The following Fedora EPEL 9 Security updates need testing:
Age URL
73 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9a55de96db
xpdf-4.06-1.el9
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-0e3aa1d4ee
rust-sequoia-keystore-server-0.2.0-5.el9 rust-sequoia-sq-1.3.1-9.el9
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-f542ecf2f3
yarnpkg-1.22.22-16.el9
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-a6d429d59c
java-latest-openjdk-26.0.0.0.32-0.0.1.ea.el9
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-f9b1069f42
python-python-multipart-0.0.20-2.el9
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-d12ea63356
xorgxrdp-0.10.5-1.el9 xrdp-0.10.5-1.el9
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-365332b759
chromium-144.0.7559.109-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
atuin-18.6.1-9.el9
node-exporter-1.10.2-3.el9
plantuml-1.2026.1-1.el9
rust-fs-err-3.2.2-1.el9
rust-sqlx-mysql-0.8.6-4.el9
rust-sqlx-postgres-0.8.6-4.el9
rust-whoami-2.1.0-1.el9
Details about builds:
================================================================================
atuin-18.6.1-9.el9 (FEDORA-EPEL-2026-b6e60eaf8b)
Magical shell history
--------------------------------------------------------------------------------
Update Information:
rust-whoami 2.1.0
https://github.com/ardaku/whoami/releases/tag/v2.1.0
https://github.com/ardaku/whoami/releases/tag/v2.0.3
https://github.com/ardaku/whoami/releases/tag/v2.0.2
https://github.com/ardaku/whoami/releases/tag/v2.0.1
https://github.com/ardaku/whoami/releases/tag/v2.0.0
rust-fs-err 3.2.2
https://github.com/andrewhickman/fs-err/blob/3.2.2/CHANGELOG.md
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 30 2026 Benjamin A. Beasley <[email protected]> - 18.6.1-9
- Update whoami dependency to v2
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> -
18.6.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> -
18.6.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2415196 - rust-fs-err-3.2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2415196
[ 2 ] Bug #2426952 - rust-whoami-2.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2426952
--------------------------------------------------------------------------------
================================================================================
node-exporter-1.10.2-3.el9 (FEDORA-EPEL-2026-58b60068fc)
Exporter for machine metrics
--------------------------------------------------------------------------------
Update Information:
Update to 1.10.2
Update was blocked by a ppc64 issue, but a workaround has been found.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 30 2026 Alejandro Sáez <[email protected]> - 1.10.2-3
- Fix race condition
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> -
1.10.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Thu Dec 4 2025 Mikel Olasagasti Uranga <[email protected]> - 1.10.2-1
- Update to 1.10.2 - Closes rhbz#2406209 rhbz#2408331 rhbz#2409804
rhbz#2410754 rhbz#2411650
* Fri Oct 10 2025 Alejandro Sáez <[email protected]> - 1.9.1-4
- rebuild
* Fri Aug 15 2025 Maxwell G <[email protected]> - 1.9.1-3
- Rebuild for golang-1.25.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2398367 - CVE-2025-47910 node-exporter: CrossOriginProtection
bypass in net/http [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2398367
[ 2 ] Bug #2399015 - CVE-2025-47906 node-exporter: Unexpected paths returned
from LookPath in os/exec [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2399015
[ 3 ] Bug #2407553 - CVE-2025-58189 node-exporter: go crypto/tls ALPN
negotiation error contains attacker controlled information [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2407553
[ 4 ] Bug #2409008 - CVE-2025-61723 node-exporter: Quadratic complexity when
parsing some invalid inputs in encoding/pem [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2409008
[ 5 ] Bug #2409953 - CVE-2025-58185 node-exporter: Parsing DER payload can
cause memory exhaustion in encoding/asn1 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2409953
[ 6 ] Bug #2410888 - CVE-2025-58188 node-exporter: Panic when validating
certificates with DSA public keys in crypto/x509 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2410888
[ 7 ] Bug #2423991 - [Minor Incident] CVE-2025-52881 node-exporter: container
escape and denial of service due to arbitrary write gadgets and procfs write
redirects [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2423991
--------------------------------------------------------------------------------
================================================================================
plantuml-1.2026.1-1.el9 (FEDORA-EPEL-2026-c67fe0c737)
Program to generate UML diagram from a text description
--------------------------------------------------------------------------------
Update Information:
Update to version 1.2026.1
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 31 2026 blinxen <[email protected]> - 1:1.2026.1-1
- Update to verison 1.2026.1 (rhbz#2428317)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2430307 - CVE-2026-0858 plantuml: PlantUML: Arbitrary script
execution via Stored Cross-Site Scripting in GraphViz diagrams [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2430307
[ 2 ] Bug #2430308 - CVE-2026-0858 plantuml: PlantUML: Arbitrary script
