Fedora Security Advisories

FEDORA-EPEL-2026-8d8337c33f Packages in this update:

• roundcubemail-1.6.13-1.el10_2

Update description: Release 1.6.13

• Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075)
• Fix remote image blocking bypass via SVG content reported by nullcathedral
• Fix CSS injection vulnerability reported by CERT Polska

FEDORA-2026-547e298156 Packages in this update:

• roundcubemail-1.6.13-1.fc43

Update description: Release 1.6.13

• Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075)
• Fix remote image blocking bypass via SVG content reported by nullcathedral
• Fix CSS injection vulnerability reported by CERT Polska

FEDORA-EPEL-2026-eea9bfd64c Packages in this update:

• roundcubemail-1.6.13-1.el10_1

Update description: Release 1.6.13

• Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075)
• Fix remote image blocking bypass via SVG content reported by nullcathedral
• Fix CSS injection vulnerability reported by CERT Polska

FEDORA-2026-d684b372f1 Packages in this update:

• roundcubemail-1.6.13-1.fc42

Update description: Release 1.6.13

• Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075)
• Fix remote image blocking bypass via SVG content reported by nullcathedral
• Fix CSS injection vulnerability reported by CERT Polska

FEDORA-EPEL-2026-8701071c67 Packages in this update:

• roundcubemail-1.5.13-1.el9

Update description: Release 1.5.13

• Fix remote image blocking bypass via SVG content reported by nullcathedral
• Fix CSS injection vulnerability reported by CERT Polska

FEDORA-2026-adbfebd04b Packages in this update:

• fvwm3-1.1.4-4.fc43

Update description:

Fix CVE-2025-65637.

FEDORA-2026-439af2cc95 Packages in this update:

• fvwm3-1.1.4-4.fc42

Update description:

Fix CVE-2025-65637.

FEDORA-2026-2b6035ee2b Packages in this update:

• gnutls-3.8.11-3.fc42

Update description:

This backports fixes for a couple CVEs:

** libgnutls: Fix NULL pointer dereference in PSK binder verification A TLS 1.3 resumption attempt with an invalid PSK binder value in ClientHello could lead to a denial of service attack via crashing the server. The updated code guards against the problematic dereference. Reported by Jaehun Lee. [Fixes: GNUTLS-SA-2026-02-09-1, CVSS: high] [CVE-2026-1584]

** libgnutls: Fix name constraint processing performance issue Verifying certificates with pathological amounts of name constraints could lead to a denial of service attack via resource exhaustion. Reworked processing algorithms exhibit better performance characteristics. Reported by Tim Scheckenbach. [Fixes: GNUTLS-SA-2026-02-09-2, CVSS: medium] [CVE-2025-14831]

FEDORA-2026-ef7170c9f6 Packages in this update:

• gnutls-3.8.12-1.fc43

Update description:

This fixes a couple CVEs:

** libgnutls: Fix NULL pointer dereference in PSK binder verification A TLS 1.3 resumption attempt with an invalid PSK binder value in ClientHello could lead to a denial of service attack via crashing the server. The updated code guards against the problematic dereference. Reported by Jaehun Lee. [Fixes: GNUTLS-SA-2026-02-09-1, CVSS: high] [CVE-2026-1584]

** libgnutls: Fix name constraint processing performance issue Verifying certificates with pathological amounts of name constraints could lead to a denial of service attack via resource exhaustion. Reworked processing algorithms exhibit better performance characteristics. Reported by Tim Scheckenbach. [Fixes: GNUTLS-SA-2026-02-09-2, CVSS: medium] [CVE-2025-14831]

FEDORA-2026-7982f70f74 Packages in this update:

• p11-kit-0.26.2-1.fc42

Update description:

Notable changes from the rebase: * pkcs11: Update PKCS11 headers to version 3.2 * rpc: fix NULL dereference via C_DeriveKey with specific NULL parameters (CVE-2026-2100) * trust: Lookup DNs in reverse order (RFC4514 section 2.1)

FEDORA-2026-f1fabb2a49 Packages in this update:

• p11-kit-0.26.2-1.fc43

Update description:

Notable changes from the rebase: * pkcs11: Update PKCS11 headers to version 3.2 * rpc: fix NULL dereference via C_DeriveKey with specific NULL parameters (CVE-2026-2100) * trust: Lookup DNs in reverse order (RFC4514 section 2.1)

FEDORA-2026-0d8264f449 Packages in this update:

• libssh-0.11.4-1.fc42

Update description:

New upstream release fixing various security issues.

FEDORA-2026-53b80475c3 Packages in this update:

• libssh-0.11.4-1.fc43

Update description:

New upstream release fixing several security issues

FEDORA-2026-a92ff0085d Packages in this update:

• selenium-manager-4.34.0-6.fc45

Update description:

Automatic update for selenium-manager-4.34.0-6.fc45.

Changelog * Tue Feb 10 2026 tjuhasz <tjuhasz@redhat.com> - 4.34.0-6 - Rebuild for CVE-2026-25727 (rhbz#2438154)

FEDORA-2026-3beebfc8ff Packages in this update:

• azure-cli-2.68.0-2.fc42
• python-azure-core-1.38.0-2.fc42

Update description:

Update to 1.38.0 to address CVE-2026-21226

FEDORA-2026-45e69bddb9 Packages in this update:

• azure-cli-2.81.0-2.fc43
• python-azure-core-1.38.0-2.fc43

Update description:

Update to 1.38.0 to address CVE-2026-21226

FEDORA-2026-e0c0434efb Packages in this update:

• mingw-python3-3.11.14-7.fc43

Update description:

Backport fixes for CVE-2025-11468, CVE-2026-0672, CVE-2026-0865, CVE-2025-15282, CVE-2026-1299

FEDORA-2026-c8b3418f91 Packages in this update:

• mingw-python3-3.11.14-7.fc42

Update description:

Backport fixes for CVE-2025-11468, CVE-2026-0672, CVE-2026-0865, CVE-2025-15282, CVE-2026-1299

FEDORA-2026-44af0f2383 Packages in this update:

• mingw-libsoup-2.74.3-17.fc43

Update description:

Backport fixes for CVE-2026-0716, CVE-2026-0719.

FEDORA-2026-07b73214fc Packages in this update:

• mingw-libsoup-2.74.3-17.fc42

Update description:

Backport fixes for CVE-2026-0716, CVE-2026-0719.