Explore top 10 tips to secure your open-source projects now. Read More
×
This package contains the Perl module CSS::Minifier::XS. Versions of the module before 0.14 have a memory leak when the entire document is minified away (CVE-2026-13593). This update brings version 0.15 which fixes this issue.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-abc468979d 2026-07-09 01:07:23.887028+00:00 -------------------------------------------------------------------------------- Name : perl-CSS-Minifier-XS Product : Fedora 43 Version : 0.15 Release : 1.fc43 URL : https://metacpan.org/release/CSS-Minifier-XS Summary : XS based CSS minifier Description : 'CSS::Minifier::XS' is a CSS "minifier". It's designed to remove unnecessary white-space and comments from CSS files, while also *not* breaking the CSS. 'CSS::Minifier::XS' is similar in function to 'CSS::Minifier', but is substantially faster as it's written in XS and not just pure Perl. -------------------------------------------------------------------------------- Update Information: This package contains the Perl module CSS::Minifier::XS. Versions of the module before 0.14 have a memory leak when the entire document is minified away (CVE-2026-13593). This update brings version 0.15 which fixes this issue. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 30 2026 Emmanuel Seyman - 0.15-1 - Update to 0.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494733 - CVE-2026-13593 perl-CSS-Minifier-XS: CSS::Minifier::XS: Memory leak via crafted input leading to Denial of Service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494733 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-abc468979d' at the command line. For more information,refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to opkssh 0.15.0. This release fixes several CVEs in bundled/vendored dependencies: CVE-2026-39829: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters CVE-2026-39835: golang.org/x/crypto/ssh: Denial of Service via crafted SSH. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-387cf555e7 2026-07-09 01:07:23.887030+00:00 -------------------------------------------------------------------------------- Name : opkssh Product : Fedora 43 Version : 0.15.0 Release : 2.fc43 URL : https://github.com/openpubkey/opkssh Summary : OpenPubkey SSH Description : OpenPubkey SSH is a tool which enables ssh to be used with OpenID Connect allowing SSH access to be managed via identities like
Update rust-jiter to 0.16.0, adding a serde Deserializer implementation; update python-jiter to match. Both packages now use PyO3 0.29, with fixes for RUSTSEC-2026-0176 and RUSTSEC-2026-0177.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f774d1a878 2026-07-09 01:07:23.886973+00:00 -------------------------------------------------------------------------------- Name : python-jiter Product : Fedora 43 Version : 0.16.0 Release : 1.fc43 URL : https://github.com/pydantic/jiter Summary : Fast iterable JSON parser Description : Fast iterable JSON parser. -------------------------------------------------------------------------------- Update Information: Update rust-jiter to 0.16.0, adding a serde Deserializer implementation; update python-jiter to match. Both packages now use PyO3 0.29, with fixes for RUSTSEC-2026-0176 and RUSTSEC-2026-0177. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 30 2026 Benjamin A. Beasley - 0.16.0-1 - Update to 0.16.0 upstream release - Resolves: rhbz#2494427 * Sat Jun 20 2026 Benjamin A. Beasley - 0.15.0-3 - Update to PyO3 0.29 * Wed Jun 3 2026 Python Maint - 0.15.0-2 - Rebuilt for Python 3.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494427 - python-jiter-0.16.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2494427 [ 2 ] Bug #2494428 - rust-jiter-0.16.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2494428 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f774d1a878' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label Allpackages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update rust-jiter to 0.16.0, adding a serde Deserializer implementation; update python-jiter to match. Both packages now use PyO3 0.29, with fixes for RUSTSEC-2026-0176 and RUSTSEC-2026-0177.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f774d1a878 2026-07-09 01:07:23.886973+00:00 -------------------------------------------------------------------------------- Name : rust-jiter Product : Fedora 43 Version : 0.16.0 Release : 1.fc43 URL : https://crates.io/crates/jiter Summary : Fast Iterable JSON parser Description : Fast Iterable JSON parser. -------------------------------------------------------------------------------- Update Information: Update rust-jiter to 0.16.0, adding a serde Deserializer implementation; update python-jiter to match. Both packages now use PyO3 0.29, with fixes for RUSTSEC-2026-0176 and RUSTSEC-2026-0177. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 30 2026 Benjamin A. Beasley - 0.16.0-1 - Update to version 0.16.0; Fixes RHBZ#2494428 * Sat Jun 20 2026 Benjamin A. Beasley - 0.15.0-2 - Update to PyO3 0.29 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494427 - python-jiter-0.16.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2494427 [ 2 ] Bug #2494428 - rust-jiter-0.16.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2494428 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f774d1a878' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by theFedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Improve GSS KEX algorithms documentation CVE-2026-55653: Fix double free in openssh DH-GEX client path during FIPS known- group validation that leads to client-side denial of service CVE-2026-55654: Fix heap out-of-bounds read during GSSAPI indicator cleanup due to missing NULL terminator. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a80275b42d 2026-07-09 00:54:37.609381+00:00 -------------------------------------------------------------------------------- Name : openssh Product : Fedora 44 Version : 10.2p1 Release : 12.fc44 URL : http://www.openssh.com/portable.html Summary : An open source implementation of SSH protocol version 2 Description : SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. -------------------------------------------------------------------------------- Update Information: Improve GSS KEX algorithms documentation CVE-2026-55653: Fix double free in openssh DH-GEX client path during FIPS known- group validation that leads to client-side denial of service CVE-2026-55654: Fix heap out-of-bounds read during GSSAPI indicator cleanup due to missing NULL terminator CVE-2026-55655: Fix MITM of X11 forwarding via abstract UNIX socket pre-binding -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 7 2026 Dmitry Belyavskiy -10.2p1-12 - Improve GSS KEX algorithms documentation Patches are submitted by
upower 1.91.3: Feature: up-device-battery: Prefer "Standard" over "Fast" charging (!316 (merged), #344 (closed)) Fix: Resolve potential leaks (!327 (merged)) Fix: Potential out-of-bound access (!328 (merged)). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e5305cffc2 2026-07-09 00:54:37.609376+00:00 -------------------------------------------------------------------------------- Name : upower Product : Fedora 44 Version : 1.91.3 Release : 1.fc44 URL : https://upower.freedesktop.org/ Summary : Power Management Service Description : UPower (formerly DeviceKit-power) provides a daemon, API and command line tools for managing power devices attached to the system. -------------------------------------------------------------------------------- Update Information: upower 1.91.3: Feature: up-device-battery: Prefer "Standard" over "Fast" charging (!316 (merged), #344 (closed)) Fix: Resolve potential leaks (!327 (merged)) Fix: Potential out-of-bound access (!328 (merged)) Fix: Improve access control (!326 (merged)) Fix: Remove unused codes (!329 (merged)) Fix: Fix for Asus Battery Charge Threshold Detection (!330 (merged), #347 (closed)) -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 7 2026 Peter Robinson - 1.91.3-1 - Update to 1.91.3 (fixes rhbz#2496407 rhbz#2414589) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2414589 - Settings > Power > Battery Charging: "Preserve Battery Health" can't be set persistently when BIOS Admin Password (a.k.a Setup Password) is set. https://bugzilla.redhat.com/show_bug.cgi?id=2414589 [ 2 ] Bug #2496407 - upower-1.91.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2496407 -------------------------------------------------------------------------------- This update can be installed with the"dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e5305cffc2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to opkssh 0.15.0. This release fixes several CVEs in bundled/vendored dependencies: CVE-2026-39829: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters CVE-2026-39835: golang.org/x/crypto/ssh: Denial of Service via crafted SSH. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a7570524a7 2026-07-09 00:54:37.609359+00:00 -------------------------------------------------------------------------------- Name : opkssh Product : Fedora 44 Version : 0.15.0 Release : 2.fc44 URL : https://github.com/openpubkey/opkssh Summary : OpenPubkey SSH Description : OpenPubkey SSH is a tool which enables ssh to be used with OpenID Connect allowing SSH access to be managed via identities like
This package contains the Perl module CSS::Minifier::XS. Versions of the module before 0.14 have a memory leak when the entire document is minified away (CVE-2026-13593). This update brings version 0.15 which fixes this issue.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-9f14575d85 2026-07-09 00:54:37.609348+00:00 -------------------------------------------------------------------------------- Name : perl-CSS-Minifier-XS Product : Fedora 44 Version : 0.15 Release : 1.fc44 URL : https://metacpan.org/release/CSS-Minifier-XS Summary : XS based CSS minifier Description : 'CSS::Minifier::XS' is a CSS "minifier". It's designed to remove unnecessary white-space and comments from CSS files, while also *not* breaking the CSS. 'CSS::Minifier::XS' is similar in function to 'CSS::Minifier', but is substantially faster as it's written in XS and not just pure Perl. -------------------------------------------------------------------------------- Update Information: This package contains the Perl module CSS::Minifier::XS. Versions of the module before 0.14 have a memory leak when the entire document is minified away (CVE-2026-13593). This update brings version 0.15 which fixes this issue. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 30 2026 Emmanuel Seyman - 0.15-1 - Update to 0.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494733 - CVE-2026-13593 perl-CSS-Minifier-XS: CSS::Minifier::XS: Memory leak via crafted input leading to Denial of Service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494733 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9f14575d85' at the command line. For more information,refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.