Rrdtool, Kernel, Nginx, and more updates for Fedora

Fedora Linux 9383 Published by

Fedora has rolled out a batch of security patches across versions 42, 43, and 44 to address several critical vulnerabilities in widely used system packages. The updates target essential components like the Linux kernel, Xen hypervisor, poppler PDF library, and various nginx modules while also fixing memory corruption issues and remote code execution flaws. Developers relying on the Rust-based uv toolchain will find their dependencies refreshed with important stability improvements alongside the security fixes. Administrators can quickly deploy these changes by running a standard dnf upgrade command with the specific advisory identifiers provided in each notification.

Fedora 42 Update: rrdtool-1.9.0-8.fc42
Fedora 44 Update: kernel-7.0.10-201.fc44
Fedora 44 Update: nginx-mod-naxsi-1.6-18.fc44
Fedora 44 Update: nginx-mod-modsecurity-1.0.4-11.fc44
Fedora 44 Update: nginx-mod-headers-more-0.39-10.fc44
Fedora 44 Update: nginx-1.30.2-1.fc44
Fedora 44 Update: nginx-mod-vts-0.2.4-10.fc44
Fedora 44 Update: nginx-mod-fancyindex-0.6.0-5.fc44
Fedora 44 Update: nginx-mod-js-challenge-0^20230517.gitda6852d-8.fc44
Fedora 44 Update: nginx-mod-brotli-1.0.0~rc-10.fc44
Fedora 44 Update: rrdtool-1.9.0-11.fc44
Fedora 44 Update: rust-astral_async_zip-0.0.18~rc4-2.fc44
Fedora 44 Update: rust-astral-tokio-tar-0.6.2-1.fc44
Fedora 44 Update: uv-0.11.15-1.fc44
Fedora 44 Update: rust-astral_async_http_range_reader-0.11.0-2.fc44
Fedora 44 Update: python-uv-build-0.11.15-1.fc44
Fedora 44 Update: perl-Imager-1.031-1.fc44
Fedora 44 Update: xen-4.21.1-3.fc44
Fedora 43 Update: rust-astral-tokio-tar-0.6.2-1.fc43
Fedora 43 Update: rust-astral_async_zip-0.0.18~rc4-2.fc43
Fedora 43 Update: python-uv-build-0.11.15-1.fc43
Fedora 43 Update: rrdtool-1.9.0-8.fc43
Fedora 43 Update: uv-0.11.15-1.fc43
Fedora 43 Update: rust-astral_async_http_range_reader-0.11.0-2.fc43
Fedora 43 Update: xen-4.20.3-3.fc43
Fedora 43 Update: poppler-25.07.0-5.fc43



[SECURITY] Fedora 42 Update: rrdtool-1.9.0-8.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-93281f2f96
2026-05-27 16:29:24.913333+00:00
--------------------------------------------------------------------------------

Name : rrdtool
Product : Fedora 42
Version : 1.9.0
Release : 8.fc42
URL : https://oss.oetiker.ch/rrdtool/
Summary : Round Robin Database Tool to store and display time-series data
Description :
RRD is the Acronym for Round Robin Database. RRD is a system to store and
display time-series data (i.e. network bandwidth, machine-room temperature,
server load average). It stores the data in a very compact way that will not
expand over time, and it presents useful graphs by processing the data to
enforce a certain data density. It can be used either via simple wrapper
scripts (from shell or Perl) or via frontends that poll network devices and
put a friendly user interface on it.

--------------------------------------------------------------------------------
Update Information:

This is an update backporting some safety checks from the rrdtool-1.10.0.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 19 2026 Jaroslav ??karvada [jskarvad@redhat.com] - 1.9.0-8
- Backported some safety checks from the rrdtool-1.10.0
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.9.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jul 8 2025 Jitka Plesnikova [jplesnik@redhat.com] - 1.9.0-6
- Perl 5.42 rebuild
* Mon Jun 2 2025 Python Maint - 1.9.0-5
- Rebuilt for Python 3.14
* Fri Mar 21 2025 Yaakov Selkowitz [yselkowi@redhat.com] - 1.9.0-4
- Rebuilt for https://fedoraproject.org/wiki/Changes/TclTk9.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-93281f2f96' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 44 Update: kernel-7.0.10-201.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bc20b091a8
2026-05-28 01:11:32.543889+00:00
--------------------------------------------------------------------------------

