Fedora 42 Update: perl-Crypt-URandom-0.55-1.fc42
Fedora 42 Update: avr-binutils-2.45-4.fc42.1
Fedora 42 Update: keylime-7.14.1-1.fc42
Fedora 42 Update: python-apt-3.1.0-1.fc42
Fedora 42 Update: keylime-agent-rust-0.2.9-1.fc42
Fedora 42 Update: apt-3.1.15-2.fc42
Fedora 42 Update: rsync-3.4.1-5.fc42
Fedora 43 Update: perl-Crypt-URandom-0.55-1.fc43
Fedora 43 Update: avr-binutils-2.45-4.fc43.1
Fedora 43 Update: python-apt-3.1.0-1.fc43
Fedora 43 Update: keylime-agent-rust-0.2.9-1.fc43
Fedora 43 Update: keylime-7.14.1-1.fc43
Fedora 43 Update: apt-3.1.15-2.fc43
[SECURITY] Fedora 42 Update: perl-Crypt-URandom-0.55-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b0bf6e9c9b
2026-03-04 01:24:56.034162+00:00
--------------------------------------------------------------------------------
Name : perl-Crypt-URandom
Product : Fedora 42
Version : 0.55
Release : 1.fc42
URL : https://metacpan.org/release/Crypt-URandom
Summary : Non-blocking randomness for Perl
Description :
This Module is intended to provide an interface to the strongest available
source of non-blocking randomness on the current platform.
--------------------------------------------------------------------------------
Update Information:
This release fixes CVE-2026-2474 (a heap buffer overflow) and handling failed
read syscalls.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 23 2026 Petr Pisar [ppisar@redhat.com] - 0.55-1
- 0.55 bump (CVE-2026-2474, bug #2440312)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2440306 - CVE-2026-2474 crypt-urandom: Crypt::URandom for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom()
https://bugzilla.redhat.com/show_bug.cgi?id=2440306
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b0bf6e9c9b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: avr-binutils-2.45-4.fc42.1
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-405dab5af2
2026-03-04 01:24:56.034121+00:00
--------------------------------------------------------------------------------
Name : avr-binutils
Product : Fedora 42
Version : 2.45
Release : 4.fc42.1
URL : http://www.gnu.org/software/binutils/
Summary : Cross Compiling GNU binutils targeted at avr
Description :
This is a Cross Compiling version of GNU binutils, which can be used to
assemble and link binaries for the avr platform, instead of for the
native i386 platform.
--------------------------------------------------------------------------------
Update Information:
fix CVE-2025-11083: heap-based overflow
fix CVE-2025-11082: heap-based overflow
fix CVE-2025-11081: out-of-bounds read
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 18 2026 Michal Hlavinka [mhlavink@redhat.com] - 1:2.45-4.1
- rebuild
* Mon Oct 20 2025 Michal Hlavinka [mhlavink@redhat.com] - 1:2.45-4
- fix CVE-2025-11083: heap-based overflow (rhbz#2400336)
* Thu Oct 16 2025 Michal Hlavinka [mhlavink@redhat.com] - 1:2.45-3
- fix CVE-2025-11082: heap-based overflow (rhbz#2400340)
* Thu Oct 16 2025 Michal Hlavinka [mhlavink@redhat.com] - 1:2.45-2
- fix CVE-2025-11081: out-of-bounds read (rhbz#2400335)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2400335 - CVE-2025-11081 avr-binutils: GNU Binutils out-of-bounds read [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2400335
[ 2 ] Bug #2400340 - CVE-2025-11082 avr-binutils: GNU Binutils Linker heap-based overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2400340
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-405dab5af2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: keylime-7.14.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c2b5451b35
2026-03-04 01:24:56.034104+00:00
--------------------------------------------------------------------------------
Name : keylime
Product : Fedora 42
Version : 7.14.1
Release : 1.fc42
URL : https://github.com/keylime/keylime
Summary : Open source TPM software for Bootstrapping and Maintaining Trust
Description :
Keylime is a TPM based highly scalable remote boot attestation
and runtime integrity measurement solution.
--------------------------------------------------------------------------------
Update Information:
Update keylime to version 7.14.1 and keylime-agent-rust to version 0.2.9
Fixes: CVE-2026-1709 and CVE-2025-13609
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 13 2026 Sergio Correia [scorreia@redhat.com] - 7.14.1-1
- Updating for Keylime release v7.14.1
* Sat Feb 7 2026 Sergio Correia [scorreia@redhat.com] - 7.13.1-1
- Updating for Keylime release v7.13.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2435514 - CVE-2026-1709 keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication
https://bugzilla.redhat.com/show_bug.cgi?id=2435514
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c2b5451b35' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: python-apt-3.1.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e0e9d0d54a
2026-03-04 01:24:56.034100+00:00
--------------------------------------------------------------------------------
Name : python-apt
Product : Fedora 42
Version : 3.1.0
Release : 1.fc42
URL : https://tracker.debian.org/pkg/python-apt
Summary : Python bindings for APT
Description :
python-apt is a wrapper to use features of APT from Python.
