Evince, .NET, Kernel, and more updates for Fedora

Fedora Linux 9360 Published by

Fedora 42 and 43 just received a major wave of security patches covering dozens of essential packages like the Apache web server, Docker build tools, .NET runtimes, and the Linux kernel. These updates tackle serious vulnerabilities including command injection flaws, buffer overflows, and weak certificate validation that could allow attackers to execute arbitrary code or steal sensitive data.

Fedora 42 Update: evince-48.1-2.fc42
Fedora 43 Update: python-requests-2.33.1-1.fc43
Fedora 43 Update: python-pulp-glue-0.37.0-5.fc43
Fedora 43 Update: httpd-2.4.67-1.fc43
Fedora 42 Update: dotnet8.0-8.0.127-1.fc42
Fedora 42 Update: kernel-6.19.14-108.fc42
Fedora 42 Update: dotnet9.0-9.0.117-1.fc42
Fedora 42 Update: dotnet10.0-10.0.108-1.fc42
Fedora 42 Update: docker-buildkit-0.30.0-1.fc42
Fedora 42 Update: docker-buildx-0.34.0-1.fc42
Fedora 42 Update: python3.15-3.15.0~b1-1.fc42
Fedora 42 Update: nss-3.123.1-1.fc42
Fedora 42 Update: firefox-151.0-2.fc42
Fedora 43 Update: dotnet8.0-8.0.127-1.fc43
Fedora 43 Update: perl-Apache-Session-Browseable-1.3.19-1.fc43
Fedora 43 Update: dotnet10.0-10.0.108-1.fc43
Fedora 43 Update: dotnet9.0-9.0.117-1.fc43
Fedora 43 Update: docker-buildkit-0.30.0-1.fc43
Fedora 43 Update: docker-buildx-0.34.0-1.fc43
Fedora 43 Update: python3.15-3.15.0~b1-1.fc43
Fedora 43 Update: pie-1.4.4-1.fc43
Fedora 43 Update: composer-2.9.8-1.fc43




[SECURITY] Fedora 42 Update: evince-48.1-2.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-49dc95b509
2026-05-24 01:10:40.847670+00:00
--------------------------------------------------------------------------------

Name : evince
Product : Fedora 42
Version : 48.1
Release : 2.fc42
URL : https://wiki.gnome.org/Apps/Evince
Summary : Document viewer
Description :
Evince is simple multi-page document viewer. It can display and print
Portable Document Format (PDF), PostScript (PS) and Encapsulated PostScript
(EPS) files. When supported by the document format, evince allows searching
for text, copying text to the clipboard, hypertext navigation,
table-of-contents bookmarks and editing of forms.

Support for other document formats such as DVI and DJVU can be added by
installing additional backends.

--------------------------------------------------------------------------------
Update Information:

Fix command injection CVE-2026-46529
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 19 2026 Michael Catanzaro [mcatanzaro@redhat.com] - 48.1-2
- Add patch for CVE-2025-53367
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-49dc95b509' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: python-requests-2.33.1-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8ad863685a
2026-05-24 00:50:16.962706+00:00
--------------------------------------------------------------------------------

Name : python-requests
Product : Fedora 43
Version : 2.33.1
Release : 1.fc43
URL : https://pypi.io/project/requests
Summary : HTTP library, written in Python, for human beings
Description :
Most existing Python modules for sending HTTP requests are extremely verbose and
cumbersome. Python???s built-in urllib2 module provides most of the HTTP
capabilities you should need, but the API is thoroughly broken. This library is
designed to make HTTP requests easy for developers.

--------------------------------------------------------------------------------
Update Information:

2.33.1 (2026-03-30)
Bugfixes
- Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary
files in the tmp directory.
- Fixed Content-Type header parsing for malformed values.
- Improved error consistency for malformed header values.
2.33.0 (2026-03-25)
Announcements
- ???? Requests is adding inline types. If you have a typed code base that
uses Requests, please take a look at
#7271.
Give it a try, and report any gaps or feedback you may have in the issue. ????
Security
- CVE-2026-25645
requests.utils.extract_zipped_paths now extracts
contents to a non-deterministic location to prevent malicious file
replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.
Improvements
- Migrated to a PEP 517 build system using setuptools.
Bugfixes
- Fixed an issue where an empty netrc entry could cause
malformed authentication to be applied to Requests on
Python 3.11+.
Deprecations
- Dropped support for Python 3.9 following its end of support.
Documentation
- Various typo fixes and doc improvements.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 31 2026 Lumir Balhar [lbalhar@redhat.com] - 2.33.1-1
- Update to 2.33.1 (rhbz#2451396)
* Tue Mar 10 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 2.32.5-5
- Package the use_chardet_on_py3 extra
* Tue Mar 10 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 2.32.5-4
- Increase chardet upper limit to 7
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.32.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2467989 - python3-requests package lacks fix for CVE-2026-25645
https://bugzilla.redhat.com/show_bug.cgi?id=2467989
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8ad863685a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: python-pulp-glue-0.37.0-5.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8ad863685a
2026-05-24 00:50:16.962706+00:00
--------------------------------------------------------------------------------

Name : python-pulp-glue
Product : Fedora 43
Version : 0.37.0
Release : 5.fc43
URL : https://github.com/pulp/pulp-cli
Summary : The version agnostic Pulp 3 client library in python
Description :
pulp-glue is a library to ease the programmatic communication with the Pulp3
API. It helps to abstract different resource types with so called contexts and
allows to build or even provides complex workflows like chunked upload or
waiting on tasks.
It is built around an openapi3 parser to provide client side validation of http
requests, while accounting for known quirks and incompatibilities between
different Pulp server component versions.

--------------------------------------------------------------------------------
Update Information:

2.33.1 (2026-03-30)
Bugfixes
- Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary
files in the tmp directory.
- Fixed Content-Type header parsing for malformed values.
- Improved error consistency for malformed header values.
2.33.0 (2026-03-25)
Announcements
- ???? Requests is adding inline types. If you have a typed code base that
uses Requests, please take a look at
#7271.
Give it a try, and report any gaps or feedback you may have in the issue. ????
Security
- CVE-2026-25645
requests.utils.extract_zipped_paths now extracts
contents to a non-deterministic location to prevent malicious file
replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.
Improvements
- Migrated to a PEP 517 build system using setuptools.
Bugfixes
- Fixed an issue where an empty netrc entry could cause
malformed authentication to be applied to Requests on
Python 3.11+.
Deprecations
- Dropped support for Python 3.9 following its end of support.
Documentation
- Various typo fixes and doc improvements.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 2 2026 Lumir Balhar [lbalhar@redhat.com] - 0.37.0-5
- Remove upper version bound on requests
* Tue Feb 17 2026 Simone Caronni [negativo17@gmail.com] - 0.37.0-4
- Clean up .gitignore
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2467989 - python3-requests package lacks fix for CVE-2026-25645
https://bugzilla.redhat.com/show_bug.cgi?id=2467989
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8ad863685a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: httpd-2.4.67-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0c87f546f8
2026-05-24 00:50:16.962711+00:00
--------------------------------------------------------------------------------

Name : httpd
Product : Fedora 43
Version : 2.4.67
Release : 1.fc43
URL : https://httpd.apache.org/
Summary : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.

--------------------------------------------------------------------------------
Update Information:

new version 2.4.67
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 6 2026 Lubo?? Uhliarik [luhliari@redhat.com] - 2.4.67-1
- new version 2.4.67
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2464943 - httpd-2.4.67 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2464943
[ 2 ] Bug #2466956 - CVE-2026-28780 httpd: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2466956
[ 3 ] Bug #2469229 - CVE-2026-34032 httpd: heap-based buffer over-read due to missing null-termination check [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2469229
[ 4 ] Bug #2469240 - CVE-2026-34059 httpd: heap-based buffer over-read and memory disclosure in ajp_parse_data() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2469240
[ 5 ] Bug #2469242 - CVE-2026-33007 httpd: NULL pointer dereference can cause a child process crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2469242
[ 6 ] Bug #2469243 - CVE-2026-33857 httpd: off-by-one out-of-bounds reads in AJP getter functions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2469243
[ 7 ] Bug #2476561 - CVE-2026-33006 httpd: timing attack allows a bypass of digest authentication [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2476561
[ 8 ] Bug #2476562 - CVE-2026-29169 httpd: NULL pointer dereference via specially crafted request [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2476562
[ 9 ] Bug #2476563 - CVE-2026-33523 httpd: HTTP response splitting forwarding malicious status line [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2476563
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0c87f546f8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 42 Update: dotnet8.0-8.0.127-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b1a2f623e7
2026-05-23 16:00:29.000934+00:00
--------------------------------------------------------------------------------

