Glow, Python, VHS, and more updates for Fedora

Fedora Linux 9335 Published by

Fedora has released a batch of security updates across versions 42, 43, and 44 to address critical vulnerabilities in widely used software packages. These advisories patch dozens of common CVEs affecting everything from the .NET runtime and Python interpreter to terminal tools like glow, vhs, and Emacs. Developers and system administrators can apply these fixes directly through the dnf package manager by targeting specific advisory IDs or running a standard upgrade command. Each release not only resolves dangerous issues like memory corruption and arbitrary code execution but also bumps the underlying software versions to their latest stable builds.

Fedora 44 Update: glow-2.1.2-1.fc44
Fedora 44 Update: python3.6-3.6.15-57.fc44
Fedora 44 Update: vhs-0.11.0-2.fc44
Fedora 44 Update: rust-rustls-webpki-0.103.13-1.fc44
Fedora 44 Update: emacs-30.2-23.fc44
Fedora 44 Update: jfrog-cli-2.98.0-1.fc44
Fedora 44 Update: pyp2spec-0.14.1-1.fc44
Fedora 44 Update: openbao-2.5.3-1.fc44
Fedora 44 Update: dotnet8.0-8.0.126-1.fc44
Fedora 44 Update: dotnet9.0-9.0.116-1.fc44
Fedora 44 Update: dotnet10.0-10.0.106-1.fc44
Fedora 43 Update: xen-4.20.3-2.fc43
Fedora 43 Update: glow-2.1.2-1.fc43
Fedora 43 Update: emacs-30.2-7.fc43
Fedora 43 Update: rust-rustls-webpki-0.103.13-1.fc43
Fedora 43 Update: vhs-0.10.0-4.fc43
Fedora 43 Update: python3.6-3.6.15-57.fc43
Fedora 43 Update: openbao-2.5.3-1.fc43
Fedora 43 Update: pyp2spec-0.14.1-1.fc43
Fedora 43 Update: dotnet9.0-9.0.116-1.fc43
Fedora 43 Update: dotnet8.0-8.0.126-1.fc43
Fedora 43 Update: dotnet10.0-10.0.106-1.fc43
Fedora 42 Update: chromium-147.0.7727.116-1.fc42
Fedora 42 Update: glow-2.1.2-1.fc42
Fedora 42 Update: vhs-0.9.0-2.fc42
Fedora 42 Update: emacs-30.2-2.fc42
Fedora 42 Update: python3.6-3.6.15-57.fc42
Fedora 42 Update: rust-rustls-webpki-0.103.13-1.fc42
Fedora 42 Update: openbao-2.5.3-1.fc42
Fedora 42 Update: dotnet9.0-9.0.116-1.fc42
Fedora 42 Update: pyp2spec-0.14.1-1.fc42
Fedora 42 Update: dotnet8.0-8.0.126-1.fc42
Fedora 42 Update: dotnet10.0-10.0.106-1.fc42




[SECURITY] Fedora 44 Update: glow-2.1.2-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-423a143483
2026-05-01 03:11:02.715744+00:00
--------------------------------------------------------------------------------

Name : glow
Product : Fedora 44
Version : 2.1.2
Release : 1.fc44
URL : https://github.com/charmbracelet/glow
Summary : Terminal based markdown reader
Description :
Glow is a terminal based markdown reader designed from the ground up to bring
out the beauty???and power???of the CLI. Use it to discover markdown files, read
documentation directly on the command line. Glow will find local markdown
files in subdirectories or a local Git repository.

