Erlang and Python-Pillow updates for Fedora

Fedora Linux 9265 Published 2026-03-03 07:10 by Philipp Esselbach

News

Fedora has released several updates for various packages, including Erlang and Python Pillow, which address security vulnerabilities. The Erlang update fixes a vulnerability in the tftp_file modules that can lead to information disclosure via relative path traversal (CVE-2026-21620). The Python Pillow update addresses an out-of-bounds write vulnerability (CVE-2026-25990) that could allow attackers to execute malicious code.

Fedora 42 Update: erlang-26.2.5.17-1.fc42
Fedora 42 Update: python-pillow-11.1.0-3.fc42
Fedora 43 Update: erlang-26.2.5.17-1.fc43

[SECURITY] Fedora 42 Update: erlang-26.2.5.17-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d51972eee3
2026-03-03 01:28:02.255785+00:00
--------------------------------------------------------------------------------

Name : erlang
Product : Fedora 42
Version : 26.2.5.17
Release : 1.fc42
URL : https://www.erlang.org
Summary : General-purpose programming language and runtime environment
Description :
Erlang is a general-purpose programming language and runtime
environment. Erlang has built-in support for concurrency, distribution
and fault tolerance. Erlang is used in several large telecommunication
systems from Ericsson.

--------------------------------------------------------------------------------
Update Information:

Erlang ver. 26.2.5.17
--------------------------------------------------------------------------------
ChangeLog:

* Sat Feb 21 2026 Peter Lemenkov [lemenkov@gmail.com] - 26.2.5.17-1
- Ver. 26.2.5.17
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 26.2.5.16-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Nov 7 2025 Peter Lemenkov [lemenkov@gmail.com] - 26.2.5.16-1
- Ver. 26.2.5.16
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2441331 - CVE-2026-21620 erlang: Erlang OTP tftp_file modules: Information disclosure via relative path traversal [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2441331
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d51972eee3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: python-pillow-11.1.0-3.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0d673fa503
2026-03-03 01:28:02.255781+00:00
--------------------------------------------------------------------------------

Name : python-pillow
Product : Fedora 42
Version : 11.1.0
Release : 3.fc42
URL : http://python-pillow.github.io/
Summary : Python image processing library
Description :
Python image processing library, fork of the Python Imaging Library (PIL)

This library provides extensive file format support, an efficient
internal representation, and powerful image processing capabilities.

There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt),
devel (development) and doc (documentation).

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2026-25990.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Feb 14 2026 Sandro Mani [manisandro@gmail.com] - 11.1.0-3
- Backport fix for CVE-2026-25990
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2439192 - CVE-2026-25990 python-pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2439192
[ 2 ] Bug #2439196 - CVE-2026-25990 python-pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2439196
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0d673fa503' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: erlang-26.2.5.17-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8a15e7a423
2026-03-03 01:08:59.887967+00:00
--------------------------------------------------------------------------------

Name : erlang
Product : Fedora 43
Version : 26.2.5.17
Release : 1.fc43
URL : https://www.erlang.org
Summary : General-purpose programming language and runtime environment
Description :
Erlang is a general-purpose programming language and runtime
environment. Erlang has built-in support for concurrency, distribution
and fault tolerance. Erlang is used in several large telecommunication
systems from Ericsson.

--------------------------------------------------------------------------------
Update Information:

Erlang ver. 26.2.5.17
--------------------------------------------------------------------------------
ChangeLog:

* Sat Feb 21 2026 Peter Lemenkov [lemenkov@gmail.com] - 26.2.5.17-1
- Ver. 26.2.5.17
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 26.2.5.16-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Nov 7 2025 Peter Lemenkov [lemenkov@gmail.com] - 26.2.5.16-1
- Ver. 26.2.5.16
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2441332 - CVE-2026-21620 erlang: Erlang OTP tftp_file modules: Information disclosure via relative path traversal [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2441332
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8a15e7a423' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

PHP and Firefox ESR updates for Debian

Grafana, Kernel, Thunderbird, and more updates for RHEL

Erlang and Python-Pillow updates for Fedora

[SECURITY] Fedora 42 Update: erlang-26.2.5.17-1.fc42

[SECURITY] Fedora 42 Update: python-pillow-11.1.0-3.fc42

[SECURITY] Fedora 43 Update: erlang-26.2.5.17-1.fc43

Windows

Linux

macOS

Community