Fedora 42 Update: tcpflow-1.6.2-0.1.8d47b53.fc42
Fedora 42 Update: python3.14-3.14.3-2.fc42
Fedora 42 Update: libgsasl-1.10.0-15.fc42
Fedora 42 Update: python3.12-3.12.13-2.fc42
Fedora 42 Update: python3.9-3.9.25-7.fc42
Fedora 42 Update: domoticz-2026.1-1.fc42
Fedora 43 Update: vim-9.2.280-1.fc43
Fedora 43 Update: chromium-146.0.7680.177-1.fc43
Fedora 43 Update: tcpflow-1.6.2-0.1.8d47b53.fc43
Fedora 43 Update: python3.9-3.9.25-7.fc43
Fedora 43 Update: libgsasl-1.10.0-15.fc43
Fedora 43 Update: domoticz-2026.1-1.fc43
Fedora 42 Update: gstreamer1-vaapi-1.26.11-1.fc42
Fedora 42 Update: gstreamer1-plugins-base-1.26.11-1.fc42
Fedora 42 Update: gstreamer1-plugins-bad-free-1.26.11-1.fc42
Fedora 42 Update: gstreamer1-plugin-libav-1.26.11-1.fc42
Fedora 42 Update: gstreamer1-1.26.11-1.fc42
Fedora 42 Update: python-gstreamer1-1.26.11-1.fc42
Fedora 42 Update: gst-devtools-1.26.11-1.fc42
Fedora 42 Update: gstreamer1-plugins-ugly-free-1.26.11-1.fc42
Fedora 42 Update: gstreamer1-rtsp-server-1.26.11-1.fc42
Fedora 42 Update: gstreamer1-plugins-good-1.26.11-1.fc42
Fedora 42 Update: gst-editing-services-1.26.11-1.fc42
Fedora 42 Update: gstreamer1-doc-1.26.11-1.fc42
Fedora 42 Update: python3.13-3.13.12-2.fc42
Fedora 42 Update: freerdp-3.24.2-1.fc42
Fedora 42 Update: openbao-2.5.2-1.fc42
Fedora 42 Update: bind9-next-9.21.20-1.fc42
Fedora 42 Update: libopenmpt-0.8.6-1.fc42
Fedora 42 Update: cmake-3.31.11-1.fc42
[SECURITY] Fedora 42 Update: tcpflow-1.6.2-0.1.8d47b53.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2f6fa1b6a1
2026-04-04 01:02:26.879262+00:00
--------------------------------------------------------------------------------
Name : tcpflow
Product : Fedora 42
Version : 1.6.2
Release : 0.1.8d47b53.fc42
URL : https://github.com/simsong/tcpflow
Summary : Network traffic recorder
Description :
tcpflow is a program that captures data transmitted as part of TCP
connections (flows), and stores the data in a way that is convenient
for protocol analysis or debugging. A program like 'tcpdump' shows a
summary of packets seen on the wire, but usually doesn't store the
data that's actually being transmitted. In contrast, tcpflow
reconstructs the actual data streams and stores each flow in a
separate file for later analysis.
--------------------------------------------------------------------------------
Update Information:
The update fixes CVS-2026-25061
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2026 Terje R??sten [terjeros@gmail.com] - 1.6.2-0.1.8d47b53
- Update to 1.6.2 / 8d47b53 to fix CVE-2026-25061
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.6.1-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.6.1-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2435430 - CVE-2026-25061 tcpflow: tcpflow TIM Element OOB Write [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2435430
[ 2 ] Bug #2435431 - CVE-2026-25061 tcpflow: tcpflow TIM Element OOB Write [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2435431
[ 3 ] Bug #2435432 - CVE-2026-25061 tcpflow: tcpflow TIM Element OOB Write [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2435432
[ 4 ] Bug #2435433 - CVE-2026-25061 tcpflow: tcpflow TIM Element OOB Write [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2435433
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2f6fa1b6a1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: python3.14-3.14.3-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ba6745d242
2026-04-04 01:02:26.879264+00:00
--------------------------------------------------------------------------------
Name : python3.14
Product : Fedora 42
Version : 3.14.3
Release : 2.fc42
URL : https://www.python.org/
Summary : Version 3.14 of the Python interpreter
Description :
Python 3.14 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.14 package provides the "python3.14" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.14-libs package,
which should be installed automatically along with python3.14.
