Ghostscript, Glibc, Bind, and more updates for Fedora

Fedora Linux 9228 Published by

Several security updates have been released for Fedora Linux, including new versions of ghostscript and glibc for Fedora 42, and bind, chromium, mingw-openexr, qownnotes, and several libraries for Fedora 43. The update for Fedora 42 includes new versions of ghostscript (10.05.1-6.fc42) and glibc (2.41-16.fc42). For Fedora 43, the updates include bind (9.18.44-1.fc43), chromium (144.0.7559.96-1.fc43), and several mingw libraries such as openexr (3.3.6-1.fc43) and glib2 (2.86.3-2.fc43).

Fedora 42 Update: ghostscript-10.05.1-6.fc42
Fedora 42 Update: glibc-2.41-16.fc42
Fedora 43 Update: bind-9.18.44-1.fc43
Fedora 43 Update: bind-dyndb-ldap-11.11-10.fc43
Fedora 43 Update: chromium-144.0.7559.96-1.fc43
Fedora 43 Update: mingw-openexr-3.3.6-1.fc43
Fedora 43 Update: glibc-2.42-9.fc43
Fedora 43 Update: qownnotes-26.1.7-4.fc43
Fedora 43 Update: mingw-libsoup-2.74.3-16.fc43
Fedora 43 Update: mingw-glib2-2.86.3-2.fc43
Fedora 43 Update: mingw-harfbuzz-11.5.1-2.fc43




[SECURITY] Fedora 42 Update: ghostscript-10.05.1-6.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d7cbd53e55
2026-01-27 06:42:28.827106+00:00
--------------------------------------------------------------------------------

Name : ghostscript
Product : Fedora 42
Version : 10.05.1
Release : 6.fc42
URL : https://ghostscript.com/
Summary : Interpreter for PostScript language & PDF
Description :
This package provides useful conversion utilities based on Ghostscript software,
for converting PS, PDF and other document formats between each other.

Ghostscript is a suite of software providing an interpreter for Adobe Systems'
PostScript (PS) and Portable Document Format (PDF) page description languages.
Its primary purpose includes displaying (rasterization & rendering) and printing
of document pages, as well as conversions between different document formats.

--------------------------------------------------------------------------------
Update Information:

security fix for CVE-2025-59798, CVE-2025-59799, CVE-2025-59800 (fedora#2431544,
fedora#2431548, fedora#2431546)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 21 2026 Zdenek Dohnal [zdohnal@redhat.com] - 10.05.1-6
- security fix for CVE-2025-59798, CVE-2025-59799, CVE-2025-59800 (fedora#2431544, fedora#2431548, fedora#2431546)
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 10.05.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2431545 - CVE-2025-59798 ghostscript: From CVEorg collector [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2431545
[ 2 ] Bug #2431547 - CVE-2025-59800 ghostscript: From CVEorg collector [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2431547
[ 3 ] Bug #2431549 - CVE-2025-59799 ghostscript: From CVEorg collector [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2431549
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d7cbd53e55' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: glibc-2.41-16.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a2f3af8a86
2026-01-27 06:42:28.827046+00:00
--------------------------------------------------------------------------------

Name : glibc
Product : Fedora 42
Version : 2.41
Release : 16.fc42
URL : http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

--------------------------------------------------------------------------------
Update Information:

This update switches the currency symbol for Bulgaria to the Euro.
Furthermore, it addresses several security vulnerabilities:
A crash when wordexp is used with WRDE_REUSE (CVE-2025-15281)
Information leakage from the stack if getnetbyaddr is called for the zero
address (CVE-2026-0915)
An integer overflow in memalign and related functions if they are called with
out-of-bounds size/alignment combinations (CVE-2026-0861)
LD_PROFILE is now ignored with a warning if LD_PROFILE_OUTPUT is not specified,
rather than using the insecure /var/tmp default.
The changes updates from the upstream stable release branch are applied:
nptl: Optimize trylock for high cache contention workloads (BZ #33704) (Sunil K
Pandey)
sprof: fix -Wformat warnings on 32-bit hosts (Collin Funk)
sprof: check pread size and offset for overflow (DJ Delorie)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 23 2026 Florian Weimer [fweimer@redhat.com] - 2.41-16
- Ignore LD_PROFILE if LD_PROFILE_OUTPUT is not set (#2432405)
* Fri Jan 23 2026 Florian Weimer [fweimer@redhat.com] - 2.41-15
- Auto-sync with upstream branch release/2.41/master,
commit fb4db64a04ad6c96cd1fbb7e02eb59323b1f2ac2:
- posix: Reset wordexp_t fields with WRDE_REUSE (CVE-2025-15281)
- resolv: Fix NSS DNS backend for getnetbyaddr (CVE-2026-0915)
- memalign: reinstate alignment overflow check (CVE-2026-0861)
* Tue Jan 13 2026 Florian Weimer [fweimer@redhat.com] - 2.41-14
- Switch currency symbol for the bg_BG locale to euro (#2429016)
* Mon Jan 12 2026 Fr??d??ric B??rat [fberat@redhat.com] - 2.41-13
- Auto-sync with upstream branch master,
commit c96b4ed1e26f06ebc56c17ba2c29d1647be68c1e:
- nptl: Optimize trylock for high cache contention workloads (BZ #33704) (Sunil K Pandey)
- support: Exit on consistency check failure in resolv_response_add_name (Florian Weimer)
- support: Fix FILE * leak in check_for_unshare_hints in test-container (Florian Weimer)
- sprof: fix -Wformat warnings on 32-bit hosts (Collin Funk)
- sprof: check pread size and offset for overflow (DJ Delorie)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2429016 - glibc: Bulgaria joined the eurozone
https://bugzilla.redhat.com/show_bug.cgi?id=2429016
[ 2 ] Bug #2430076 - CVE-2026-0861 glibc: Integer overflow in memalign leads to heap corruption [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2430076
[ 3 ] Bug #2430319 - CVE-2026-0915 glibc: glibc: Information disclosure via zero-valued network query [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2430319
[ 4 ] Bug #2431279 - CVE-2025-15281 glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2431279
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a2f3af8a86' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: bind-9.18.44-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-567ff6c687
2026-01-27 05:36:35.122886+00:00
--------------------------------------------------------------------------------

Name : bind
Product : Fedora 43
Version : 9.18.44
Release : 1.fc43
URL : https://www.isc.org/downloads/bind/
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Description :
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.

--------------------------------------------------------------------------------
Update Information:

Update to 9.18.44 (rhbz#2431609)
Security Fixes:
Fix incorrect length checks for BRID and HHIT records. (CVE-2025-13878)
Bug Fixes:
Allow glue in delegations with QTYPE=ANY.
Reconfiguring an NSEC3 opt-out zone to NSEC caused the zone to be invalid.
https://downloads.isc.org/isc/bind9/9.18.44/doc/arm/html/notes.html#notes-for-
bind-9-18-44
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 22 2026 Petr Men????k [pemensik@redhat.com] - 32:9.18.44-1
- Update to 9.18.44 (rhbz#2431609)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2431609 - bind-9.18.44 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2431609
[ 2 ] Bug #2431925 - CVE-2025-13878 bind: bind: Denial of Service via corrupt or malicious record [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431925
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-567ff6c687' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: bind-dyndb-ldap-11.11-10.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-567ff6c687
2026-01-27 05:36:35.122886+00:00
--------------------------------------------------------------------------------

Name : bind-dyndb-ldap
Product : Fedora 43
Version : 11.11
Release : 10.fc43
URL : https://releases.pagure.org/bind-dyndb-ldap
Summary : LDAP back-end plug-in for BIND
Description :
This package provides an LDAP back-end plug-in for BIND. It features
support for dynamic updates and internal caching, to lift the load
off of your LDAP server.