--------------------------------------------------------------------------------
Update Information:

Update to version 2.1.2. This also updates some of the vendored dependencies to
fix CVEs, as well as building with the latest golang to fix even more CVEs.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 22 2026 Carl George [carlwgeorge@fedoraproject.org] - 2.1.2-1
- Update to version 2.1.2 rhbz#2457076
- Update vendored goldmark to 1.7.17 to resolve CVE-2026-5160
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2457076 - glow-2.1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2457076
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-423a143483' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 44 Update: python3.6-3.6.15-57.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a335d04675
2026-05-01 03:11:02.715737+00:00
--------------------------------------------------------------------------------

Name : python3.6
Product : Fedora 44
Version : 3.6.15
Release : 57.fc44
URL : https://www.python.org/
Summary : Version 3.6 of the Python interpreter
Description :
Python is an accessible, high-level, dynamically typed, interpreted programming
language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

The python3.6 package provides the "python3" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.6-libs package,
which should be installed automatically along with python3.6.
The remaining parts of the Python standard library are broken out into the
python3.6-tkinter and python3.6-test packages, which may need to be installed
separately.

Documentation for Python is provided in the python3.6-docs package.

Packages containing additional libraries for Python are generally named with
the "python3.6-" prefix.

--------------------------------------------------------------------------------
Update Information:

Security fixes for CVE-2026-4786, CVE-2026-6100
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 17 2026 Charalampos Stratakis [cstratak@redhat.com] - 3.6.15-57
- Security fixes for CVE-2026-4786, CVE-2026-6100
Resolves: rhbz#2458018, rhbz#2458226
* Sat Apr 11 2026 Miro Hron??ok [mhroncok@redhat.com] - 3.6.15-56
- Explicitly build with OpenSSL 3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2458018 - CVE-2026-6100 python3.6: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458018
[ 2 ] Bug #2458226 - CVE-2026-4786 python3.6: Python: Arbitrary code execution via command injection in webbrowser.open() API [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458226
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a335d04675' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 44 Update: vhs-0.11.0-2.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-94fbf80bec
2026-05-01 03:11:02.715742+00:00
--------------------------------------------------------------------------------

Name : vhs
Product : Fedora 44
Version : 0.11.0
Release : 2.fc44
URL : https://github.com/charmbracelet/vhs
Summary : Your CLI home video recorder
Description :
Write terminal GIFs as code for integration testing and demoing your CLI tools.

--------------------------------------------------------------------------------
Update Information:

Update vendored goldmark to 1.7.17 to resolve CVE-2026-5160.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 22 2026 Carl George [carlwgeorge@fedoraproject.org] - 0.11.0-2
- Update vendored goldmark to 1.7.17 to resolve CVE-2026-5160
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2458998 - CVE-2026-5160 vhs: github.com/yuin/goldmark/renderer/html: Cross-site Scripting due to improper URL validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458998
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-94fbf80bec' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: rust-rustls-webpki-0.103.13-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8f36b2341e
2026-05-01 03:11:02.715735+00:00
--------------------------------------------------------------------------------

Name : rust-rustls-webpki
Product : Fedora 44
Version : 0.103.13
Release : 1.fc44
URL : https://crates.io/crates/rustls-webpki
Summary : Web PKI X.509 Certificate Verification
Description :
Web PKI X.509 Certificate Verification.

--------------------------------------------------------------------------------
Update Information:

Update to version 0.103.13. Addresses RUSTSEC-2026-0098, RUSTSEC-2026-0099,
RUSTSEC-2026-0104.
Update to version 0.103.10. Addresses RUSTSEC-2026-0049.
Update to version 0.103.9.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 22 2026 Fabio Valentini [decathorpe@gmail.com] - 0.103.13-1
- Update to version 0.103.13; Fixes RHBZ#2457282
* Tue Mar 24 2026 Fabio Valentini [decathorpe@gmail.com] - 0.103.10-1
- Update to version 0.103.10; Fixes RHBZ#2449815
* Wed Mar 18 2026 Fabio Valentini [decathorpe@gmail.com] - 0.103.9-1
- Update to version 0.103.9; Fixes RHBZ#2430422
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8f36b2341e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: emacs-30.2-23.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-49b8ca7981
2026-05-01 03:11:02.715739+00:00
--------------------------------------------------------------------------------

Name : emacs
Product : Fedora 44
Version : 30.2
Release : 23.fc44
URL : https://www.gnu.org/software/emacs/
Summary : GNU Emacs text editor
Description :
GNU Emacs is a powerful, customizable, self-documenting, modeless text
editor. It contains special code editing features, a scripting language
(elisp), and the capability to read mail, news, and more without leaving
the editor.

