stable

openbao-2.5.3-1.fc42

FEDORA-2026-c008e6a5da created by dwd 4 weeks ago for Fedora 42

Update to upstream 2.5.3, fix CVE-2026-34986, CVE-2026-39388, CVE-2026-39396, CVE-2026-40264

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2026-c008e6a5da

This update has been submitted for testing by dwd.

4 weeks ago

This update's test gating status has been changed to 'ignored'.

4 weeks ago

dwd edited this update.

4 weeks ago

This update has been pushed to testing.

3 weeks ago

This update has been submitted for stable by bodhi.

2 weeks ago

This update has been pushed to stable.

2 weeks ago

Please log in to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
4 weeks ago
in testing
3 weeks ago
in stable
2 weeks ago
modified
4 weeks ago
approved
2 weeks ago
Builds
1
openbao-2.5.3-1.fc42
BZ#2455630 CVE-2026-34986 openbao: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object [fedora-all]
0
0
BZ#2459846 openbao-2.5.3 is available
0
0
BZ#2460057 CVE-2026-39388 openbao: OpenBao: Token renewal vulnerability via incorrect certificate matching in Certificate authentication. [fedora-all]
0
0
BZ#2460059 CVE-2026-39396 openbao: OpenBao: Denial of Service via decompression bomb in OCI plugin extraction [fedora-all]
0
0
BZ#2460061 CVE-2026-40264 openbao: OpenBao: Unauthorized token management by privileged administrator [fedora-all]
0
0
openbao-2.5.3-1.fc42

Automated Test Results

Copyright © 2007-2026 Red Hat, Inc. and others.

Running bodhi-server 26.4.0 on bodhi-web-987666886-6rcd2.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy