Fedora has released security updates for several packages, including perl-Crypt-SysRandom-XS and systemd. The perl-Crypt-SysRandom-XS update addresses a heap-based buffer overflow vulnerability in the XS function random_bytes(), while the systemd update fixes a local user privilege escalation bug. Both updates are available to install using the "dnf" package manager and can be installed by running the command "su -c 'dnf upgrade --advisory [advisory_id]'" at the command line. All Fedora packages, including these updates, are signed with the Fedora Project GPG key, which can be found on the Fedora website.

Fedora 42 Update: perl-Crypt-SysRandom-XS-0.011-1.fc42
Fedora 43 Update: perl-Crypt-SysRandom-XS-0.011-1.fc43
Fedora 44 Update: systemd-259.3-1.fc44

[SECURITY] Fedora 42 Update: perl-Crypt-SysRandom-XS-0.011-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c0123ede74
2026-03-11 01:12:04.419699+00:00
--------------------------------------------------------------------------------

Name : perl-Crypt-SysRandom-XS
Product : Fedora 42
Version : 0.011
Release : 1.fc42
URL : https://metacpan.org/dist/Crypt-SysRandom-XS
Summary : Perl interface to system randomness, XS version
Description :
This module uses whatever C interface is available to procure
cryptographically random data from the system.

--------------------------------------------------------------------------------
Update Information:

0.011 - Update data pointer on resize for rdrand; Clean up string length
handling
0.010 - Disallow requesting strings with negative lengths CVE-2026-2597; Try
arc4random in stdlib.h first; Correct value of PROTOTYPES keyword in XS
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 2 2026 Jitka Plesnikova [jplesnik@redhat.com] - 0.011-1
- 0.011 bump (rhbz#2440318)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2443384 - CVE-2026-2597 perl-Crypt-SysRandom-XS: heap-based buffer overflow in the XS function random_bytes() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2443384
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c0123ede74' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: perl-Crypt-SysRandom-XS-0.011-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7b9874a01f
2026-03-11 00:48:09.893607+00:00
--------------------------------------------------------------------------------

Name : perl-Crypt-SysRandom-XS
Product : Fedora 43
Version : 0.011
Release : 1.fc43
URL : https://metacpan.org/dist/Crypt-SysRandom-XS
Summary : Perl interface to system randomness, XS version
Description :
This module uses whatever C interface is available to procure
cryptographically random data from the system.

--------------------------------------------------------------------------------
Update Information:

0.011 - Update data pointer on resize for rdrand; Clean up string length
handling
0.010 - Disallow requesting strings with negative lengths CVE-2026-2597; Try
arc4random in stdlib.h first; Correct value of PROTOTYPES keyword in XS
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 2 2026 Jitka Plesnikova [jplesnik@redhat.com] - 0.011-1
- 0.011 bump (rhbz#2440318)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2443384 - CVE-2026-2597 perl-Crypt-SysRandom-XS: heap-based buffer overflow in the XS function random_bytes() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2443384
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7b9874a01f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: systemd-259.3-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c1c45c4b2d
2026-03-11 00:15:02.118340+00:00
--------------------------------------------------------------------------------

Name : systemd
Product : Fedora 44
Version : 259.3
Release : 1.fc44
URL : https://systemd.io
Summary : System and Service Manager
Description :
systemd is a system and service manager that runs as PID 1 and starts the rest
of the system. It provides aggressive parallelization capabilities, uses socket
and D-Bus activation for starting services, offers on-demand starting of
daemons, keeps track of processes using Linux control groups, maintains mount
and automount points, and implements an elaborate transactional dependency-based
service control logic. systemd supports SysV and LSB init scripts and works as a
replacement for sysvinit. Other parts of this package are a logging daemon,
utilities to control basic system configuration like the hostname, date, locale,
maintain a list of logged-in users, system accounts, runtime directories and
settings, and a logging daemons.

This package was built from the v259-stable branch of systemd.

--------------------------------------------------------------------------------
Update Information:

Fix for the linked bug.
Important bugfix release.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 4 2026 Zbigniew J??drzejewski-Szmek [zbyszek@amutable.com] - 259.3-1
- Version 259.3
- Fix for GHSA-6pwp-j5vg-5j6m, rhbz#2444375
* Fri Feb 27 2026 Zbigniew J??drzejewski-Szmek [zbyszek@amutable.com] - 259.2-1
- Version 259.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2444375 - systemd: local user privilege escalation (GHSA-6pwp-j5vg-5j6m)
https://bugzilla.redhat.com/show_bug.cgi?id=2444375
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c1c45c4b2d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------