Fedora 43 Update: erlang-26.2.5.21-4.fc43
Fedora 43 Update: antlr4-project-4.13.2-14.fc43
Fedora 43 Update: opam-2.5.2-1.fc43
Fedora 43 Update: python-uv-build-0.11.28-1.fc43
Fedora 43 Update: uv-0.11.28-1.fc43
Fedora 43 Update: python-orjson-3.11.9-3.fc43
Fedora 43 Update: rust-astral_async_zip-0.0.20-1.fc43
[SECURITY] Fedora 43 Update: erlang-26.2.5.21-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-965be97ac0
2026-07-19 03:55:06.729073+00:00
--------------------------------------------------------------------------------
Name : erlang
Product : Fedora 43
Version : 26.2.5.21
Release : 4.fc43
URL : https://www.erlang.org
Summary : General-purpose programming language and runtime environment
Description :
Erlang is a general-purpose programming language and runtime
environment. Erlang has built-in support for concurrency, distribution
and fault tolerance. Erlang is used in several large telecommunication
systems from Ericsson.
--------------------------------------------------------------------------------
Update Information:
Backport fixes for CVE-2026-48858 (ftp SSRF), CVE-2026-49759 (SCTP DoS),
CVE-2026-48860 (dist-over-TLS auth bypass), CVE-2026-54886 (ssh SFTP DoS),
CVE-2026-54891 (TLS handshake data injection), and CVE-2026-55952 (TLS 1.3
session ticket DoS). These are fixed upstream in OTP 27.x (rawhide/f45);
backported here to the OTP 26.x line.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 10 2026 Peter Lemenkov [lemenkov@gmail.com] - 26.2.5.21-4
- Backport fix for CVE-2026-48858, CVE-2026-48860, CVE-2026-49759,
CVE-2026-54886, CVE-2026-54891, CVE-2026-55952
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2489554 - CVE-2026-48858 erlang: Erlang/OTP ftp: Server-Side Request Forgery (SSRF) via unvalidated PASV response IP address [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489554
[ 2 ] Bug #2490026 - CVE-2026-49759 erlang: Erlang OTP: Denial of Service via crafted SCTP ERROR chunk [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2490026
[ 3 ] Bug #2490272 - CVE-2026-48860 erlang: Erlang/OTP: Authentication bypass allows arbitrary code execution via improper IP address validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2490272
[ 4 ] Bug #2496748 - CVE-2026-54891 erlang: Erlang SSL: Unauthenticated data injection during TLS handshake [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2496748
[ 5 ] Bug #2496790 - CVE-2026-54886 erlang: Erlang OTP ssh: Denial of Service via infinite loop in SFTP channel [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2496790
[ 6 ] Bug #2496798 - CVE-2026-55952 erlang: Erlang/OTP: Denial of Service in TLS 1.3 session ticket handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2496798
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-965be97ac0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: antlr4-project-4.13.2-14.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d9ca28a7b8
2026-07-19 03:55:06.729085+00:00
--------------------------------------------------------------------------------
Name : antlr4-project
Product : Fedora 43
Version : 4.13.2
Release : 14.fc43
URL : https://www.antlr.org/
Summary : Parser generator (ANother Tool for Language Recognition)
Description :
ANTLR (ANother Tool for Language Recognition) is a powerful parser generator
for reading, processing, executing, or translating structured text or binary
files. It is widely used to build languages, tools, and frameworks. From a
grammar, ANTLR generates a parser that can build and walk parse trees.
--------------------------------------------------------------------------------
Update Information:
This update contains a fix for CVE-2026-13503.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 10 2026 Jerry James [loganjerry@gmail.com] - 4.13.2-14
- Add patch to fix CVE-2026-13503
* Fri Jul 10 2026 Jerry James [loganjerry@gmail.com] - 4.13.2-13
- Drop unused BuildRequires
* Fri Jul 10 2026 Jerry James [loganjerry@gmail.com] - 4.13.2-12
- Add Unicode-3.0 to the antlr4 License field
* Fri Jul 10 2026 Jerry James [loganjerry@gmail.com] - 4.13.2-11
- Reflow the description text
- Remove ancient obsoletes
* Wed Nov 12 2025 Vít Ondruch [vondruch@redhat.com] - 4.13.2-10
- Rebuild for nodejs-packaging
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2494757 - CVE-2026-13503 ANTLR4: Path traversal via manipulation of getImportedVocabFile function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id$94757
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d9ca28a7b8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: opam-2.5.2-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fb48505840
2026-07-19 03:55:06.729078+00:00
--------------------------------------------------------------------------------
Name : opam
Product : Fedora 43
Version : 2.5.2
Release : 1.fc43
URL : https://opam.ocaml.org/
Summary : Source-based package manager for OCaml
Description :
Opam is a source-based package manager for OCaml. It supports multiple
simultaneous compiler installations, flexible package constraints, and a
Git-friendly development workflow.