--------------------------------------------------------------------------------
Update Information:

Update to 9.18.44 (rhbz#2431609)
Security Fixes:
Fix incorrect length checks for BRID and HHIT records. (CVE-2025-13878)
Bug Fixes:
Allow glue in delegations with QTYPE=ANY.
Reconfiguring an NSEC3 opt-out zone to NSEC caused the zone to be invalid.
https://downloads.isc.org/isc/bind9/9.18.44/doc/arm/html/notes.html#notes-for-
bind-9-18-44
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 22 2026 Petr Men????k [pemensik@redhat.com] - 11.11-10
- Rebuilt for BIND 9.18.44 (rhbz#2431609)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2431609 - bind-9.18.44 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2431609
[ 2 ] Bug #2431925 - CVE-2025-13878 bind: bind: Denial of Service via corrupt or malicious record [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431925
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-567ff6c687' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: chromium-144.0.7559.96-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b4b553ec05
2026-01-27 04:51:32.146782+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 43
Version : 144.0.7559.96
Release : 1.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 144.0.7559.96
* CVE-2026-1220: Race in V8
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 21 2026 Than Ngo [than@redhat.com] - 144.0.7559.96-1
- Update to 144.0.7559.96
* CVE-2026-1220: Race in V8
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 144.0.7559.59-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 144.0.7559.59-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b4b553ec05' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: mingw-openexr-3.3.6-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1fbf91067c
2026-01-27 04:51:32.146746+00:00
--------------------------------------------------------------------------------

Name : mingw-openexr
Product : Fedora 43
Version : 3.3.6
Release : 1.fc43
URL : http://www.openexr.com/
Summary : MinGW Windows openexr library
Description :
MinGW Windows openexr library.

--------------------------------------------------------------------------------
Update Information:

Update to openexr-3.3.6, fixes multiple security issues.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan 17 2026 Sandro Mani [manisandro@gmail.com] - 3.3.6-1
- Update to 3.3.6
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2417239 - CVE-2025-64183 mingw-openexr: use after free in PyObject_StealAttrString [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417239
[ 2 ] Bug #2417242 - CVE-2025-64183 mingw-openexr: use after free in PyObject_StealAttrString [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417242
[ 3 ] Bug #2417985 - CVE-2025-64182 mingw-openexr: buffer overflow in PyOpenEXR_old's channels() and channel() [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417985
[ 4 ] Bug #2417987 - CVE-2025-64182 mingw-openexr: buffer overflow in PyOpenEXR_old's channels() and channel() [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417987
[ 5 ] Bug #2418247 - CVE-2025-64181 mingw-openexr: Use of Uninitialized Memory inside generic_unpack [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2418247
[ 6 ] Bug #2418249 - CVE-2025-64181 mingw-openexr: Use of Uninitialized Memory inside generic_unpack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2418249
[ 7 ] Bug #2424903 - CVE-2025-12839 mingw-openexr: OpenEXR: Remote Code Execution via Heap-based Buffer Overflow in EXR File Parsing [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2424903
[ 8 ] Bug #2424904 - CVE-2025-12840 mingw-openexr: OpenEXR: Remote Code Execution via EXR file parsing heap-based buffer overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2424904
[ 9 ] Bug #2424908 - CVE-2025-12495 mingw-openexr: OpenEXR: Remote Code Execution via malicious EXR file parsing [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2424908
[ 10 ] Bug #2424913 - CVE-2025-12839 mingw-openexr: OpenEXR: Remote Code Execution via Heap-based Buffer Overflow in EXR File Parsing [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2424913
[ 11 ] Bug #2424915 - CVE-2025-12840 mingw-openexr: OpenEXR: Remote Code Execution via EXR file parsing heap-based buffer overflow [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2424915
[ 12 ] Bug #2424920 - CVE-2025-12495 mingw-openexr: OpenEXR: Remote Code Execution via malicious EXR file parsing [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2424920
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1fbf91067c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: glibc-2.42-9.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-205d532069
2026-01-27 04:51:32.146789+00:00
--------------------------------------------------------------------------------

Name : glibc
Product : Fedora 43
Version : 2.42
Release : 9.fc43
URL : http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

--------------------------------------------------------------------------------
Update Information:

This update switches the currency symbol for Bulgaria to the Euro.
Furthermore, it addresses several security vulnerabilities:
A crash when wordexp is used with WRDE_REUSE (CVE-2025-15281)
Information leakage from the stack if getnetbyaddr is called for the zero
address (CVE-2026-0915)
An integer overflow in memalign and related functions if they are called with
out-of-bounds size/alignment combinations (CVE-2026-0861)
LD_PROFILE is now ignored with a warning if LD_PROFILE_OUTPUT is not specified,
rather than using the insecure /var/tmp default.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 23 2026 Florian Weimer [fweimer@redhat.com] - 2.42-9
- Ignore LD_PROFILE if LD_PROFILE_OUTPUT is not set (#2432405)
* Fri Jan 23 2026 Florian Weimer [fweimer@redhat.com] - 2.42-8
- Auto-sync with upstream branch release/2.42/master,
commit cbf39c26b25801e9bc88499b4fd361ac172d4125:
- posix: Reset wordexp_t fields with WRDE_REUSE (CVE-2025-15281)
- resolv: Fix NSS DNS backend for getnetbyaddr (CVE-2026-0915)
- memalign: reinstate alignment overflow check (CVE-2026-0861)
* Tue Jan 13 2026 Florian Weimer [fweimer@redhat.com] - 2.42-7
- Switch currency symbol for the bg_BG locale to euro (#2429016)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2429016 - glibc: Bulgaria joined the eurozone
https://bugzilla.redhat.com/show_bug.cgi?id=2429016
[ 2 ] Bug #2430078 - CVE-2026-0861 glibc: Integer overflow in memalign leads to heap corruption [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2430078
[ 3 ] Bug #2430321 - CVE-2026-0915 glibc: glibc: Information disclosure via zero-valued network query [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2430321
[ 4 ] Bug #2431281 - CVE-2025-15281 glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431281
[ 5 ] Bug #2432405 - glibc: Ignore LD_PROFILE if LD_PROFILE_OUTPUT is not set
https://bugzilla.redhat.com/show_bug.cgi?id=2432405
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-205d532069' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: qownnotes-26.1.7-4.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-00a6b7589c
2026-01-27 04:51:32.146777+00:00
--------------------------------------------------------------------------------

Name : qownnotes
Product : Fedora 43
Version : 26.1.7
Release : 4.fc43
URL : https://www.qownnotes.org
Summary : Plain-text file notepad and todo-list manager with Markdown support
Description :
QOwnNotes is the open source notepad with Markdown support and todo list manager
for GNU/Linux, macOS and Windows, that works together with Nextcloud Notes and
ownCloud Notes.

You are able to write down your thoughts with QOwnNotes and edit or search for
them later from your mobile device, like with Nextcloud Notes for Android or the
Nextcloud / ownCloud web-service.

The notes are stored as plain text markdown files and are synced with
Nextcloud's/ownCloud's file sync functionality. Of course other software, like
Syncthing or Dropbox can be used too.

If you like the concept of having notes accessible in plain text files, like it
is done in the Nextcloud / ownCloud notes apps to gain a maximum of freedom then
QOwnNotes is for you.