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release apt 3.1.15 and python-apt 3.1.0, also fix a
security issue in python-apt
Update to latest upstream release apt 3.1.15
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 16 2026 Terje R??sten [terjeros@gmail.com] - 3.1.0-1
- Rebuild for so bump in apt 3.1.15
- 3.1.0
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.3.0-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Sep 19 2025 Python Maint - 2.3.0-16
- Rebuilt for Python 3.14.0rc3 bytecode
* Fri Aug 15 2025 Python Maint - 2.3.0-15
- Rebuilt for Python 3.14.0rc2 bytecode
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.3.0-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jun 2 2025 Python Maint - 2.3.0-13
- Rebuilt for Python 3.14
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2319327 - apt-3.1.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2319327
[ 2 ] Bug #2423061 - CVE-2025-6966 python-apt: python-apt: NULL pointer dereference leads to local denial of service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2423061
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e0e9d0d54a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: keylime-agent-rust-0.2.9-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c2b5451b35
2026-03-04 01:24:56.034104+00:00
--------------------------------------------------------------------------------
Name : keylime-agent-rust
Product : Fedora 42
Version : 0.2.9
Release : 1.fc42
URL : https://github.com/keylime/rust-keylime/
Summary : The Keylime agent
Description :
The Keylime agent
--------------------------------------------------------------------------------
Update Information:
Update keylime to version 7.14.1 and keylime-agent-rust to version 0.2.9
Fixes: CVE-2026-1709 and CVE-2025-13609
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 13 2026 Anderson Toshiyuki Sasaki [ansasaki@redhat.com] - 0.2.9-1
- Update to upstream version 0.2.9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2435514 - CVE-2026-1709 keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication
https://bugzilla.redhat.com/show_bug.cgi?id=2435514
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c2b5451b35' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: apt-3.1.15-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e0e9d0d54a
2026-03-04 01:24:56.034100+00:00
--------------------------------------------------------------------------------
Name : apt
Product : Fedora 42
Version : 3.1.15
Release : 2.fc42
URL : https://tracker.debian.org/pkg/apt
Summary : Command-line package manager for Debian packages
Description :
This package provides commandline tools for searching and
managing as well as querying information about packages
as a low-level access to all features of the libapt-pkg library.
These include:
* apt-get for retrieval of packages and information about them
from authenticated sources and for installation, upgrade and
removal of packages together with their dependencies
* apt-cache for querying available information about installed
as well as installable packages
* apt-cdrom to use removable media as a source for packages
* apt-config as an interface to the configuration settings
* apt-key as an interface to manage authentication keys
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release apt 3.1.15 and python-apt 3.1.0, also fix a
security issue in python-apt
Update to latest upstream release apt 3.1.15
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 16 2026 Terje Rosten [terjeros@gmail.com] - 3.1.15-2
- Rebuild due to so name bump
* Sun Feb 15 2026 Terje Rosten [terjeros@gmail.com] - 3.1.15-1
- 3.1.15
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 3.1.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 3.1.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Mon Oct 6 2025 Terje Rosten [terjeros@gmail.com] - 3.1.8-1
- 3.1.8
- apt-key is gone
- Add openssl-devel to buildreq
- Fix include issue
- apt-extracttemplates has moved
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.9.27-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Feb 11 2025 Zbigniew J??drzejewski-Szmek [zbyszek@in.waw.pl] - 2.9.27-2
- Add sysusers.d config file to allow rpm to create users/groups automatically
* Mon Feb 3 2025 Packit [hello@packit.dev] - 2.9.27-1
- Update to version 2.9.27
- Resolves: rhbz#2319327
* Thu Jan 16 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.9.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2319327 - apt-3.1.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2319327
[ 2 ] Bug #2423061 - CVE-2025-6966 python-apt: python-apt: NULL pointer dereference leads to local denial of service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2423061
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e0e9d0d54a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: rsync-3.4.1-5.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-de8c9d7b6f
2026-03-04 01:24:56.034076+00:00
--------------------------------------------------------------------------------
Name : rsync
Product : Fedora 42
Version : 3.4.1
Release : 5.fc42
URL : https://rsync.samba.org/
Summary : A program for synchronizing files over a network
Description :
Rsync uses a reliable algorithm to bring remote and host files into
sync very quickly. Rsync is fast because it just sends the differences
in the files over the network instead of sending the complete
files. Rsync is often used as a very powerful mirroring process or
just as a more capable replacement for the rcp command. A technical
report which describes the rsync algorithm is included in this
package.