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 22 2026 Peter Oliver [git@mavit.org.uk] - 1:30.2-23
- Fix CVE-2026-6861: memory corruption vulnerability when processing SVG
CSS.
* Tue Mar 31 2026 Peter Oliver [git@mavit.org.uk] - 1:30.2-22
- Fix bad backport of Tree-sitter 0.26 compatibility patch.
* Mon Mar 30 2026 Andreas Schneider [asn@cryptomilk.org] - 1:30.2-21
- Rebuild against tree-sitter-0.26.7-2.fc45
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2460586 - CVE-2026-6861 emacs: Emacs: Memory corruption vulnerability when processing SVG CSS [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460586
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-49b8ca7981' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: jfrog-cli-2.98.0-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6b87863841
2026-05-01 03:11:02.715683+00:00
--------------------------------------------------------------------------------

Name : jfrog-cli
Product : Fedora 44
Version : 2.98.0
Release : 1.fc44
URL : https://github.com/jfrog/jfrog-cli
Summary : CLI to automate access to JFrog products
Description :
JFrog CLI is a client that provides a simple interface that automates access to
the JFrog products.

--------------------------------------------------------------------------------
Update Information:

Upstream release 2.98.0. https://github.com/jfrog/jfrog-cli/releases/tag/v2.98.0
Resolves the following security issues:
CVE-2025-11579
CVE-2025-66564
CVE-2026-23831
CVE-2026-23991
CVE-2026-23992
CVE-2026-24117
CVE-2026-24137
CVE-2026-24686
CVE-2026-32285
CVE-2026-33762
CVE-2026-34165
CVE-2026-34986
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 1 2026 Dominik 'Rathann' Mierzejewski [dominik@greysector.net] - 2.98.0-1
- update to 2.98.0 (resolves rhbz#2446929)
* Fri Mar 6 2026 Dominik 'Rathann' Mierzejewski [dominik@greysector.net] - 2.95.0-1
- update to 2.95.0 (resolves rhbz#2442715)
* Thu Feb 19 2026 Dominik 'Rathann' Mierzejewski [dominik@greysector.net] - 2.92.0-1
- update to 2.92.0 (resolves rhbz#2427925)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6b87863841' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: pyp2spec-0.14.1-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-4a8ed954a6
2026-05-01 03:11:02.715677+00:00
--------------------------------------------------------------------------------

Name : pyp2spec
Product : Fedora 44
Version : 0.14.1
Release : 1.fc44
URL : https://github.com/befeleme/pyp2spec
Summary : Generate Fedora RPM spec files for Python projects
Description :
pyp2spec is a tech preview. It is a tool generating Fedora RPM spec files
for Python distributions. It utilizes the benefits of pyproject-rpm-macros.

--------------------------------------------------------------------------------
Update Information:

Added sanitization of inputs of the metadata fields.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 21 2026 Packit [hello@packit.dev] - 0.14.1-1
- Update to 0.14.1 upstream release
- Resolves: rhbz#2460051
- Resolves: rhbz#2449892
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-4a8ed954a6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: openbao-2.5.3-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c7450bfed6
2026-05-01 03:11:02.715680+00:00
--------------------------------------------------------------------------------

Name : openbao
Product : Fedora 44
Version : 2.5.3
Release : 1.fc44
URL : https://openbao.org
Summary : A tool for securely accessing secrets
Description :
Openbao secures, stores, and tightly controls access to tokens, passwords,
certificates, API keys, and other secrets in modern computing. Openbao handles
leasing, key revocation, key rolling, and auditing. Through a unified API, users
can access an encrypted Key/Value store and network encryption-as-a-service, or
generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH
credentials, and more.