--------------------------------------------------------------------------------
Update Information:
Version 2.5.2 of opam fixes CVE-2026-57825. See
https://github.com/ocaml/opam/releases/tag/2.5.2 for more information.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 10 2026 Jerry James [loganjerry@gmail.com] - 2.5.2-1
- Version 2.5.2
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fb48505840' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: python-uv-build-0.11.28-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8893ec1aeb
2026-07-19 03:55:06.729034+00:00
--------------------------------------------------------------------------------
Name : python-uv-build
Product : Fedora 43
Version : 0.11.28
Release : 1.fc43
URL : https://pypi.org/project/uv-build
Summary : The uv build backend
Description :
This package is a slimmed down version of uv containing only the build
backend.
--------------------------------------------------------------------------------
Update Information:
Update uv / python-uv-build to 0.11.28, with significant hardening of zip file
handling against parser differentials.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 8 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.28-1
- Update to 0.11.28 (close RHBZ#2497949)
* Tue Jul 7 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.27-1
- Update to 0.11.27 (close RHBZ#2497574)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8893ec1aeb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: uv-0.11.28-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8893ec1aeb
2026-07-19 03:55:06.729034+00:00
--------------------------------------------------------------------------------
Name : uv
Product : Fedora 43
Version : 0.11.28
Release : 1.fc43
URL : https://github.com/astral-sh/uv
Summary : An extremely fast Python package installer and resolver, written in Rust
Description :
An extremely fast Python package and project manager, written in Rust.
Highlights:
• A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twine,
virtualenv, and more.
• 10-100x faster than pip.
• Provides comprehensive project management, with a universal lockfile.
• Runs scripts, with support for inline dependency metadata.
• Installs and manages Python versions.
• Runs and installs tools published as Python packages.
• Includes a pip-compatible interface for a performance boost with a familiar
CLI.
• Supports Cargo-style workspaces for scalable projects.
• Disk-space efficient, with a global cache for dependency deduplication.
--------------------------------------------------------------------------------
Update Information:
Update uv / python-uv-build to 0.11.28, with significant hardening of zip file
handling against parser differentials.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 8 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.28-1
- Update to 0.11.28 (close RHBZ#2497922)
* Tue Jul 7 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.27-1
- Update to 0.11.27 (close RHBZ#2497560)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8893ec1aeb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: python-orjson-3.11.9-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c8f1a4ee05
2026-07-19 03:55:06.729037+00:00
--------------------------------------------------------------------------------
Name : python-orjson
Product : Fedora 43
Version : 3.11.9
Release : 3.fc43
URL : https://github.com/ijl/orjson
Summary : Fast, correct Python JSON library
Description :
orjson is a fast, correct Python JSON library supporting dataclasses,
datetimes, and numpy
--------------------------------------------------------------------------------
Update Information:
Update PyO3 to 0.29, fixing RUSTSEC-2026-0194 and RUSTSEC-2026-0195.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 10 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 3.11.9-3
- Update PyO3 to 0.29
* Thu Jun 4 2026 Python Maint - 3.11.9-2
- Rebuilt for Python 3.15
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c8f1a4ee05' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-astral_async_zip-0.0.20-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8893ec1aeb
2026-07-19 03:55:06.729034+00:00
--------------------------------------------------------------------------------
Name : rust-astral_async_zip
Product : Fedora 43
Version : 0.0.20
Release : 1.fc43
URL : https://crates.io/crates/astral_async_zip
Summary : Asynchronous ZIP archive reading/writing crate
Description :
An asynchronous ZIP archive reading/writing crate.
--------------------------------------------------------------------------------
Update Information:
Update uv / python-uv-build to 0.11.28, with significant hardening of zip file
handling against parser differentials.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 7 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.0.20-1
- Update to version 0.0.20; Fixes RHBZ#2497383
* Thu Jun 18 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.0.18-3
- Exclude examples, tests, and test data from -devel packages
* Thu Jun 18 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.0.18-2
- Exclude rustfmt.toml from the crate
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8893ec1aeb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new