--------------------------------------------------------------------------------
Update Information:
Updating tests
Fix for CVE-2025-10158
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 16 2026 Michal Ruprich [mruprich@redhat.com] - 3.4.1-5
- Fixing test plans
* Fri Feb 13 2026 Michal Ruprich [mruprich@redhat.com] - 3.4.1-4
- Fix for CVE-2025-10158
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2415719 - CVE-2025-10158 rsync: Rsync: Out of bounds array access via negative index [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2415719
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-de8c9d7b6f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: perl-Crypt-URandom-0.55-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-88f1155b8b
2026-03-04 00:54:59.722863+00:00
--------------------------------------------------------------------------------
Name : perl-Crypt-URandom
Product : Fedora 43
Version : 0.55
Release : 1.fc43
URL : https://metacpan.org/release/Crypt-URandom
Summary : Non-blocking randomness for Perl
Description :
This Module is intended to provide an interface to the strongest available
source of non-blocking randomness on the current platform.
--------------------------------------------------------------------------------
Update Information:
This release fixes CVE-2026-2474 (a heap buffer overflow) and handling failed
read syscalls.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 23 2026 Petr Pisar [ppisar@redhat.com] - 0.55-1
- 0.55 bump (CVE-2026-2474, bug #2440313)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2440306 - CVE-2026-2474 crypt-urandom: Crypt::URandom for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom()
https://bugzilla.redhat.com/show_bug.cgi?id=2440306
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-88f1155b8b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: avr-binutils-2.45-4.fc43.1
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-10cccbf560
2026-03-04 00:54:59.722814+00:00
--------------------------------------------------------------------------------
Name : avr-binutils
Product : Fedora 43
Version : 2.45
Release : 4.fc43.1
URL : http://www.gnu.org/software/binutils/
Summary : Cross Compiling GNU binutils targeted at avr
Description :
This is a Cross Compiling version of GNU binutils, which can be used to
assemble and link binaries for the avr platform, instead of for the
native i386 platform.
--------------------------------------------------------------------------------
Update Information:
fix CVE-2025-11083: heap-based overflow
fix CVE-2025-11082: heap-based overflow
fix CVE-2025-11081: out-of-bounds read
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 18 2026 Michal Hlavinka [mhlavink@redhat.com] - 1:2.45-4.1
- rebuild
* Mon Oct 20 2025 Michal Hlavinka [mhlavink@redhat.com] - 1:2.45-4
- fix CVE-2025-11083: heap-based overflow (rhbz#2400336)
* Thu Oct 16 2025 Michal Hlavinka [mhlavink@redhat.com] - 1:2.45-3
- fix CVE-2025-11082: heap-based overflow (rhbz#2400340)
* Thu Oct 16 2025 Michal Hlavinka [mhlavink@redhat.com] - 1:2.45-2
- fix CVE-2025-11081: out-of-bounds read (rhbz#2400335)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-10cccbf560' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: python-apt-3.1.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1c47e433df
2026-03-04 00:54:59.722793+00:00
--------------------------------------------------------------------------------
Name : python-apt
Product : Fedora 43
Version : 3.1.0
Release : 1.fc43
URL : https://tracker.debian.org/pkg/python-apt
Summary : Python bindings for APT
Description :
python-apt is a wrapper to use features of APT from Python.
