Fedora Linux 9414 Published by

Fedora 44 and Fedora 43 released a coordinated batch of security patches targeting over a dozen core packages including Chromium, WebKitGTK, libssh2, and python-dulwich. The updates resolve dozens of verified vulnerabilities spanning remote code execution, denial of service flaws, and memory corruption issues within browser engines and cryptographic libraries.

Fedora 44 Update: python-dulwich-1.2.9-1.fc44
Fedora 44 Update: python-idna-3.18-1.fc44
Fedora 44 Update: p11-kit-0.26.4-1.fc44
Fedora 44 Update: webkitgtk-2.52.5-1.fc44
Fedora 44 Update: chromium-150.0.7871.114-1.fc44
Fedora 44 Update: xorg-x11-server-21.1.24-1.fc44
Fedora 44 Update: perl-Crypt-DSA-1.22-1.fc44
Fedora 44 Update: python-tornado-6.5.7-1.fc44
Fedora 44 Update: log4cxx-1.7.0-2.fc44
Fedora 43 Update: chromium-150.0.7871.114-1.fc43
Fedora 43 Update: tmux-3.7b-3.fc43
Fedora 43 Update: libXfont2-2.0.8-1.fc43
Fedora 43 Update: xorg-x11-server-Xwayland-24.1.13-1.fc43
Fedora 43 Update: upower-1.91.3-2.fc43
Fedora 43 Update: perl-Crypt-DSA-1.22-1.fc43
Fedora 43 Update: python-tornado-6.5.7-1.fc43
Fedora 43 Update: libssh2-1.11.1-9.fc43





[SECURITY] Fedora 44 Update: python-dulwich-1.2.9-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fbd55e52fb
2026-07-12 01:10:38.798647+00:00
--------------------------------------------------------------------------------

Name : python-dulwich
Product : Fedora 44
Version : 1.2.9
Release : 1.fc44
URL : https://www.dulwich.io/
Summary : Python implementation of the Git file formats and protocols
Description :
Dulwich is a Python implementation of the Git file formats and
protocols. The project is named after the village in which Mr. and
Mrs. Git live in the Monty Python sketch.

--------------------------------------------------------------------------------
Update Information:

1.2.9, CVE fixes
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 7 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.2.9-1
- 1.2.9
* Mon Jul 6 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.2.8-1
- 1.2.8
* Tue Jun 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.2.7-1
- 1.2.7
* Tue Jun 30 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 1.2.6-3
- Allow PyO3 0.29
- Update the `License` expression
* Thu Jun 4 2026 Python Maint - 1.2.6-2
- Rebuilt for Python 3.15
* Tue Jun 2 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.2.6-1
- 1.2.6
* Fri May 29 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.2.5-1
- 1.2.5
* Thu May 21 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.2.3-1
- 1.2.3
* Wed Apr 29 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.2.1-1
- 1.2.1
* Thu Apr 23 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.2.0-1
- 1.2.0
* Wed Feb 18 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.1.0-1
- 1.1.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2487904 - CVE-2026-47712 python-dulwich: Dulwich: Arbitrary file write via malicious commit subject in format_patch [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2487904
[ 2 ] Bug #2487907 - CVE-2026-47734 python-dulwich: Dulwich: Denial of Service via crafted Git thin pack [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2487907
[ 3 ] Bug #2498479 - CVE-2026-42305 python-dulwich: Dulwich: Remote Code Execution via Malicious Git Repository [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2498479
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fbd55e52fb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: python-idna-3.18-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-822c07add4
2026-07-12 01:10:38.798638+00:00
--------------------------------------------------------------------------------

Name : python-idna
Product : Fedora 44
Version : 3.18
Release : 1.fc44
URL : https://github.com/kjd/idna
Summary : Internationalized Domain Names in Applications (IDNA)
Description :
A library to support the Internationalised Domain Names in Applications (IDNA)
protocol as specified in RFC 5891 ( http://tools.ietf.org/html/rfc5891) . This
version of the protocol is often referred to as "IDNA2008" and can produce
different results from the earlier standard from 2003.