Name : dotnet8.0
Product : Fedora 42
Version : 8.0.127
Release : 1.fc42
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

Update to .NET SDK 8.0.127 and Runtime 8.0.27
Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.27/8.0.127.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.27/8.0.27.md
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 13 2026 Omair Majid [omajid@redhat.com] - 8.0.127-1
- Update to .NET SDK 8.0.127 and Runtime 8.0.27
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b1a2f623e7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: kernel-6.19.14-108.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b9f338a467
2026-05-23 16:00:29.000937+00:00
--------------------------------------------------------------------------------

Name : kernel
Product : Fedora 42
Version : 6.19.14
Release : 108.fc42
URL : https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package

--------------------------------------------------------------------------------
Update Information:

The 6.19.14-108 stable kernel update contains a couple if important security
fixes.
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 21 2026 Justin M. Forbes [jforbes@fedoraproject.org] [6.19.14-8]
- net: skbuff: preserve shared-frag marker during coalescing (William Bowling)
- xfrm: esp: restore combined single-frag length gate (Jingguo Tan)
- Just disable the UKI DTB bits for the 6.19 repository (Justin M. Forbes)
- Revert "redhat/kernel.spec.template: Fix indentation of uki-virt generation code" (Justin M. Forbes)
- Revert "redhat/kernel.spec.template: Simplify uki-virt signing" (Justin M. Forbes)
- Revert "redhat/kernel.spec.template: Add kernel-uki-dtbloader sub-package" (Justin M. Forbes)
- Revert "redhat/kernel.spec.template: Make -uki-dtbloader provide kernel-core-uname-r" (Justin M. Forbes)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2480436 - kernel: Linux kernel: xfrm single-frag length not properly limited [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2480436
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b9f338a467' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: dotnet9.0-9.0.117-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-85758358ff
2026-05-23 16:00:29.000912+00:00
--------------------------------------------------------------------------------

Name : dotnet9.0
Product : Fedora 42
Version : 9.0.117
Release : 1.fc42
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

Update to .NET SDK 9.0.117 and Runtime 9.0.16
Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/9.0/9.0.16/9.0.117.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/9.0/9.0.16/9.0.16.md
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 13 2026 Omair Majid [omajid@redhat.com] - 9.0.117-1
- Update to .NET SDK 9.0.117 and Runtime 9.0.16
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-85758358ff' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: dotnet10.0-10.0.108-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ef4291bd79
2026-05-23 16:00:29.000917+00:00
--------------------------------------------------------------------------------

Name : dotnet10.0
Product : Fedora 42
Version : 10.0.108
Release : 1.fc42
URL : https://github.com/dotnet/
Summary : .NET 10.0 Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

Update to .NET SDK 10.0.108 and Runtime 10.0.8
Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/10.0/10.0.8/10.0.108.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/10.0/10.0.8/10.0.8.md
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 13 2026 Omair Majid [omajid@redhat.com] - 10.0.108-1
- Update to .NET SDK 10.0.108 and Runtime 10.0.8
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ef4291bd79' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: docker-buildkit-0.30.0-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0adc4a8098
2026-05-23 16:00:29.000904+00:00
--------------------------------------------------------------------------------

Name : docker-buildkit
Product : Fedora 42
Version : 0.30.0
Release : 1.fc42
URL : https://github.com/moby/buildkit
Summary : Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
Description :
Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit.

--------------------------------------------------------------------------------
Update Information:

Update to release v0.30.0
Resolves CVE-2026-39984: rhbz#2458929
Upstream new features and fixes
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 13 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 0.30.0-1
- Update to release v0.30.0
- Resolves CVE-2026-39984: rhbz#2458929
- Upstream new features and fixes
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2458929 - CVE-2026-39984 docker-buildkit: improper certificate validation in verifier [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458929
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0adc4a8098' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: docker-buildx-0.34.0-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-95f37c21d5
2026-05-23 16:00:29.000901+00:00
--------------------------------------------------------------------------------

Name : docker-buildx
Product : Fedora 42
Version : 0.34.0
Release : 1.fc42
URL : https://github.com/docker/buildx
Summary : Docker CLI plugin for extended build capabilities with BuildKit
Description :
Docker CLI plugin for extended build capabilities with BuildKit.

