[SECURITY] Fedora 42 Update: dnf5-5.2.18.0-2.fc42

DNF5 is a command-line package manager that automates the process of installi ng, upgrading, configuring, and removing computer programs in a consistent manner. It supports RPM packages, modulemd modules, and comps groups & environments...

[SECURITY] Fedora 44 Update: dnf5-5.4.0.0-2.fc44

DNF5 is a command-line package manager that automates the process of installi ng, upgrading, configuring, and removing computer programs in a consistent manner. It supports RPM packages, modulemd modules, and comps groups & environments...

Fedora 42 : dnf5 (2026-beac8e1f11)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-beac8e1f11 advisory. This release fixes CVE-2026-3836 a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client. Tenable has extracted the...

Fedora 44 : dnf5 (2026-6072c6888a)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6072c6888a advisory. This release fixes CVE-2026-3836 a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client. ---- Update to upstream release...

SUSE CVE-2024-2746

Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit...

AZL-40346 CVE-2024-2746 affecting package dnf5 for versions less than 5.1.11-3

Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit...

AZL-40340 CVE-2024-1929 affecting package dnf5 for versions less than 5.1.11-3

Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The org.rpm.dnf.v0.SessionManager.opensession...

AZL-40343 CVE-2024-1930 affecting package dnf5 for versions less than 5.1.11-3

No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the opensession D-Bus method. For each...

DNF5 安全漏洞

DNF5 is a command line package manager from rpm-software-management open source. A security vulnerability exists in DNF5 daemon-server versions prior to 5.1.17, which stems from a vulnerability that allows a malicious user to compromise confidentiality and integrity via a configuration dictionary...

DNF5 输入验证错误漏洞

DNF5 is a command line package manager from rpm-software-management open source. An input validation error vulnerability exists in DNF5 that stems from the fact that dnf5 does not check for problems in directories controlled by non-root users...

DNF5 安全漏洞

DNF5 is a command line package manager from rpm-software-management open source. A security vulnerability exists in DNF5 daemon-server prior to version 5.1.17, which stems from a vulnerability that allows a malicious user to affect availability by not limiting the number of open sessions...