Fedora Security Advisories

• dnf5-5.2.18.0-2.fc42

This release fixes CVE-2026-3836 (a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client.

• dnf5-5.2.18.0-2.fc43

This release fixes CVE-2026-3836 (a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client.

• dnf5-5.4.0.0-2.fc44

This release fixes CVE-2026-3836 (a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client.

Update to upstream release 5.4.0.0. Full changelog.

• wireshark-4.6.4-1.fc44

New version 6.4.6

• kiss-fft-131.2.0-1.fc42

Update to 131.2.0

• kiss-fft-131.2.0-1.fc43

Update to 131.2.0

• kiss-fft-131.2.0-1.fc44

Update to 131.2.0

• cpp-httplib-0.37.0-1.el9

• Fixes Denial of Service via crafted HTTP POST request (CVE-2026-29076, rhbz#2445663)

• Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies (CVE-2026-28435, rhbz#2444638)
• Default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header (CVE-2026-28434, rhbz#2444636)

https://github.com/yhirose/cpp-httplib/compare/v0.32.0...v0.37.0

• cpp-httplib-0.37.0-1.fc44

• Fixes Denial of Service via crafted HTTP POST request (CVE-2026-29076, rhbz#2445663)

• Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies (CVE-2026-28435, rhbz#2444638)
• Default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header (CVE-2026-28434, rhbz#2444636)

https://github.com/yhirose/cpp-httplib/compare/v0.32.0...v0.37.0

• cpp-httplib-0.37.0-1.fc42

• Fixes Denial of Service via crafted HTTP POST request (CVE-2026-29076, rhbz#2445663)

• Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies (CVE-2026-28435, rhbz#2444638)
• Default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header (CVE-2026-28434, rhbz#2444636)

https://github.com/yhirose/cpp-httplib/compare/v0.32.0...v0.37.0

• cpp-httplib-0.37.0-1.fc43

• Fixes Denial of Service via crafted HTTP POST request (CVE-2026-29076, rhbz#2445663)

• Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies (CVE-2026-28435, rhbz#2444638)
• Default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header (CVE-2026-28434, rhbz#2444636)

https://github.com/yhirose/cpp-httplib/compare/v0.32.0...v0.37.0

• cpp-httplib-0.37.0-1.el10_3

• Fixes Denial of Service via crafted HTTP POST request (CVE-2026-29076, rhbz#2445663)

• Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies (CVE-2026-28435, rhbz#2444638)
• Default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header (CVE-2026-28434, rhbz#2444636)

https://github.com/yhirose/cpp-httplib/compare/v0.32.0...v0.37.0

• forgejo-14.0.3-1.fc44

This is an upstream bug and security fix release. Please view the upstream release notes for more details.

• mingw-openexr-3.3.8-1.fc43

Update to openexr-3.4.6 resp 3.3.8.

• mingw-openexr-3.4.6-1.fc44

Update to openexr-3.4.6 resp 3.3.8.

• mingw-openexr-3.3.8-1.fc42

Update to openexr-3.4.6 resp 3.3.8.

• yarnpkg-1.22.22-17.el10_3

Update vendor bundle.

• yarnpkg-1.22.22-17.fc44

Update vendor bundle.

• yarnpkg-1.22.22-17.fc43

Update vendor bundle.

• yarnpkg-1.22.22-17.fc42

Update vendor bundle.