The remaining parts of the Python standard library are broken out into the
python3.14-tkinter and python3.14-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.14-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.14-" prefix.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2026-4519
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2026 Lum??r Balhar [lbalhar@redhat.com] - 3.14.3-2
- Security fix for CVE-2026-4519 (rhbz#2449730)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2449730 - CVE-2026-4519 python3.14: Python: Command-line option injection in webbrowser.open() via crafted URLs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449730
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ba6745d242' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: libgsasl-1.10.0-15.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a8d6c7c064
2026-04-04 01:02:26.879255+00:00
--------------------------------------------------------------------------------
Name : libgsasl
Product : Fedora 42
Version : 1.10.0
Release : 15.fc42
URL : https://www.gnu.org/software/gsasl/
Summary : GNU SASL library
Description :
The library includes support for the SASL framework
and at least partial support for the CRAM-MD5, EXTERNAL,
GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN,
and NTLM mechanisms.
--------------------------------------------------------------------------------
Update Information:
GSSAPI server: Boundary check gss_wrap token (read OOB)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2026 Peter Lemenkov [lemenkov@gmail.com] - 1.10.0-15
- Fix CVE-2022-2469
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.10.0-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.10.0-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2119153 - CVE-2022-2469 libgsasl: Out of bounds read causes DoS [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2119153
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a8d6c7c064' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: python3.12-3.12.13-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e8c06584a9
2026-04-04 01:02:26.879244+00:00
--------------------------------------------------------------------------------
Name : python3.12
Product : Fedora 42
Version : 3.12.13
Release : 2.fc42
URL : https://www.python.org/
Summary : Version 3.12 of the Python interpreter
Description :
Python 3.12 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.12 package provides the "python3.12" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.12-libs package,
which should be installed automatically along with python3.12.
The remaining parts of the Python standard library are broken out into the
python3.12-tkinter and python3.12-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.12-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.12-" prefix.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2026-4519.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2026 Lum??r Balhar [lbalhar@redhat.com] - 3.12.13-2
- Security fix for CVE-2026-4519 (rhbz#2449728)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2449728 - CVE-2026-4519 python3.12: Python: Command-line option injection in webbrowser.open() via crafted URLs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449728
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e8c06584a9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: python3.9-3.9.25-7.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0ff49872ae
2026-04-04 01:02:26.879247+00:00
--------------------------------------------------------------------------------
Name : python3.9
Product : Fedora 42
Version : 3.9.25
Release : 7.fc42
URL : https://www.python.org/
Summary : Version 3.9 of the Python interpreter
Description :
Python 3.9 package for developers.
This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.9, see other distributions
that support it, such as CentOS or RHEL or older Fedora releases.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2026-4519.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2026 Lum??r Balhar [lbalhar@redhat.com] - 3.9.25-7
- Security fix for CVE-2026-4519 (rhbz#2449735)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2449735 - CVE-2026-4519 python3.9: Python: Command-line option injection in webbrowser.open() via crafted URLs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449735
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0ff49872ae' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: domoticz-2026.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-627f2db2b7
2026-04-04 01:02:26.879212+00:00
--------------------------------------------------------------------------------
Name : domoticz
