Fedora Security Advisories

FEDORA-2026-65ce3da435 Packages in this update:

• nix-2.34.7-2.fc44

Update description:

• update to 2.34.7: fixes high GHSA-vh5x-56v6-4368 and moderate GHSA-gr92-w2r5-qw5p
• https://discourse.nixos.org/t/security-advisory-local-privilege-escalation-in-lix-and-nix/77407
• https://github.com/NixOS/nix/security/advisories/GHSA-vh5x-56v6-4368

FEDORA-EPEL-2026-3faabe7ef7 Packages in this update:

• python-click-8.0.3-2.el9

Update description:

Security fix for CVE-2026-7246

FEDORA-EPEL-2026-f98849630c Packages in this update:

• python-click-8.1.7-7.el10_2

Update description:

Security fix for CVE-2026-7246

FEDORA-EPEL-2026-a0e68dfa17 Packages in this update:

• python-click-8.1.7-7.el10_3

Update description:

Security fix for CVE-2026-7246

FEDORA-2026-599dafe4ae Packages in this update:

• python-click-8.1.7-12.fc43

Update description:

Security fix for CVE-2026-7246

FEDORA-EPEL-2026-66ed147b70 Packages in this update:

• gh-2.92.0-1.el10_3

Update description:

Update to 2.92.0 and make telemetry sending opt in.

FEDORA-2026-5df889949e Packages in this update:

• gh-2.92.0-1.fc44

Update description:

Update to 2.92.0 and make telemetry sending opt in.

FEDORA-EPEL-2026-76e7234279 Packages in this update:

• rust-astral-tokio-tar-0.6.1-1.el9

Update description:

Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.

FEDORA-EPEL-2026-4b95f570ed Packages in this update:

• rust-astral-tokio-tar-0.6.1-1.el10_3
• uv-0.11.9-1.el10_3

Update description:

Update uv to 0.11.9. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.

FEDORA-2026-8d8aee6aaf Packages in this update:

• python-uv-build-0.11.9-1.fc42
• rust-astral-tokio-tar-0.6.1-1.fc42
• uv-0.11.9-1.fc42

Update description:

Update uv and python-uv-build to 0.11.9. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.

FEDORA-2026-a8100094df Packages in this update:

• python-uv-build-0.11.9-1.fc43
• rust-astral-tokio-tar-0.6.1-1.fc43
• uv-0.11.9-1.fc43

Update description:

Update uv and python-uv-build to 0.11.9. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.

FEDORA-2026-7aacc8ea7d Packages in this update:

• python-uv-build-0.11.9-1.fc44
• rust-astral-tokio-tar-0.6.1-1.fc44
• uv-0.11.9-1.fc44

Update description:

Update uv and python-uv-build to 0.11.9. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.

FEDORA-2026-145c8d1a93 Packages in this update:

• python-uv-build-0.11.9-1.fc45
• rust-astral-tokio-tar-0.6.1-1.fc45
• uv-0.11.9-1.fc45

Update description:

Update uv and python-uv-build to 0.11.9. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.

FEDORA-2026-1273c7855d Packages in this update:

• opencryptoki-3.26.0-3.fc44

Update description:

Fix CVE-2026-23893, Privilege Escalation or Data Exposure via Symlink Following

FEDORA-2026-6c3b6ec624 Packages in this update:

• opencryptoki-3.26.0-3.fc43

Update description:

Fix CVE-2026-23893, Privilege Escalation or Data Exposure via Symlink Following

FEDORA-2026-13e696d26f Packages in this update:

• opencryptoki-3.26.0-3.fc42

Update description:

Fix CVE-2026-23893, Privilege Escalation or Data Exposure via Symlink Following

FEDORA-2026-3cfb30c1fb Packages in this update:

• nix-2.31.5-1.fc42

Update description:

• update to 2.31.5: fixes high GHSA-vh5x-56v6-4368 and moderate GHSA-gr92-w2r5-qw5p
• https://discourse.nixos.org/t/security-advisory-local-privilege-escalation-in-lix-and-nix/77407
• https://github.com/NixOS/nix/security/advisories/GHSA-vh5x-56v6-4368

FEDORA-2026-d63e3968e8 Packages in this update:

• opencryptoki-3.26.0-3.fc45

Update description:

Automatic update for opencryptoki-3.26.0-3.fc45.

Changelog * Tue May 5 2026 Than Ngo <than@redhat.com> - 3.26.0-3 - Fix rhbz#2432016: CVE-2026-23893, Privilege Escalation or Data Exposure via Symlink Following

FEDORA-2026-5dfbb9ed69 Packages in this update:

• nix-2.31.5-1.fc43

Update description:

• update to 2.31.5: fixes high GHSA-vh5x-56v6-4368 and moderate GHSA-gr92-w2r5-qw5p
• https://discourse.nixos.org/t/security-advisory-local-privilege-escalation-in-lix-and-nix/77407
• https://github.com/NixOS/nix/security/advisories/GHSA-vh5x-56v6-4368

FEDORA-2026-d5f140eb90 Packages in this update:

• gnutls-3.8.13-1.fc43

Update description:

Update to 3.8.13, fixes, like 13 CVEs.