Fedora Security Advisories

FEDORA-2026-0523662d59 Packages in this update:

• bpfman-0.5.4-6.fc45

Update description:

Automatic update for bpfman-0.5.4-6.fc45.

Changelog * Wed Mar 11 2026 Daniel Mellado <dmellado@fedoraproject.org> - 0.5.4-6 - Fix CVE-2026-31812: Bump quinn-proto to 0.11.14 - Closes rhbz#2446359

FEDORA-EPEL-2026-108ee839c4 Packages in this update:

• wordpress-6.9.3-1.el10_2

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4

FEDORA-2026-d8dab3284b Packages in this update:

• wordpress-6.9.3-1.fc43

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4

FEDORA-EPEL-2026-f5c7dc5bca Packages in this update:

• wordpress-6.9.3-1.el10_1

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4

FEDORA-EPEL-2026-299b865866 Packages in this update:

• wordpress-6.9.3-1.el10_3

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4

FEDORA-2026-e53e7de687 Packages in this update:

• wordpress-6.9.3-1.fc44

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4

FEDORA-2026-30aaa038c8 Packages in this update:

• wordpress-6.9.3-1.fc42

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4

FEDORA-EPEL-2026-79019fe4ae Packages in this update:

• wordpress-6.9.3-1.el9

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4

FEDORA-2026-62f9125c65 Packages in this update:

• aqualung-2.0-6.fc44
• mac-12.50-1.fc44

Update description:

Latest Monkey's Audio Codec release. Changelog: https://monkeysaudio.com/versionhistory.html . Fixes CVE-2025-61043.

FEDORA-2026-beac8e1f11 Packages in this update:

• dnf5-5.2.18.0-2.fc42

Update description:

This release fixes CVE-2026-3836 (a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client.

FEDORA-2026-4e264a94a4 Packages in this update:

• dnf5-5.2.18.0-2.fc43

Update description:

This release fixes CVE-2026-3836 (a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client.

FEDORA-2026-6072c6888a Packages in this update:

• dnf5-5.4.0.0-2.fc44

Update description:

This release fixes CVE-2026-3836 (a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client.

Update to upstream release 5.4.0.0. Full changelog.

FEDORA-2026-f136c4b06c Packages in this update:

• wireshark-4.6.4-1.fc44

Update description:

New version 6.4.6

FEDORA-2026-aeb63d9dfb Packages in this update:

• kiss-fft-131.2.0-1.fc42

Update description:

Update to 131.2.0

FEDORA-2026-291357abab Packages in this update:

• kiss-fft-131.2.0-1.fc43

Update description:

Update to 131.2.0

FEDORA-2026-ecc754cb95 Packages in this update:

• kiss-fft-131.2.0-1.fc44

Update description:

Update to 131.2.0

FEDORA-EPEL-2026-53aded8e0e Packages in this update:

• cpp-httplib-0.37.0-1.el9

Update description: Update to 0.37.0 (rhbz#2441656)

• Fixes Denial of Service via crafted HTTP POST request (CVE-2026-29076, rhbz#2445663)

Update to 0.35.0

• Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies (CVE-2026-28435, rhbz#2444638)
• Default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header (CVE-2026-28434, rhbz#2444636)

https://github.com/yhirose/cpp-httplib/compare/v0.32.0...v0.37.0

FEDORA-2026-2c2afa9f9e Packages in this update:

• cpp-httplib-0.37.0-1.fc44

Update description: Update to 0.37.0 (rhbz#2441656)

• Fixes Denial of Service via crafted HTTP POST request (CVE-2026-29076, rhbz#2445663)

Update to 0.35.0

• Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies (CVE-2026-28435, rhbz#2444638)
• Default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header (CVE-2026-28434, rhbz#2444636)

https://github.com/yhirose/cpp-httplib/compare/v0.32.0...v0.37.0

FEDORA-2026-6ed9c65eaf Packages in this update:

• cpp-httplib-0.37.0-1.fc42

Update description: Update to 0.37.0 (rhbz#2441656)

• Fixes Denial of Service via crafted HTTP POST request (CVE-2026-29076, rhbz#2445663)

Update to 0.35.0

• Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies (CVE-2026-28435, rhbz#2444638)
• Default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header (CVE-2026-28434, rhbz#2444636)

https://github.com/yhirose/cpp-httplib/compare/v0.32.0...v0.37.0

FEDORA-2026-c2049f7220 Packages in this update:

• cpp-httplib-0.37.0-1.fc43

Update description: Update to 0.37.0 (rhbz#2441656)

• Fixes Denial of Service via crafted HTTP POST request (CVE-2026-29076, rhbz#2445663)

Update to 0.35.0

• Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies (CVE-2026-28435, rhbz#2444638)
• Default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header (CVE-2026-28434, rhbz#2444636)

https://github.com/yhirose/cpp-httplib/compare/v0.32.0...v0.37.0