Product : Fedora 42
Version : 2026.1
Release : 1.fc42
URL : http://www.domoticz.com
Summary : Open source Home Automation System
Description :
Domoticz is a Home Automation System that lets you monitor and configure various
devices like: Lights, Switches, various sensors/meters like Temperature, Rain,
Wind, UV, Electra, Gas, Water and much more. Notifications/Alerts can be sent to
any mobile device
--------------------------------------------------------------------------------
Update Information:
Too many changes to list. See:
https://github.com/domoticz/domoticz/blob/2026.1/History.txt
This also fixes a security vulnerability.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 25 2026 Michael Cronenworth [mike@cchtml.com] - 2026.1-1
- New stable release
* Sun Mar 22 2026 Bj??rn Esser [besser82@fedoraproject.org] - 2025.2-6
- Rebuild (jsoncpp)
* Fri Feb 27 2026 Tom Callaway [spot@fedoraproject.org] - 2025.2-5
- rebuild for lua 5.5
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2025.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2025.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Wed Jan 14 2026 Michael Cronenworth [mike@cchtml.com] - 2025.2-2
- Rebuilt for Boost 1.90
* Thu Jan 8 2026 Michael Cronenworth [mike@cchtml.com] - 2025.2-1
- New stable release
* Fri Sep 19 2025 Python Maint - 2025.1-4
- Rebuilt for Python 3.14.0rc3 bytecode
* Fri Aug 15 2025 Python Maint - 2025.1-3
- Rebuilt for Python 3.14.0rc2 bytecode
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2025.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2451138 - domoticz-2026.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451138
[ 2 ] Bug #2451506 - CVE-2026-1001 domoticz: Domoticz: Arbitrary script execution via stored cross-site scripting in web interface [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2451506
[ 3 ] Bug #2451508 - CVE-2026-1001 domoticz: Domoticz: Arbitrary script execution via stored cross-site scripting in web interface [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2451508
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-627f2db2b7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: vim-9.2.280-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5f9e9fea3c
2026-04-04 00:48:12.438666+00:00
--------------------------------------------------------------------------------
Name : vim
Product : Fedora 43
Version : 9.2.280
Release : 1.fc43
URL : https://www.vim.org/
Summary : The VIM editor
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor. Vi was the first real screen-based editor for UNIX, and is
still very popular. VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.
--------------------------------------------------------------------------------
Update Information:
patchlevel 280
Security fix for CVE-2026-34714
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 2 2026 Zdenek Dohnal [zdohnal@redhat.com] - 2:9.2.280-1
- patchlevel 280
* Tue Mar 31 2026 Zdenek Dohnal [zdohnal@redhat.com] - 2:9.2.272-1
- patchlevel 272
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2453139 - CVE-2026-34714 vim: Vim: Arbitrary code execution via crafted file
https://bugzilla.redhat.com/show_bug.cgi?id=2453139
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5f9e9fea3c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: chromium-146.0.7680.177-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bdd01d79ba
2026-04-04 00:48:12.438670+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 43
Version : 146.0.7680.177
Release : 1.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 146.0.7680.177
High CVE-2026-5273: Use after free in CSS
High CVE-2026-5272: Heap buffer overflow in GPU
High CVE-2026-5274: Integer overflow in Codecs
High CVE-2026-5275: Heap buffer overflow in ANGLE
High CVE-2026-5276: Insufficient policy enforcement in WebUSB
High CVE-2026-5277: Integer overflow in ANGLE
High CVE-2026-5278: Use after free in Web MIDI
High CVE-2026-5279: Object corruption in V8
High CVE-2026-5280: Use after free in WebCodecs
High CVE-2026-5281: Use after free in Dawn
High CVE-2026-5282: Out of bounds read in WebCodecs
High CVE-2026-5283: Inappropriate implementation in ANGLE
High CVE-2026-5284: Use after free in Dawn
High CVE-2026-5285: Use after free in WebGL
High CVE-2026-5286: Use after free in Dawn
High CVE-2026-5287: Use after free in PDF
High CVE-2026-5288: Use after free in WebView
High CVE-2026-5289: Use after free in Navigation
High CVE-2026-5290: Use after free in Compositing
Medium CVE-2026-5291: Inappropriate implementation in WebGL
Medium CVE-2026-5292: Out of bounds read in WebCodecs
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 1 2026 Than Ngo [than@redhat.com] - 146.0.7680.177-1
- Update to 146.0.7680.177
* High CVE-2026-5273: Use after free in CSS
* High CVE-2026-5272: Heap buffer overflow in GPU
* High CVE-2026-5274: Integer overflow in Codecs
* High CVE-2026-5275: Heap buffer overflow in ANGLE
* High CVE-2026-5276: Insufficient policy enforcement in WebUSB
* High CVE-2026-5277: Integer overflow in ANGLE
* High CVE-2026-5278: Use after free in Web MIDI
* High CVE-2026-5279: Object corruption in V8
* High CVE-2026-5280: Use after free in WebCodecs
* High CVE-2026-5281: Use after free in Dawn
* High CVE-2026-5282: Out of bounds read in WebCodecs
* High CVE-2026-5283: Inappropriate implementation in ANGLE
* High CVE-2026-5284: Use after free in Dawn
* High CVE-2026-5285: Use after free in WebGL
* High CVE-2026-5286: Use after free in Dawn
* High CVE-2026-5287: Use after free in PDF
* High CVE-2026-5288: Use after free in WebView
* High CVE-2026-5289: Use after free in Navigation
* High CVE-2026-5290: Use after free in Compositing
* Medium CVE-2026-5291: Inappropriate implementation in WebGL
* Medium CVE-2026-5292: Out of bounds read in WebCodecs
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bdd01d79ba' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: tcpflow-1.6.2-0.1.8d47b53.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-4398680e1a
2026-04-04 00:48:12.438655+00:00
--------------------------------------------------------------------------------
Name : tcpflow
Product : Fedora 43
Version : 1.6.2
Release : 0.1.8d47b53.fc43
URL : https://github.com/simsong/tcpflow
Summary : Network traffic recorder
Description :
tcpflow is a program that captures data transmitted as part of TCP
connections (flows), and stores the data in a way that is convenient
for protocol analysis or debugging. A program like 'tcpdump' shows a
summary of packets seen on the wire, but usually doesn't store the
data that's actually being transmitted. In contrast, tcpflow
reconstructs the actual data streams and stores each flow in a
separate file for later analysis.
--------------------------------------------------------------------------------
Update Information:
The update fixes CVS-2026-25061
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2026 Terje R??sten [terjeros@gmail.com] - 1.6.2-0.1.8d47b53
- Update to 1.6.2 / 8d47b53 to fix CVE-2026-25061
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.6.1-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2435430 - CVE-2026-25061 tcpflow: tcpflow TIM Element OOB Write [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2435430
[ 2 ] Bug #2435431 - CVE-2026-25061 tcpflow: tcpflow TIM Element OOB Write [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2435431
[ 3 ] Bug #2435432 - CVE-2026-25061 tcpflow: tcpflow TIM Element OOB Write [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2435432
[ 4 ] Bug #2435433 - CVE-2026-25061 tcpflow: tcpflow TIM Element OOB Write [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2435433
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-4398680e1a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: python3.9-3.9.25-7.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1e87d53608
2026-04-04 00:48:12.438643+00:00
--------------------------------------------------------------------------------
Name : python3.9
Product : Fedora 43
Version : 3.9.25
Release : 7.fc43
URL : https://www.python.org/
Summary : Version 3.9 of the Python interpreter
Description :
Python 3.9 package for developers.
This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.9, see other distributions
that support it, such as CentOS or RHEL or older Fedora releases.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2026-4519.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2026 Lum??r Balhar [lbalhar@redhat.com] - 3.9.25-7
- Security fix for CVE-2026-4519 (rhbz#2449735)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2449735 - CVE-2026-4519 python3.9: Python: Command-line option injection in webbrowser.open() via crafted URLs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449735
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1e87d53608' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: libgsasl-1.10.0-15.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5317df36be
2026-04-04 00:48:12.438650+00:00
--------------------------------------------------------------------------------
Name : libgsasl
Product : Fedora 43
Version : 1.10.0
Release : 15.fc43
URL : https://www.gnu.org/software/gsasl/
Summary : GNU SASL library
Description :
The library includes support for the SASL framework
and at least partial support for the CRAM-MD5, EXTERNAL,
GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN,
and NTLM mechanisms.
