Fedora Linux 9416 Published by

Fedora 43 and 44 systems receive a calibre update that jumps to version 9.11.0 and closes an arbitrary code execution flaw triggered by malicious ebook files. Fedora 43 administrators must also install golang-github-openprinting-ipp-usb version 0.9.34 to block a denial of service attack targeting DNS SAN entries. The Fedora 44 breezy version control tool advances to release 3.3.21, which incorporates PyO3 0.29 to resolve Rust security issues and updates dulwich compatibility layers.

Fedora 43 Update: calibre-9.11.0-1.fc43
Fedora 43 Update: golang-github-openprinting-ipp-usb-0.9.34-1.fc43
Fedora 44 Update: calibre-9.11.0-1.fc44
Fedora 44 Update: breezy-3.3.21-2.fc44




[SECURITY] Fedora 43 Update: calibre-9.11.0-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6776f4e492
2026-07-14 01:23:26.838757+00:00
--------------------------------------------------------------------------------

Name : calibre
Product : Fedora 43
Version : 9.11.0
Release : 1.fc43
URL : https://calibre-ebook.com/
Summary : E-book converter and library manager
Description :
Calibre is meant to be a complete e-library solution. It includes library
management, format conversion, news feeds to ebook conversion as well as
e-book reader sync features.

Calibre is primarily a ebook cataloging program. It manages your ebook
collection for you. It is designed around the concept of the logical book,
i.e. a single entry in the database that may correspond to ebooks in several
formats. It also supports conversion to and from a dozen different ebook
formats.

Supported input formats are: MOBI, LIT, PRC, EPUB, CHM, ODT, HTML, CBR, CBZ,
RTF, TXT, PDF and LRS.

--------------------------------------------------------------------------------
Update Information:

Fixes CVE-2026-53511
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jul 5 2026 Kevin Fenzi [kevin@scrye.com] - 9.11.0-1
- Update to 9.11.0. Fixes rhbz#2493338
* Fri Jun 12 2026 Yaakov Selkowitz [yselkowi@redhat.com] - 9.9.0-4
- Rebuilt for openssl 4.0
* Mon Jun 8 2026 Franti??ek Zatloukal [fzatlouk@redhat.com] - 9.9.0-3
- Rebuilt for icu 78.3
* Sun Jun 7 2026 Kevin Fenzi [kevin@scrye.com] - 9.9.0-2
- Disable test_mem_leaks for now, it is failing on x86_64 only for some
reason
* Sat May 30 2026 Kevin Fenzi [kevin@scrye.com] - 9.9.0-1
- Update to 9.9.0. Fixes rhbz#2482466
* Tue May 19 2026 Michael J Gruber [mjg@fedoraproject.org] - 9.8.0-2
- add missing tzlocal requires
* Mon May 4 2026 Kevin Fenzi [kevin@scrye.com] - 9.8.0-1
- Update to 9.8.0. Fixes rhbz#2464288
* Thu Apr 16 2026 Jan Grulich [jgrulich@redhat.com] - 9.7.0-2
- Rebuild (qt6)
* Wed Apr 15 2026 Kevin Fenzi [kevin@scrye.com] - 9.7.0-1
- Update to 9.7.0. fixes rhbz#2457244
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2498951 - CVE-2026-53511 calibre: Calibre: Arbitrary code execution via malicious e-book file processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2498951
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6776f4e492' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: golang-github-openprinting-ipp-usb-0.9.34-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d7dfd8e9ba
2026-07-14 01:23:26.838703+00:00
--------------------------------------------------------------------------------

Name : golang-github-openprinting-ipp-usb
Product : Fedora 43
Version : 0.9.34
Release : 1.fc43
URL : https://github.com/OpenPrinting/ipp-usb
Summary : HTTP reverse proxy, backed by IPP-over-USB connection to device
Description :

HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables
driverless support for USB devices capable of using IPP-over-USB protocol.

--------------------------------------------------------------------------------
Update Information:

0.9.34 - security fixes for CVE-2026-27145
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 30 2026 Zdenek Dohnal [zdohnal@redhat.com] - 0.9.34-1
- golang-github-openprinting-ipp-usb-0.9.34 is available (fedora#2463247,
fedora#2494381, fedora#2484207)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2484207 - CVE-2026-27145 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries
https://bugzilla.redhat.com/show_bug.cgi?id=2484207
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d7dfd8e9ba' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: calibre-9.11.0-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-79a5573be3
2026-07-14 01:00:15.022433+00:00
--------------------------------------------------------------------------------

Name : calibre
Product : Fedora 44
Version : 9.11.0
Release : 1.fc44
URL : https://calibre-ebook.com/
Summary : E-book converter and library manager
Description :
Calibre is meant to be a complete e-library solution. It includes library
management, format conversion, news feeds to ebook conversion as well as
e-book reader sync features.

Calibre is primarily a ebook cataloging program. It manages your ebook
collection for you. It is designed around the concept of the logical book,
i.e. a single entry in the database that may correspond to ebooks in several
formats. It also supports conversion to and from a dozen different ebook
formats.

Supported input formats are: MOBI, LIT, PRC, EPUB, CHM, ODT, HTML, CBR, CBZ,
RTF, TXT, PDF and LRS.

--------------------------------------------------------------------------------
Update Information:

Update to 9.11.0. Fixes rhbz#2493338 and CVE-2026-53511
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jul 5 2026 Kevin Fenzi [kevin@scrye.com] - 9.11.0-1
- Update to 9.11.0. Fixes rhbz#2493338
* Fri Jun 12 2026 Yaakov Selkowitz [yselkowi@redhat.com] - 9.9.0-4
- Rebuilt for openssl 4.0
* Mon Jun 8 2026 Franti??ek Zatloukal [fzatlouk@redhat.com] - 9.9.0-3
- Rebuilt for icu 78.3
* Sun Jun 7 2026 Kevin Fenzi [kevin@scrye.com] - 9.9.0-2
- Disable test_mem_leaks for now, it is failing on x86_64 only for some
reason
* Sat May 30 2026 Kevin Fenzi [kevin@scrye.com] - 9.9.0-1
- Update to 9.9.0. Fixes rhbz#2482466
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2498951 - CVE-2026-53511 calibre: Calibre: Arbitrary code execution via malicious e-book file processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2498951
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-79a5573be3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 44 Update: breezy-3.3.21-2.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c872d91489
2026-07-14 01:00:15.022380+00:00
--------------------------------------------------------------------------------

Name : breezy
Product : Fedora 44
Version : 3.3.21
Release : 2.fc44
URL : http://www.breezy-vcs.org/
Summary : Friendly distributed version control system
Description :
Breezy (brz) is a decentralized revision control system, designed to be easy
for developers and end users alike.

By default, Breezy provides support for both the Bazaar and Git file formats.

--------------------------------------------------------------------------------
Update Information:

Allow PyO3 0.29, which fixes RUSTSEC-2026-0194 and RUSTSEC-2026-0195.
Update to 3.3.21, including upstream fixes for compatibility with dulwich
0.25 and later.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul 2 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 3.3.21-2
- Allow PyO3 0.29
* Thu Jul 2 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 3.3.21-1
- Update to 3.3.21
* Thu Jun 4 2026 Python Maint - 3.3.20-5
- Rebuilt for Python 3.15
* Wed Jun 3 2026 Karolina Surma [ksurma@redhat.com] - 3.3.20-4
- Allow building with Python 3.15
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c872d91489' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new