--------------------------------------------------------------------------------
Update Information:

Update to upstream 2.5.3, fix CVE-2026-34986, CVE-2026-39388, CVE-2026-39396,
CVE-2026-40264
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 21 2026 Dave Dykstra - 2.5.3-1
- update to upstream 2.5.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2455630 - CVE-2026-34986 openbao: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2455630
[ 2 ] Bug #2459846 - openbao-2.5.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2459846
[ 3 ] Bug #2460057 - CVE-2026-39388 openbao: OpenBao: Token renewal vulnerability via incorrect certificate matching in Certificate authentication. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460057
[ 4 ] Bug #2460059 - CVE-2026-39396 openbao: OpenBao: Denial of Service via decompression bomb in OCI plugin extraction [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460059
[ 5 ] Bug #2460061 - CVE-2026-40264 openbao: OpenBao: Unauthorized token management by privileged administrator [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460061
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c7450bfed6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: dotnet8.0-8.0.126-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-edca75e401
2026-05-01 03:11:02.715668+00:00
--------------------------------------------------------------------------------

Name : dotnet8.0
Product : Fedora 44
Version : 8.0.126
Release : 1.fc44
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

Update to .NET SDK 8.0.126 and Runtime 8.0.26
Fixes: CVE-2026-26171, CVE-2026-32178, CVE-2026-32203, CVE-2026-33116
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.26/8.0.126.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.26/8.0.26.md
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 17 2026 Omair Majid [omajid@redhat.com] - 8.0.126-1
- Update to .NET SDK 8.0.126 and Runtime 8.0.26
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-edca75e401' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: dotnet9.0-9.0.116-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e1d2833798
2026-05-01 03:11:02.715670+00:00
--------------------------------------------------------------------------------

Name : dotnet9.0
Product : Fedora 44
Version : 9.0.116
Release : 1.fc44
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

Update to .NET SDK 9.0.116 and Runtime 9.0.15
Fixes: CVE-2026-26171, CVE-2026-32178, CVE-2026-32203, CVE-2026-33116
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/9.0/9.0.15/9.0.116.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/9.0/9.0.15/9.0.15.md
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 17 2026 Omair Majid [omajid@redhat.com] - 9.0.116-1
- Update to .NET SDK 9.0.116 and Runtime 9.0.15
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e1d2833798' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: dotnet10.0-10.0.106-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fc2112cdd4
2026-05-01 03:11:02.715665+00:00
--------------------------------------------------------------------------------

Name : dotnet10.0
Product : Fedora 44
Version : 10.0.106
Release : 1.fc44
URL : https://github.com/dotnet/
Summary : .NET 10.0 Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

Update to .NET SDK 10.0.106 and Runtime 10.0.6
Fixes: CVE-2026-26171, CVE-2026-32178, CVE-2026-32203, CVE-2026-33116
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/10.0/10.0.6/10.0.106.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/10.0/10.0.6/10.0.6.md
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 17 2026 Omair Majid [omajid@redhat.com] - 10.0.106-1
- Update to .NET SDK 10.0.106 and Runtime 10.0.6
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fc2112cdd4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: xen-4.20.3-2.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-78cd69d9ae
2026-05-01 03:01:50.286568+00:00
--------------------------------------------------------------------------------

