oxenstored keeps quota related use counts across domain destruction [XSA-483, CVE-2026-23556] Xenstored DoS via XS_RESET_WATCHES command [XSA-484, CVE-2026-23557] grant table v2 race in status page mapping [XSA-486, CVE-2026-23558] x86: Floating Point Divider State Sampling [XSA-488, CVE-2025-54505]
oxenstored keeps quota related use counts across domain destruction [XSA-483, CVE-2026-23556] Xenstored DoS via XS_RESET_WATCHES command [XSA-484, CVE-2026-23557] grant table v2 race in status page mapping [XSA-486, CVE-2026-23558] x86: Floating Point Divider State Sampling [XSA-488, CVE-2025-54505]
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.
This package updates Starman to 0.4018 where Transfer-Encoding now takes precedence over Content-Length.
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.
This package updates Starman to 0.4018 where Transfer-Encoding now takes precedence over Content-Length.
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.
This package updates Starman to 0.4018 where Transfer-Encoding now takes precedence over Content-Length.
Update to pyOpenSSL 26.1.0
This update adds support for cryptography v47 and fixes a single security issue:
Update to pyOpenSSL 26.1.0
This update adds support for cryptography v47 and fixes a single security issue:
Update python-cryptography to 47.0.0
As a result, rust-asn1 is bumped to 0.24, and pyOpenSSL is bumped to 26.1. kryoptic is rebuilt with a patch to support asn1 0.24.
pyOpenSSL 26.1 contains a fix for CVE-2026-40475
Fixes security defects GHSA-rpm5-65cw-6hj4, GHSA-x2qx-6953-8485, GHSA-7545-fcxq-7j24, and GHSA-v87r-6q3f-2j67.
Fixes security defects GHSA-rpm5-65cw-6hj4, GHSA-x2qx-6953-8485, GHSA-7545-fcxq-7j24, and GHSA-v87r-6q3f-2j67.
Fixes security defects GHSA-rpm5-65cw-6hj4, GHSA-x2qx-6953-8485, GHSA-7545-fcxq-7j24, and GHSA-v87r-6q3f-2j67.
Automatic update for krb5-1.22.2-7.fc45.
Changelog * Tue Apr 28 2026 Julien Rische <jrische@redhat.com> - 1.22.2-7 - Fix NegoEx parsing vulnerabilities (CVE-2026-40355, CVE-2026-40356) - resolves: rhbz#2463398 - resolves: rhbz#2463395Fixes security defects GHSA-rpm5-65cw-6hj4, GHSA-x2qx-6953-8485, GHSA-7545-fcxq-7j24, and GHSA-v87r-6q3f-2j67.
Fixes security defects GHSA-rpm5-65cw-6hj4, GHSA-x2qx-6953-8485, GHSA-7545-fcxq-7j24, and GHSA-v87r-6q3f-2j67.
Fixes security defects GHSA-rpm5-65cw-6hj4, GHSA-x2qx-6953-8485, GHSA-7545-fcxq-7j24, and GHSA-v87r-6q3f-2j67.
Fixes security defects GHSA-rpm5-65cw-6hj4, GHSA-x2qx-6953-8485, GHSA-7545-fcxq-7j24, and GHSA-v87r-6q3f-2j67.
Fixes security defects GHSA-rpm5-65cw-6hj4, GHSA-x2qx-6953-8485, and GHSA-7545-fcxq-7j24.