The library is also intended to act as a suitable drop-in replacement for the
"encodings.idna" module that comes with the Python standard library but
currently only supports the older 2003 specification.

--------------------------------------------------------------------------------
Update Information:

Update to the latest version to bring fixes for CVE-2026-45409 and CVE-2024-3651
into the stable releases.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 9 2026 Lumir Balhar [lbalhar@redhat.com] - 3.18-1
- Update to 3.18 (rhbz#2483976)
* Wed Jun 3 2026 Python Maint - 3.17-2
- Rebuilt for Python 3.15
* Sun May 31 2026 Lumir Balhar [lbalhar@redhat.com] - 3.17-1
- Update to 3.17 (rhbz#2480667)
* Wed May 13 2026 Lumir Balhar [lbalhar@redhat.com] - 3.15-1
- Update to 3.15 (rhbz#2476912)
* Mon May 11 2026 Lumir Balhar [lbalhar@redhat.com] - 3.14-1
- Update to 3.14 (rhbz#2468686)
* Thu Apr 23 2026 Lumir Balhar [lbalhar@redhat.com] - 3.13-1
- Update to 3.13 (rhbz#2460821)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2498560 - CVE-2026-45409 python-idna: idna: Denial of Service via specially crafted long inputs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2498560
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-822c07add4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: p11-kit-0.26.4-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-695fd36daa
2026-07-12 01:10:38.798644+00:00
--------------------------------------------------------------------------------

Name : p11-kit
Product : Fedora 44
Version : 0.26.4
Release : 1.fc44
URL : http://p11-glue.freedesktop.org/p11-kit.html
Summary : Library for loading and sharing PKCS#11 modules
Description :
p11-kit provides a way to load and enumerate PKCS#11 modules, as well
as a standard configuration setup for installing PKCS#11 modules in
such a way that they're discoverable.

--------------------------------------------------------------------------------
Update Information:

server: fixed stack exhaustion via unbounded recursion in RPC attribute parsing
by enforcing a recursion depth limit (CVE-2026-13757)
fixed confusing error message when trying to store an existing cert with trust
anchor
fixed assert when parsing p11-kit files with value (")
fixed numerous memory management issues
Build and test fixes
Updated translations
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 10 2026 Packit [hello@packit.dev] - 0.26.4-1
- Update to 0.26.4 upstream release
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2494560 - CVE-2026-13757 p11-kit: Stack exhaustion via unbounded recursion in RPC attribute parsing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2494560
[ 2 ] Bug #2498946 - p11-kit-0.26.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2498946
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-695fd36daa' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: webkitgtk-2.52.5-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3bc4b3ccb3
2026-07-12 01:10:38.798641+00:00
--------------------------------------------------------------------------------

Name : webkitgtk
Product : Fedora 44
Version : 2.52.5
Release : 1.fc44
URL : https://www.webkitgtk.org/
Summary : GTK web content engine library
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform.

--------------------------------------------------------------------------------
Update Information:

Fire scrollend event for instant programmatic scrolls.
Increase network idle connection timeout to 115 seconds.
Fix several crashes and rendering issues.
Fix CVE-2024-4367, CVE-2026-39872, CVE-2026-43663, CVE-2026-43676,
CVE-2026-43699, CVE-2026-43701, CVE-2026-43705, CVE-2026-43707, CVE-2026-43712,
CVE-2026-43713, CVE-2026-43715, CVE-2026-43716, CVE-2026-43720, CVE-2026-43721,
CVE-2026-43725, CVE-2026-43726, CVE-2026-43727, CVE-2026-43731, CVE-2026-43732,
CVE-2026-43734, CVE-2026-43740, CVE-2026-43742, CVE-2026-43745
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul 9 2026 Michael Catanzaro [mcatanzaro@gnome.org] - 2.52.5-1
- Update to 2.52.5
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3bc4b3ccb3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: chromium-150.0.7871.114-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7e82bf89f4
2026-07-12 01:10:38.798635+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 44
Version : 150.0.7871.114
Release : 1.fc44
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 150.0.7871.114
* CVE-2026-15112: Use after free in Ozone
* CVE-2026-15129: Use after free in Views
* CVE-2026-15132: Uninitialized Use in V8
* CVE-2026-15133: Use after free in InterestGroups
* CVE-2026-15108: Integer overflow in Extensions API
* CVE-2026-15109: Uninitialized Use in ANGLE
* CVE-2026-15110: Use after free in Extensions
* CVE-2026-15111: Use after free in Views
* CVE-2026-15113: Use after free in Autofill
* CVE-2026-15114: Out of bounds read and write in Codecs
* CVE-2026-15115: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-15116: Use after free in Actor
* CVE-2026-15117: Use after free in Payments
* CVE-2026-15118: Use after free in Input
* CVE-2026-15119: Inappropriate implementation in GetUserMedia
* CVE-2026-15120: Use after free in Core
* CVE-2026-15121: Use after free in WebRTC
* CVE-2026-15122: Insufficient validation of untrusted input in Codecs
* CVE-2026-15123: Insufficient data validation in DOM
* CVE-2026-15124: Insufficient policy enforcement in Passwords
* CVE-2026-15125: Inappropriate implementation in Forms
* CVE-2026-15126: Use after free in Forms
* CVE-2026-15127: Inappropriate implementation in WebGL
* CVE-2026-15128: Inappropriate implementation in Forms
* CVE-2026-15130: Insufficient policy enforcement in Navigation
* CVE-2026-15107: Use after free in IndexedDB
* CVE-2026-15131: Insufficient data validation in Navigation
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul 9 2026 Than Ngo [than@redhat.com] - 150.0.7871.114-1
- Update to 150.0.7871.114
* CVE-2026-15112: Use after free in Ozone
* CVE-2026-15129: Use after free in Views
* CVE-2026-15132: Uninitialized Use in V8
* CVE-2026-15133: Use after free in InterestGroups
* CVE-2026-15108: Integer overflow in Extensions API
* CVE-2026-15109: Uninitialized Use in ANGLE
* CVE-2026-15110: Use after free in Extensions
* CVE-2026-15111: Use after free in Views
* CVE-2026-15113: Use after free in Autofill
* CVE-2026-15114: Out of bounds read and write in Codecs
* CVE-2026-15115: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-15116: Use after free in Actor
* CVE-2026-15117: Use after free in Payments
* CVE-2026-15118: Use after free in Input
* CVE-2026-15119: Inappropriate implementation in GetUserMedia
* CVE-2026-15120: Use after free in Core
* CVE-2026-15121: Use after free in WebRTC
* CVE-2026-15122: Insufficient validation of untrusted input in Codecs
* CVE-2026-15123: Insufficient data validation in DOM
* CVE-2026-15124: Insufficient policy enforcement in Passwords
* CVE-2026-15125: Inappropriate implementation in Forms
* CVE-2026-15126: Use after free in Forms
* CVE-2026-15127: Inappropriate implementation in WebGL
* CVE-2026-15128: Inappropriate implementation in Forms
* CVE-2026-15130: Insufficient policy enforcement in Navigation
* CVE-2026-15107: Use after free in IndexedDB
* CVE-2026-15131: Insufficient data validation in Navigation
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2498397 - CVE-2026-15108 CVE-2026-15109 CVE-2026-15110 CVE-2026-15111 CVE-2026-15112 CVE-2026-15113 CVE-2026-15114 CVE-2026-15115 CVE-2026-15116 CVE-2026-15117 CVE-2026-15118 CVE-2026-15119 CVE-2026-15120 CVE-2026-15121 ... chromium: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2498397
[ 2 ] Bug #2498398 - CVE-2026-15108 CVE-2026-15109 CVE-2026-15110 CVE-2026-15111 CVE-2026-15112 CVE-2026-15113 CVE-2026-15114 CVE-2026-15115 CVE-2026-15116 CVE-2026-15117 CVE-2026-15118 CVE-2026-15119 CVE-2026-15120 CVE-2026-15121 ... chromium: various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2498398
[ 3 ] Bug #2498404 - CVE-2026-15126 chromium: Google Chrome Forms: Arbitrary code execution via use-after-free vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2498404
[ 4 ] Bug #2498405 - CVE-2026-15126 chromium: Google Chrome Forms: Arbitrary code execution via use-after-free vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2498405
[ 5 ] Bug #2498407 - CVE-2026-15107 chromium: Google Chrome: Arbitrary code execution via use after free in IndexedDB [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2498407
[ 6 ] Bug #2498408 - CVE-2026-15107 chromium: Google Chrome: Arbitrary code execution via use after free in IndexedDB [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2498408
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7e82bf89f4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: xorg-x11-server-21.1.24-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-28b7854014
2026-07-12 01:10:38.798625+00:00
--------------------------------------------------------------------------------

