Important: php:7.4 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:34354", "synopsis": "Important: php:7.4 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for module.libzip, php-pear, php-pecl-xdebug, libzip, module.php-pecl-xdebug, php-pecl-rrd, module.php-pecl-apcu, module.php-pecl-rrd, php-pecl-zip, module.php-pecl-zip, module.php-pear, php-pecl-apcu.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* php: php-soap: php-src: PHP SOAP extension: Remote Code Execution via use-after-free vulnerability (CVE-2026-6722)\n\n* PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions (CVE-2026-7258)\n\n* PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation (CVE-2026-6735)\n\n* PHP: PHP SoapServer: Memory corruption and information disclosure via incorrect persistence handling (CVE-2026-7261)\n\n* php: NULL pointer dereference in SOAP apache:Map decoder with missing (CVE-2026-7262)\n\n* php: signed integer overflow in metaphone() (CVE-2026-7568)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2468560", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468560", "description": ""}, {"ticket": "2468561", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468561", "description": ""}, {"ticket": "2468562", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468562", "description": ""}, {"ticket": "2468563","sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468563", "description": ""}, {"ticket": "2468565", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468565", "description": ""}, {"ticket": "2468566", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468566", "description": ""}], "cves": [{"name": "CVE-2026-6722", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6722", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "cvss3BaseScore": "7.7", "cwe": "CWE-825"}, {"name": "CVE-2026-6735", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6735", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss3BaseScore": "5.4", "cwe": "CWE-79"}, {"name": "CVE-2026-7258", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7258", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-839"}, {"name": "CVE-2026-7261", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7261", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss3BaseScore": "5.6", "cwe": "CWE-825"}, {"name": "CVE-2026-7262", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7262", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-476"}, {"name": "CVE-2026-7568", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7568", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-190"}], "references": [], "publishedAt": "2026-07-02T00:01:04.334825Z", "rpms": {"Rocky Linux 8": {"nvras": ["apcu-panel-0:5.1.18-1.module+el8.10.0+1604+6558efc7.noarch.rpm","apcu-panel-0:5.1.18-1.module+el8.10.0+1912+72767185.noarch.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1604+6558efc7.src.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.src.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-debugsource-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-debugsource-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-debugsource-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1604+6558efc7.noarch.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1912+72767185.noarch.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1605+02e07af7.noarch.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1605+02e07af7.src.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1912+72767185.src.rpm","php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.src.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm","php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm","php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important updates for PHP affecting Rocky Linux 8 include security fixes for remote code execution and denial of service issues.. PHP security updates, Rocky Linux security, Remote Code Execution, Denial of Service. . LinuxSecurity.com Team
Important: php:7.4 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:34354", "synopsis": "Important: php:7.4 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for module.libzip, php-pear, php-pecl-xdebug, libzip, module.php-pecl-xdebug, php-pecl-rrd, module.php-pecl-apcu, module.php-pecl-rrd, php-pecl-zip, module.php-pecl-zip, module.php-pear, php-pecl-apcu.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* php: php-soap: php-src: PHP SOAP extension: Remote Code Execution via use-after-free vulnerability (CVE-2026-6722)\n\n* PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions (CVE-2026-7258)\n\n* PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation (CVE-2026-6735)\n\n* PHP: PHP SoapServer: Memory corruption and information disclosure via incorrect persistence handling (CVE-2026-7261)\n\n* php: NULL pointer dereference in SOAP apache:Map decoder with missing (CVE-2026-7262)\n\n* php: signed integer overflow in