Name : kernel
Product : Fedora 44
Version : 7.0.10
Release : 201.fc44
URL : https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package

--------------------------------------------------------------------------------
Update Information:

The 7.0.10-101/201 stable kernel updates contain a number of important fixes
across the tree.
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 27 2026 Justin M. Forbes [jforbes@fedoraproject.org] [7.0.10-1]
- ata: libata-scsi: do not needlessly defer commands when using PMP with FBS (Niklas Cassel)
- ata: libata-scsi: do not use the deferred QC feature on PMPs with CBS (Niklas Cassel)
- ata: libata-scsi: do not use the deferred QC feature for ATA_DEFER_PORT (Niklas Cassel)
- ata: libata-scsi: improve readability of ata_scsi_qc_issue() (Niklas Cassel)
- smb: client: reject userspace cifs.spnego descriptions (Asim Viladi Oglu Manizada)
- ksmbd: close durable scavenger races against m_fp_list lookups (DaeMyung Kang)
- iommu/amd: Remove latent out-of-bounds access in IOMMU debugfs (Eder Zulian)
- iommu/amd: Fix illegal cap/mmio access in IOMMU debugfs (Guanghui Feng)
- drm/i915/cx0: Rename intel_clear_response_ready flag (Suraj Kandpal)
- drm/i915/cx0: Clear response ready & error bit (Suraj Kandpal)
- drm/i915/pps: Enable panel power earlier (Mika Kahola)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bc20b091a8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: nginx-mod-naxsi-1.6-18.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-da68d7bf53
2026-05-28 01:11:32.543879+00:00
--------------------------------------------------------------------------------

Name : nginx-mod-naxsi
Product : Fedora 44
Version : 1.6
Release : 18.fc44
URL : https://github.com/wargio/naxsi
Summary : nginx web application firewall module
Description :
naxsi is an nginx module that provides score based Web Application Firewall
(WAF) abilities in a highly granular fashion.

--------------------------------------------------------------------------------
Update Information:

nginx-mod-headers-more:
Rebuild for 1.30.2
nginx-mod-vts:
Rebuild for 1.30.2
nginx-mod-fancyindex:
Rebuild for 1.30.2
nginx-mod-brotli:
Rebuild for 1.30.2
nginx-mod-naxsi:
Rebuild for 1.30.2
nginx-mod-js-challenge:
Rebuild for 1.30.2
nginx-mod-modsecurity:
Rebuild for 1.30.2
nginx:
update to 1.30.2
fixes CVE-2026-9256
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 23 2026 Felix Kaechele [felix@kaechele.ca] - 1.6-18
- Rebuild for 1.30.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2481243 - CVE-2026-9256 nginx: code execution and denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481243
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-da68d7bf53' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: nginx-mod-modsecurity-1.0.4-11.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-da68d7bf53
2026-05-28 01:11:32.543879+00:00
--------------------------------------------------------------------------------

Name : nginx-mod-modsecurity
Product : Fedora 44
Version : 1.0.4
Release : 11.fc44
URL : https://github.com/SpiderLabs/ModSecurity-nginx
Summary : ModSecurity v3 nginx connector
Description :
The ModSecurity-nginx connector is the connection point between nginx and
libmodsecurity (ModSecurity v3). Said another way, this project provides a
communication channel between nginx and libmodsecurity. This connector is
required to use LibModSecurity with nginx.

