Fedora Security Advisories

libpng-1.6.56-1.fc44

Fedora Security Advisories
5 hours 29 minutes ago
FEDORA-2026-c6c617fe35 Packages in this update:
  • libpng-1.6.56-1.fc44
Update description:

1.6.56 is release fixes for the following two security vulnerabilities:

  • CVE-2026-33416 (high severity): Use-after-free memory bug in the transparency and palette-handling code. Similar to its predecessor CVE-2026-25646, this latent bug has existed for 25 years. Both Halil Oktay and Ryo Shimada discovered it within days of one another.

  • CVE-2026-33636 (high severity): Out-of-bounds read and write vulnerability in the ARM Neon palette-expansion code. This one was found and fixed by Taegu Ha and has existed since 1.6.36.

The images that trigger these bugs are valid. Users are encouraged to update immediately.

libpng-1.6.56-1.fc43

Fedora Security Advisories
5 hours 29 minutes ago
FEDORA-2026-67c20bfb74 Packages in this update:
  • libpng-1.6.56-1.fc43
Update description:

1.6.56 is release fixes for the following two security vulnerabilities:

  • CVE-2026-33416 (high severity): Use-after-free memory bug in the transparency and palette-handling code. Similar to its predecessor CVE-2026-25646, this latent bug has existed for 25 years. Both Halil Oktay and Ryo Shimada discovered it within days of one another.

  • CVE-2026-33636 (high severity): Out-of-bounds read and write vulnerability in the ARM Neon palette-expansion code. This one was found and fixed by Taegu Ha and has existed since 1.6.36.

The images that trigger these bugs are valid. Users are encouraged to update immediately.

libpng-1.6.56-1.fc42

Fedora Security Advisories
5 hours 30 minutes ago
FEDORA-2026-ba18a54554 Packages in this update:
  • libpng-1.6.56-1.fc42
Update description:

1.6.56 is release fixes for the following two security vulnerabilities:

  • CVE-2026-33416 (high severity): Use-after-free memory bug in the transparency and palette-handling code. Similar to its predecessor CVE-2026-25646, this latent bug has existed for 25 years. Both Halil Oktay and Ryo Shimada discovered it within days of one another.

  • CVE-2026-33636 (high severity): Out-of-bounds read and write vulnerability in the ARM Neon palette-expansion code. This one was found and fixed by Taegu Ha and has existed since 1.6.36.

The images that trigger these bugs are valid. Users are encouraged to update immediately.

usd-26.03-2.fc45

Fedora Security Advisories
21 hours 12 minutes ago
FEDORA-2026-abd4c1829d Packages in this update:
  • usd-26.03-2.fc45
Update description:

Automatic update for usd-26.03-2.fc45.

Changelog * Mon Apr 6 2026 Benjamin A. Beasley <code@musicinmybrain.net> - 26.03-2 - Backport fix for CVE-2026-34544 in OpenEXRCore - Fixes RHBZ#2454226

NetworkManager-ssh-1.4.3-1.fc45

Fedora Security Advisories
3 days 9 hours ago
FEDORA-2026-87e30fe05b Packages in this update:
  • NetworkManager-ssh-1.4.3-1.fc45
Update description:

Automatic update for NetworkManager-ssh-1.4.3-1.fc45.

Changelog * Fri Apr 3 2026 Dan Fruehauf <malkodan@gmail.com> - 1.4.3-1 - Always run autoreconf -fvi - Fix file access for private key and known hosts (rhbz#2428396) - Fix pkg-config macro - Move D-Bus policy file to /usr/share/dbus-1/system.d/

libopenmpt-0.8.6-1.el9

Fedora Security Advisories
3 days 15 hours ago
FEDORA-EPEL-2026-f68290c016 Packages in this update:
  • libopenmpt-0.8.6-1.el9
Update description: libopenmpt 0.8.6 (2026-03-24)
  • [Sec] The security fix in libopenmpt 0.8.5 (r25042) was incomplete, causing a regression when playing short looped (“chip”) samples (r25084).
libopenmpt 0.8.5 (2026-03-22)
  • [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop. (r25042).
  • MOD: ProTracker arpeggio wrapraound results in an effective period of 65536 on Paula, not pausing the sample entirely.
  • ULT: Loop points were incorrectly limited for 16-bit samples.
  • zlib: Update to v1.3.2 (2026-02-17).
  • miniz: Update to v3.1.1 (2026-02-03).
Checked
23 minutes 49 seconds ago
URL
https://bodhi.fedoraproject.org/rss/updates/?type=security