--------------------------------------------------------------------------------
Update Information:

Update to release v0.34.0
Resolves: rhbz#2467576
Resolves CVE-2026-39984: rhbz#2458930
Upstream new features and fixes
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 13 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 0.34.0-1
- Update to release v0.34.0
- Resolves: rhbz#2467576
- Resolves CVE-2026-39984: rhbz#2458930
- Upstream new features and fixes
* Thu Apr 2 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 0.33.0-2
- Update to new spec file
- Regenerate spec file using go2rpm
- Use gocheck2. Current v0.33.0 release will sometimes fail during check
phase with an https related test. No obvious pattern related to
architecture. gocheck2 will allow for test to be skipped if needed
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2458930 - CVE-2026-39984 docker-buildx: improper certificate validation in verifier [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458930
[ 2 ] Bug #2467576 - docker-buildx-0.34.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2467576
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-95f37c21d5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: python3.15-3.15.0~b1-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e7dc1a8950
2026-05-23 16:00:29.000881+00:00
--------------------------------------------------------------------------------

Name : python3.15
Product : Fedora 42
Version : 3.15.0~b1
Release : 1.fc42
URL : https://www.python.org/
Summary : Version 3.15 of the Python interpreter
Description :
Python 3.15 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

The python3.15 package provides the "python3.15" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.15-libs package,
which should be installed automatically along with python3.15.
The remaining parts of the Python standard library are broken out into the
python3.15-tkinter and python3.15-test packages, which may need to be installed
separately.

Documentation for Python is provided in the python3.15-docs package.

Packages containing additional libraries for Python are generally named with
the "python3.15-" prefix.

--------------------------------------------------------------------------------
Update Information:

A new prerelease of Python 3.15 with fixes to several CVEs.
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 11 2026 Karolina Surma [ksurma@redhat.com] - 3.15.0~b1-1
- Update to Python 3.15.0b1
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2457945 - CVE-2026-1502 python3.15: Python: HTTP header injection via CR/LF in proxy tunnel headers [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457945
[ 2 ] Bug #2458017 - CVE-2026-6100 python3.15: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458017
[ 3 ] Bug #2458225 - CVE-2026-4786 python3.15: Python: Arbitrary code execution via command injection in webbrowser.open() API [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458225
[ 4 ] Bug #2458489 - CVE-2026-5713 python3.15: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458489
[ 5 ] Bug #2461289 - CVE-2026-3219 python3.15: pip: Incorrect file installation due to improper archive handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2461289
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e7dc1a8950' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: nss-3.123.1-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7f6ee801e2
2026-05-23 16:00:29.000875+00:00
--------------------------------------------------------------------------------

Name : nss
Product : Fedora 42
Version : 3.123.1
Release : 1.fc42
URL : http://www.mozilla.org/projects/security/pki/nss/
Summary : Network Security Services
Description :
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled client and
server applications. Applications built with NSS can support SSL v2
and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
v3 certificates, and other security standards.

--------------------------------------------------------------------------------
Update Information:

Update NSS to 3.123.1
Update to Firefox 151.0
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 7 2026 Frantisek Krenzelok [fkrenzel@redhat.com] - 3.123.1-1
- Update NSS to 3.123.1
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7f6ee801e2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: firefox-151.0-2.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7f6ee801e2
2026-05-23 16:00:29.000875+00:00
--------------------------------------------------------------------------------

Name : firefox
Product : Fedora 42
Version : 151.0
Release : 2.fc42
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

Update NSS to 3.123.1
Update to Firefox 151.0
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 18 2026 Martin Stransky [stransky@redhat.com] - 151.0-2
- Update to latest upstream (151.0) build 2
* Thu May 14 2026 Martin Stransky [stransky@redhat.com] - 151.0-1
- Update to latest upstream (151.0)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7f6ee801e2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: dotnet8.0-8.0.127-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3e509b1444
2026-05-23 15:47:52.432953+00:00
--------------------------------------------------------------------------------

Name : dotnet8.0
Product : Fedora 43
Version : 8.0.127
Release : 1.fc43
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

Update to .NET SDK 8.0.127 and Runtime 8.0.27
Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.27/8.0.127.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.27/8.0.27.md
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 13 2026 Omair Majid [omajid@redhat.com] - 8.0.127-1
- Update to .NET SDK 8.0.127 and Runtime 8.0.27
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3e509b1444' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: perl-Apache-Session-Browseable-1.3.19-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e8ef64b8d3
2026-05-23 15:47:52.432930+00:00
--------------------------------------------------------------------------------

Name : perl-Apache-Session-Browseable
Product : Fedora 43
Version : 1.3.19
Release : 1.fc43
URL : https://metacpan.org/release/Apache-Session-Browseable
Summary : Add index and search methods to Apache::Session
Description :
A virtual Apache::Session back-end providing some class methods to manipulate
all sessions and add the capability to index some fields to make re-search
faster.