Name : xorg-x11-server
Product : Fedora 44
Version : 21.1.24
Release : 1.fc44
URL : http://www.x.org
Summary : X.Org X11 X server
Description :
X.Org X11 X server.

--------------------------------------------------------------------------------
Update Information:

Update to xserver 21.1.24, fixes for: CVE-2026-55999, CVE-2025-56000
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 8 2026 Peter Hutterer [peter.hutterer@redhat.com] - 21.1.24-1
- Update to xserver 21.1.24
Security fixes for: CVE-2026-55999, CVE-2025-56000
* Sat Jun 13 2026 Yaakov Selkowitz [yselkowi@redhat.com] - 21.1.23-2
- Rebuilt for openssl 4.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-28b7854014' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: perl-Crypt-DSA-1.22-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fcfc08d46c
2026-07-12 01:10:38.798612+00:00
--------------------------------------------------------------------------------

Name : perl-Crypt-DSA
Product : Fedora 44
Version : 1.22
Release : 1.fc44
URL : https://metacpan.org/release/Crypt-DSA
Summary : Perl module for DSA signatures and key generation
Description :
Crypt::DSA is an implementation of the DSA (Digital Signature Algorithm)
signature verification system. This package provides DSA signing, signature
verification, and key generation.

DSA (Digital Signature Algorithm) signatures are no longer considered to be
adequate for security. This module should only be used for verifying old
signatures and should not be used for new signatures. That being said, some
technologies still require DSA signatures even now. Consider using other
solutions or explicitly not using DSA signatures. Crypt-DSA-GMP is a possible
replacement.

--------------------------------------------------------------------------------
Update Information:

This update, to the current upstream release, addresses a cryptographic flaw
(modulo bias) in key generation that could lead to private key compromise
(CVE-2026-14570) .
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 3 2026 Paul Howarth - 1.22-1
- Update to 1.22
- Hardening: Use a fresh, independent CSPRNG witness every round
- Security fix: Modulo bias in key generation (CVE-2026-14570); an attack
with hundreds of signatures could lead to full private-key compromise;
keys should be considered compromised and new keys should be generated
* Fri Jun 19 2026 Yaakov Selkowitz [yselkowi@redhat.com] - 1.21-2
- Rebuilt for OpenSSL 4.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2497529 - CVE-2026-14570 perl-Crypt-DSA: Crypt::DSA: Private key recovery due to biased random number generation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2497529
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fcfc08d46c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: python-tornado-6.5.7-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0f40de2581
2026-07-12 01:10:38.798604+00:00
--------------------------------------------------------------------------------

Name : python-tornado
Product : Fedora 44
Version : 6.5.7
Release : 1.fc44
URL : https://www.tornadoweb.org
Summary : Scalable, non-blocking web server and tools
Description :
Tornado is an open source version of the scalable, non-blocking web
server and tools.

The framework is distinct from most mainstream web server frameworks
(and certainly most Python frameworks) because it is non-blocking and
reasonably fast. Because it is non-blocking and uses epoll, it can
handle thousands of simultaneous standing connections, which means it is
ideal for real-time web services.