The ModSecurity-nginx connector takes the form of an nginx module. The module
simply serves as a layer of communication between nginx and ModSecurity

--------------------------------------------------------------------------------
Update Information:

nginx-mod-headers-more:
Rebuild for 1.30.2
nginx-mod-vts:
Rebuild for 1.30.2
nginx-mod-fancyindex:
Rebuild for 1.30.2
nginx-mod-brotli:
Rebuild for 1.30.2
nginx-mod-naxsi:
Rebuild for 1.30.2
nginx-mod-js-challenge:
Rebuild for 1.30.2
nginx-mod-modsecurity:
Rebuild for 1.30.2
nginx:
update to 1.30.2
fixes CVE-2026-9256
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 23 2026 Felix Kaechele [felix@kaechele.ca] - 1.0.4-11
- Rebuild for 1.30.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2481243 - CVE-2026-9256 nginx: code execution and denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481243
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-da68d7bf53' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: nginx-mod-headers-more-0.39-10.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-da68d7bf53
2026-05-28 01:11:32.543879+00:00
--------------------------------------------------------------------------------

Name : nginx-mod-headers-more
Product : Fedora 44
Version : 0.39
Release : 10.fc44
URL : https://github.com/openresty/headers-more-nginx-module
Summary : This module allows adding, setting, or clearing specified input/output headers
Description :
This module allows adding, setting, or clearing specified input/output headers.

This is an enhanced version of the standard headers module because it provides
more utilities like resetting or clearing "builtin headers" like Content-Type,
Content-Length, and Server.

--------------------------------------------------------------------------------
Update Information:

nginx-mod-headers-more:
Rebuild for 1.30.2
nginx-mod-vts:
Rebuild for 1.30.2
nginx-mod-fancyindex:
Rebuild for 1.30.2
nginx-mod-brotli:
Rebuild for 1.30.2
nginx-mod-naxsi:
Rebuild for 1.30.2
nginx-mod-js-challenge:
Rebuild for 1.30.2
nginx-mod-modsecurity:
Rebuild for 1.30.2
nginx:
update to 1.30.2
fixes CVE-2026-9256
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 23 2026 Felix Kaechele [felix@kaechele.ca] - 0.39-10
- Rebuild for 1.30.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2481243 - CVE-2026-9256 nginx: code execution and denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481243
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-da68d7bf53' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: nginx-1.30.2-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-da68d7bf53
2026-05-28 01:11:32.543879+00:00
--------------------------------------------------------------------------------

Name : nginx
Product : Fedora 44
Version : 1.30.2
Release : 1.fc44
URL : https://nginx.org
Summary : A high performance web server and reverse proxy server
Description :
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.

--------------------------------------------------------------------------------
Update Information:

nginx-mod-headers-more:
Rebuild for 1.30.2
nginx-mod-vts:
Rebuild for 1.30.2
nginx-mod-fancyindex:
Rebuild for 1.30.2
nginx-mod-brotli:
Rebuild for 1.30.2
nginx-mod-naxsi:
Rebuild for 1.30.2
nginx-mod-js-challenge:
Rebuild for 1.30.2
nginx-mod-modsecurity:
Rebuild for 1.30.2
nginx:
update to 1.30.2
fixes CVE-2026-9256
--------------------------------------------------------------------------------
ChangeLog:

* Fri May 22 2026 Felix Kaechele [felix@kaechele.ca] - 2:1.30.2-1
- update to 1.30.2
- fixes CVE-2026-9256
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2481243 - CVE-2026-9256 nginx: code execution and denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481243
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-da68d7bf53' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: nginx-mod-vts-0.2.4-10.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-da68d7bf53
2026-05-28 01:11:32.543879+00:00
--------------------------------------------------------------------------------

Name : nginx-mod-vts
Product : Fedora 44
Version : 0.2.4
Release : 10.fc44
URL : https://github.com/vozlt/nginx-module-vts
Summary : Nginx virtual host traffic status module
Description :
Nginx virtual host traffic status module.