Name : xen
Product : Fedora 43
Version : 4.20.3
Release : 2.fc43
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------
Update Information:

oxenstored keeps quota related use counts across domain destruction
[XSA-483, CVE-2026-23556]
Xenstored DoS via XS_RESET_WATCHES command [XSA-484, CVE-2026-23557]
grant table v2 race in status page mapping [XSA-486, CVE-2026-23558]
x86: Floating Point Divider State Sampling [XSA-488, CVE-2025-54505]
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 29 2026 Michael Young [m.a.young@durham.ac.uk] - 4.20.3-2
- oxenstored keeps quota related use counts across domain destruction
[XSA-483, CVE-2026-23556]
- Xenstored DoS via XS_RESET_WATCHES command [XSA-484, CVE-2026-23557]
- grant table v2 race in status page mapping [XSA-486, CVE-2026-23558]
- x86: Floating Point Divider State Sampling [XSA-488, CVE-2025-54505]
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-78cd69d9ae' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: glow-2.1.2-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6d67b00ef1
2026-05-01 03:01:50.286553+00:00
--------------------------------------------------------------------------------

Name : glow
Product : Fedora 43
Version : 2.1.2
Release : 1.fc43
URL : https://github.com/charmbracelet/glow
Summary : Terminal based markdown reader
Description :
Glow is a terminal based markdown reader designed from the ground up to bring
out the beauty???and power???of the CLI. Use it to discover markdown files, read
documentation directly on the command line. Glow will find local markdown
files in subdirectories or a local Git repository.

--------------------------------------------------------------------------------
Update Information:

Update to version 2.1.2. This also updates some of the vendored dependencies to
fix CVEs, as well as building with the latest golang to fix even more CVEs.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 22 2026 Carl George [carlwgeorge@fedoraproject.org] - 2.1.2-1
- Update to version 2.1.2 rhbz#2457076
- Update vendored goldmark to 1.7.17 to resolve CVE-2026-5160
* Sun Mar 22 2026 Carl George [carlwgeorge@fedoraproject.org] - 2.1.1-10
- Adopt go-vendor-tools
* Mon Feb 2 2026 Maxwell G [maxwell@gtmx.me] - 2.1.1-9
- Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.1.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 2.1.1-7
- rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2408174 - CVE-2025-58189 glow: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408174
[ 2 ] Bug #2409644 - CVE-2025-61723 glow: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2409644
[ 3 ] Bug #2410595 - CVE-2025-58185 glow: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2410595
[ 4 ] Bug #2411493 - CVE-2025-58188 glow: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2411493
[ 5 ] Bug #2457076 - glow-2.1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2457076
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6d67b00ef1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: emacs-30.2-7.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-290753da75
2026-05-01 03:01:50.286544+00:00
--------------------------------------------------------------------------------

Name : emacs
Product : Fedora 43
Version : 30.2
Release : 7.fc43
URL : https://www.gnu.org/software/emacs/
Summary : GNU Emacs text editor
Description :
GNU Emacs is a powerful, customizable, self-documenting, modeless text
editor. It contains special code editing features, a scripting language
(elisp), and the capability to read mail, news, and more without leaving
the editor.

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 22 2026 Peter Oliver [git@mavit.org.uk] - 1:30.2-7
- Fix CVE-2026-6861: memory corruption vulnerability when processing SVG
CSS.
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2460585 - CVE-2026-6861 emacs: Emacs: Memory corruption vulnerability when processing SVG CSS [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2460585
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-290753da75' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: rust-rustls-webpki-0.103.13-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bea616fc84
2026-05-01 03:01:50.286537+00:00
--------------------------------------------------------------------------------

Name : rust-rustls-webpki
Product : Fedora 43
Version : 0.103.13
Release : 1.fc43
URL : https://crates.io/crates/rustls-webpki
Summary : Web PKI X.509 Certificate Verification
Description :
Web PKI X.509 Certificate Verification.

--------------------------------------------------------------------------------
Update Information:

Update to version 0.103.13. Addresses RUSTSEC-2026-0098, RUSTSEC-2026-0099,
RUSTSEC-2026-0104.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 22 2026 Fabio Valentini [decathorpe@gmail.com] - 0.103.13-1
- Update to version 0.103.13; Fixes RHBZ#2457282
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bea616fc84' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: vhs-0.10.0-4.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7646f2a691
2026-05-01 03:01:50.286550+00:00
--------------------------------------------------------------------------------

Name : vhs
Product : Fedora 43
Version : 0.10.0
Release : 4.fc43
URL : https://github.com/charmbracelet/vhs
Summary : Your CLI home video recorder
Description :
Write terminal GIFs as code for integration testing and demoing your CLI tools.

