------------------------------------------------------------------
Update Information:

Automatic update for crun-1.27-1.fc42.
Changelog for crun
* Wed Mar 25 2026 Packit [hello@packit.dev] - 1.27-1
- Update to 1.27 upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 25 2026 Packit [hello@packit.dev] - 1.27-1
- Update to 1.27 upstream release
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2452162 - CVE-2026-30892 crun: crun: Privilege escalation due to incorrect parsing of the `--user` option [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2452162
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-32cf2c53f7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: cockpit-360-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-42f1aaa820
2026-04-10 00:59:15.834494+00:00
--------------------------------------------------------------------------------

Name : cockpit
Product : Fedora 43
Version : 360
Release : 1.fc43
URL : https://cockpit-project.org/
Summary : Web Console for Linux servers
Description :
The Cockpit Web Console enables users to administer GNU/Linux servers using a
web browser.

It offers network configuration, log inspection, diagnostic reports, SELinux
troubleshooting, interactive command-line sessions, and more.

--------------------------------------------------------------------------------
Update Information:

Automatic update for cockpit-360-1.fc43.
Changelog for cockpit
* Wed Apr 08 2026 Packit [hello@packit.dev] - 360-1
- ws: be more explicit when handling hostnames on cli [CVE-2026-4631]
- ws: support loading a custom login page
- Translation updates
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Packit [hello@packit.dev] - 360-1
- ws: be more explicit when handling hostnames on cli [CVE-2026-4631]
- ws: support loading a custom login page
- Translation updates
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-42f1aaa820' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: mbedtls-3.6.6-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8c332fbf00
2026-04-10 00:59:15.834486+00:00
--------------------------------------------------------------------------------

Name : mbedtls
Product : Fedora 43
Version : 3.6.6
Release : 1.fc43
URL : https://www.trustedfirmware.org/projects/mbed-tls
Summary : Light-weight cryptographic and SSL/TLS library
Description :
Mbed TLS is a light-weight open source cryptographic and SSL/TLS
library written in C. Mbed TLS makes it easy for developers to include
cryptographic and SSL/TLS capabilities in their (embedded)
applications with as little hassle as possible.

--------------------------------------------------------------------------------
Update Information:

Update to 3.6.6
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 2 2026 Peter Robinson [pbrobinson@fedoraproject.org] - 3.6.6-1
- Update to 3.6.6
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 3.6.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2454030 - CVE-2026-25833 mbedtls: buffer underflow in x509_inet_pton_ipv6() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454030
[ 2 ] Bug #2454045 - CVE-2026-34874 mbedtls: NULL pointer dereference when setting a distinguished name [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454045
[ 3 ] Bug #2454085 - CVE-2026-34871 mbedtls: entropy on Linux can fall back to /dev/urandom [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454085
[ 4 ] Bug #2454116 - CVE-2026-25835 mbedtls: PSA random generator cloning [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454116
[ 5 ] Bug #2454193 - CVE-2026-34873 mbedtls: Mbed TLS: Client impersonation during TLS 1.3 session resumption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454193
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8c332fbf00' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: dnsdist-2.0.3-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6cae4711b3
2026-04-10 00:59:15.834460+00:00
--------------------------------------------------------------------------------

Name : dnsdist
Product : Fedora 43
Version : 2.0.3
Release : 1.fc43
URL : https://dnsdist.org
Summary : Highly DNS-, DoS- and abuse-aware loadbalancer
Description :
dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life
is to route traffic to the best server, delivering top performance to
legitimate users while shunting or blocking abusive traffic.

--------------------------------------------------------------------------------
Update Information:

Update to latest upstream
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 1 2026 Sander Hoentjen [shoentjen@antagonist.nl] - 2.0.3-1
- Update to new upstream
- Fixes #2453419 (CVE-2026-27854)
- Fixes #2453421 (CVE-2026-27853)
- Fixes #2453426 (CVE-2026-24030)
- Fixes #2453427 (CVE-2026-0397)
- Fixes #2453429 (CVE-2026-24029)
- Fixes #2453430 (CVE-2026-0396)
- Fixes #2453431 (CVE-2026-24028)
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.0.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.0.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2419176 - dnsdist-2.0.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2419176
[ 2 ] Bug #2453419 - CVE-2026-27854 dnsdist: DNSdist: Denial of Service due to use-after-free vulnerability in Lua [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453419
[ 3 ] Bug #2453421 - CVE-2026-27853 dnsdist: dnsdist: Denial of Service via crafted DNS responses [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453421
[ 4 ] Bug #2453426 - CVE-2026-24030 dnsdist: DNSdist: Denial of Service via excessive memory allocation from DNS over QUIC or HTTP/3 payloads [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453426
[ 5 ] Bug #2453427 - CVE-2026-0397 dnsdist: dnsdist and PowerDNS: Information Disclosure via Cross-Origin Resource Sharing (CORS) Misconfiguration [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453427
[ 6 ] Bug #2453429 - CVE-2026-24029 dnsdist: dnsdist: Access Control List bypass allows unauthorized DNS over HTTPS queries [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453429
[ 7 ] Bug #2453430 - CVE-2026-0396 dnsdist: dnsdist: HTML injection via crafted DNS queries [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453430
[ 8 ] Bug #2453431 - CVE-2026-24028 dnsdist: dnsdist and PowerDNS: Denial of service or information disclosure via crafted DNS response packet [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453431
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6cae4711b3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: util-linux-2.41.4-7.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-840b40ef4c
2026-04-10 00:59:15.834457+00:00
--------------------------------------------------------------------------------

Name : util-linux
Product : Fedora 43
Version : 2.41.4
Release : 7.fc43
URL : https://en.wikipedia.org/wiki/Util-linux
Summary : Collection of basic system utilities
Description :
The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function. Among
others, util-linux contains the fdisk configuration tool and the login
program.

--------------------------------------------------------------------------------
Update Information:

upstream update, fixes security-related bugs
CVE-2026-27456 - mount(8) TOCTOU symlink attack via loop device.
The SUID mount follows symlinks when resolving loop backing file
paths. On systems where non-root users are permitted to mount loop
devices (via 'user' option in fstab), this allows access to
arbitrary files.
CWE-190 - Integer overflow in libblkid parse_dos_extended().
A crafted MBR disk image can cause uint32_t wraparound in EBR
chain processing, causing reported partitions to not match the
on-disk layout. Tools like udisks may then register a partition
at logical sector 0.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 1 2026 Karel Zak [kzak@redhat.com] - 2.41.4-7
- upgrade to upstream release v2.41.4
* Mon Jan 12 2026 Karel Zak [kzak@redhat.com] - 2.41.3-9
- enable BuildRequires for parsers
* Mon Jan 12 2026 Karel Zak [kzak@redhat.com] - 2.41.3-8
- fix built on new gcc (bison based code and libblkid API)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-840b40ef4c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: doctl-1.154.0-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6ad76ebb29
2026-04-10 00:59:15.834450+00:00
--------------------------------------------------------------------------------

Name : doctl
Product : Fedora 43
Version : 1.154.0
Release : 1.fc43
URL : https://github.com/digitalocean/doctl
Summary : The official command line interface for the DigitalOcean API
Description :
The official command line interface for the DigitalOcean API.

--------------------------------------------------------------------------------
Update Information:

update to 1.154.0
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 1 2026 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.154.0-1
- Update to 1.154.0 - Closes rhbz#2448615
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2452200 - CVE-2026-33747 doctl: BuildKit: Arbitrary file write and code execution via untrusted frontend [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2452200
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6ad76ebb29' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: libpng12-1.2.57-25.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0192882589
2026-04-10 00:59:15.834440+00:00
--------------------------------------------------------------------------------

Name : libpng12
Product : Fedora 43
Version : 1.2.57
Release : 25.fc43
URL : http://www.libpng.org/pub/png/
Summary : Old version of libpng, needed to run old binaries
Description :
The libpng12 package provides libpng 1.2, an older version of the libpng
library for manipulating PNG (Portable Network Graphics) image format files.
This version should be used only if you are unable to use the current
version of libpng.

--------------------------------------------------------------------------------
Update Information:

fix CVE-2026-25646: heap buffer overflow in png_set_quantize
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 1 2026 Michal Hlavinka [mhlavink@redhat.com] - 1.2.57-25
- fix CVE-2026-25646: heap buffer overflow in png_set_quantize (rhbz#2438670)
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.2.57-24
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2438670 - CVE-2026-25646 libpng12: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2438670
[ 2 ] Bug #2438682 - CVE-2026-25646 libpng12: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438682
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0192882589' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: fido-device-onboard-0.5.5-8.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e6237c2efe
2026-04-10 00:59:15.834445+00:00
--------------------------------------------------------------------------------

Name : fido-device-onboard
Product : Fedora 43
Version : 0.5.5
Release : 8.fc43
URL : https://github.com/fdo-rs/fido-device-onboard-rs
Summary : A rust implementation of the FIDO Device Onboard Specification
Description :
A rust implementation of the FIDO Device Onboard Specification.

