Explore top 10 tips to secure your open-source projects now. Read More
×
New upstream release (152.0.6). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-365cce949c 2026-07-17 01:08:58.262282+00:00 -------------------------------------------------------------------------------- Name : firefox Product : Fedora 43 Version : 152.0.6 Release : 1.fc43 URL : https://www.mozilla.org/firefox/ Summary : Mozilla Firefox Web browser Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. -------------------------------------------------------------------------------- Update Information: New upstream release (152.0.6) -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 14 2026 Martin Stransky - 152.0.6-1 - Updated to latest upstream (152.0.6) * Fri Jul 10 2026 Martin Stransky - 152.0.4-3 - Added rhbz#2458184 - Drop -fcf-protection flag * Tue Jul 7 2026 Martin Stransky - 152.0.4-2 - Remove Fedora 40/41 tweaks. -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-365cce949c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to 0.2.5 (with dependency updates only), and further update some dependencies. Particularly, quick-xml 0.41 fixes RUSTSEC-2026-0194 and RUSTSEC-2026-0195.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-6d5a7be3b9 2026-07-17 01:08:58.262257+00:00 -------------------------------------------------------------------------------- Name : rust-cargo-rpmstatus Product : Fedora 43 Version : 0.2.5 Release : 2.fc43 URL : https://crates.io/crates/cargo-rpmstatus Summary : Cargo-tree for RPM packaging Description : Cargo-tree for RPM packaging. -------------------------------------------------------------------------------- Update Information: Update to 0.2.5 (with dependency updates only), and further update some dependencies. Particularly, quick-xml 0.41 fixes RUSTSEC-2026-0194 and RUSTSEC-2026-0195. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 8 2026 Benjamin A. Beasley - 0.2.5-2 - Update some dependencies - quick-xml 0.41 fixes RUSTSEC-2026-0194, RUSTSEC-2026-0195 * Wed Jul 8 2026 Benjamin A. Beasley - 0.2.5-1 - Update to version 0.2.5; Fixes RHBZ#2423511 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6d5a7be3b9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update quick-xml to 0.41 (RUSTSEC-2026-0194, RUSTSEC-2026-0195). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-5e3ab17662 2026-07-17 01:08:58.262249+00:00 -------------------------------------------------------------------------------- Name : rust-opendal Product : Fedora 43 Version : 0.55.0 Release : 2.fc43 URL : https://crates.io/crates/opendal Summary : Apache OpenDAL: One Layer, All Storage Description : OpenDAL is an Open Data Access Layer that enables seamless interaction with diverse storage services. -------------------------------------------------------------------------------- Update Information: Update quick-xml to 0.41 (RUSTSEC-2026-0194, RUSTSEC-2026-0195) -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 8 2026 Benjamin A. Beasley - 0.55.0-2 - Update quick-xml to 0.41 (RUSTSEC-2026-0194, RUSTSEC-2026-0195) -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-5e3ab17662' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Backport fix for CVE-2026-58016. Update to glib-2.86.5.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-8e39f35701 2026-07-17 01:08:58.262236+00:00 -------------------------------------------------------------------------------- Name : mingw-glib2 Product : Fedora 43 Version : 2.86.5 Release : 2.fc43 URL : http://www.gtk.org Summary : MinGW Windows GLib2 library Description : MinGW Windows Glib2 library. -------------------------------------------------------------------------------- Update Information: Backport fix for CVE-2026-58016. Update to glib-2.86.5. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 8 2026 Sandro Mani - 2.86.5-2 - Backport fix for CVE-2026-58016 * Thu Jul 2 2026 Sandro Mani - 2.86.5-1 - Update to 2.86.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494867 - CVE-2026-58010 mingw-glib2: buffer over-read in glib/gvariant-serialiser.c via gvs_tuple_is_normal() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494867 [ 2 ] Bug #2494871 - CVE-2026-58011 mingw-glib2: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid GDateTime [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494871 [ 3 ] Bug #2494874 - CVE-2026-58012 mingw-glib2: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494874 [ 4 ] Bug #2494886 - CVE-2026-58016 mingw-glib2: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml" [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494886 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2026-8e39f35701' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