--------------------------------------------------------------------------------
Update Information:
GSSAPI server: Boundary check gss_wrap token (read OOB)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2026 Peter Lemenkov [lemenkov@gmail.com] - 1.10.0-15
- Fix CVE-2022-2469
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.10.0-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2119154 - CVE-2022-2469 libgsasl: Out of bounds read causes DoS [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2119154
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5317df36be' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: domoticz-2026.1-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-45d8852ca3
2026-04-04 00:48:12.438594+00:00
--------------------------------------------------------------------------------
Name : domoticz
Product : Fedora 43
Version : 2026.1
Release : 1.fc43
URL : http://www.domoticz.com
Summary : Open source Home Automation System
Description :
Domoticz is a Home Automation System that lets you monitor and configure various
devices like: Lights, Switches, various sensors/meters like Temperature, Rain,
Wind, UV, Electra, Gas, Water and much more. Notifications/Alerts can be sent to
any mobile device
--------------------------------------------------------------------------------
Update Information:
Too many changes to list. See:
https://github.com/domoticz/domoticz/blob/2026.1/History.txt
This also fixes a security vulnerability.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 25 2026 Michael Cronenworth [mike@cchtml.com] - 2026.1-1
- New stable release
* Sun Mar 22 2026 Bj??rn Esser [besser82@fedoraproject.org] - 2025.2-6
- Rebuild (jsoncpp)
* Fri Feb 27 2026 Tom Callaway [spot@fedoraproject.org] - 2025.2-5
- rebuild for lua 5.5
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2025.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2025.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Wed Jan 14 2026 Michael Cronenworth [mike@cchtml.com] - 2025.2-2
- Rebuilt for Boost 1.90
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2451138 - domoticz-2026.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451138
[ 2 ] Bug #2451507 - CVE-2026-1001 domoticz: Domoticz: Arbitrary script execution via stored cross-site scripting in web interface [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2451507
[ 3 ] Bug #2451509 - CVE-2026-1001 domoticz: Domoticz: Arbitrary script execution via stored cross-site scripting in web interface [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2451509
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-45d8852ca3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: gstreamer1-vaapi-1.26.11-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5e16254ca6
2026-04-03 17:03:00.363057+00:00
--------------------------------------------------------------------------------
Name : gstreamer1-vaapi
Product : Fedora 42
Version : 1.26.11
Release : 1.fc42
URL : https://cgit.freedesktop.org/gstreamer/gstreamer-vaapi
Summary : GStreamer plugins to use VA API video acceleration
Description :
A collection of GStreamer plugins to let you make use of VA API video
acceleration from GStreamer applications.
Includes elements for video decoding, display, encoding and post-processing
using VA API (subject to hardware limitations).
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5e16254ca6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: gstreamer1-plugins-base-1.26.11-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5e16254ca6
2026-04-03 17:03:00.363057+00:00
--------------------------------------------------------------------------------
Name : gstreamer1-plugins-base
Product : Fedora 42
Version : 1.26.11
Release : 1.fc42
URL : http://gstreamer.freedesktop.org/
Summary : GStreamer streaming media framework base plugins
Description :
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plug-ins.
This package contains a set of well-maintained base plug-ins.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5e16254ca6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: gstreamer1-plugins-bad-free-1.26.11-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5e16254ca6
2026-04-03 17:03:00.363057+00:00
--------------------------------------------------------------------------------
Name : gstreamer1-plugins-bad-free
Product : Fedora 42
Version : 1.26.11
Release : 1.fc42
URL : http://gstreamer.freedesktop.org/
Summary : GStreamer streaming media framework "bad" plugins
Description :
GStreamer is a streaming media framework, based on graphs of elements which
operate on media data.
This package contains plug-ins that aren't tested well enough, or the code
is not of good enough quality.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
* Mon Feb 16 2026 Marcin Juszkiewicz [mjuszkiewicz@redhat.com] - 1.26.10-2
- Disable onnx on riscv64 port
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5e16254ca6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: gstreamer1-plugin-libav-1.26.11-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5e16254ca6
2026-04-03 17:03:00.363057+00:00
--------------------------------------------------------------------------------
Name : gstreamer1-plugin-libav
Product : Fedora 42
Version : 1.26.11
Release : 1.fc42
URL : https://gstreamer.freedesktop.org/
Summary : GStreamer FFmpeg/LibAV plugin
Description :
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plugins.