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release apt 3.1.15 and python-apt 3.1.0
Update to latest upstream release apt 3.1.15, also fix build problem with
previous release
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 16 2026 Terje R??sten [terjeros@gmail.com] - 3.1.0-1
- Rebuild for so bump in apt 3.1.15
- 3.1.0
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.3.0-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2149769 - python-apt-3.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2149769
[ 2 ] Bug #2319327 - apt-3.1.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2319327
[ 3 ] Bug #2339898 - apt-2.9.8-1.fc43 FTBFS: apt-2.9.8/apt-pkg/contrib/strutl.cc:597:7: error: ???uint8_t??? was not declared in this scope
https://bugzilla.redhat.com/show_bug.cgi?id=2339898
[ 4 ] Bug #2384459 - apt: FTBFS in Fedora rawhide/f43
https://bugzilla.redhat.com/show_bug.cgi?id=2384459
[ 5 ] Bug #2423062 - CVE-2025-6966 python-apt: python-apt: NULL pointer dereference leads to local denial of service [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2423062
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1c47e433df' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: keylime-agent-rust-0.2.9-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e5027335a3
2026-03-04 00:54:59.722797+00:00
--------------------------------------------------------------------------------
Name : keylime-agent-rust
Product : Fedora 43
Version : 0.2.9
Release : 1.fc43
URL : https://github.com/keylime/rust-keylime/
Summary : The Keylime agent
Description :
The Keylime agent
--------------------------------------------------------------------------------
Update Information:
Update keylime to version 7.14.1 and keylime-agent-rust to version 0.2.9
Fixes: CVE-2026-1709 and CVE-2025-13609
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 13 2026 Anderson Toshiyuki Sasaki [ansasaki@redhat.com] - 0.2.9-1
- Update to upstream version 0.2.9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2435514 - CVE-2026-1709 keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication
https://bugzilla.redhat.com/show_bug.cgi?id=2435514
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e5027335a3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: keylime-7.14.1-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e5027335a3
2026-03-04 00:54:59.722797+00:00
--------------------------------------------------------------------------------
Name : keylime
Product : Fedora 43
Version : 7.14.1
Release : 1.fc43
URL : https://github.com/keylime/keylime
Summary : Open source TPM software for Bootstrapping and Maintaining Trust
Description :
Keylime is a TPM based highly scalable remote boot attestation
and runtime integrity measurement solution.
--------------------------------------------------------------------------------
Update Information:
Update keylime to version 7.14.1 and keylime-agent-rust to version 0.2.9
Fixes: CVE-2026-1709 and CVE-2025-13609
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 13 2026 Sergio Correia [scorreia@redhat.com] - 7.14.1-1
- Updating for Keylime release v7.14.1
* Sat Feb 7 2026 Sergio Correia [scorreia@redhat.com] - 7.13.1-1
- Updating for Keylime release v7.13.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2435514 - CVE-2026-1709 keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication
https://bugzilla.redhat.com/show_bug.cgi?id=2435514
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e5027335a3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: apt-3.1.15-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1c47e433df
2026-03-04 00:54:59.722793+00:00
--------------------------------------------------------------------------------
Name : apt
Product : Fedora 43
Version : 3.1.15
Release : 2.fc43
URL : https://tracker.debian.org/pkg/apt
Summary : Command-line package manager for Debian packages
Description :
This package provides commandline tools for searching and
managing as well as querying information about packages
as a low-level access to all features of the libapt-pkg library.
These include:
* apt-get for retrieval of packages and information about them
from authenticated sources and for installation, upgrade and
removal of packages together with their dependencies
* apt-cache for querying available information about installed
as well as installable packages
* apt-cdrom to use removable media as a source for packages
* apt-config as an interface to the configuration settings
* apt-key as an interface to manage authentication keys
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release apt 3.1.15 and python-apt 3.1.0
Update to latest upstream release apt 3.1.15, also fix build problem with
previous release
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 16 2026 Terje Rosten [terjeros@gmail.com] - 3.1.15-2
- Rebuild due to so name bump
* Sun Feb 15 2026 Terje Rosten [terjeros@gmail.com] - 3.1.15-1
- 3.1.15
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 3.1.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 3.1.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Mon Oct 6 2025 Terje Rosten [terjeros@gmail.com] - 3.1.8-1
- 3.1.8
- apt-key is gone
- Add openssl-devel to buildreq
- Fix include issue
- apt-extracttemplates has moved
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.9.27-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Feb 11 2025 Zbigniew J??drzejewski-Szmek [zbyszek@in.waw.pl] - 2.9.27-2
- Add sysusers.d config file to allow rpm to create users/groups automatically
* Mon Feb 3 2025 Packit [hello@packit.dev] - 2.9.27-1
- Update to version 2.9.27
- Resolves: rhbz#2319327
* Thu Jan 16 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.9.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2149769 - python-apt-3.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2149769
[ 2 ] Bug #2319327 - apt-3.1.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2319327
[ 3 ] Bug #2339898 - apt-2.9.8-1.fc43 FTBFS: apt-2.9.8/apt-pkg/contrib/strutl.cc:597:7: error: ???uint8_t??? was not declared in this scope
https://bugzilla.redhat.com/show_bug.cgi?id=2339898
[ 4 ] Bug #2384459 - apt: FTBFS in Fedora rawhide/f43
https://bugzilla.redhat.com/show_bug.cgi?id=2384459
[ 5 ] Bug #2423062 - CVE-2025-6966 python-apt: python-apt: NULL pointer dereference leads to local denial of service [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2423062
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1c47e433df' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