--------------------------------------------------------------------------------
Update Information:

nginx-mod-headers-more:
Rebuild for 1.30.2
nginx-mod-vts:
Rebuild for 1.30.2
nginx-mod-fancyindex:
Rebuild for 1.30.2
nginx-mod-brotli:
Rebuild for 1.30.2
nginx-mod-naxsi:
Rebuild for 1.30.2
nginx-mod-js-challenge:
Rebuild for 1.30.2
nginx-mod-modsecurity:
Rebuild for 1.30.2
nginx:
update to 1.30.2
fixes CVE-2026-9256
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 23 2026 Felix Kaechele [felix@kaechele.ca] - 0.2.4-10
- Rebuild for 1.30.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2481243 - CVE-2026-9256 nginx: code execution and denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481243
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-da68d7bf53' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: nginx-mod-fancyindex-0.6.0-5.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-da68d7bf53
2026-05-28 01:11:32.543879+00:00
--------------------------------------------------------------------------------

Name : nginx-mod-fancyindex
Product : Fedora 44
Version : 0.6.0
Release : 5.fc44
URL : https://github.com/aperezdc/ngx-fancyindex
Summary : Nginx FancyIndex module
Description :
The Fancy Index module makes possible the generation of file listings,
like the built-in autoindex module does, but adding a touch of style.
This is possible because the module allows a certain degree of
customization of the generated content:

* Custom headers. Either local or stored remotely.
* Custom footers. Either local or stored remotely.
* Add you own CSS style rules.
* Allow choosing to sort elements by name (default),
modification time, or size; both ascending (default),
or descending.

--------------------------------------------------------------------------------
Update Information:

nginx-mod-headers-more:
Rebuild for 1.30.2
nginx-mod-vts:
Rebuild for 1.30.2
nginx-mod-fancyindex:
Rebuild for 1.30.2
nginx-mod-brotli:
Rebuild for 1.30.2
nginx-mod-naxsi:
Rebuild for 1.30.2
nginx-mod-js-challenge:
Rebuild for 1.30.2
nginx-mod-modsecurity:
Rebuild for 1.30.2
nginx:
update to 1.30.2
fixes CVE-2026-9256
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 23 2026 Felix Kaechele [felix@kaechele.ca] - 0.6.0-5
- Rebuild for 1.30.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2481243 - CVE-2026-9256 nginx: code execution and denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481243
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-da68d7bf53' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: nginx-mod-js-challenge-0^20230517.gitda6852d-8.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-da68d7bf53
2026-05-28 01:11:32.543879+00:00
--------------------------------------------------------------------------------

Name : nginx-mod-js-challenge
Product : Fedora 44
Version : 0^20230517.gitda6852d
Release : 8.fc44
URL : https://github.com/simon987/ngx_http_js_challenge_module
Summary : Simple JavaScript proof-of-work based access for Nginx with virtually no overhead
Description :
Simple JavaScript proof-of-work based access for Nginx with virtually no overhead.

--------------------------------------------------------------------------------
Update Information:

nginx-mod-headers-more:
Rebuild for 1.30.2
nginx-mod-vts:
Rebuild for 1.30.2
nginx-mod-fancyindex:
Rebuild for 1.30.2
nginx-mod-brotli:
Rebuild for 1.30.2
nginx-mod-naxsi:
Rebuild for 1.30.2
nginx-mod-js-challenge:
Rebuild for 1.30.2
nginx-mod-modsecurity:
Rebuild for 1.30.2
nginx:
update to 1.30.2
fixes CVE-2026-9256
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 23 2026 Felix Kaechele [felix@kaechele.ca] - 0^20230517.gitda6852d-8
- Rebuild for 1.30.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2481243 - CVE-2026-9256 nginx: code execution and denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481243
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-da68d7bf53' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: nginx-mod-brotli-1.0.0~rc-10.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-da68d7bf53
2026-05-28 01:11:32.543879+00:00
--------------------------------------------------------------------------------

Name : nginx-mod-brotli
Product : Fedora 44
Version : 1.0.0~rc
Release : 10.fc44
URL : https://github.com/google/ngx_brotli
Summary : NGINX module for Brotli compression
Description :
NGINX module for Brotli compression.