--------------------------------------------------------------------------------
Update Information:

Automatic update for fido-device-onboard-0.5.5-8.fc43.
Changelog for fido-device-onboard
* Wed Apr 01 2026 Peter Robinson [pbrobinson@fedoraproject.org] - 0.5.5-8
- Rebuild for CVE-2026-25727, CVE-2026-33056
* Sun Mar 15 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.5.5-7
- In Fedora, update nix dependency from 0.26 to 0.31
* Mon Feb 02 2026 Maxwell G [maxwell@gtmx.me] - 0.5.5-6
- Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] -
0.5.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Oct 10 2025 Maxwell G [maxwell@gtmx.me] - 0.5.5-4
- Rebuild for golang 1.25.2
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 1 2026 Peter Robinson [pbrobinson@fedoraproject.org] - 0.5.5-8
- Rebuild for CVE-2026-25727, CVE-2026-33056
* Sun Mar 15 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.5.5-7
- In Fedora, update nix dependency from 0.26 to 0.31
* Mon Feb 2 2026 Maxwell G [maxwell@gtmx.me] - 0.5.5-6
- Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.5.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Oct 10 2025 Maxwell G [maxwell@gtmx.me] - 0.5.5-4
- Rebuild for golang 1.25.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2438126 - CVE-2026-25727 fido-device-onboard: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438126
[ 2 ] Bug #2449677 - CVE-2026-33056 fido-device-onboard: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449677
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e6237c2efe' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: libcgif-0.5.3-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1a9f019f60
2026-04-10 00:59:15.834432+00:00
--------------------------------------------------------------------------------

Name : libcgif
Product : Fedora 43
Version : 0.5.3
Release : 1.fc43
URL : https://github.com/dloebl/cgif
Summary : A fast and lightweight GIF encoder
Description :
A fast and lightweight GIF encoder that can create GIF animations and images.

Summary of the main features:

- user-defined global or local color-palette with up to 256 colors
(limit of the GIF format)
- size-optimizations for GIF animations:
- option to set a pixel to transparent if it has identical color in the
previous frame (transparency optimization)
- do encoding just for the rectangular area that differs from the previous
frame (width/height optimization)
- fast: a GIF with 256 colors and 1024x1024 pixels can be created in below
50 ms even on a minimalistic system
- MIT license (permissive)
- different options for GIF animations: static image, N repetitions, infinite
repetitions
- additional source-code for verifying the encoder after making changes
- user-defined delay time from one frame to the next (can be set independently
for each frame)
- source-code conforms to the C99 standard

--------------------------------------------------------------------------------
Update Information:

Version 0.5.3
Fix potential undefined behavior in cgif_addframe which could have led to an
integer overflow CVE-2026-4985
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 1 2026 Remi Collet [remi@remirepo.net] - 0.5.3-1
- update to 0.5.3
* Tue Mar 31 2026 Remi Collet [remi@remirepo.net] - 0.5.2-2
- fix potential undefined behavior in cgif_addframe
CVE-2026-4985
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2452785 - CVE-2026-4985 libcgif: dloebl CGIF: Denial of Service via integer overflow in GIF image handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2452785
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1a9f019f60' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: libpng15-1.5.30-25.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-60fce94678
2026-04-10 00:59:15.834438+00:00
--------------------------------------------------------------------------------

Name : libpng15
Product : Fedora 43
Version : 1.5.30
Release : 25.fc43
URL : http://www.libpng.org/pub/png/
Summary : Old version of libpng, needed to run old binaries
Description :
The libpng15 package provides libpng 1.5, an older version of the libpng.
library for manipulating PNG (Portable Network Graphics) image format files.
This version should be used only if you are unable to use the current
version of libpng.

--------------------------------------------------------------------------------
Update Information:

fix CVE-2026-25646: heap buffer overflow in png_set_quantize
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 1 2026 Michal Hlavinka [mhlavink@redhat.com] - 1.5.30-25
- fix CVE-2026-25646: heap buffer overflow in png_set_quantize (rhbz#2438683)
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.5.30-24
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2438683 - CVE-2026-25646 libpng15: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438683
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-60fce94678' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new


BIND, PostgreSQL, Linyami-Syck-Perl, OpenSSH updates for Debian

Python OpenShift, NodeJS, and more updates for RHEL

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...