execution via Stored Cross-Site Scripting in GraphViz diagrams [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2430308
[ 3 ] Bug #2430309 - CVE-2026-0858 plantuml: PlantUML: Arbitrary script
execution via Stored Cross-Site Scripting in GraphViz diagrams [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2430309
[ 4 ] Bug #2430310 - CVE-2026-0858 plantuml: PlantUML: Arbitrary script
execution via Stored Cross-Site Scripting in GraphViz diagrams [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2430310
--------------------------------------------------------------------------------
================================================================================
rust-fs-err-3.2.2-1.el9 (FEDORA-EPEL-2026-b6e60eaf8b)
Drop-in replacement for std::fs with more helpful error messages
--------------------------------------------------------------------------------
Update Information:
rust-whoami 2.1.0
https://github.com/ardaku/whoami/releases/tag/v2.1.0
https://github.com/ardaku/whoami/releases/tag/v2.0.3
https://github.com/ardaku/whoami/releases/tag/v2.0.2
https://github.com/ardaku/whoami/releases/tag/v2.0.1
https://github.com/ardaku/whoami/releases/tag/v2.0.0
rust-fs-err 3.2.2
https://github.com/andrewhickman/fs-err/blob/3.2.2/CHANGELOG.md
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 27 2026 Benjamin A. Beasley <[email protected]> - 3.2.2-1
- Update to version 3.2.2; Fixes RHBZ#2415196
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
3.1.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2415196 - rust-fs-err-3.2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2415196
[ 2 ] Bug #2426952 - rust-whoami-2.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2426952
--------------------------------------------------------------------------------
================================================================================
rust-sqlx-mysql-0.8.6-4.el9 (FEDORA-EPEL-2026-b6e60eaf8b)
MySQL driver implementation for SQLx
--------------------------------------------------------------------------------
Update Information:
rust-whoami 2.1.0
https://github.com/ardaku/whoami/releases/tag/v2.1.0
https://github.com/ardaku/whoami/releases/tag/v2.0.3
https://github.com/ardaku/whoami/releases/tag/v2.0.2
https://github.com/ardaku/whoami/releases/tag/v2.0.1
https://github.com/ardaku/whoami/releases/tag/v2.0.0
rust-fs-err 3.2.2
https://github.com/andrewhickman/fs-err/blob/3.2.2/CHANGELOG.md
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2026 Benjamin A. Beasley <[email protected]> - 0.8.6-4
- Remove unused whoami dependency
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
0.8.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2415196 - rust-fs-err-3.2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2415196
[ 2 ] Bug #2426952 - rust-whoami-2.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2426952
--------------------------------------------------------------------------------
================================================================================
rust-sqlx-postgres-0.8.6-4.el9 (FEDORA-EPEL-2026-b6e60eaf8b)
PostgreSQL driver implementation for SQLx
--------------------------------------------------------------------------------
Update Information:
rust-whoami 2.1.0
https://github.com/ardaku/whoami/releases/tag/v2.1.0
https://github.com/ardaku/whoami/releases/tag/v2.0.3
https://github.com/ardaku/whoami/releases/tag/v2.0.2
https://github.com/ardaku/whoami/releases/tag/v2.0.1
https://github.com/ardaku/whoami/releases/tag/v2.0.0
rust-fs-err 3.2.2
https://github.com/andrewhickman/fs-err/blob/3.2.2/CHANGELOG.md
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2026 Benjamin A. Beasley <[email protected]> - 0.8.6-4
- Update whoami dependency to v2
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
0.8.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2415196 - rust-fs-err-3.2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2415196
[ 2 ] Bug #2426952 - rust-whoami-2.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2426952
--------------------------------------------------------------------------------
================================================================================
rust-whoami-2.1.0-1.el9 (FEDORA-EPEL-2026-b6e60eaf8b)
Rust library for getting information about the current user and environment
--------------------------------------------------------------------------------
Update Information:
rust-whoami 2.1.0
https://github.com/ardaku/whoami/releases/tag/v2.1.0
https://github.com/ardaku/whoami/releases/tag/v2.0.3
https://github.com/ardaku/whoami/releases/tag/v2.0.2
https://github.com/ardaku/whoami/releases/tag/v2.0.1
https://github.com/ardaku/whoami/releases/tag/v2.0.0
rust-fs-err 3.2.2
https://github.com/andrewhickman/fs-err/blob/3.2.2/CHANGELOG.md
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2026 Benjamin A. Beasley <[email protected]> - 2.1.0-1
- Update to version 2.1.0; Fixes RHBZ#2426952
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
1.6.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2415196 - rust-fs-err-3.2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2415196
[ 2 ] Bug #2426952 - rust-whoami-2.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2426952
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://forge.fedoraproject.org/infra/tickets/issues/new