--------------------------------------------------------------------------------
Update Information:

Rebuild with golang 1.25.9 to pick up multiple security fixes.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 22 2026 Carl George [carlwgeorge@fedoraproject.org] - 0.10.0-4
- Rebuild with golang 1.25.9
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2398899 - CVE-2025-47910 vhs: CrossOriginProtection bypass in net/http [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2398899
[ 2 ] Bug #2408367 - CVE-2025-58189 vhs: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408367
[ 3 ] Bug #2409838 - CVE-2025-61723 vhs: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2409838
[ 4 ] Bug #2410788 - CVE-2025-58185 vhs: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2410788
[ 5 ] Bug #2411684 - CVE-2025-58188 vhs: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2411684
[ 6 ] Bug #2412612 - CVE-2025-58183 vhs: Unbounded allocation when parsing GNU sparse map [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2412612
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7646f2a691' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: python3.6-3.6.15-57.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f08d5a8191
2026-05-01 03:01:50.286541+00:00
--------------------------------------------------------------------------------

Name : python3.6
Product : Fedora 43
Version : 3.6.15
Release : 57.fc43
URL : https://www.python.org/
Summary : Version 3.6 of the Python interpreter
Description :
Python 3.6 package for developers.

This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.6, see other distributions
that support it, such as CentOS or RHEL with Software Collections
or older Fedora releases.

--------------------------------------------------------------------------------
Update Information:

Security fixes for CVE-2026-4786, CVE-2026-6100
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 17 2026 Charalampos Stratakis [cstratak@redhat.com] - 3.6.15-57
- Security fixes for CVE-2026-4786, CVE-2026-6100
Resolves: rhbz#2458018, rhbz#2458226
* Sat Apr 11 2026 Miro Hron??ok [mhroncok@redhat.com] - 3.6.15-56
- Explicitly build with OpenSSL 3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2458018 - CVE-2026-6100 python3.6: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458018
[ 2 ] Bug #2458226 - CVE-2026-4786 python3.6: Python: Arbitrary code execution via command injection in webbrowser.open() API [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458226
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f08d5a8191' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: openbao-2.5.3-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-41918b2b57
2026-05-01 03:01:50.286480+00:00
--------------------------------------------------------------------------------

Name : openbao
Product : Fedora 43
Version : 2.5.3
Release : 1.fc43
URL : https://openbao.org
Summary : A tool for securely accessing secrets
Description :
Openbao secures, stores, and tightly controls access to tokens, passwords,
certificates, API keys, and other secrets in modern computing. Openbao handles
leasing, key revocation, key rolling, and auditing. Through a unified API, users
can access an encrypted Key/Value store and network encryption-as-a-service, or
generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH
credentials, and more.

--------------------------------------------------------------------------------
Update Information:

Update to upstream 2.5.3, fix CVE-2026-34986, CVE-2026-39388, CVE-2026-39396,
CVE-2026-40264
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 21 2026 Dave Dykstra - 2.5.3-1
- update to upstream 2.5.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2455630 - CVE-2026-34986 openbao: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2455630
[ 2 ] Bug #2459846 - openbao-2.5.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2459846
[ 3 ] Bug #2460057 - CVE-2026-39388 openbao: OpenBao: Token renewal vulnerability via incorrect certificate matching in Certificate authentication. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460057
[ 4 ] Bug #2460059 - CVE-2026-39396 openbao: OpenBao: Denial of Service via decompression bomb in OCI plugin extraction [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460059
[ 5 ] Bug #2460061 - CVE-2026-40264 openbao: OpenBao: Unauthorized token management by privileged administrator [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460061
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-41918b2b57' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: pyp2spec-0.14.1-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1f68c09a18
2026-05-01 03:01:50.286469+00:00
--------------------------------------------------------------------------------

Name : pyp2spec
Product : Fedora 43
Version : 0.14.1
Release : 1.fc43
URL : https://github.com/befeleme/pyp2spec
Summary : Generate Fedora RPM spec files for Python projects
Description :
pyp2spec is a tech preview. It is a tool generating Fedora RPM spec files
for Python distributions. It utilizes the benefits of pyproject-rpm-macros.

