Fedora Security Advisories

• pyOpenSSL-26.0.0-1.fc44

Update to version 26.0.0

• Added support for using aws-lc instead of OpenSSL.
• Properly raise an error if a DTLS cookie callback returned a cookie longer than DTLS1_COOKIE_LENGTH bytes. Previously this would result in a buffer-overflow. Credit to dark_haxor for reporting the issue. CVE-2026-27459
• Added OpenSSL.SSL.Connection.get_group_name to determine which group name was negotiated.
• Context.set_tlsext_servername_callback now handles exceptions raised in the callback by calling sys.excepthook and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to Leury Castillo for reporting this issue. CVE-2026-27448

• headscale-0.28.0-1.fc44

update to 0.28.0

• headscale-0.28.0-1.fc43

update to 0.28.0

• openssh-10.2p1-6.fc44

• CVE-2026-3497: Fix information disclosure or denial of service due to uninitialized variables in gssapi-keyex

• openssh-9.9p1-13.fc42

• CVE-2026-3497: Fix information disclosure or denial of service due to uninitialized variables in gssapi-keyex

• openssh-10.0p1-7.fc43

• CVE-2026-3497: Fix information disclosure or denial of service due to uninitialized variables in gssapi-keyex

• fontforge-20230101-20.fc43

Resolves: CVE-2025-15270

• fontforge-20230101-19.fc42

Resolves: CVE-2025-15270

• vtk-9.2.6-44.fc43

Add patch to fix integer overflow on 32-bit in KissFFT (CVE-2025-34297)

• vtk-9.2.6-38.fc42

Add patch to fix integer overflow on 32-bit in KissFFT (CVE-2025-34297)

• xen-4.21.0-5.fc44

Use after free of paging structures in EPT [XSA-480, CVE-2026-23554] Xenstored DoS by unprivileged domain [XSA-481, CVE-2026-23555]

• dotnet8.0-8.0.125-1.fc42

This is the March 2026 release of .NET 8

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.25/8.0.125.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.25/8.0.25.md

• dotnet8.0-8.0.125-1.fc43

This is the March 2026 release of .NET 8

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.25/8.0.125.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.25/8.0.25.md

• dotnet8.0-8.0.125-1.fc44

This is the March 2026 release of .NET 8

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.25/8.0.125.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.25/8.0.25.md

• wireshark-4.6.4-2.fc44

Enabling a couple of python tools

New version 6.4.6

• dotnet9.0-9.0.115-1.fc42

This is the March 2026 release of .NET 9.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.14/9.0.115.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.14/9.0.14.md

• dotnet9.0-9.0.115-1.fc43

This is the March 2026 release of .NET 9.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.14/9.0.115.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.14/9.0.14.md

• dotnet9.0-9.0.115-1.fc44

This is the March 2026 release of .NET 9.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.14/9.0.115.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.14/9.0.14.md

• dotnet10.0-10.0.104-1.fc42

This is the March 2026 release of .NET 10.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/10.0/10.0.4/10.0.104.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/10.0/10.0.4/10.0.4.md

• dotnet10.0-10.0.104-1.fc43

This is the March 2026 release of .NET 10.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/10.0/10.0.4/10.0.104.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/10.0/10.0.4/10.0.4.md