Fedora Security Advisories

freerdp-3.24.2-1.fc42

1 hour 39 minutes ago
FEDORA-2026-07418a381f Packages in this update:
  • freerdp-3.24.2-1.fc42
Update description:

Update to 3.24.2

It fixes CVE-2026-33952, CVE-2026-33977, CVE-2026-33982, CVE-2026-33983, CVE-2026-33984, CVE-2026-33985, CVE-2026-33986, CVE-2026-33987 and CVE-2026-33995.

Update to 3.24.0 (CVE-2026-29774, CVE-2026-29775, CVE-2026-29776, CVE-2026-31806, CVE-2026-31883, CVE-2026-31884, CVE-2026-31885, CVE-2026-31897)

freerdp-3.24.2-1.fc43

1 hour 39 minutes ago
FEDORA-2026-f6fe509803 Packages in this update:
  • freerdp-3.24.2-1.fc43
Update description:

Update to 3.24.2

It fixes CVE-2026-33952, CVE-2026-33977, CVE-2026-33982, CVE-2026-33983, CVE-2026-33984, CVE-2026-33985, CVE-2026-33986, CVE-2026-33987 and CVE-2026-33995.

freerdp-3.24.2-1.fc44

1 hour 39 minutes ago
FEDORA-2026-36ea367760 Packages in this update:
  • freerdp-3.24.2-1.fc44
Update description:

Update to 3.24.2

It fixes CVE-2026-33952, CVE-2026-33977, CVE-2026-33982, CVE-2026-33983, CVE-2026-33984, CVE-2026-33985, CVE-2026-33986, CVE-2026-33987 and CVE-2026-33995.

openbao-2.5.2-1.fc43

13 hours 32 minutes ago
FEDORA-2026-a9c2a486a6 Packages in this update:
  • openbao-2.5.2-1.fc43
Update description:

Update to upstream 2.5.2, including fixes for CVE-2026-33757 and CVE-2026-33758

openbao-2.5.2-1.el10_1

13 hours 32 minutes ago
FEDORA-EPEL-2026-0649f3a8b7 Packages in this update:
  • openbao-2.5.2-1.el10_1
Update description:

Update to upstream 2.5.2, including fixes for CVE-2026-33757 and CVE-2026-33758

openbao-2.5.2-1.fc42

13 hours 32 minutes ago
FEDORA-2026-fba501f889 Packages in this update:
  • openbao-2.5.2-1.fc42
Update description:

Update to upstream 2.5.2, including fixes for CVE-2026-33757 and CVE-2026-33758

openbao-2.5.2-1.el9

13 hours 32 minutes ago
FEDORA-EPEL-2026-edf72f1c4c Packages in this update:
  • openbao-2.5.2-1.el9
Update description:

Update to upstream 2.5.2, including fixes for CVE-2026-33757 and CVE-2026-33758

openbao-2.5.2-1.el10_3

13 hours 32 minutes ago
FEDORA-EPEL-2026-3ca530e604 Packages in this update:
  • openbao-2.5.2-1.el10_3
Update description:

Update to upstream 2.5.2, including fixes for CVE-2026-33757 and CVE-2026-33758

openbao-2.5.2-1.el10_2

13 hours 32 minutes ago
FEDORA-EPEL-2026-573863831f Packages in this update:
  • openbao-2.5.2-1.el10_2
Update description:

Update to upstream 2.5.2, including fixes for CVE-2026-33757 and CVE-2026-33758

openbao-2.5.2-1.fc44

13 hours 32 minutes ago
FEDORA-2026-bb074cb239 Packages in this update:
  • openbao-2.5.2-1.fc44
Update description:

Update to upstream 2.5.2, including fixes for CVE-2026-33757 and CVE-2026-33758

openbao-2.5.2-1.el8

13 hours 32 minutes ago
FEDORA-EPEL-2026-69cfe25adc Packages in this update:
  • openbao-2.5.2-1.el8
Update description:

Update to upstream 2.5.2, including fixes for CVE-2026-33757 and CVE-2026-33758

bind9-next-9.21.20-1.fc44

15 hours 7 minutes ago
FEDORA-2026-01c20fe8ca Packages in this update:
  • bind9-next-9.21.20-1.fc44
Update description: Update to 9.21.20 (rhbz#2440560) Security Fixes:
  • Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. (CVE-2026-1519)
  • Fix memory leaks in code preparing DNSSEC proofs of non-existence. (CVE-2026-3104)
  • Prevent a crash in code processing queries containing a TKEY record. (CVE-2026-3119)
  • Fix a stack use-after-return flaw in SIG(0) handling code. (CVE-2026-3591)
New Features:
  • Provide response round-trip time (RTT) counters via statistics channel.
  • Introduce max-delegation-servers configuration option.
Bug Fixes:
  • Fix parsing key inactivation time in KASP code.
  • Fix the handling of key statements defined inside views.
Update to 9.21.19 Security Fixes:
  • Fix a use-after-free error in dns_client_resolve() triggered by a DNAME response.
  • Fix a NULL pointer dereference in qp-trie cache code.
  • Immediately remove purged ADB names and entries from the SIEVE list.
Feature Changes:
  • Record query time for all dnstap responses.
  • Optimize TCP source port selection on Linux.

and multiple bug fixes.

Update to 9.21.18 Feature Changes:
  • Enable minimal ANY answers by default.
  • Lowercase the NSEC Next Domain Name field.
  • Update requirements for system test suite.
Bug Fixes:
  • Make catalog zone names and member zones' entry names case-insensitive. [GL #5693]
  • Fix implementation of BRID and HHIT record types. [GL #5710]
  • Fix implementation of DSYNC record type. [GL #5711]
  • Fix response policy and catalog zones to work with $INCLUDE directive.

