Fedora Security Advisories

roundcubemail-1.6.13-1.el10_2

11 hours 14 minutes ago
FEDORA-EPEL-2026-8d8337c33f Packages in this update:
  • roundcubemail-1.6.13-1.el10_2
Update description: Release 1.6.13
  • Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075)
  • Fix remote image blocking bypass via SVG content reported by nullcathedral
  • Fix CSS injection vulnerability reported by CERT Polska

roundcubemail-1.6.13-1.fc43

11 hours 14 minutes ago
FEDORA-2026-547e298156 Packages in this update:
  • roundcubemail-1.6.13-1.fc43
Update description: Release 1.6.13
  • Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075)
  • Fix remote image blocking bypass via SVG content reported by nullcathedral
  • Fix CSS injection vulnerability reported by CERT Polska

roundcubemail-1.6.13-1.el10_1

11 hours 14 minutes ago
FEDORA-EPEL-2026-eea9bfd64c Packages in this update:
  • roundcubemail-1.6.13-1.el10_1
Update description: Release 1.6.13
  • Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075)
  • Fix remote image blocking bypass via SVG content reported by nullcathedral
  • Fix CSS injection vulnerability reported by CERT Polska

roundcubemail-1.6.13-1.fc42

11 hours 14 minutes ago
FEDORA-2026-d684b372f1 Packages in this update:
  • roundcubemail-1.6.13-1.fc42
Update description: Release 1.6.13
  • Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075)
  • Fix remote image blocking bypass via SVG content reported by nullcathedral
  • Fix CSS injection vulnerability reported by CERT Polska

roundcubemail-1.5.13-1.el9

11 hours 48 minutes ago
FEDORA-EPEL-2026-8701071c67 Packages in this update:
  • roundcubemail-1.5.13-1.el9
Update description: Release 1.5.13
  • Fix remote image blocking bypass via SVG content reported by nullcathedral
  • Fix CSS injection vulnerability reported by CERT Polska

gnutls-3.8.11-3.fc42

1 day ago
FEDORA-2026-2b6035ee2b Packages in this update:
  • gnutls-3.8.11-3.fc42
Update description:

This backports fixes for a couple CVEs:

** libgnutls: Fix NULL pointer dereference in PSK binder verification A TLS 1.3 resumption attempt with an invalid PSK binder value in ClientHello could lead to a denial of service attack via crashing the server. The updated code guards against the problematic dereference. Reported by Jaehun Lee. [Fixes: GNUTLS-SA-2026-02-09-1, CVSS: high] [CVE-2026-1584]

** libgnutls: Fix name constraint processing performance issue Verifying certificates with pathological amounts of name constraints could lead to a denial of service attack via resource exhaustion. Reworked processing algorithms exhibit better performance characteristics. Reported by Tim Scheckenbach. [Fixes: GNUTLS-SA-2026-02-09-2, CVSS: medium] [CVE-2025-14831]

gnutls-3.8.12-1.fc43

1 day ago
FEDORA-2026-ef7170c9f6 Packages in this update:
  • gnutls-3.8.12-1.fc43
Update description:

This fixes a couple CVEs:

** libgnutls: Fix NULL pointer dereference in PSK binder verification A TLS 1.3 resumption attempt with an invalid PSK binder value in ClientHello could lead to a denial of service attack via crashing the server. The updated code guards against the problematic dereference. Reported by Jaehun Lee. [Fixes: GNUTLS-SA-2026-02-09-1, CVSS: high] [CVE-2026-1584]

** libgnutls: Fix name constraint processing performance issue Verifying certificates with pathological amounts of name constraints could lead to a denial of service attack via resource exhaustion. Reworked processing algorithms exhibit better performance characteristics. Reported by Tim Scheckenbach. [Fixes: GNUTLS-SA-2026-02-09-2, CVSS: medium] [CVE-2025-14831]

p11-kit-0.26.2-1.fc42

1 day 2 hours ago
FEDORA-2026-7982f70f74 Packages in this update:
  • p11-kit-0.26.2-1.fc42
Update description:

Notable changes from the rebase: * pkcs11: Update PKCS11 headers to version 3.2 * rpc: fix NULL dereference via C_DeriveKey with specific NULL parameters (CVE-2026-2100) * trust: Lookup DNs in reverse order (RFC4514 section 2.1)

p11-kit-0.26.2-1.fc43

1 day 2 hours ago
FEDORA-2026-f1fabb2a49 Packages in this update:
  • p11-kit-0.26.2-1.fc43
Update description:

Notable changes from the rebase: * pkcs11: Update PKCS11 headers to version 3.2 * rpc: fix NULL dereference via C_DeriveKey with specific NULL parameters (CVE-2026-2100) * trust: Lookup DNs in reverse order (RFC4514 section 2.1)

Checked
37 minutes 46 seconds ago