Fedora Security Advisories

libpng-1.6.56-1.fc44

3 hours 43 minutes ago
FEDORA-2026-c6c617fe35 Packages in this update:
  • libpng-1.6.56-1.fc44
Update description:

1.6.56 is release fixes for the following two security vulnerabilities:

  • CVE-2026-33416 (high severity): Use-after-free memory bug in the transparency and palette-handling code. Similar to its predecessor CVE-2026-25646, this latent bug has existed for 25 years. Both Halil Oktay and Ryo Shimada discovered it within days of one another.

  • CVE-2026-33636 (high severity): Out-of-bounds read and write vulnerability in the ARM Neon palette-expansion code. This one was found and fixed by Taegu Ha and has existed since 1.6.36.

The images that trigger these bugs are valid. Users are encouraged to update immediately.

libpng-1.6.56-1.fc43

3 hours 44 minutes ago
FEDORA-2026-67c20bfb74 Packages in this update:
  • libpng-1.6.56-1.fc43
Update description:

1.6.56 is release fixes for the following two security vulnerabilities:

  • CVE-2026-33416 (high severity): Use-after-free memory bug in the transparency and palette-handling code. Similar to its predecessor CVE-2026-25646, this latent bug has existed for 25 years. Both Halil Oktay and Ryo Shimada discovered it within days of one another.

  • CVE-2026-33636 (high severity): Out-of-bounds read and write vulnerability in the ARM Neon palette-expansion code. This one was found and fixed by Taegu Ha and has existed since 1.6.36.

The images that trigger these bugs are valid. Users are encouraged to update immediately.

libpng-1.6.56-1.fc42

3 hours 45 minutes ago
FEDORA-2026-ba18a54554 Packages in this update:
  • libpng-1.6.56-1.fc42
Update description:

1.6.56 is release fixes for the following two security vulnerabilities:

  • CVE-2026-33416 (high severity): Use-after-free memory bug in the transparency and palette-handling code. Similar to its predecessor CVE-2026-25646, this latent bug has existed for 25 years. Both Halil Oktay and Ryo Shimada discovered it within days of one another.

  • CVE-2026-33636 (high severity): Out-of-bounds read and write vulnerability in the ARM Neon palette-expansion code. This one was found and fixed by Taegu Ha and has existed since 1.6.36.

The images that trigger these bugs are valid. Users are encouraged to update immediately.

usd-26.03-2.fc45

19 hours 27 minutes ago
FEDORA-2026-abd4c1829d Packages in this update:
  • usd-26.03-2.fc45
Update description:

Automatic update for usd-26.03-2.fc45.

Changelog * Mon Apr 6 2026 Benjamin A. Beasley <code@musicinmybrain.net> - 26.03-2 - Backport fix for CVE-2026-34544 in OpenEXRCore - Fixes RHBZ#2454226

NetworkManager-ssh-1.4.3-1.fc45

3 days 7 hours ago
FEDORA-2026-87e30fe05b Packages in this update:
  • NetworkManager-ssh-1.4.3-1.fc45
Update description:

Automatic update for NetworkManager-ssh-1.4.3-1.fc45.

Changelog * Fri Apr 3 2026 Dan Fruehauf <malkodan@gmail.com> - 1.4.3-1 - Always run autoreconf -fvi - Fix file access for private key and known hosts (rhbz#2428396) - Fix pkg-config macro - Move D-Bus policy file to /usr/share/dbus-1/system.d/

libopenmpt-0.8.6-1.el9

3 days 13 hours ago
FEDORA-EPEL-2026-f68290c016 Packages in this update:
  • libopenmpt-0.8.6-1.el9
Update description: libopenmpt 0.8.6 (2026-03-24)
  • [Sec] The security fix in libopenmpt 0.8.5 (r25042) was incomplete, causing a regression when playing short looped (“chip”) samples (r25084).
libopenmpt 0.8.5 (2026-03-22)
  • [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop. (r25042).
  • MOD: ProTracker arpeggio wrapraound results in an effective period of 65536 on Paula, not pausing the sample entirely.
  • ULT: Loop points were incorrectly limited for 16-bit samples.
  • zlib: Update to v1.3.2 (2026-02-17).
  • miniz: Update to v3.1.1 (2026-02-03).

libopenmpt-0.8.6-1.el10_2

3 days 13 hours ago
FEDORA-EPEL-2026-3e5052fb10 Packages in this update:
  • libopenmpt-0.8.6-1.el10_2
Update description: libopenmpt 0.8.6 (2026-03-24)
  • [Sec] The security fix in libopenmpt 0.8.5 (r25042) was incomplete, causing a regression when playing short looped (“chip”) samples (r25084).
libopenmpt 0.8.5 (2026-03-22)
  • [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop. (r25042).
  • MOD: ProTracker arpeggio wrapraound results in an effective period of 65536 on Paula, not pausing the sample entirely.
  • ULT: Loop points were incorrectly limited for 16-bit samples.
  • zlib: Update to v1.3.2 (2026-02-17).
  • miniz: Update to v3.1.1 (2026-02-03).

libopenmpt-0.8.6-1.el10_1

3 days 13 hours ago
FEDORA-EPEL-2026-b529a37d50 Packages in this update:
  • libopenmpt-0.8.6-1.el10_1
Update description: libopenmpt 0.8.6 (2026-03-24)
  • [Sec] The security fix in libopenmpt 0.8.5 (r25042) was incomplete, causing a regression when playing short looped (“chip”) samples (r25084).
libopenmpt 0.8.5 (2026-03-22)
  • [Sec] Possible out-of-bounds sample data read in a specific combination of reverse sample playback + offset past sample loop. (r25042).
  • MOD: ProTracker arpeggio wrapraound results in an effective period of 65536 on Paula, not pausing the sample entirely.
  • ULT: Loop points were incorrectly limited for 16-bit samples.
  • zlib: Update to v1.3.2 (2026-02-17).
  • miniz: Update to v3.1.1 (2026-02-03).
Checked
39 minutes 24 seconds ago