Fedora Security Advisories

FEDORA-EPEL-2026-b7aa3a90db Packages in this update:

• perl-Crypt-PasswdMD5-1.4.3-1.el10_2

Update description:

This update uses a cryptographically strong random number source rather than perl's rand() function to generate random salt values when required (CVE-2026-6659)

FEDORA-EPEL-2026-aeb533f7cc Packages in this update:

• perl-Crypt-PasswdMD5-1.4.3-1.el10_3

Update description:

This update uses a cryptographically strong random number source rather than perl's rand() function to generate random salt values when required (CVE-2026-6659)

FEDORA-EPEL-2026-44e2e43519 Packages in this update:

• perl-Crypt-PasswdMD5-1.4.3-1.el9

Update description:

This update uses a cryptographically strong random number source rather than perl's rand() function to generate random salt values when required (CVE-2026-6659)

FEDORA-2026-96c8ae7dbe Packages in this update:

• perl-Crypt-PasswdMD5-1.4.3-1.fc43

Update description:

This update uses a cryptographically strong random number source rather than perl's rand() function to generate random salt values when required (CVE-2026-6659)

FEDORA-2026-30d86fe986 Packages in this update:

• perl-Crypt-PasswdMD5-1.4.3-1.fc44

Update description:

This update uses a cryptographically strong random number source rather than perl's rand() function to generate random salt values when required (CVE-2026-6659)

FEDORA-EPEL-2026-cabae86b4e Packages in this update:

• perl-Crypt-PasswdMD5-1.4.3-1.el8

Update description:

This update uses a cryptographically strong random number source rather than perl's rand() function to generate random salt values when required (CVE-2026-6659)

FEDORA-2026-5f1dfcb5c8 Packages in this update:

• perl-Crypt-PasswdMD5-1.4.3-1.fc45

Update description:

Automatic update for perl-Crypt-PasswdMD5-1.4.3-1.fc45.

Changelog * Sat May 23 2026 Paul Howarth <paul@city-fan.org> - 1.4.3-1 - Update to 1.43 - Replace use of the cryptographically weak rand() function with the much stronger Crypt::URandom::urandom() (GH#3, CVE-2026-6659, rhbz#2479575) - Add Encode, Exporter, ExtUtils::MakeMaker to Makefile.PL - Add files AI_POLICY.md and SECURITY.md

FEDORA-2026-dd9cd16b18 Packages in this update:

• nginx-1.30.2-1.fc43
• nginx-mod-brotli-1.0.0~rc-10.fc43
• nginx-mod-fancyindex-0.6.0-5.fc43
• nginx-mod-headers-more-0.39-10.fc43
• nginx-mod-modsecurity-1.0.4-11.fc43
• nginx-mod-naxsi-1.6-18.fc43
• nginx-mod-vts-0.2.4-10.fc43

Update description:

nginx-mod-brotli:

• Rebuild for 1.30.2

nginx-mod-fancyindex:

• Rebuild for 1.30.2

nginx-mod-naxsi:

• Rebuild for 1.30.2

nginx-mod-headers-more:

• Rebuild for 1.30.2

nginx-mod-vts:

• Rebuild for 1.30.2

nginx-mod-modsecurity:

• Rebuild for 1.30.2

nginx:

• update to 1.30.2
• fixes CVE-2026-9256

FEDORA-2026-da68d7bf53 Packages in this update:

• nginx-1.30.2-1.fc44
• nginx-mod-brotli-1.0.0~rc-10.fc44
• nginx-mod-fancyindex-0.6.0-5.fc44
• nginx-mod-headers-more-0.39-10.fc44
• nginx-mod-js-challenge-0^20230517.gitda6852d-8.fc44
• nginx-mod-modsecurity-1.0.4-11.fc44
• nginx-mod-naxsi-1.6-18.fc44
• nginx-mod-vts-0.2.4-10.fc44

Update description:

nginx-mod-headers-more:

• Rebuild for 1.30.2

nginx-mod-vts:

• Rebuild for 1.30.2

nginx-mod-fancyindex:

• Rebuild for 1.30.2

nginx-mod-brotli:

• Rebuild for 1.30.2

nginx-mod-naxsi:

• Rebuild for 1.30.2

nginx-mod-js-challenge:

• Rebuild for 1.30.2

nginx-mod-modsecurity:

• Rebuild for 1.30.2

nginx:

• update to 1.30.2
• fixes CVE-2026-9256

FEDORA-EPEL-2026-cb90c89045 Packages in this update:

• netatalk-4.4.3-1.el10_2

Update description:

4.4.3 release

FEDORA-EPEL-2026-b4a86bd068 Packages in this update:

• netatalk-4.4.3-1.el10_3

Update description:

4.4.3 Release

FEDORA-2026-9fd50b2ff1 Packages in this update:

• netatalk-4.4.3-1.fc43

Update description:

4.4.3 Release

FEDORA-2026-e7e7bb2417 Packages in this update:

• netatalk-4.4.3-1.fc44

Update description:

4.4.3 Release

FEDORA-EPEL-2026-e7b8776a02 Packages in this update:

• libssh2-1.11.1-6.el9

Update description:

This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.

FEDORA-EPEL-2026-afcb3443a1 Packages in this update:

• libssh2-1.11.1-6.el10_2

Update description:

This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.

FEDORA-EPEL-2026-afd26ad447 Packages in this update:

• libssh2-1.11.1-6.el10_3

Update description:

This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.

FEDORA-2026-1b9134cdc9 Packages in this update:

• libssh2-1.11.1-6.fc43

Update description:

This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.

FEDORA-2026-f87ac8187c Packages in this update:

• libssh2-1.11.1-6.fc44

Update description:

This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.

FEDORA-EPEL-2026-8794c31f20 Packages in this update:

• ffmpeg-7.1.4-1.el10_3

Update description:

Latest bugfix release from 7.1 branch. Changelog: https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/d9633e6e2cbea53927c02f9c8762712551591b6a:/Changelog

Fixes:

• CVE-2025-10256
• CVE-2026-30997
• CVE-2026-40962

FEDORA-EPEL-2026-7e25a1d2ec Packages in this update:

• ffmpeg-5.1.9-1.el9

Update description:

Latest bugfix release from 5.1 branch. Changelog: https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/564e825f428c835670da3a9f31a4b49261481c25:/Changelog .

Fixes:

• CVE-2025-1594
• CVE-2025-7700
• CVE-2025-10256
• CVE-2025-22919
• CVE-2025-59728
• CVE-2025-59731
• CVE-2025-59732
• CVE-2025-59733
• CVE-2026-30997
• CVE-2026-40962