--------------------------------------------------------------------------------
Update Information:

nginx-mod-headers-more:
Rebuild for 1.30.2
nginx-mod-vts:
Rebuild for 1.30.2
nginx-mod-fancyindex:
Rebuild for 1.30.2
nginx-mod-brotli:
Rebuild for 1.30.2
nginx-mod-naxsi:
Rebuild for 1.30.2
nginx-mod-js-challenge:
Rebuild for 1.30.2
nginx-mod-modsecurity:
Rebuild for 1.30.2
nginx:
update to 1.30.2
fixes CVE-2026-9256
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 23 2026 Felix Kaechele [felix@kaechele.ca] - 1.0.0~rc-10
- Rebuild for 1.30.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2481243 - CVE-2026-9256 nginx: code execution and denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481243
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-da68d7bf53' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: rrdtool-1.9.0-11.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-87a8048005
2026-05-28 01:11:32.543849+00:00
--------------------------------------------------------------------------------

Name : rrdtool
Product : Fedora 44
Version : 1.9.0
Release : 11.fc44
URL : https://oss.oetiker.ch/rrdtool/
Summary : Round Robin Database Tool to store and display time-series data
Description :
RRD is the Acronym for Round Robin Database. RRD is a system to store and
display time-series data (i.e. network bandwidth, machine-room temperature,
server load average). It stores the data in a very compact way that will not
expand over time, and it presents useful graphs by processing the data to
enforce a certain data density. It can be used either via simple wrapper
scripts (from shell or Perl) or via frontends that poll network devices and
put a friendly user interface on it.

--------------------------------------------------------------------------------
Update Information:

This is an update backporting some safety checks from the rrdtool-1.10.0.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 19 2026 Jaroslav ??karvada [jskarvad@redhat.com] - 1.9.0-11
- Backported some safety checks from the rrdtool-1.10.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-87a8048005' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 44 Update: rust-astral_async_zip-0.0.18~rc4-2.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0b1aaac651
2026-05-28 01:11:32.543847+00:00
--------------------------------------------------------------------------------

Name : rust-astral_async_zip
Product : Fedora 44
Version : 0.0.18~rc4
Release : 2.fc44
URL : https://crates.io/crates/astral_async_zip
Summary : Asynchronous ZIP archive reading/writing crate
Description :
An asynchronous ZIP archive reading/writing crate.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.5, fixing GHSA-3cv2-h65g-fgmm and
GHSA-4gg8-gxpx-9rph.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 19 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.0.18~rc4-2
- Omit zip64 tests on 32-bit targets
* Mon May 18 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.0.18~rc4-1
- Update to 0.0.18~rc4
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2479685 - python-uv-build-0.11.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479685
[ 2 ] Bug #2479704 - uv-0.11.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479704
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0b1aaac651' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: rust-astral-tokio-tar-0.6.2-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0b1aaac651
2026-05-28 01:11:32.543847+00:00
--------------------------------------------------------------------------------

Name : rust-astral-tokio-tar
Product : Fedora 44
Version : 0.6.2
Release : 1.fc44
URL : https://crates.io/crates/astral-tokio-tar
Summary : Rust implementation of an async TAR file reader and writer
Description :
A Rust implementation of an async TAR file reader and writer. This
library does not currently handle compression, but it is abstract over
all I/O readers and writers. Additionally, great lengths are taken to
ensure that the entire contents are never required to be entirely
resident in memory all at once.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.5, fixing GHSA-3cv2-h65g-fgmm and
GHSA-4gg8-gxpx-9rph.
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 18 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.2-1
- Update to version 0.6.2; Fixes RHBZ#2479647; Fixes GHSA-3cv2-h65g-fgmm
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2479685 - python-uv-build-0.11.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479685
[ 2 ] Bug #2479704 - uv-0.11.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479704
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0b1aaac651' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: uv-0.11.15-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0b1aaac651
2026-05-28 01:11:32.543847+00:00
--------------------------------------------------------------------------------

Name : uv
Product : Fedora 44
Version : 0.11.15
Release : 1.fc44
URL : https://github.com/astral-sh/uv
Summary : An extremely fast Python package installer and resolver, written in Rust
Description :
An extremely fast Python package and project manager, written in Rust.

