Fedora Security Advisories

librabbitmq-0.17.0-1.fc43

7 hours 20 minutes ago
FEDORA-2026-436ef78874 Packages in this update:
  • librabbitmq-0.17.0-1.fc43
Update description: Version 0.17.0 - 2026-07-01 Security
  • Fix size_t overflow in amqp_decode_bytes bounds check leading to out-of-bounds read (GHSA-jgjf-7fwf-f3c7, #888)
  • Fix heap buffer overflow in amqp_frame_to_bytes for oversized body frames (GHSA-hfjv-vcp3-39wh, #892)
Added
  • librabbitmq-tools fall back to the AMQP_URL environment variable when no connection options are given on the command line (#887)
Fixed
  • Fix undefined behavior in amqp_decode_properties when decoding content-header property flags (#883, #885)
  • Fix ioctlsocket type mismatch on Windows (#890)
  • Document buffer lifetime requirement of amqp_decode_table's encoded buffer to prevent use-after-free misuse (#895)
Changed
  • librabbitmq-tools now enable default SSL certificate verification paths unless --no-default-cert-paths is passed (fixes #868, #893)
  • Building the tools now requires POPT v1.14 or newer (#889)

librabbitmq-0.17.0-1.fc44

7 hours 22 minutes ago
FEDORA-2026-fc2f661416 Packages in this update:
  • librabbitmq-0.17.0-1.fc44
Update description: Version 0.17.0 - 2026-07-01 Security
  • Fix size_t overflow in amqp_decode_bytes bounds check leading to out-of-bounds read (GHSA-jgjf-7fwf-f3c7, #888)
  • Fix heap buffer overflow in amqp_frame_to_bytes for oversized body frames (GHSA-hfjv-vcp3-39wh, #892)
Added
  • librabbitmq-tools fall back to the AMQP_URL environment variable when no connection options are given on the command line (#887)
Fixed
  • Fix undefined behavior in amqp_decode_properties when decoding content-header property flags (#883, #885)
  • Fix ioctlsocket type mismatch on Windows (#890)
  • Document buffer lifetime requirement of amqp_decode_table's encoded buffer to prevent use-after-free misuse (#895)
Changed
  • librabbitmq-tools now enable default SSL certificate verification paths unless --no-default-cert-paths is passed (fixes #868, #893)
  • Building the tools now requires POPT v1.14 or newer (#889)

composer-2.10.2-1.el9

8 hours 7 minutes ago
FEDORA-EPEL-2026-1e765d4f0c Packages in this update:
  • composer-2.10.2-1.el9
Update description: Version 2.10.2 - 2026-07-01
  • Security: Validate package names (GHSA-499r-g7pc-vmp9)
  • Security: Validate package bin paths against path traversal (GHSA-gjfg-22fp-rrxx)
  • Security: Sanitize URL-embedded usernames/token in verbose output (GHSA-g6xq-892h-64w3)
  • Security: Only follow HTTP redirects from HTTP responses (#12948)
  • Security: Prevent phar metadata unserialization on unsafe PHP versions (#12946)
  • Security: Sanitize JSON parse errors in http responses to avoid leaking response body data (#12959)
  • Added warning output in self-update command when using a soon-to-be EOL version (#12920)
  • Added download retry when a GitHub codeload URL returns a 400 (#12962)
  • Fixed audit command to output the audit result to stdout (#12904)
  • Fixed backspace characters being output to non-decorated output (#12925)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)
  • Fixed provider packages hiding suggestions for the package they provide themselves (#12933)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)

composer-2.10.2-1.el10_3

8 hours 7 minutes ago
FEDORA-EPEL-2026-6a8ea7a52d Packages in this update:
  • composer-2.10.2-1.el10_3
Update description: Version 2.10.2 - 2026-07-01
  • Security: Validate package names (GHSA-499r-g7pc-vmp9)
  • Security: Validate package bin paths against path traversal (GHSA-gjfg-22fp-rrxx)
  • Security: Sanitize URL-embedded usernames/token in verbose output (GHSA-g6xq-892h-64w3)
  • Security: Only follow HTTP redirects from HTTP responses (#12948)
  • Security: Prevent phar metadata unserialization on unsafe PHP versions (#12946)
  • Security: Sanitize JSON parse errors in http responses to avoid leaking response body data (#12959)
  • Added warning output in self-update command when using a soon-to-be EOL version (#12920)
  • Added download retry when a GitHub codeload URL returns a 400 (#12962)
  • Fixed audit command to output the audit result to stdout (#12904)
  • Fixed backspace characters being output to non-decorated output (#12925)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)
  • Fixed provider packages hiding suggestions for the package they provide themselves (#12933)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)