--------------------------------------------------------------------------------
Update Information:

This update has improvements to generate more secure session IDs
(CVE-2026-8503).
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 14 2026 Paul Howarth - 1.3.19-1
- Update to 1.3.19 (rhbz#2477392)
- Apache::Session::Generate::SHA256 used a low-entropy seed (time, PID, rand,
stringified hash ref) to derive session identifiers; use Crypt::URandom to
generate session ids from a cryptographically secure source, falling back
to the previous hashing method only if Crypt::URandom is unavailable
(CVE-2026-8503, similar in scope to CVE-2025-40931 and CVE-2025-40932)
- Fix Redis indexes: never cleaned before
- Improve resilience and reliability of Patroni driver
* Thu Apr 9 2026 Xavier Bachelot [xavier@bachelot.org] - 1.3.18-4
- BR: perl(DBD::Cassandra) to improve test coverage
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.3.18-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2477392 - perl-Apache-Session-Browseable-1.3.19 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2477392
[ 2 ] Bug #2477847 - CVE-2026-8503 perl-Apache-Session-Browseable: perl-Apache-Session-Browseable: Predictable session IDs allow unauthorized system access [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477847
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e8ef64b8d3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: dotnet10.0-10.0.108-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8923ef586f
2026-05-23 15:47:52.432928+00:00
--------------------------------------------------------------------------------

Name : dotnet10.0
Product : Fedora 43
Version : 10.0.108
Release : 1.fc43
URL : https://github.com/dotnet/
Summary : .NET 10.0 Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

Update to .NET SDK 10.0.108 and Runtime 10.0.8
Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/10.0/10.0.8/10.0.108.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/10.0/10.0.8/10.0.8.md
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 13 2026 Omair Majid [omajid@redhat.com] - 10.0.108-1
- Update to .NET SDK 10.0.108 and Runtime 10.0.8
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8923ef586f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: dotnet9.0-9.0.117-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6013769170
2026-05-23 15:47:52.432925+00:00
--------------------------------------------------------------------------------

Name : dotnet9.0
Product : Fedora 43
Version : 9.0.117
Release : 1.fc43
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

Update to .NET SDK 9.0.117 and Runtime 9.0.16
Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/9.0/9.0.16/9.0.117.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/9.0/9.0.16/9.0.16.md
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 13 2026 Omair Majid [omajid@redhat.com] - 9.0.117-1
- Update to .NET SDK 9.0.117 and Runtime 9.0.16
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6013769170' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: docker-buildkit-0.30.0-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-36769a9e58
2026-05-23 15:47:52.432903+00:00
--------------------------------------------------------------------------------

Name : docker-buildkit
Product : Fedora 43
Version : 0.30.0
Release : 1.fc43
URL : https://github.com/moby/buildkit
Summary : Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
Description :
Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit.

--------------------------------------------------------------------------------
Update Information:

Update to release v0.30.0
Resolves CVE-2026-39984: rhbz#2458929
Upstream new features and fixes
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 13 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 0.30.0-1
- Update to release v0.30.0
- Resolves CVE-2026-39984: rhbz#2458929
- Upstream new features and fixes
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2458929 - CVE-2026-39984 docker-buildkit: improper certificate validation in verifier [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458929
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-36769a9e58' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: docker-buildx-0.34.0-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6d1dd77956
2026-05-23 15:47:52.432901+00:00
--------------------------------------------------------------------------------

Name : docker-buildx
Product : Fedora 43
Version : 0.34.0
Release : 1.fc43
URL : https://github.com/docker/buildx
Summary : Docker CLI plugin for extended build capabilities with BuildKit
Description :
Docker CLI plugin for extended build capabilities with BuildKit.