This package provides FFmpeg/LibAV GStreamer plugin.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5e16254ca6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: gstreamer1-1.26.11-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5e16254ca6
2026-04-03 17:03:00.363057+00:00
--------------------------------------------------------------------------------
Name : gstreamer1
Product : Fedora 42
Version : 1.26.11
Release : 1.fc42
URL : http://gstreamer.freedesktop.org/
Summary : GStreamer streaming media framework runtime
Description :
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plugins.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5e16254ca6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: python-gstreamer1-1.26.11-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5e16254ca6
2026-04-03 17:03:00.363057+00:00
--------------------------------------------------------------------------------
Name : python-gstreamer1
Product : Fedora 42
Version : 1.26.11
Release : 1.fc42
URL : http://gstreamer.freedesktop.org/
Summary : Python bindings for GStreamer
Description :
This module contains PyGObject overrides to make it easier to write
applications that use GStreamer 1.x in Python.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
* Thu Jan 29 2026 Yaakov Selkowitz [yselkowi@redhat.com] - 1.26.10-2
- Import typing_extensions only when type checking
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5e16254ca6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: gst-devtools-1.26.11-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5e16254ca6
2026-04-03 17:03:00.363057+00:00
--------------------------------------------------------------------------------
Name : gst-devtools
Product : Fedora 42
Version : 1.26.11
Release : 1.fc42
URL : https://gstreamer.freedesktop.org/src/gst-devtools
Summary : Development and debugging tools for GStreamer
Description :
Development and debugging tools for GStreamer.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5e16254ca6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: gstreamer1-plugins-ugly-free-1.26.11-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5e16254ca6
2026-04-03 17:03:00.363057+00:00
--------------------------------------------------------------------------------
Name : gstreamer1-plugins-ugly-free
Product : Fedora 42
Version : 1.26.11
Release : 1.fc42
URL : http://gstreamer.freedesktop.org/
Summary : GStreamer streaming media framework "ugly" plugins
Description :
GStreamer is a streaming media framework, based on graphs of elements which
operate on media data.
This package contains plug-ins whose license is not fully compatible with LGPL.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5e16254ca6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: gstreamer1-rtsp-server-1.26.11-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5e16254ca6
2026-04-03 17:03:00.363057+00:00
--------------------------------------------------------------------------------
Name : gstreamer1-rtsp-server
Product : Fedora 42
Version : 1.26.11
Release : 1.fc42
URL : http://gstreamer.freedesktop.org/
Summary : GStreamer RTSP server library
Description :
A GStreamer-based RTSP server library.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5e16254ca6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: gstreamer1-plugins-good-1.26.11-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5e16254ca6
2026-04-03 17:03:00.363057+00:00
--------------------------------------------------------------------------------
Name : gstreamer1-plugins-good
Product : Fedora 42
Version : 1.26.11
Release : 1.fc42
URL : http://gstreamer.freedesktop.org/
Summary : GStreamer plugins with good code and licensing
Description :
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plugins.
GStreamer Good Plugins is a collection of well-supported plugins of
good quality and under the LGPL license.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5e16254ca6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: gst-editing-services-1.26.11-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5e16254ca6
2026-04-03 17:03:00.363057+00:00
--------------------------------------------------------------------------------
Name : gst-editing-services
Product : Fedora 42
Version : 1.26.11
Release : 1.fc42
URL : http://cgit.freedesktop.org/gstreamer/gst-editing-services/
Summary : Gstreamer editing services
Description :
This is a high-level library for facilitating the creation of audio/video
non-linear editors.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5e16254ca6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: gstreamer1-doc-1.26.11-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5e16254ca6
2026-04-03 17:03:00.363057+00:00
--------------------------------------------------------------------------------
Name : gstreamer1-doc
Product : Fedora 42
Version : 1.26.11
Release : 1.fc42
URL : http://gstreamer.freedesktop.org/
Summary : GStreamer documentation
Description :
GStreamer documentation.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5e16254ca6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: python3.13-3.13.12-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-49aedae50d
2026-04-03 17:03:00.363053+00:00
--------------------------------------------------------------------------------
Name : python3.13
Product : Fedora 42
Version : 3.13.12
Release : 2.fc42
URL : https://www.python.org/
Summary : Version 3.13 of the Python interpreter
Description :
Python 3.13 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2026-4519.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2026 Lum??r Balhar [lbalhar@redhat.com] - 3.13.12-2
- Security fix for CVE-2026-4519 (rhbz#2449729)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2449729 - CVE-2026-4519 python3.13: Python: Command-line option injection in webbrowser.open() via crafted URLs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449729
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-49aedae50d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: freerdp-3.24.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-07418a381f
2026-04-03 17:03:00.363050+00:00
--------------------------------------------------------------------------------
Name : freerdp
Product : Fedora 42
Version : 3.24.2
Release : 1.fc42
URL : http://www.freerdp.com/
Summary : Free implementation of the Remote Desktop Protocol (RDP)
Description :
The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP
project.
xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows
machines, xrdp and VirtualBox.
