Update to buildah 1.43.2 and podman 5.8.3
Security fix for CVE-2026-44517
Update to buildah 1.43.2 and podman 5.8.3
Security fix for CVE-2026-44517
Update to 1.9.24. Disable command mode in long-running service (--no-command flag). Enable PrivateNetwork=true in systemd service. Remove SELinux policy module (no longer needed without command mode).
Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle (annocheck is a security inspection and cannot be disabled via inspections section)
Update to 1.9.23-2: - Add SELinux policy module to allow semaphore creation in /dev/shm - Add rpminspect.yaml to waive pre-existing annocheck false positive
Security fixes in 1.9.23-1: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
Update to 1.9.24. Disable command mode in long-running service (--no-command flag). Enable PrivateNetwork=true in systemd service. Remove SELinux policy module (no longer needed without command mode).
Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle (annocheck is a security inspection and cannot be disabled via inspections section)
Update to 1.9.23-2: - Add SELinux policy module to allow semaphore creation in /dev/shm - Add rpminspect.yaml to waive pre-existing annocheck false positive
Security fixes in 1.9.23-1: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
Update to 1.9.24. Disable command mode in long-running service (--no-command flag). Enable PrivateNetwork=true in systemd service. Remove SELinux policy module (no longer needed without command mode).
Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle (annocheck is a security inspection and cannot be disabled via inspections section)
Update to 1.9.23-2: - Add SELinux policy module to allow semaphore creation in /dev/shm - Add rpminspect.yaml to waive pre-existing annocheck false positive
Security fixes in 1.9.23-1: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
Update to 1.9.24. Disable command mode in long-running service (--no-command flag). Enable PrivateNetwork=true in systemd service. Remove SELinux policy module (no longer needed without command mode).
Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle (annocheck is a security inspection and cannot be disabled via inspections section)
Update to 1.9.23-2: - Add SELinux policy module to allow semaphore creation in /dev/shm - Add rpminspect.yaml to waive pre-existing annocheck false positive
Security fixes in 1.9.23-1: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
Update to 1.9.24. Disable command mode in long-running service (--no-command flag). Enable PrivateNetwork=true in systemd service. Remove SELinux policy module (no longer needed without command mode).
Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle (annocheck is a security inspection and cannot be disabled via inspections section)
Update to 1.9.23-2: - Add SELinux policy module to allow semaphore creation in /dev/shm - Add rpminspect.yaml to waive pre-existing annocheck false positive
Security fixes in 1.9.23-1: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
Update to 1.9.24. Disable command mode in long-running service (--no-command flag). Enable PrivateNetwork=true in systemd service. Remove SELinux policy module (no longer needed without command mode).
Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle (annocheck is a security inspection and cannot be disabled via inspections section)
Update to 1.9.23-2: - Add SELinux policy module to allow semaphore creation in /dev/shm - Add rpminspect.yaml to waive pre-existing annocheck false positive
Security fixes in 1.9.23-1: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
Automatic update for moby-engine-29.6.0-1.fc45.
Changelog * Fri Jun 19 2026 Bradley G Smith <bradley.g.smith@gmail.com> - 29.6.0-1 - Update to release v29.6.0 - Resolves: rhbz#2490590 - Resolves CVE-2026-39828: rhbz#2489945 - Resolves CVE-2026-39829: rhbz#2490099 - Resolves CVE-2026-39830: rhbz#2490466 - Upstream fixes and enhancementsUpdate to .NET SDK 8.0.128 and Runtime 8.0.28
Fixes: CVE-2026-45490,CVE-2026-45491,CVE-2026-45591
Release Notes:
Update to .NET SDK 8.0.128 and Runtime 8.0.28
Fixes: CVE-2026-45490,CVE-2026-45491,CVE-2026-45591
Release Notes:
Fix CVE-2026-42144: integer overflow
Update to .NET SDK 9.0.118 and Runtime 9.0.17
Fixes: CVE-2026-45490,CVE-2026-45491,CVE-2026-45591
Release Notes:
Update to .NET SDK 9.0.118 and Runtime 9.0.17
Fixes: CVE-2026-45490,CVE-2026-45491,CVE-2026-45591
Release Notes:
Update to .NET SDK 10.0.109 and Runtime 10.0.9
Fixes: CVE-2026-45490,CVE-2026-45491,CVE-2026-45591
Release Notes: