Fedora 42 Update: rpki-client-9.8-1.fc42
Fedora 42 Update: xorg-x11-server-21.1.22-1.fc42
Fedora 42 Update: flatpak-builder-1.4.8-1.fc42
Fedora 43 Update: rpki-client-9.8-1.fc43
Fedora 43 Update: minetest-5.15.2-1.fc43
Fedora 43 Update: xorg-x11-server-21.1.22-1.fc43
Fedora 43 Update: flatpak-builder-1.4.8-1.fc43
[SECURITY] Fedora 42 Update: rpki-client-9.8-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f7b4693f9d
2026-04-24 01:06:05.765145+00:00
--------------------------------------------------------------------------------
Name : rpki-client
Product : Fedora 42
Version : 9.8
Release : 1.fc42
URL : https://www.rpki-client.org/
Summary : OpenBSD RPKI validator to support BGP Origin Validation
Description :
The OpenBSD rpki-client is a free, easy-to-use implementation of the
Resource Public Key Infrastructure (RPKI) for Relying Parties (RP) to
facilitate validation of the Route Origin of a BGP announcement. The
program queries the RPKI repository system, downloads and validates
Route Origin Authorisations (ROAs) and finally outputs Validated ROA
Payloads (VRPs) in the configuration format of OpenBGPD, BIRD, and
also as CSV or JSON objects for consumption by other routing stacks.
--------------------------------------------------------------------------------
Update Information:
rpki-client 9.8
Various refactoring for improved compatibility with various libcrypto
implementations and in CA/BGPsec certificate handling.
Fixed an accounting issue in HTTP gzip compression detection.
Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer
and Subject ASN.1 string encodings.
Added a check for canonical encoding of ASPA eContent in alignment with draft-
ietf-sidrops-aspa-profile-22.
Ensure that a repository timeout correctly stops repository processing.
Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order.
As a result, rpki-client 9.8 cannot parse rpki-client 9.7's .ccr files and vice
versa.
Fixed an issue in the parser for the locally configured constraints.
A malicious RRDP Publication Server can cause a NULL dereference.
A malicious RPKI Publication Server can cause an incorrect error exit.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 16 2026 Robert Scheck [robert@fedoraproject.org] 9.8-1
- Upgrade to 9.8 (#2458536)
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 9.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2458536 - rpki-client-9.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2458536
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f7b4693f9d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: xorg-x11-server-21.1.22-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2c6941716b
2026-04-24 01:06:05.765106+00:00
--------------------------------------------------------------------------------
Name : xorg-x11-server
Product : Fedora 42
Version : 21.1.22
Release : 1.fc42
URL : http://www.x.org
Summary : X.Org X11 X server
Description :
X.Org X11 X server.
--------------------------------------------------------------------------------
Update Information:
Update to xserver 21.1.22, CVE fix for: CVE-2026-33999, CVE-2026-34000,
CVE-2026-34001,
CVE-2026-34002, CVE-2026-34003
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 14 2026 Olivier Fourdan [ofourdan@redhat.com] - 21.1.22-1
- Update to xserver 21.1.22
- CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001,
CVE-2026-34002, CVE-2026-34003
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 21.1.21-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2458205 - xorg-x11-server-21.1.22 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2458205
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2c6941716b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: flatpak-builder-1.4.8-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-631b9d535c
2026-04-24 01:06:05.765099+00:00
--------------------------------------------------------------------------------
Name : flatpak-builder
Product : Fedora 42
Version : 1.4.8
Release : 1.fc42
URL : https://flatpak.org/
Summary : Tool to build flatpaks from source
Description :
Flatpak-builder is a tool for building flatpaks from sources.
See https://flatpak.org/ for more information.
--------------------------------------------------------------------------------
Update Information:
This update includes a fix for CVE-2026-39977. See also: the upstream advisory
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 14 2026 Adrian Vovk [avovk@redhat.com] - 1.4.8-1
- Update to 1.4.8 (#2457166)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2457166 - flatpak-builder-1.4.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2457166
[ 2 ] Bug #2457894 - CVE-2026-39977 flatpak-builder: path traversal leading to arbitrary file read on host when installing licence files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457894
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-631b9d535c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rpki-client-9.8-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-27892c9184
2026-04-24 00:53:58.937462+00:00
--------------------------------------------------------------------------------
Name : rpki-client
Product : Fedora 43
Version : 9.8
Release : 1.fc43
URL : https://www.rpki-client.org/
Summary : OpenBSD RPKI validator to support BGP Origin Validation
Description :
The OpenBSD rpki-client is a free, easy-to-use implementation of the
Resource Public Key Infrastructure (RPKI) for Relying Parties (RP) to
facilitate validation of the Route Origin of a BGP announcement. The
program queries the RPKI repository system, downloads and validates
Route Origin Authorisations (ROAs) and finally outputs Validated ROA
Payloads (VRPs) in the configuration format of OpenBGPD, BIRD, and
also as CSV or JSON objects for consumption by other routing stacks.