Highlights:

??? A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twine,
virtualenv, and more.
??? 10-100x faster than pip.
??? Provides comprehensive project management, with a universal lockfile.
??? Runs scripts, with support for inline dependency metadata.
??? Installs and manages Python versions.
??? Runs and installs tools published as Python packages.
??? Includes a pip-compatible interface for a performance boost with a familiar
CLI.
??? Supports Cargo-style workspaces for scalable projects.
??? Disk-space efficient, with a global cache for dependency deduplication.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.5, fixing GHSA-3cv2-h65g-fgmm and
GHSA-4gg8-gxpx-9rph.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 19 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.15-1
- Update to 0.11.15 (close RHBZ#2479704)
* Wed May 13 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.14-1
- Update to 0.11.14 (close RHBZ#2468985)
* Sat May 9 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.12-1
- Update to 0.11.12 (close RHBZ#2466908)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2479685 - python-uv-build-0.11.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479685
[ 2 ] Bug #2479704 - uv-0.11.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479704
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0b1aaac651' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 44 Update: rust-astral_async_http_range_reader-0.11.0-2.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0b1aaac651
2026-05-28 01:11:32.543847+00:00
--------------------------------------------------------------------------------

Name : rust-astral_async_http_range_reader
Product : Fedora 44
Version : 0.11.0
Release : 2.fc44
URL : https://crates.io/crates/astral_async_http_range_reader
Summary : Library for streaming reading of files over HTTP using range requests
Description :
A library for streaming reading of files over HTTP using range requests.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.5, fixing GHSA-3cv2-h65g-fgmm and
GHSA-4gg8-gxpx-9rph.
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 18 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.0-2
- Update dev-dependency astral_async_zip to 0.0.18-rc4
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2479685 - python-uv-build-0.11.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479685
[ 2 ] Bug #2479704 - uv-0.11.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479704
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0b1aaac651' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: python-uv-build-0.11.15-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0b1aaac651
2026-05-28 01:11:32.543847+00:00
--------------------------------------------------------------------------------

Name : python-uv-build
Product : Fedora 44
Version : 0.11.15
Release : 1.fc44
URL : https://pypi.org/project/uv-build
Summary : The uv build backend
Description :

This package is a slimmed down version of uv containing only the build
backend.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.5, fixing GHSA-3cv2-h65g-fgmm and
GHSA-4gg8-gxpx-9rph.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 19 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.15-1
- Update to 0.11.15 (close RHBZ#2479685)
* Wed May 13 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.14-1
- Update to 0.11.14 (close RHBZ#2468984)
* Wed May 13 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.12-2
- Use pyproject long options
* Sat May 9 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.12-1
- Update to 0.11.12
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2479685 - python-uv-build-0.11.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479685
[ 2 ] Bug #2479704 - uv-0.11.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479704
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0b1aaac651' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: perl-Imager-1.031-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-63ab4e8283
2026-05-28 01:11:32.543832+00:00
--------------------------------------------------------------------------------

Name : perl-Imager
Product : Fedora 44
Version : 1.031
Release : 1.fc44
URL : https://metacpan.org/release/Imager
Summary : Perl extension for Generating 24 bit Images
Description :
Imager is a module for creating and altering images. It can read and
write various image formats, draw primitive shapes like lines,and
polygons, blend multiple images together in various ways, scale, crop,
render text and more.

--------------------------------------------------------------------------------
Update Information:

Imager 1.031
- GIF: fix a heap buffer overflow with attacker controlled data CVE-2026-8454
Imager 1.030
- addtag(): store non-"int" numbers as strings
- addtag: improve the regexp used to decide if a value can be stored as an int.
- API: i_tags_get_int() - now fails if the value is stored as a string and is
out of range for an int.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 19 2026 Jitka Plesnikova [jplesnik@redhat.com] - 1.031-1
- 1.031 bump (rhbz#2477776)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2477776 - perl-Imager-1.031 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2477776
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-63ab4e8283' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: xen-4.21.1-3.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8b2957222f
2026-05-28 01:11:32.543789+00:00
--------------------------------------------------------------------------------