metaphone() (CVE-2026-7568)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2468560", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468560", "description": ""}, {"ticket": "2468561", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468561", "description": ""}, {"ticket": "2468562", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468562", "description": ""}, {"ticket": "2468563","sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468563", "description": ""}, {"ticket": "2468565", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468565", "description": ""}, {"ticket": "2468566", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468566", "description": ""}], "cves": [{"name": "CVE-2026-6722", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6722", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "cvss3BaseScore": "7.7", "cwe": "CWE-825"}, {"name": "CVE-2026-6735", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6735", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss3BaseScore": "5.4", "cwe": "CWE-79"}, {"name": "CVE-2026-7258", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7258", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-839"}, {"name": "CVE-2026-7261", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7261", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss3BaseScore": "5.6", "cwe": "CWE-825"}, {"name": "CVE-2026-7262", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7262", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-476"}, {"name": "CVE-2026-7568", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7568", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-190"}], "references": [], "publishedAt": "2026-07-02T00:01:04.334825Z", "rpms": {"Rocky Linux 8": {"nvras": ["apcu-panel-0:5.1.18-1.module+el8.10.0+1604+6558efc7.noarch.rpm","apcu-panel-0:5.1.18-1.module+el8.10.0+1912+72767185.noarch.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1604+6558efc7.src.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.src.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-debugsource-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-debugsource-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-debugsource-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1604+6558efc7.noarch.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1912+72767185.noarch.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1605+02e07af7.noarch.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1605+02e07af7.src.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1912+72767185.src.rpm","php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.src.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm","php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm","php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Essential PHP security updates for Rocky Linux address critical vulnerabilities affecting systems. Ensure your installation is protected.. Rocky Linux PHP security update, critical PHP vulnerabilities, PHP remote code execution, server security advisory, PHP denial of service. . LinuxSecurity.com Team
Security update resolving 22 CVEs across both caddy itself and its vendored libraries.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3dc324bd9a 2026-07-02 01:07:29.332017+00:00 -------------------------------------------------------------------------------- Name : caddy Product : Fedora 43 Version : 2.10.2 Release : 9.fc43 URL : https://caddyserver.com Summary : Web server with automatic HTTPS Description : Caddy is an extensible server platform that uses TLS by default. -------------------------------------------------------------------------------- Update Information: Security update resolving 22 CVEs across both caddy itself and its vendored libraries. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 23 2026 Carl George - 2.10.2-9 - Port to new golang packaging guidelines - Backport upstream fix for CVE-2026-27585 - Backport upstream fix for CVE-2026-27586 - Backport upstream fix for CVE-2026-27587 - Backport upstream fix for CVE-2026-27588 - Backport upstream fix for CVE-2026-27589 - Backport upstream fix for CVE-2026-27590 - Backport upstream fix for CVE-2026-30851 - Backport upstream fix for CVE-2026-30852 - Update vendored github.com/quic-go/quic-go to v0.57.0 for CVE-2025-64702 - Update vendored golang.org/x/crypto to v0.52.0 for CVE-2025-47913, CVE-2026-39828, CVE-2026-39829, and CVE-2026-39830 - Update vendored github.com/smallstep/certificates to v0.30.0 for CVE-2025-44005 and CVE-2026-40097 - Update vendored github.com/go-chi/chi/v5 to v5.2.5 for CVE-2025-69725 - Update vendored github.com/yuin/goldmark/renderer/html to v1.7.17 for CVE-2026-5160 * Mon Feb 2 2026 Maxwell G - 2.10.2-5 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 * Fri Jan 16 2026 Fedora Release Engineering - 2.10.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering - 2.10.2-3 -Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Oct 10 2025 Alejandro Sáez - 2.10.2-2 - rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2488094 - CVE-2026-30851 caddy: Caddy: Privilege escalation via identity injection due to unstripped client headers [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488094 [ 2 ] Bug #2488095 - CVE-2026-30852 caddy: Caddy: Information disclosure via double-expansion of user-controlled input [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488095 [ 3 ] Bug #2488141 - CVE-2026-40097 caddy: Step CA: Denial of Service via crafted attestation key certificate [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488141 [ 4 ] Bug #2488502 - CVE-2026-27585 caddy: Caddy: Path security bypass due to unsanitized backslashes [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488502 [ 5 ] Bug #2488503 - CVE-2026-27586 caddy: Caddy: Authentication bypass via mTLS client certificate validation failure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488503 [ 6 ] Bug #2488514 - CVE-2026-27587 caddy: Caddy: Access control bypass due to improper handling of percent-escape sequences in HTTP path matcher [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488514 [ 7 ] Bug #2488516 - CVE-2026-27588 caddy: Caddy: Access control bypass due to case-sensitive