--------------------------------------------------------------------------------
Update Information:

Update to 6.5.7 - CVE-2026-35536 (rhbz#2457335), CVE-2026-31958 (rhbz#2451660)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 22 2026 Peter Robinson [pbrobinson@gmail.com] - 6.5.7-1
- Update to 6.5.7 - CVE-2026-35536 (rhbz#2457335), CVE-2026-31958
(rhbz#2451660)
* Wed Jun 3 2026 Python Maint - 6.5.2-6
- Rebuilt for Python 3.15
* Tue May 19 2026 Karolina Surma [ksurma@redhat.com] - 6.5.2-5
- Fix compatibility with Python 3.15
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2451660 - CVE-2026-31958 python-tornado: Tornado: Denial of Service via large multipart bodies [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2451660
[ 2 ] Bug #2457335 - CVE-2026-35536 python-tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457335
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0f40de2581' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: log4cxx-1.7.0-2.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-43767b6007
2026-07-12 01:10:38.798594+00:00
--------------------------------------------------------------------------------

Name : log4cxx
Product : Fedora 44
Version : 1.7.0
Release : 2.fc44
URL : http://logging.apache.org/log4cxx/index.html
Summary : A port to C++ of the Log4j project
Description :
Log4cxx is a popular logging package written in C++. One of its distinctive
features is the notion of inheritance in loggers. Using a logger hierarchy it
is possible to control which log statements are output at arbitrary
granularity. This helps reduce the volume of logged output and minimize the
cost of logging.

--------------------------------------------------------------------------------
Update Information:

Update to log4cxx 1.7.0.
New features: fallback-ref appender attribute, Qt CMake find_package
component, TelnetAppender NonBlocking option.
Bug fixes: non-ASCII JSON encoding, invalid XML 1.0 characters in XML
output, crash on recursive XML config references, possible UB during
configuration changes, message loss during recursive logging,
ODBCAppender prepared-statement buffer lifetimes.
No ABI-relevant changes; liblog4cxx SONAME (%{sover}) is unchanged.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 3 2026 Till Hofmann [thofmann@fedoraproject.org] - 1.7.0-2
- Skip 2GB-message test on 32-bit architectures
* Fri Jul 3 2026 Till Hofmann [thofmann@fedoraproject.org] - 1.7.0-1
- Update to 1.7.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2455029 - log4cxx-1.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2455029
[ 2 ] Bug #2457923 - CVE-2026-40023 log4cxx: Apache Log4cxx: Log processing impairment due to unsanitized XML characters [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457923
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-43767b6007' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: chromium-150.0.7871.114-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9a7d180869
2026-07-12 00:58:35.903713+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 43
Version : 150.0.7871.114
Release : 1.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 150.0.7871.114
* CVE-2026-15112: Use after free in Ozone
* CVE-2026-15129: Use after free in Views
* CVE-2026-15132: Uninitialized Use in V8
* CVE-2026-15133: Use after free in InterestGroups
* CVE-2026-15108: Integer overflow in Extensions API
* CVE-2026-15109: Uninitialized Use in ANGLE
* CVE-2026-15110: Use after free in Extensions
* CVE-2026-15111: Use after free in Views
* CVE-2026-15113: Use after free in Autofill
* CVE-2026-15114: Out of bounds read and write in Codecs
* CVE-2026-15115: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-15116: Use after free in Actor
* CVE-2026-15117: Use after free in Payments
* CVE-2026-15118: Use after free in Input
* CVE-2026-15119: Inappropriate implementation in GetUserMedia
* CVE-2026-15120: Use after free in Core
* CVE-2026-15121: Use after free in WebRTC
* CVE-2026-15122: Insufficient validation of untrusted input in Codecs
* CVE-2026-15123: Insufficient data validation in DOM
* CVE-2026-15124: Insufficient policy enforcement in Passwords
* CVE-2026-15125: Inappropriate implementation in Forms
* CVE-2026-15126: Use after free in Forms
* CVE-2026-15127: Inappropriate implementation in WebGL
* CVE-2026-15128: Inappropriate implementation in Forms
* CVE-2026-15130: Insufficient policy enforcement in Navigation
* CVE-2026-15107: Use after free in IndexedDB
* CVE-2026-15131: Insufficient data validation in Navigation
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul 9 2026 Than Ngo [than@redhat.com] - 150.0.7871.114-1
- Update to 150.0.7871.114
* CVE-2026-15112: Use after free in Ozone
* CVE-2026-15129: Use after free in Views
* CVE-2026-15132: Uninitialized Use in V8
* CVE-2026-15133: Use after free in InterestGroups
* CVE-2026-15108: Integer overflow in Extensions API
* CVE-2026-15109: Uninitialized Use in ANGLE
* CVE-2026-15110: Use after free in Extensions
* CVE-2026-15111: Use after free in Views
* CVE-2026-15113: Use after free in Autofill
* CVE-2026-15114: Out of bounds read and write in Codecs
* CVE-2026-15115: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-15116: Use after free in Actor
* CVE-2026-15117: Use after free in Payments
* CVE-2026-15118: Use after free in Input
* CVE-2026-15119: Inappropriate implementation in GetUserMedia
* CVE-2026-15120: Use after free in Core
* CVE-2026-15121: Use after free in WebRTC
* CVE-2026-15122: Insufficient validation of untrusted input in Codecs
* CVE-2026-15123: Insufficient data validation in DOM
* CVE-2026-15124: Insufficient policy enforcement in Passwords
* CVE-2026-15125: Inappropriate implementation in Forms
* CVE-2026-15126: Use after free in Forms
* CVE-2026-15127: Inappropriate implementation in WebGL
* CVE-2026-15128: Inappropriate implementation in Forms
* CVE-2026-15130: Insufficient policy enforcement in Navigation
* CVE-2026-15107: Use after free in IndexedDB
* CVE-2026-15131: Insufficient data validation in Navigation
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2498397 - CVE-2026-15108 CVE-2026-15109 CVE-2026-15110 CVE-2026-15111 CVE-2026-15112 CVE-2026-15113 CVE-2026-15114 CVE-2026-15115 CVE-2026-15116 CVE-2026-15117 CVE-2026-15118 CVE-2026-15119 CVE-2026-15120 CVE-2026-15121 ... chromium: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2498397
[ 2 ] Bug #2498398 - CVE-2026-15108 CVE-2026-15109 CVE-2026-15110 CVE-2026-15111 CVE-2026-15112 CVE-2026-15113 CVE-2026-15114 CVE-2026-15115 CVE-2026-15116 CVE-2026-15117 CVE-2026-15118 CVE-2026-15119 CVE-2026-15120 CVE-2026-15121 ... chromium: various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2498398
[ 3 ] Bug #2498404 - CVE-2026-15126 chromium: Google Chrome Forms: Arbitrary code execution via use-after-free vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2498404
[ 4 ] Bug #2498405 - CVE-2026-15126 chromium: Google Chrome Forms: Arbitrary code execution via use-after-free vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2498405
[ 5 ] Bug #2498407 - CVE-2026-15107 chromium: Google Chrome: Arbitrary code execution via use after free in IndexedDB [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2498407
[ 6 ] Bug #2498408 - CVE-2026-15107 chromium: Google Chrome: Arbitrary code execution via use after free in IndexedDB [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2498408
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9a7d180869' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: tmux-3.7b-3.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7fa12630d5
2026-07-12 00:58:35.903707+00:00
--------------------------------------------------------------------------------

Name : tmux
Product : Fedora 43
Version : 3.7b
Release : 3.fc43
URL : https://tmux.github.io/
Summary : A terminal multiplexer
Description :
tmux is a "terminal multiplexer." It enables a number of terminals (or
windows) to be accessed and controlled from a single terminal. tmux is
intended to be a simple, modern, BSD-licensed alternative to programs such
as GNU Screen.