Source: https://downloads.isc.org/isc/bind9/9.21.20/doc/arm/html/notes.html#notes-for-bind-9-21-20

bind9-next-9.21.20-1.fc43

15 hours 19 minutes ago
FEDORA-2026-a6efefa854 Packages in this update:
  • bind9-next-9.21.20-1.fc43
Update description: Update to 9.21.20 (rhbz#2440560) Security Fixes:
  • Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. (CVE-2026-1519)
  • Fix memory leaks in code preparing DNSSEC proofs of non-existence. (CVE-2026-3104)
  • Prevent a crash in code processing queries containing a TKEY record. (CVE-2026-3119)
  • Fix a stack use-after-return flaw in SIG(0) handling code. (CVE-2026-3591)
New Features:
  • Provide response round-trip time (RTT) counters via statistics channel.
  • Introduce max-delegation-servers configuration option.
Bug Fixes:
  • Fix parsing key inactivation time in KASP code.
  • Fix the handling of key statements defined inside views.
Update to 9.21.19 Security Fixes:
  • Fix a use-after-free error in dns_client_resolve() triggered by a DNAME response.
  • Fix a NULL pointer dereference in qp-trie cache code.
  • Immediately remove purged ADB names and entries from the SIEVE list.
Feature Changes:
  • Record query time for all dnstap responses.
  • Optimize TCP source port selection on Linux.

and multiple bug fixes.

Update to 9.21.18 Feature Changes:
  • Enable minimal ANY answers by default.
  • Lowercase the NSEC Next Domain Name field.
  • Update requirements for system test suite.
Bug Fixes:
  • Make catalog zone names and member zones' entry names case-insensitive. [GL #5693]
  • Fix implementation of BRID and HHIT record types. [GL #5710]
  • Fix implementation of DSYNC record type. [GL #5711]
  • Fix response policy and catalog zones to work with $INCLUDE directive.

Source: https://downloads.isc.org/isc/bind9/9.21.20/doc/arm/html/notes.html#notes-for-bind-9-21-20

bind9-next-9.21.20-1.fc42

15 hours 20 minutes ago
FEDORA-2026-bcc66a29da Packages in this update:
  • bind9-next-9.21.20-1.fc42
Update description: Update to 9.21.20 (rhbz#2440560) Security Fixes:
  • Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. (CVE-2026-1519)
  • Fix memory leaks in code preparing DNSSEC proofs of non-existence. (CVE-2026-3104)
  • Prevent a crash in code processing queries containing a TKEY record. (CVE-2026-3119)
  • Fix a stack use-after-return flaw in SIG(0) handling code. (CVE-2026-3591)
New Features:
  • Provide response round-trip time (RTT) counters via statistics channel.
  • Introduce max-delegation-servers configuration option.
Bug Fixes:
  • Fix parsing key inactivation time in KASP code.
  • Fix the handling of key statements defined inside views.
Update to 9.21.19 Security Fixes:
  • Fix a use-after-free error in dns_client_resolve() triggered by a DNAME response.
  • Fix a NULL pointer dereference in qp-trie cache code.
  • Immediately remove purged ADB names and entries from the SIEVE list.
Feature Changes:
  • Record query time for all dnstap responses.
  • Optimize TCP source port selection on Linux.

and multiple bug fixes.

Update to 9.21.18 Feature Changes:
  • Enable minimal ANY answers by default.
  • Lowercase the NSEC Next Domain Name field.
  • Update requirements for system test suite.
Bug Fixes:
  • Make catalog zone names and member zones' entry names case-insensitive. [GL #5693]
  • Fix implementation of BRID and HHIT record types. [GL #5710]
  • Fix implementation of DSYNC record type. [GL #5711]
  • Fix response policy and catalog zones to work with $INCLUDE directive.

Source: https://downloads.isc.org/isc/bind9/9.21.20/doc/arm/html/notes.html#notes-for-bind-9-21-20

nginx-1.28.3-1.fc44 nginx-mod-brotli-1.0.0~rc-7.fc44 nginx-mod-fancyindex-0.6.0-2.fc44 nginx-mod-headers-more-0.39-7.fc44 nginx-mod-modsecurity-1.0.4-8.fc44 nginx-mod-naxsi-1.6-15.fc44 nginx-mod-vts-0.2.4-7.fc44

15 hours 45 minutes ago
FEDORA-2026-4de4d247a0 Packages in this update:
  • nginx-1.28.3-1.fc44
  • nginx-mod-brotli-1.0.0~rc-7.fc44
  • nginx-mod-fancyindex-0.6.0-2.fc44
  • nginx-mod-headers-more-0.39-7.fc44
  • nginx-mod-modsecurity-1.0.4-8.fc44
  • nginx-mod-naxsi-1.6-15.fc44
  • nginx-mod-vts-0.2.4-7.fc44
Update description:

nginx-mod-brotli:

  • Rebuild for 1.28.3

nginx-mod-fancyindex:

  • Rebuild for 1.28.3

nginx-mod-naxsi:

  • Rebuild for 1.28.3

nginx-mod-headers-more:

  • Rebuild for 1.28.3

nginx-mod-vts:

  • Rebuild for 1.28.3

nginx-mod-modsecurity:

  • Rebuild for 1.28.3

nginx:

  • Update to 1.28.3
  • fixes CVE-2026-27654, CVE-2026-27784, CVE-2026-32647, CVE-2026-27651, CVE-2026-28753, CVE-2026-28755
Checked
42 minutes 28 seconds ago