--------------------------------------------------------------------------------
Update Information:
Update to 3.24.2
It fixes CVE-2026-33952, CVE-2026-33977, CVE-2026-33982, CVE-2026-33983,
CVE-2026-33984, CVE-2026-33985, CVE-2026-33986, CVE-2026-33987 and
CVE-2026-33995.
Update to 3.24.0 (CVE-2026-29774, CVE-2026-29775, CVE-2026-29776,
CVE-2026-31806, CVE-2026-31883, CVE-2026-31884, CVE-2026-31885, CVE-2026-31897)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2026 Ondrej Holy [oholy@redhat.com] - 2:3.24.2-1
- Update to 3.24.2 (CVE-2026-33952, CVE-2026-33977, CVE-2026-33982,
CVE-2026-33983, CVE-2026-33984, CVE-2026-33985, CVE-2026-33986,
CVE-2026-33987, CVE-2026-33995)
Resolves: rhbz#2448592
* Tue Mar 17 2026 Adam Williamson [awilliam@redhat.com] - 2:3.24.0-2
- Backport PR #12484 to fix NTLM auth broken in 3.24.0
* Mon Mar 16 2026 Ondrej Holy [oholy@redhat.com] - 2:3.24.0-1
- Update to 3.24.0 (CVE-2026-29774, CVE-2026-29775, CVE-2026-29776,
CVE-2026-31806, CVE-2026-31883, CVE-2026-31884, CVE-2026-31885,
CVE-2026-31897)
Resolves: rhbz#2447295, rhbz#2447393, rhbz#2447412, rhbz#2447415
Resolves: rhbz#2447417, rhbz#2447419, rhbz#2447423, rhbz#2447428
Resolves: rhbz#2447431
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-07418a381f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: openbao-2.5.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fba501f889
2026-04-03 17:03:00.363045+00:00
--------------------------------------------------------------------------------
Name : openbao
Product : Fedora 42
Version : 2.5.2
Release : 1.fc42
URL : https://openbao.org
Summary : A tool for securely accessing secrets
Description :
Openbao secures, stores, and tightly controls access to tokens, passwords,
certificates, API keys, and other secrets in modern computing. Openbao handles
leasing, key revocation, key rolling, and auditing. Through a unified API, users
can access an encrypted Key/Value store and network encryption-as-a-service, or
generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH
credentials, and more.
--------------------------------------------------------------------------------
Update Information:
Update to upstream 2.5.2, including fixes for CVE-2026-33757 and CVE-2026-33758
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 25 2026 Dave Dykstra - 2.5.2-1
- update to upstream 2.5.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2452352 - CVE-2026-33757 openbao: lack of user confirmation for OpenBao OIDC direct callback mode [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2452352
[ 2 ] Bug #2452355 - CVE-2026-33758 openbao: reflected XSS in OpenBao OIDC authentication error message [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2452355
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fba501f889' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: bind9-next-9.21.20-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bcc66a29da
2026-04-03 17:03:00.363034+00:00
--------------------------------------------------------------------------------
Name : bind9-next
Product : Fedora 42
Version : 9.21.20
Release : 1.fc42
URL : https://www.isc.org/downloads/bind/
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Description :
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.
--------------------------------------------------------------------------------
Update Information:
Update to 9.21.20 (rhbz#2440560)
Security Fixes:
Fix unbounded NSEC3 iterations when validating referrals to unsigned
delegations. (CVE-2026-1519)
Fix memory leaks in code preparing DNSSEC proofs of non-existence.
(CVE-2026-3104)
Prevent a crash in code processing queries containing a TKEY record.