--------------------------------------------------------------------------------
Update Information:

fdf6afc update to 3.7b fixes rhbz#2498485
CHANGES FROM 3.7a TO 3.7b
Fix so that the end of a synchronized update again triggers a redraw.
CHANGES FROM 3.7 TO 3.7a
Fix crash in break-pane when no name is provided.
Scrollbar options are now cached rather than being looked up for every redraw
(issue 5298).
Only forbid #( in names, allow #[, empty names, : and .
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul 9 2026 Filipe Rosset [filiperosset@fedoraproject.org] - 3.7b-3
- RPMAUTOSPEC: unresolvable merge
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2487530 - CVE-2026-11623 tmux: tmux: Use-after-free vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2487530
[ 2 ] Bug #2498485 - update to 3.7b
https://bugzilla.redhat.com/show_bug.cgi?id=2498485
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7fa12630d5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: libXfont2-2.0.8-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-18ea3f47f8
2026-07-12 00:58:35.903692+00:00
--------------------------------------------------------------------------------

Name : libXfont2
Product : Fedora 43
Version : 2.0.8
Release : 1.fc43
URL : http://www.x.org
Summary : X.Org X11 libXfont2 runtime library
Description :
X.Org X11 libXfont2 runtime library

--------------------------------------------------------------------------------
Update Information:

libXfont2 2.0.8 (CVE-2026-56001, CVE-2026-56002, CVE-2026-56003)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 8 2026 Peter Hutterer [peter.hutterer@redhat.com] - 2.0.8-1
- libXfont2 2.0.8 (CVE-2026-56001, CVE-2026-56002, CVE-2026-56003)
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.0.7-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-18ea3f47f8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: xorg-x11-server-Xwayland-24.1.13-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6a00d3109f
2026-07-12 00:58:35.903689+00:00
--------------------------------------------------------------------------------

Name : xorg-x11-server-Xwayland
Product : Fedora 43
Version : 24.1.13
Release : 1.fc43
URL : http://www.x.org
Summary : Xwayland
Description :
Xwayland is an X server for running X clients under Wayland.

--------------------------------------------------------------------------------
Update Information:

Update to xwayland 24.1.13, fixes for: CVE-2026-55999, CVE-2026-56000
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 8 2026 Peter Hutterer [peter.hutterer@redhat.com] - 24.1.13-1
- Update to xwayland 24.1.13
Security fixes for: CVE-2026-55999, CVE-2026-56000
* Sat Jun 13 2026 Yaakov Selkowitz [yselkowi@redhat.com] - 24.1.12-2
- Rebuilt for openssl 4.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6a00d3109f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: upower-1.91.3-2.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ce80ea7afe
2026-07-12 00:58:35.903687+00:00
--------------------------------------------------------------------------------

Name : upower
Product : Fedora 43
Version : 1.91.3
Release : 2.fc43
URL : https://upower.freedesktop.org/
Summary : Power Management Service
Description :
UPower (formerly DeviceKit-power) provides a daemon, API and command
line tools for managing power devices attached to the system.

--------------------------------------------------------------------------------
Update Information:

upower 1.91.3:
Feature: up-device-battery: Prefer "Standard" over "Fast" charging (!316
(merged), #344 (closed))
Fix: Resolve potential leaks (!327 (merged))
Fix: Potential out-of-bound access (!328 (merged))
Fix: Improve access control (!326 (merged))
Fix: Remove unused codes (!329 (merged))
Fix: Fix for Asus Battery Charge Threshold Detection (!330 (merged), #347
(closed))
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 7 2026 Peter Robinson [pbrobinson@gmail.com] - 1.91.3-1
- Update to 1.91.3 (fixes rhbz#2496407 rhbz#2414589)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2414589 - Settings > Power > Battery Charging: "Preserve Battery Health" can't be set persistently when BIOS Admin Password (a.k.a Setup Password) is set.
https://bugzilla.redhat.com/show_bug.cgi?id=2414589
[ 2 ] Bug #2496407 - upower-1.91.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2496407
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ce80ea7afe' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: perl-Crypt-DSA-1.22-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b77b9c5f04
2026-07-12 00:58:35.903674+00:00
--------------------------------------------------------------------------------

Name : perl-Crypt-DSA
Product : Fedora 43
Version : 1.22
Release : 1.fc43
URL : https://metacpan.org/release/Crypt-DSA
Summary : Perl module for DSA signatures and key generation
Description :
Crypt::DSA is an implementation of the DSA (Digital Signature Algorithm)
signature verification system. This package provides DSA signing, signature
verification, and key generation.