--------------------------------------------------------------------------------
Update Information:

Added sanitization of inputs of the metadata fields.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 21 2026 Packit [hello@packit.dev] - 0.14.1-1
- Update to 0.14.1 upstream release
- Resolves: rhbz#2460051
- Resolves: rhbz#2449892
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.13.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1f68c09a18' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: dotnet9.0-9.0.116-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-97fbaaef10
2026-05-01 03:01:50.286459+00:00
--------------------------------------------------------------------------------

Name : dotnet9.0
Product : Fedora 43
Version : 9.0.116
Release : 1.fc43
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

Update to .NET SDK 9.0.116 and Runtime 9.0.15
Fixes: CVE-2026-26171, CVE-2026-32178, CVE-2026-32203, CVE-2026-33116
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/9.0/9.0.15/9.0.116.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/9.0/9.0.15/9.0.15.md
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 17 2026 Omair Majid [omajid@redhat.com] - 9.0.116-1
- Update to .NET SDK 9.0.116 and Runtime 9.0.15
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-97fbaaef10' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: dotnet8.0-8.0.126-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a1302c450c
2026-05-01 03:01:50.286456+00:00
--------------------------------------------------------------------------------

Name : dotnet8.0
Product : Fedora 43
Version : 8.0.126
Release : 1.fc43
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

Update to .NET SDK 8.0.126 and Runtime 8.0.26
Fixes: CVE-2026-26171, CVE-2026-32178, CVE-2026-32203, CVE-2026-33116
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.26/8.0.126.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.26/8.0.26.md
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 17 2026 Omair Majid [omajid@redhat.com] - 8.0.126-1
- Update to .NET SDK 8.0.126 and Runtime 8.0.26
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a1302c450c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: dotnet10.0-10.0.106-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-eadd724963
2026-05-01 03:01:50.286452+00:00
--------------------------------------------------------------------------------

Name : dotnet10.0
Product : Fedora 43
Version : 10.0.106
Release : 1.fc43
URL : https://github.com/dotnet/
Summary : .NET 10.0 Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

Update to .NET SDK 10.0.106 and Runtime 10.0.6
Fixes: CVE-2026-26171, CVE-2026-32178, CVE-2026-32203, CVE-2026-33116
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/10.0/10.0.6/10.0.106.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/10.0/10.0.6/10.0.6.md
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 17 2026 Omair Majid [omajid@redhat.com] - 10.0.106-1
- Update to .NET SDK 10.0.106 and Runtime 10.0.6
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-eadd724963' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: chromium-147.0.7727.116-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2a5d3e5194
2026-05-01 01:22:47.586707+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 42
Version : 147.0.7727.116
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 147.0.7727.116
* High CVE-2026-6919: Use after free in DevTools
* High CVE-2026-6920: Out of bounds read in GPU
* Medium CVE-2026-6921: Race in GPU
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 23 2026 Than Ngo [than@redhat.com] - 147.0.7727.116-1
- Update to 147.0.7727.116
* High CVE-2026-6919: Use after free in DevTools
* High CVE-2026-6920: Out of bounds read in GPU
* Medium CVE-2026-6921: Race in GPU
- Fix rhbz#2458171, unexpanded macros in manpage
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2a5d3e5194' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: glow-2.1.2-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9d0e7df23a
2026-05-01 01:22:47.586705+00:00
--------------------------------------------------------------------------------

Name : glow
Product : Fedora 42
Version : 2.1.2
Release : 1.fc42
URL : https://github.com/charmbracelet/glow
Summary : Terminal based markdown reader
Description :
Glow is a terminal based markdown reader designed from the ground up to bring
out the beauty???and power???of the CLI. Use it to discover markdown files, read
documentation directly on the command line. Glow will find local markdown
files in subdirectories or a local Git repository.