host matching [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488516 [ 8 ] Bug #2488517 - CVE-2026-27589 caddy: Caddy: Unauthorized configuration modification via cross-origin requests to the admin API [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488517 [ 9 ] Bug #2488518 - CVE-2026-27590 caddy: Caddy: Remote Code Execution via FastCGI path confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488518 [ 10 ] Bug #2488572 - CVE-2025-47910 caddy: CrossOriginProtection bypass in net/http[fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2488572 [ 11 ] Bug #2488575 - CVE-2025-58185 caddy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2488575 [ 12 ] Bug #2488578 - CVE-2025-58188 caddy: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2488578 [ 13 ] Bug #2488580 - CVE-2025-58189 caddy: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2488580 [ 14 ] Bug #2488582 - CVE-2025-61723 caddy: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2488582 [ 15 ] Bug #2488661 - CVE-2025-64702 caddy: quic-go HTTP/3 QPACK Header Expansion DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488661 [ 16 ] Bug #2488663 - CVE-2025-47913 caddy: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488663 [ 17 ] Bug #2488665 - CVE-2025-44005 caddy: github.com/smallstep/certificates: Authorization bypass allows unauthorized certificate creation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488665 [ 18 ] Bug #2488666 - CVE-2025-69725 caddy: Go-chi/chi: Open Redirect vulnerability allows redirection to malicious websites [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488666 [ 19 ] Bug #2488667 - CVE-2026-5160 caddy: github.com/yuin/goldmark/renderer/html: Cross-site Scripting due to improper URL validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488667 [ 20 ] Bug #2489962 - CVE-2026-39828 caddy: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489962 [ 21 ] Bug #2490067 -CVE-2026-39829 caddy: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490067 [ 22 ] Bug #2490486 - CVE-2026-39830 caddy: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3dc324bd9a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 43 security advisory updating Caddy addressing 22 CVEs with critical risks including DoS and information leaks.. Fedora 43, security advisory, Caddy update, CVE patching, web server security. . LinuxSecurity.com Team
Update to 1.74.3. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e1d1b349cd 2026-07-02 01:07:29.331996+00:00 -------------------------------------------------------------------------------- Name : rclone Product : Fedora 43 Version : 1.74.3 Release : 1.fc43 URL : https://github.com/rclone/rclone Summary : Rsync for cloud storage Description : "rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files. -------------------------------------------------------------------------------- Update Information: Update to 1.74.3 -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 6 2026 Packit - 1.74.3-1 - Update to 1.74.3 upstream release - Resolves: rhbz#2485621 * Sat May 23 2026 Packit - 1.74.2-1 - Update to 1.74.2 upstream release - Resolves: rhbz#2468412 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2486295 - CVE-2026-45287 rclone: OpenTelemetry-Go: Denial of Service due to file descriptor leak [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486295 [ 2 ] Bug #2489905 - CVE-2026-39828 rclone: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489905 [ 3 ] Bug #2490091 - CVE-2026-39829 rclone: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490091 [ 4 ] Bug #2490402 - CVE-2026-39830 rclone: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490402 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e1d1b349cd' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update bundled golang.org/x/crypto to 0.53.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-12d4cde449 2026-07-02 01:07:29.331951+00:00 -------------------------------------------------------------------------------- Name : opkssh Product : Fedora 43 Version : 0.14.0 Release : 3.fc43 URL : https://github.com/openpubkey/opkssh Summary : OpenPubkey SSH Description : OpenPubkey SSH is a tool which enables ssh to be used with OpenID Connect allowing SSH access to be managed via identities like
0.9.34 - security fix for CVE-2026-27145. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-00901a5e8f 2026-07-02 01:05:29.984014+00:00 -------------------------------------------------------------------------------- Name : ipp-usb Product : Fedora 44 Version : 0.9.34 Release : 2.fc44 URL : https://github.com/OpenPrinting/ipp-usb Summary : HTTP reverse proxy, backed by IPP-over-USB connection to device Description : HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol. -------------------------------------------------------------------------------- Update Information: 0.9.34 - security fix for CVE-2026-27145 -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 30 2026 Zdenek Dohnal - 0.9.34-2 - ipp-usb-0.9.34 is available (fedora#2463247, fedora#2484207, fedora#2494316) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2484207 - CVE-2026-27145 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries https://bugzilla.redhat.com/show_bug.cgi?id=2484207 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-00901a5e8f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Security update resolving 17 CVEs across both caddy itself and its vendored libraries.