(CVE-2026-3119)
Fix a stack use-after-return flaw in SIG(0) handling code. (CVE-2026-3591)
New Features:
Provide response round-trip time (RTT) counters via statistics channel.
Introduce max-delegation-servers configuration option.
Bug Fixes:
Fix parsing key inactivation time in KASP code.
Fix the handling of key statements defined inside views.
Update to 9.21.19
Security Fixes:
Fix a use-after-free error in dns_client_resolve() triggered by a DNAME
response.
Fix a NULL pointer dereference in qp-trie cache code.
Immediately remove purged ADB names and entries from the SIEVE list.
Feature Changes:
Record query time for all dnstap responses.
Optimize TCP source port selection on Linux.
and multiple bug fixes.
Update to 9.21.18
Feature Changes:
Enable minimal ANY answers by default.
Lowercase the NSEC Next Domain Name field.
Update requirements for system test suite.
Bug Fixes:
Make catalog zone names and member zones' entry names case-insensitive. [GL
#5693]
Fix implementation of BRID and HHIT record types. [GL #5710]
Fix implementation of DSYNC record type. [GL #5711]
Fix response policy and catalog zones to work with $INCLUDE directive.
Source:
https://downloads.isc.org/isc/bind9/9.21.20/doc/arm/html/notes.html#notes-for-
bind-9-21-20
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 25 2026 Petr Men????k [pemensik@redhat.com] - 32:9.21.20-1
- Update to 9.21.20 (rhbz#2440560)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2440560 - bind9-next-9.21.20 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2440560
[ 2 ] Bug #2451573 - CVE-2026-3591 bind9-next: BIND: Unauthorized access due to use-after-return vulnerability in DNS query handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2451573
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bcc66a29da' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: libopenmpt-0.8.6-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e2621c29b2
2026-04-03 17:03:00.362998+00:00
--------------------------------------------------------------------------------
Name : libopenmpt
Product : Fedora 42
Version : 0.8.6
Release : 1.fc42
URL : https://lib.openmpt.org/libopenmpt/
Summary : C/C++ library to decode tracker music module (MOD) files
Description :
libopenmpt is a cross-platform C++ and C library to decode tracked music
files (modules) into a raw PCM audio stream.
libopenmpt is based on the player code of the OpenMPT project (Open
ModPlug Tracker). In order to avoid code base fragmentation, libopenmpt is
developed in the same source code repository as OpenMPT.
--------------------------------------------------------------------------------
Update Information:
Update from 0.8.5 to 0.8.6 to fix regression:
https://lib.openmpt.org/libopenmpt/2026/03/24/security-
updates-0.8.6-0.7.19-0.6.28-0.5.42-0.4.54/
Potential security fix plus bug-fixes in 0.8.5:
https://lib.openmpt.org/libopenmpt/2026/03/22/security-
updates-0.8.5-0.7.18-0.6.27-0.5.41-0.4.53/
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 24 2026 Michael Schwendt [mschwendt@fedoraproject.org] - 0.8.6-1
- update to 0.8.6 which fixes regression in 0.8.5
* Sun Mar 22 2026 Michael Schwendt [mschwendt@fedoraproject.org] - 0.8.5-1
- update to 0.8.5
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.8.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e2621c29b2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: cmake-3.31.11-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-31c619152e
2026-04-03 17:03:00.362990+00:00
--------------------------------------------------------------------------------
Name : cmake
Product : Fedora 42
Version : 3.31.11
Release : 1.fc42
URL : http://www.cmake.org
Summary : Cross-platform make system
Description :
CMake is used to control the software compilation process using simple
platform and compiler independent configuration files. CMake generates
native makefiles and workspaces that can be used in the compiler
environment of your choice. CMake is quite sophisticated: it is possible
to support complex environments requiring system configuration, preprocessor
generation, code generation, and template instantiation.
--------------------------------------------------------------------------------
Update Information:
Update to v3.31.11.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 22 2026 Bj??rn Esser [besser82@fedoraproject.org] - 3.31.11-1
- cmake-3.31.11
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2390122 - CVE-2025-9301 cmake: cmake reachable assertion [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2390122
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-31c619152e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