1.650 bump - Fix CVE-2026-14739, CVE-2026-14740 and CVE-2026-14380. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-71d7e4d1da 2026-07-17 01:08:58.262233+00:00 -------------------------------------------------------------------------------- Name : perl-DBI Product : Fedora 43 Version : 1.650 Release : 1.fc43 URL : http://dbi.perl.org/ Summary : A database access API for perl Description : DBI is a database access Application Programming Interface (API) for the Perl Language. The DBI API Specification defines a set of functions, variables and conventions that provide a consistent database interface independent of the actual database being used. -------------------------------------------------------------------------------- Update Information: 1.650 bump - Fix CVE-2026-14739, CVE-2026-14740 and CVE-2026-14380 -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 8 2026 Jitka Plesnikova - 1.650-1 - 1.650 bump (rhbz#2497765) - Fix CVE-2026-14739, CVE-2026-14740 and CVE-2026-14380 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2497765 - perl-DBI-1.650 is available https://bugzilla.redhat.com/show_bug.cgi?id=2497765 [ 2 ] Bug #2498112 - CVE-2026-14739 perl-DBI: DBI: Heap overflow when preparsing SQL statements with excessive placeholders [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498112 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-71d7e4d1da' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keysused by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to 2.2.1. Fixes rhbz#2479556. Mitigates CVE-2026-11837 (rhbz#2487430, rhbz#2487431, rhbz#2487432). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-50e5126be4 2026-07-17 01:08:58.262226+00:00 -------------------------------------------------------------------------------- Name : ansible-collection-ansible-posix Product : Fedora 43 Version : 2.2.1 Release : 1.fc43 URL : https://galaxy.ansible.com/ui/repo/published/ansible/posix Summary : Ansible Collection targeting POSIX and POSIX-ish platforms Description : Ansible Collection targeting POSIX and POSIX-ish platforms. -------------------------------------------------------------------------------- Update Information: Update to 2.2.1. Fixes rhbz#2479556. Mitigates CVE-2026-11837 (rhbz#2487430, rhbz#2487431, rhbz#2487432) -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 8 2026 Maxwell G - 2.2.1-1 - Update to 2.2.1. Fixes rhbz#2479556. - Mitigates CVE-2026-11837 (rhbz#2487430, rhbz#2487431, rhbz#2487432) * Fri Jan 16 2026 Fedora Release Engineering - 2.1.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering - 2.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2479556 - ansible-collection-ansible-posix-2.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2479556 [ 2 ] Bug #2487430 - CVE-2026-11837 ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2487430 [ 3 ] Bug #2487431 - CVE-2026-11837 ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown[fedora-44] https://bugzilla.redhat.com/show_bug.cgi?id=2487431 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-50e5126be4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to 3.29.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a9bfa4361b 2026-07-17 00:51:59.635506+00:00 -------------------------------------------------------------------------------- Name : freerdp Product : Fedora 44 Version : 3.29.0 Release : 1.fc44 URL : http://www.freerdp.com/ Summary : Free implementation of the Remote Desktop Protocol (RDP) Description : The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox. -------------------------------------------------------------------------------- Update Information: Update to 3.29.0 -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 15 2026 Ondrej Holy - 2:3.29.0-1 - Update to 3.29.0 Resolves: rhbz#2499994 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2499994 - freerdp-3.29.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2499994 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a9bfa4361b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Changes: 6.08 2026-07-09 02:04:21Z - [SECURITY] Reject input longer than 64 characters in parse_date() to prevent quadratic regex backtracking (a denial of service) on hostile date strings. Fixes CVE-2026-14741. (Olaf Alders). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-8cec3cbf5b 2026-07-17 00:51:59.635497+00:00 -------------------------------------------------------------------------------- Name : perl-HTTP-Date Product : Fedora 44 Version : 6.08 Release : 1.fc44 URL : https://metacpan.org/release/HTTP-Date Summary : Date conversion routines Description : This module provides functions that deal the date formats used by the HTTP protocol (and then some more). Only the first two functions, time2str() and str2time(), are exported by default. -------------------------------------------------------------------------------- Update Information: Changes: 6.08 2026-07-09 02:04:21Z - [SECURITY] Reject input longer than 64 characters in parse_date() to prevent quadratic regex backtracking (a denial of service) on hostile date strings. Fixes CVE-2026-14741. (Olaf Alders) 6.07 2026-06-25 15:12:09Z - Add test with Time::Zone (GH#25) (Michal Josef Špaček) - Add test with bad Time::Zone string (GH#26) (Michal Josef Špaček) - Add tests with negative time (GH#26) (Michal Josef Špaček) - Replace all instances of \d with [0-9] in regular expressions to reject non-ASCII Unicode digits, with a regression test (GH#27) (Robert Rothenberg) - Reject malformed ISO 8601 timezones with a doubled colon (GH#31) (Olaf Alders) - Document day/month/year ordering for numeric dates (GH#32) (Olaf Alders) -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 13 2026 Michal Josef Špaček - 6.08-1 - 6.08 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #2492991 - perl-HTTP-Date-6.08 is available https://bugzilla.redhat.com/show_bug.cgi?id=2492991 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-8cec3cbf5b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update to perl-HTTP-Date addresses a critical denial of service issue in input handling for Fedora 44.. permitted input length, denial of service, perl-HTTP-Date, Fedora 44, input validation. . Severity: Critical. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.