Name : xen
Product : Fedora 44
Version : 4.21.1
Release : 3.fc44
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------
Update Information:

x86: CPU Opcode Cache corruption [XSA-490,CVE-2025-54518]
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 12 2026 Michael Young [m.a.young@durham.ac.uk] - 4.21.1-3
- x86: CPU Opcode Cache corruption [XSA-490,CVE-2025-54518]
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8b2957222f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: rust-astral-tokio-tar-0.6.2-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f8487121bd
2026-05-28 00:47:20.915866+00:00
--------------------------------------------------------------------------------

Name : rust-astral-tokio-tar
Product : Fedora 43
Version : 0.6.2
Release : 1.fc43
URL : https://crates.io/crates/astral-tokio-tar
Summary : Rust implementation of an async TAR file reader and writer
Description :
A Rust implementation of an async TAR file reader and writer. This
library does not currently handle compression, but it is abstract over
all I/O readers and writers. Additionally, great lengths are taken to
ensure that the entire contents are never required to be entirely
resident in memory all at once.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.5, fixing GHSA-3cv2-h65g-fgmm and
GHSA-4gg8-gxpx-9rph.
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 18 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.2-1
- Update to version 0.6.2; Fixes RHBZ#2479647; Fixes GHSA-3cv2-h65g-fgmm
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2479685 - python-uv-build-0.11.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479685
[ 2 ] Bug #2479704 - uv-0.11.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479704
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f8487121bd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: rust-astral_async_zip-0.0.18~rc4-2.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f8487121bd
2026-05-28 00:47:20.915866+00:00
--------------------------------------------------------------------------------

Name : rust-astral_async_zip
Product : Fedora 43
Version : 0.0.18~rc4
Release : 2.fc43
URL : https://crates.io/crates/astral_async_zip
Summary : Asynchronous ZIP archive reading/writing crate
Description :
An asynchronous ZIP archive reading/writing crate.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.5, fixing GHSA-3cv2-h65g-fgmm and
GHSA-4gg8-gxpx-9rph.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 19 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.0.18~rc4-2
- Omit zip64 tests on 32-bit targets
* Mon May 18 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.0.18~rc4-1
- Update to 0.0.18~rc4
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.0.17-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2479685 - python-uv-build-0.11.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479685
[ 2 ] Bug #2479704 - uv-0.11.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479704
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f8487121bd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: python-uv-build-0.11.15-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f8487121bd
2026-05-28 00:47:20.915866+00:00
--------------------------------------------------------------------------------

Name : python-uv-build
Product : Fedora 43
Version : 0.11.15
Release : 1.fc43
URL : https://pypi.org/project/uv-build
Summary : The uv build backend
Description :

This package is a slimmed down version of uv containing only the build
backend.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.5, fixing GHSA-3cv2-h65g-fgmm and
GHSA-4gg8-gxpx-9rph.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 19 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.15-1
- Update to 0.11.15 (close RHBZ#2479685)
* Wed May 13 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.14-1
- Update to 0.11.14 (close RHBZ#2468984)
* Wed May 13 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.12-2
- Use pyproject long options
* Sat May 9 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.12-1
- Update to 0.11.12
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2479685 - python-uv-build-0.11.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479685
[ 2 ] Bug #2479704 - uv-0.11.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479704
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f8487121bd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: rrdtool-1.9.0-8.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-111ad9560f
2026-05-28 00:47:20.915869+00:00
--------------------------------------------------------------------------------

Name : rrdtool
Product : Fedora 43
Version : 1.9.0
Release : 8.fc43
URL : https://oss.oetiker.ch/rrdtool/
Summary : Round Robin Database Tool to store and display time-series data
Description :
RRD is the Acronym for Round Robin Database. RRD is a system to store and
display time-series data (i.e. network bandwidth, machine-room temperature,
server load average). It stores the data in a very compact way that will not
expand over time, and it presents useful graphs by processing the data to
enforce a certain data density. It can be used either via simple wrapper
scripts (from shell or Perl) or via frontends that poll network devices and
put a friendly user interface on it.