--------------------------------------------------------------------------------
Update Information:

Update to release v0.34.0
Resolves: rhbz#2467576
Resolves CVE-2026-39984: rhbz#2458930
Upstream new features and fixes
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 13 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 0.34.0-1
- Update to release v0.34.0
- Resolves: rhbz#2467576
- Resolves CVE-2026-39984: rhbz#2458930
- Upstream new features and fixes
* Thu Apr 2 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 0.33.0-2
- Update to new spec file
- Regenerate spec file using go2rpm
- Use gocheck2. Current v0.33.0 release will sometimes fail during check
phase with an https related test. No obvious pattern related to
architecture. gocheck2 will allow for test to be skipped if needed
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2458930 - CVE-2026-39984 docker-buildx: improper certificate validation in verifier [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458930
[ 2 ] Bug #2467576 - docker-buildx-0.34.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2467576
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6d1dd77956' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: python3.15-3.15.0~b1-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e2ada1fa1e
2026-05-23 15:47:52.432877+00:00
--------------------------------------------------------------------------------

Name : python3.15
Product : Fedora 43
Version : 3.15.0~b1
Release : 1.fc43
URL : https://www.python.org/
Summary : Version 3.15 of the Python interpreter
Description :
Python 3.15 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

The python3.15 package provides the "python3.15" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.15-libs package,
which should be installed automatically along with python3.15.
The remaining parts of the Python standard library are broken out into the
python3.15-tkinter and python3.15-test packages, which may need to be installed
separately.

Documentation for Python is provided in the python3.15-docs package.

Packages containing additional libraries for Python are generally named with
the "python3.15-" prefix.

--------------------------------------------------------------------------------
Update Information:

New prerelease of Python 3.15, containing fixes to a few CVEs.
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 11 2026 Karolina Surma [ksurma@redhat.com] - 3.15.0~b1-1
- Update to Python 3.15.0b1
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2457945 - CVE-2026-1502 python3.15: Python: HTTP header injection via CR/LF in proxy tunnel headers [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457945
[ 2 ] Bug #2458017 - CVE-2026-6100 python3.15: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458017
[ 3 ] Bug #2458225 - CVE-2026-4786 python3.15: Python: Arbitrary code execution via command injection in webbrowser.open() API [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458225
[ 4 ] Bug #2458489 - CVE-2026-5713 python3.15: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458489
[ 5 ] Bug #2461289 - CVE-2026-3219 python3.15: pip: Incorrect file installation due to improper archive handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2461289
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e2ada1fa1e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: pie-1.4.4-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b7427db462
2026-05-23 15:47:52.432872+00:00
--------------------------------------------------------------------------------

Name : pie
Product : Fedora 43
Version : 1.4.4
Release : 1.fc43
URL : https://github.com/php/pie
Summary : PHP Installer for Extensions
Description :
PIE (PHP Installer for Extensions).

PIE can install an extension to any installed PHP version.

A list of extensions that support PIE can be found on
https://packagist.org/extensions.

Documentation: /usr/share/doc/pie/docs/usage.md

--------------------------------------------------------------------------------
Update Information:

Version 1.4.4
Dependencies
Update Composer to 2.9.8
Version 1.4.3
add output check for dnf permission denied thanks to @asgrim and @hackel
don't auto install re2c and bison thanks to @asgrim and @hackel
fix two packages found for same ext in pie show etc thanks to @asgrim and
@hackel
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 13 2026 Remi Collet [remi@remirepo.net] - 1.4.4-1
- update to 1.4.4
* Tue May 12 2026 Remi Collet [remi@remirepo.net] - 1.4.3-1
- update to 1.4.3
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b7427db462' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: composer-2.9.8-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3e8172bbdb
2026-05-23 15:47:52.432854+00:00
--------------------------------------------------------------------------------

Name : composer
Product : Fedora 43
Version : 2.9.8
Release : 1.fc43
URL : https://getcomposer.org/
Summary : Dependency Manager for PHP
Description :
Composer helps you declare, manage and install dependencies of PHP projects,
ensuring you have the right stack everywhere.

Documentation: https://getcomposer.org/doc/

--------------------------------------------------------------------------------
Update Information:

Version 2.9.8 - 2026-05-13
Security: Fixed GitHub token validation and disclosure (GHSA-f9f8-rm49-7jv2)
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 13 2026 Remi Collet [remi@remirepo.net] - 2.9.8-1
- update to 2.9.8
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3e8172bbdb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new


Evince and Kernel updates for Debian

Kernel and Firefox updates for Rocky Linux 8

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...