--------------------------------------------------------------------------------
Update Information:

See commit history
Automatic update for qownnotes-26.1.7-2.fc43.
Changelog for qownnotes
* Fri Jan 16 2026 Artem Polishchuk [ego.cordatus@gmail.com] - 26.1.7-2
- Mask BR: botan-3 temporary
* Thu Jan 15 2026 Artem Polishchuk [ego.cordatus@gmail.com] - 26.1.7-1
- 26.1.7
- Bundle Botan 2 for now
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan 17 2026 Artem Polishchuk [ego.cordatus@gmail.com] - 26.1.7-4
- Build with system Botan-2
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 26.1.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Artem Polishchuk [ego.cordatus@gmail.com] - 26.1.7-2
- Mask BR: botan-3 temporary
* Thu Jan 15 2026 Artem Polishchuk [ego.cordatus@gmail.com] - 26.1.7-1
- 26.1.7
- Bundle Botan 2 for now
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2421920 - CVE-2025-8083 qownnotes: Vuetify Prototype Pollution via Preset options [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2421920
[ 2 ] Bug #2423088 - CVE-2025-8082 qownnotes: Vuetify: Cross-Site Scripting (XSS) vulnerability in VDatePicker component [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2423088
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-00a6b7589c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: mingw-libsoup-2.74.3-16.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-20b533bbc7
2026-01-27 04:51:32.146744+00:00
--------------------------------------------------------------------------------

Name : mingw-libsoup
Product : Fedora 43
Version : 2.74.3
Release : 16.fc43
URL : https://wiki.gnome.org/Projects/libsoup
Summary : MinGW library for HTTP and XML-RPC functionality
Description :
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
the SOAP and non-SOAP parts have now been split into separate packages.

libsoup uses the Glib main loop and is designed to work well with GTK
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it).

This is the MinGW build of Libsoup

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2025-14523
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan 17 2026 Sandro Mani [manisandro@gmail.com] - 2.74.3-16
- Backport patch for CVE-2025-14523
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.74.3-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2421353 - CVE-2025-14523 mingw-libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins) [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2421353
[ 2 ] Bug #2421356 - CVE-2025-14523 mingw-libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins) [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2421356
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-20b533bbc7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: mingw-glib2-2.86.3-2.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-46fe567fd3
2026-01-27 04:51:32.146741+00:00
--------------------------------------------------------------------------------

Name : mingw-glib2
Product : Fedora 43
Version : 2.86.3
Release : 2.fc43
URL : http://www.gtk.org
Summary : MinGW Windows GLib2 library
Description :
MinGW Windows Glib2 library.

--------------------------------------------------------------------------------
Update Information:

Backport patch for CVE-2026.0988.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan 17 2026 Sandro Mani [manisandro@gmail.com] - 2.86.3-2
- Backport fix for CVE-2026-0988
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2429900 - CVE-2026-0988 mingw-glib2: GLib: Denial of Service via Integer Overflow in g_buffered_input_stream_peek() [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2429900
[ 2 ] Bug #2429919 - CVE-2026-0988 mingw-glib2: GLib: Denial of Service via Integer Overflow in g_buffered_input_stream_peek() [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2429919
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-46fe567fd3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: mingw-harfbuzz-11.5.1-2.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dc77eb63ae
2026-01-27 04:51:32.146738+00:00
--------------------------------------------------------------------------------

Name : mingw-harfbuzz
Product : Fedora 43
Version : 11.5.1
Release : 2.fc43
URL : http://www.harfbuzz.org
Summary : MinGW Windows Harfbuzz library
Description :
HarfBuzz is an implementation of the OpenType Layout engine.

--------------------------------------------------------------------------------
Update Information:

Backport patch for CVE-2026-22693.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan 17 2026 Sandro Mani [manisandro@gmail.com] - 11.5.1-2
- Backport patch for CVE-2026-22693
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2429284 - CVE-2026-22693 mingw-harfbuzz: Null Pointer Dereference in harfbuzz [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2429284
[ 2 ] Bug #2429295 - CVE-2026-22693 mingw-harfbuzz: Null Pointer Dereference in harfbuzz [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2429295
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dc77eb63ae' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new


Node.js 25.5.0 (Current) released

PHP, Poppler, Kernel, and more updates for RHEL

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...