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-950cac64f2 2026-07-02 01:05:29.983957+00:00 -------------------------------------------------------------------------------- Name : caddy Product : Fedora 44 Version : 2.10.2 Release : 9.fc44 URL : https://caddyserver.com Summary : Web server with automatic HTTPS Description : Caddy is an extensible server platform that uses TLS by default. -------------------------------------------------------------------------------- Update Information: Security update resolving 17 CVEs across both caddy itself and its vendored libraries. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 23 2026 Carl George - 2.10.2-9 - Port to new golang packaging guidelines - Backport upstream fix for CVE-2026-27585 - Backport upstream fix for CVE-2026-27586 - Backport upstream fix for CVE-2026-27587 - Backport upstream fix for CVE-2026-27588 - Backport upstream fix for CVE-2026-27589 - Backport upstream fix for CVE-2026-27590 - Backport upstream fix for CVE-2026-30851 - Backport upstream fix for CVE-2026-30852 - Update vendored github.com/quic-go/quic-go to v0.57.0 for CVE-2025-64702 - Update vendored golang.org/x/crypto to v0.52.0 for CVE-2025-47913, CVE-2026-39828, CVE-2026-39829, and CVE-2026-39830 - Update vendored github.com/smallstep/certificates to v0.30.0 for CVE-2025-44005 and CVE-2026-40097 - Update vendored github.com/go-chi/chi/v5 to v5.2.5 for CVE-2025-69725 - Update vendored github.com/yuin/goldmark/renderer/html to v1.7.17 for CVE-2026-5160 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2488094 - CVE-2026-30851 caddy: Caddy: Privilege escalation via identity injection due to unstripped client headers [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488094 [ 2 ] Bug #2488095 - CVE-2026-30852 caddy: Caddy: Information disclosure via double-expansion of user-controlled input [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488095 [ 3 ] Bug #2488141 - CVE-2026-40097 caddy: Step CA: Denial of Service via crafted attestation key certificate [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488141 [ 4 ] Bug #2488502 - CVE-2026-27585 caddy: Caddy: Path security bypass due to unsanitized backslashes [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488502 [ 5 ] Bug #2488503 - CVE-2026-27586 caddy: Caddy: Authentication bypass via mTLS client certificate validation failure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488503 [ 6 ] Bug #2488514 - CVE-2026-27587 caddy: Caddy: Access control bypass due to improper handling of percent-escape sequences in HTTP path matcher [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488514 [ 7 ] Bug #2488516 - CVE-2026-27588 caddy: Caddy: Access control bypass due to case-sensitive host matching [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488516 [ 8 ] Bug #2488517 - CVE-2026-27589 caddy: Caddy: Unauthorized configuration modification via cross-origin requests to the admin API [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488517 [ 9 ] Bug #2488518 - CVE-2026-27590 caddy: Caddy: Remote Code Execution via FastCGI path confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488518 [ 10 ] Bug #2488661 - CVE-2025-64702 caddy: quic-go HTTP/3 QPACK Header Expansion DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488661 [ 11 ] Bug #2488663 - CVE-2025-47913 caddy: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488663 [ 12 ] Bug #2488665 - CVE-2025-44005 caddy:github.com/smallstep/certificates: Authorization bypass allows unauthorized certificate creation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488665 [ 13 ] Bug #2488666 - CVE-2025-69725 caddy: Go-chi/chi: Open Redirect vulnerability allows redirection to malicious websites [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488666 [ 14 ] Bug #2488667 - CVE-2026-5160 caddy: github.com/yuin/goldmark/renderer/html: Cross-site Scripting due to improper URL validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488667 [ 15 ] Bug #2489962 - CVE-2026-39828 caddy: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489962 [ 16 ] Bug #2490067 - CVE-2026-39829 caddy: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490067 [ 17 ] Bug #2490486 - CVE-2026-39830 caddy: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-950cac64f2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to 1.74.3. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-6145ae14ca 2026-07-02 01:05:29.983954+00:00 -------------------------------------------------------------------------------- Name : rclone Product : Fedora 44 Version : 1.74.3 Release : 1.fc44 URL : https://github.com/rclone/rclone Summary : Rsync for cloud storage Description : "rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files. -------------------------------------------------------------------------------- Update Information: Update to 1.74.3 -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 6 2026 Packit - 1.74.3-1 - Update to 1.74.3 upstream release - Resolves: rhbz#2485621 * Sat May 23 2026 Packit - 1.74.2-1 - Update to 1.74.2 upstream release - Resolves: rhbz#2468412 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2486295 - CVE-2026-45287 rclone: OpenTelemetry-Go: Denial of Service due to file descriptor leak [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486295 [ 2 ] Bug #2489905 - CVE-2026-39828 rclone: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489905 [ 3 ] Bug #2490091 - CVE-2026-39829 rclone: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490091 [ 4 ] Bug #2490402 - CVE-2026-39830 rclone: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490402 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6145ae14ca' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.