DSA (Digital Signature Algorithm) signatures are no longer considered to be
adequate for security. This module should only be used for verifying old
signatures and should not be used for new signatures. That being said, some
technologies still require DSA signatures even now. Consider using other
solutions or explicitly not using DSA signatures. Crypt-DSA-GMP is a possible
replacement.

--------------------------------------------------------------------------------
Update Information:

This update, to the current upstream release, addresses a cryptographic flaw
(modulo bias) in key generation that could lead to private key compromise
(CVE-2026-14570) .
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 3 2026 Paul Howarth - 1.22-1
- Update to 1.22
- Hardening: Use a fresh, independent CSPRNG witness every round
- Security fix: Modulo bias in key generation (CVE-2026-14570); an attack
with hundreds of signatures could lead to full private-key compromise;
keys should be considered compromised and new keys should be generated
* Fri Jun 19 2026 Yaakov Selkowitz [yselkowi@redhat.com] - 1.21-2
- Rebuilt for OpenSSL 4.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2497529 - CVE-2026-14570 perl-Crypt-DSA: Crypt::DSA: Private key recovery due to biased random number generation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2497529
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b77b9c5f04' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: python-tornado-6.5.7-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-23656e6d2f
2026-07-12 00:58:35.903669+00:00
--------------------------------------------------------------------------------

Name : python-tornado
Product : Fedora 43
Version : 6.5.7
Release : 1.fc43
URL : https://www.tornadoweb.org
Summary : Scalable, non-blocking web server and tools
Description :
Tornado is an open source version of the scalable, non-blocking web
server and tools.

The framework is distinct from most mainstream web server frameworks
(and certainly most Python frameworks) because it is non-blocking and
reasonably fast. Because it is non-blocking and uses epoll, it can
handle thousands of simultaneous standing connections, which means it is
ideal for real-time web services.

--------------------------------------------------------------------------------
Update Information:

Update to 6.5.7 - CVE-2026-35536 (rhbz#2457335), CVE-2026-31958 (rhbz#2451660)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 22 2026 Peter Robinson [pbrobinson@gmail.com] - 6.5.7-1
- Update to 6.5.7 - CVE-2026-35536 (rhbz#2457335), CVE-2026-31958
(rhbz#2451660)
* Wed Jun 3 2026 Python Maint - 6.5.2-6
- Rebuilt for Python 3.15
* Tue May 19 2026 Karolina Surma [ksurma@redhat.com] - 6.5.2-5
- Fix compatibility with Python 3.15
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 6.5.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2451660 - CVE-2026-31958 python-tornado: Tornado: Denial of Service via large multipart bodies [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2451660
[ 2 ] Bug #2457335 - CVE-2026-35536 python-tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457335
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-23656e6d2f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: libssh2-1.11.1-9.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-eed9e67393
2026-07-12 00:58:35.903616+00:00
--------------------------------------------------------------------------------

Name : libssh2
Product : Fedora 43
Version : 1.11.1
Release : 9.fc43
URL : https://www.libssh2.org/
Summary : A library implementing the SSH2 protocol
Description :
libssh2 is a library implementing the SSH2 protocol as defined by
Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25),
SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*,
SECSH-DHGEX(04), and SECSH-NUMBERS(10).

--------------------------------------------------------------------------------
Update Information:

This update addresses a few security issues, one of which could plausibly result
in remote code execution.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 25 2026 Paul Howarth - 1.11.1-9
- Fix CVE-2025-15661: Information disclosure and denial of service via crafted
SFTP response
* Tue Jun 23 2026 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.11.1-8
- Fix CVE-2026-55200 & CVE-2026-55199
* Fri Jun 12 2026 Yaakov Selkowitz [yselkowi@redhat.com] - 1.11.1-7
- Rebuilt for openssl 4.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2491730 - CVE-2026-55199 libssh2: libssh2: Denial of Service via crafted SSH_MSG_EXT_INFO message [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2491730
[ 2 ] Bug #2491738 - CVE-2026-55200 libssh2: libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2491738
[ 3 ] Bug #2492698 - CVE-2025-15661 libssh2: libssh2: Information disclosure and denial of service via crafted SFTP response [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2492698
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-eed9e67393' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new