--------------------------------------------------------------------------------
Update Information:
rpki-client 9.8
Various refactoring for improved compatibility with various libcrypto
implementations and in CA/BGPsec certificate handling.
Fixed an accounting issue in HTTP gzip compression detection.
Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer
and Subject ASN.1 string encodings.
Added a check for canonical encoding of ASPA eContent in alignment with draft-
ietf-sidrops-aspa-profile-22.
Ensure that a repository timeout correctly stops repository processing.
Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order.
As a result, rpki-client 9.8 cannot parse rpki-client 9.7's .ccr files and vice
versa.
Fixed an issue in the parser for the locally configured constraints.
A malicious RRDP Publication Server can cause a NULL dereference.
A malicious RPKI Publication Server can cause an incorrect error exit.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 16 2026 Robert Scheck [robert@fedoraproject.org] 9.8-1
- Upgrade to 9.8 (#2458536)
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 9.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2458536 - rpki-client-9.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2458536
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-27892c9184' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: minetest-5.15.2-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-52b9116b3d
2026-04-24 00:53:58.937467+00:00
--------------------------------------------------------------------------------
Name : minetest
Product : Fedora 43
Version : 5.15.2
Release : 1.fc43
URL : https://luanti.org
Summary : Multiplayer infinite-world block sandbox with survival mode
Description :
Game of mining, crafting and building in the infinite world of cubic blocks with
optional hostile creatures, features both single and the network multiplayer
mode, mods. Public multiplayer servers are available.
--------------------------------------------------------------------------------
Update Information:
5.15.2
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 16 2026 Gwyn Ciesla [gwync@protonmail.com] - 5.15.2-1
- 5.15.2
* Sun Mar 22 2026 Bj??rn Esser [besser82@fedoraproject.org] - 5.15.1-2
- Rebuild (jsoncpp)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2458512 - minetest-5.15.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2458512
[ 2 ] Bug #2458908 - CVE-2026-40960 minetest: Luanti: Unauthorized access to insecure environment via crafted module [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458908
[ 3 ] Bug #2458909 - CVE-2026-40959 minetest: Luanti: Lua sandbox escape via crafted mod [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458909
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-52b9116b3d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: xorg-x11-server-21.1.22-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a7ec361237
2026-04-24 00:53:58.937417+00:00
--------------------------------------------------------------------------------
Name : xorg-x11-server
Product : Fedora 43
Version : 21.1.22
Release : 1.fc43
URL : http://www.x.org
Summary : X.Org X11 X server
Description :
X.Org X11 X server.
--------------------------------------------------------------------------------
Update Information:
Update to xserver 21.1.22, CVE fix for: CVE-2026-33999, CVE-2026-34000,
CVE-2026-34001,
CVE-2026-34002, CVE-2026-34003
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 14 2026 Olivier Fourdan [ofourdan@redhat.com] - 21.1.22-1
- Update to xserver 21.1.22
- CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001,
CVE-2026-34002, CVE-2026-34003
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 21.1.21-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2458205 - xorg-x11-server-21.1.22 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2458205
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a7ec361237' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: flatpak-builder-1.4.8-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-25ff246b4f
2026-04-24 00:53:58.937391+00:00
--------------------------------------------------------------------------------
Name : flatpak-builder
Product : Fedora 43
Version : 1.4.8
Release : 1.fc43
URL : https://flatpak.org/
Summary : Tool to build flatpaks from source
Description :
Flatpak-builder is a tool for building flatpaks from sources.
See https://flatpak.org/ for more information.
--------------------------------------------------------------------------------
Update Information:
This update includes a fix for CVE-2026-39977. See also: the upstream advisory
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 15 2026 Adrian Vovk [adrianvovk@gmail.com] - 1.4.8-1
- Update to 1.4.8 (#2457166)
* Wed Mar 25 2026 Jan Grulich [jgrulich@redhat.com] - 1.4.7-5
- Add configuration for release-monitoring
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.4.7-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2457166 - flatpak-builder-1.4.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2457166
[ 2 ] Bug #2457894 - CVE-2026-39977 flatpak-builder: path traversal leading to arbitrary file read on host when installing licence files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457894
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-25ff246b4f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
