Several security updates have been released for Fedora Linux, including updates for popular packages like curl and Chromium. The updates are specifically for Fedora versions 42 and 43, with version 42 receiving a total of five updates and version 43 getting one update so far. Some notable updated packages include FreeRDP, HarfBuzz, and Assimp. A security update was also released for the GIMP image editing software in Fedora version 43.

Fedora 42 Update: curl-8.11.1-7.fc42
Fedora 42 Update: chromium-144.0.7559.96-1.fc42
Fedora 42 Update: freerdp-3.21.0-1.fc42
Fedora 42 Update: harfbuzz-10.4.0-2.fc42
Fedora 42 Update: assimp-5.3.1-6.fc42
Fedora 43 Update: gimp-3.0.8-4.fc43

[SECURITY] Fedora 42 Update: curl-8.11.1-7.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3f0f0f85be
2026-01-28 01:25:55.182848+00:00
--------------------------------------------------------------------------------

Name : curl
Product : Fedora 42
Version : 8.11.1
Release : 7.fc42
URL : https://curl.se/
Summary : A utility for getting files from remote servers (FTP, HTTP, and others)
Description :
curl is a command line tool for transferring data with URL syntax, supporting
FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP
uploading, HTTP form based upload, proxies, cookies, user+password
authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer
resume, proxy tunneling and a busload of other useful tricks.

--------------------------------------------------------------------------------
Update Information:

fix broken TLS options for threaded LDAPS (CVE-2025-14017)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 19 2026 Jan Macku [jamacku@redhat.com] - 8.11.1-7
- fix broken TLS options for threaded LDAPS (CVE-2025-14017)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2428024 - CVE-2025-14017 curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2428024
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3f0f0f85be' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: chromium-144.0.7559.96-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-78ff346bb0
2026-01-28 01:25:55.182855+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 42
Version : 144.0.7559.96
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 144.0.7559.96
* CVE-2026-1220: Race in V8
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 21 2026 Than Ngo [than@redhat.com] - 144.0.7559.96-1
- Update to 144.0.7559.96
* CVE-2026-1220: Race in V8
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 144.0.7559.59-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 144.0.7559.59-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-78ff346bb0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: freerdp-3.21.0-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-943caf40d9
2026-01-28 01:25:55.182850+00:00
--------------------------------------------------------------------------------

Name : freerdp
Product : Fedora 42
Version : 3.21.0
Release : 1.fc42
URL : http://www.freerdp.com/
Summary : Free implementation of the Remote Desktop Protocol (RDP)
Description :
The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP
project.

xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows
machines, xrdp and VirtualBox.

--------------------------------------------------------------------------------
Update Information:

Update to 3.21.0
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 20 2026 Ondrej Holy [oholy@redhat.com] - 2:3.21.0-1
- Update to 3.21.0 (CVE-2026-23530, CVE-2026-23531, CVE-2026-23532,
CVE-2026-23533, CVE-2026-23534, CVE-2026-23732, CVE-2026-23883,
CVE-2026-23884)
Resolves: rhbz#2430928
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2:3.20.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2430895 - CVE-2026-23532 freerdp: FreeRDP: Denial of Service and potential code execution via client-side heap buffer overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2430895
[ 2 ] Bug #2430900 - CVE-2026-23534 freerdp: FreeRDP: Arbitrary code execution and denial of service via client-side heap buffer overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2430900
[ 3 ] Bug #2430905 - CVE-2026-23531 freerdp: FreeRDP: Heap buffer overflow via crafted RDPGFX surface updates leads to denial of service and potential code execution. [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2430905
[ 4 ] Bug #2430911 - CVE-2026-23533 freerdp: FreeRDP: Heap buffer overflow leads to denial of service and potential code execution [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2430911
[ 5 ] Bug #2430916 - CVE-2026-23530 freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server. [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2430916
[ 6 ] Bug #2430921 - CVE-2026-23883 freerdp: FreeRDP: Arbitrary code execution and denial of service via malicious server [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2430921
[ 7 ] Bug #2430930 - CVE-2026-23884 freerdp: FreeRDP: Denial of Service and potential code execution via use-after-free vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2430930
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-943caf40d9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: harfbuzz-10.4.0-2.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bac983cf83
2026-01-28 01:25:55.182831+00:00
--------------------------------------------------------------------------------

Name : harfbuzz
Product : Fedora 42
Version : 10.4.0
Release : 2.fc42
URL : https://github.com/harfbuzz/harfbuzz/
Summary : Text shaping library
Description :
HarfBuzz is an implementation of the OpenType Layout engine.

--------------------------------------------------------------------------------
Update Information:

Backport security fix for CVE-2026-22693 (fix RHBZ#2429278)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 14 2026 Parag Nemade - 10.4.0-2
- Backport security fix for CVE-2026-22693 (fix RHBZ#2429278)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2429278 - CVE-2026-22693 harfbuzz: Null Pointer Dereference in harfbuzz [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2429278
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bac983cf83' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: assimp-5.3.1-6.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7069f6c1c8
2026-01-28 01:25:55.182807+00:00
--------------------------------------------------------------------------------

Name : assimp
Product : Fedora 42
Version : 5.3.1
Release : 6.fc42
URL : https://github.com/assimp/assimp
Summary : Library to import various 3D model formats into applications
Description :
Assimp, the Open Asset Import Library, is a free library to import
various well-known 3D model formats into applications. Assimp aims
to provide a full asset conversion pipeline for use in game
engines and real-time rendering systems, but is not limited
to these applications.

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2025-11277.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 13 2026 Sandro Mani [manisandro@gmail.com] - 5.3.1-6
- Backport fix for CVE-2025-11277
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2401927 - CVE-2025-11277 assimp: Open Asset Import Library Assimp Q3DLoader.cpp InternReadFile heap-based overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2401927
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7069f6c1c8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: gimp-3.0.8-4.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ebabb127fb
2026-01-28 00:52:27.155866+00:00
--------------------------------------------------------------------------------

Name : gimp
Product : Fedora 43
Version : 3.0.8
Release : 4.fc43
URL : https://www.gimp.org
Summary : GNU Image Manipulation Program
Description :
GIMP (GNU Image Manipulation Program) is a powerful image composition and
editing program, which can be extremely useful for creating logos and other
graphics for web pages. GIMP has many of the tools and filters you would expect
to find in similar commercial offerings, and some interesting extras as well.
GIMP provides a large image manipulation toolbox, including channel operations
and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all
with multi-level undo.

--------------------------------------------------------------------------------
Update Information:

This is an upstream bugfix and security update. Please refer to the upstream
release notes for details about the changes in this version.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jan 25 2026 Nils Philippsen [nils@tiptoe.de] - 2:3.0.8-3
- Enable bash completion
* Sun Jan 25 2026 Nils Philippsen [nils@tiptoe.de] - 2:3.0.8-1
- Update to 3.0.8
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2:3.0.6-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ebabb127fb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new