--------------------------------------------------------------------------------
Update Information:

This is an update backporting some safety checks from the rrdtool-1.10.0.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 19 2026 Jaroslav ??karvada [jskarvad@redhat.com] - 1.9.0-8
- Backported some safety checks from the rrdtool-1.10.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-111ad9560f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: uv-0.11.15-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f8487121bd
2026-05-28 00:47:20.915866+00:00
--------------------------------------------------------------------------------

Name : uv
Product : Fedora 43
Version : 0.11.15
Release : 1.fc43
URL : https://github.com/astral-sh/uv
Summary : An extremely fast Python package installer and resolver, written in Rust
Description :
An extremely fast Python package and project manager, written in Rust.

Highlights:

??? A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twine,
virtualenv, and more.
??? 10-100x faster than pip.
??? Provides comprehensive project management, with a universal lockfile.
??? Runs scripts, with support for inline dependency metadata.
??? Installs and manages Python versions.
??? Runs and installs tools published as Python packages.
??? Includes a pip-compatible interface for a performance boost with a familiar
CLI.
??? Supports Cargo-style workspaces for scalable projects.
??? Disk-space efficient, with a global cache for dependency deduplication.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.5, fixing GHSA-3cv2-h65g-fgmm and
GHSA-4gg8-gxpx-9rph.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 19 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.15-1
- Update to 0.11.15 (close RHBZ#2479704)
* Wed May 13 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.14-1
- Update to 0.11.14 (close RHBZ#2468985)
* Sat May 9 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.12-1
- Update to 0.11.12 (close RHBZ#2466908)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2479685 - python-uv-build-0.11.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479685
[ 2 ] Bug #2479704 - uv-0.11.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479704
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f8487121bd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: rust-astral_async_http_range_reader-0.11.0-2.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f8487121bd
2026-05-28 00:47:20.915866+00:00
--------------------------------------------------------------------------------

Name : rust-astral_async_http_range_reader
Product : Fedora 43
Version : 0.11.0
Release : 2.fc43
URL : https://crates.io/crates/astral_async_http_range_reader
Summary : Library for streaming reading of files over HTTP using range requests
Description :
A library for streaming reading of files over HTTP using range requests.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.5, fixing GHSA-3cv2-h65g-fgmm and
GHSA-4gg8-gxpx-9rph.
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 18 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.0-2
- Update dev-dependency astral_async_zip to 0.0.18-rc4
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2479685 - python-uv-build-0.11.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479685
[ 2 ] Bug #2479704 - uv-0.11.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2479704
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f8487121bd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: xen-4.20.3-3.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7b2b7837b6
2026-05-28 00:47:20.915834+00:00
--------------------------------------------------------------------------------

Name : xen
Product : Fedora 43
Version : 4.20.3
Release : 3.fc43
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------
Update Information:

x86: CPU Opcode Cache corruption [XSA-490,CVE-2025-54518]
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 12 2026 Michael Young [m.a.young@durham.ac.uk] - 4.20.3-3
- x86: CPU Opcode Cache corruption [XSA-490,CVE-2025-54518]
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7b2b7837b6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: poppler-25.07.0-5.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2a9d57ce6b
2026-05-28 00:47:20.915801+00:00
--------------------------------------------------------------------------------

Name : poppler
Product : Fedora 43
Version : 25.07.0
Release : 5.fc43
URL : https://poppler.freedesktop.org/
Summary : PDF rendering library
Description :
poppler is a PDF rendering library.

--------------------------------------------------------------------------------
Update Information:

This update fixes CVE-2025-52885
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 11 2026 Marek Kasik [mkasik@redhat.com] - 25.07.0-5
- Fix CVE-2025-52885
- Resolves: #2403486
* Sun Feb 1 2026 Elliott Sales de Andrade [quantum.analyst@gmail.com] - 25.07.0-4
- Add gobject-introspection Requires back to glib subpackage
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2403486 - CVE-2025-52885 poppler: Use-After-Free in StructTreeRoot class [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2403486
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2a9d57ce6b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new


Unbound, Varnish, Starlette, Roundcube, Erlang updates for Debian

Kernel, Firefox, Freeipmi, and more updates for Oracle Linux

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...