composer-2.10.2-1.fc44

8 hours 7 minutes ago
FEDORA-2026-22ba02bee3 Packages in this update:
  • composer-2.10.2-1.fc44
Update description: Version 2.10.2 - 2026-07-01
  • Security: Validate package names (GHSA-499r-g7pc-vmp9)
  • Security: Validate package bin paths against path traversal (GHSA-gjfg-22fp-rrxx)
  • Security: Sanitize URL-embedded usernames/token in verbose output (GHSA-g6xq-892h-64w3)
  • Security: Only follow HTTP redirects from HTTP responses (#12948)
  • Security: Prevent phar metadata unserialization on unsafe PHP versions (#12946)
  • Security: Sanitize JSON parse errors in http responses to avoid leaking response body data (#12959)
  • Added warning output in self-update command when using a soon-to-be EOL version (#12920)
  • Added download retry when a GitHub codeload URL returns a 400 (#12962)
  • Fixed audit command to output the audit result to stdout (#12904)
  • Fixed backspace characters being output to non-decorated output (#12925)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)
  • Fixed provider packages hiding suggestions for the package they provide themselves (#12933)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)

composer-2.10.2-1.fc43

8 hours 7 minutes ago
FEDORA-2026-3017b1bec1 Packages in this update:
  • composer-2.10.2-1.fc43
Update description: Version 2.10.2 - 2026-07-01
  • Security: Validate package names (GHSA-499r-g7pc-vmp9)
  • Security: Validate package bin paths against path traversal (GHSA-gjfg-22fp-rrxx)
  • Security: Sanitize URL-embedded usernames/token in verbose output (GHSA-g6xq-892h-64w3)
  • Security: Only follow HTTP redirects from HTTP responses (#12948)
  • Security: Prevent phar metadata unserialization on unsafe PHP versions (#12946)
  • Security: Sanitize JSON parse errors in http responses to avoid leaking response body data (#12959)
  • Added warning output in self-update command when using a soon-to-be EOL version (#12920)
  • Added download retry when a GitHub codeload URL returns a 400 (#12962)
  • Fixed audit command to output the audit result to stdout (#12904)
  • Fixed backspace characters being output to non-decorated output (#12925)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)
  • Fixed provider packages hiding suggestions for the package they provide themselves (#12933)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)

composer-2.10.2-1.el10_2

8 hours 7 minutes ago
FEDORA-EPEL-2026-084df34b74 Packages in this update:
  • composer-2.10.2-1.el10_2
Update description: Version 2.10.2 - 2026-07-01
  • Security: Validate package names (GHSA-499r-g7pc-vmp9)
  • Security: Validate package bin paths against path traversal (GHSA-gjfg-22fp-rrxx)
  • Security: Sanitize URL-embedded usernames/token in verbose output (GHSA-g6xq-892h-64w3)
  • Security: Only follow HTTP redirects from HTTP responses (#12948)
  • Security: Prevent phar metadata unserialization on unsafe PHP versions (#12946)
  • Security: Sanitize JSON parse errors in http responses to avoid leaking response body data (#12959)
  • Added warning output in self-update command when using a soon-to-be EOL version (#12920)
  • Added download retry when a GitHub codeload URL returns a 400 (#12962)
  • Fixed audit command to output the audit result to stdout (#12904)
  • Fixed backspace characters being output to non-decorated output (#12925)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)
  • Fixed provider packages hiding suggestions for the package they provide themselves (#12933)
  • Fixed security advisory blocking causing issues with xdebug enabled (#12935)

openvpn-2.5.11-2.el9

17 hours 23 minutes ago
FEDORA-EPEL-2026-c9e517925b Packages in this update:
  • openvpn-2.5.11-2.el9
Update description:

Update to upstream git 37160ee8408150990787eef4a76e0299230ed8d8

7zip-26.02-1.el9

19 hours 19 minutes ago
FEDORA-EPEL-2026-f9c4dcd003 Packages in this update:
  • 7zip-26.02-1.el9
Update description:

7-zip 26.02

  • Some bugs and vulnerabilities were fixed.

kernel-7.0.14-201.fc44

22 hours 16 minutes ago
FEDORA-2026-7ae597d1d2 Packages in this update:
  • kernel-7.0.14-201.fc44
Update description:

The 7.0.14-101/201 kernel builds contain a fix for an unprivileged container / jail escape. This has not been assigned a CVE number yet, but a POC is in the wild.

The 7.0.14 stable kernel update contains a number of important fixes across the tree.

kernel-7.0.14-101.fc43

22 hours 18 minutes ago
FEDORA-2026-35e2185559 Packages in this update:
  • kernel-7.0.14-101.fc43
Update description:

The 7.0.14-101/201 kernel builds contain a fix for an unprivileged container / jail escape. This has not been assigned a CVE number yet, but a POC is in the wild.

The 7.0.14 stable kernel update contains a number of important fixes across the tree.

Checked
34 minutes 15 seconds ago