--------------------------------------------------------------------------------
Update Information:

Update to version 2.1.2. This also updates some of the vendored dependencies to
fix CVEs, as well as building with the latest golang to fix even more CVEs.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 22 2026 Carl George [carlwgeorge@fedoraproject.org] - 2.1.2-1
- Update to version 2.1.2 rhbz#2457076
- Update vendored goldmark to 1.7.17 to resolve CVE-2026-5160
* Sun Mar 22 2026 Carl George [carlwgeorge@fedoraproject.org] - 2.1.1-10
- Adopt go-vendor-tools
* Mon Feb 2 2026 Maxwell G [maxwell@gtmx.me] - 2.1.1-9
- Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.1.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 2.1.1-7
- rebuild
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 2.1.1-6
- Rebuild for golang-1.25.0
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 2.1.1-5
- Revert "Rebuild for golang-1.25.0"
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 2.1.1-4
- Rebuild for golang-1.25.0
* Thu Jul 24 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 2.1.1-3
- Set the correct goipath
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.1.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2375621 - glow: mapstructure May Leak Sensitive Information [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2375621
[ 2 ] Bug #2398694 - CVE-2025-47910 glow: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398694
[ 3 ] Bug #2399375 - CVE-2025-47906 glow: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399375
[ 4 ] Bug #2399713 - CVE-2025-11065 glow: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399713
[ 5 ] Bug #2407898 - CVE-2025-58189 glow: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2407898
[ 6 ] Bug #2409367 - CVE-2025-61723 glow: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2409367
[ 7 ] Bug #2410317 - CVE-2025-58185 glow: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2410317
[ 8 ] Bug #2411218 - CVE-2025-58188 glow: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2411218
[ 9 ] Bug #2457076 - glow-2.1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2457076
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9d0e7df23a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 42 Update: vhs-0.9.0-2.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-795b0d0367
2026-05-01 01:22:47.586702+00:00
--------------------------------------------------------------------------------

Name : vhs
Product : Fedora 42
Version : 0.9.0
Release : 2.fc42
URL : https://github.com/charmbracelet/vhs
Summary : Your CLI home video recorder
Description :
Write terminal GIFs as code for integration testing and demoing your CLI tools.

--------------------------------------------------------------------------------
Update Information:

Rebuild with golang 1.25.9 to pick up multiple security fixes.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 22 2026 Carl George [carlwgeorge@fedoraproject.org] - 0.9.0-2
- Rebuild with golang 1.25.9
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2399580 - CVE-2025-47906 vhs: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399580
[ 2 ] Bug #2408109 - CVE-2025-58189 vhs: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2408109
[ 3 ] Bug #2409579 - CVE-2025-61723 vhs: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2409579
[ 4 ] Bug #2410530 - CVE-2025-58185 vhs: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2410530
[ 5 ] Bug #2411428 - CVE-2025-58188 vhs: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2411428
[ 6 ] Bug #2412826 - CVE-2025-58183 vhs: Unbounded allocation when parsing GNU sparse map [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2412826
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-795b0d0367' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: emacs-30.2-2.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-52dad6273a
2026-05-01 01:22:47.586700+00:00
--------------------------------------------------------------------------------

Name : emacs
Product : Fedora 42
Version : 30.2
Release : 2.fc42
URL : https://www.gnu.org/software/emacs/
Summary : GNU Emacs text editor
Description :
GNU Emacs is a powerful, customizable, self-documenting, modeless text
editor. It contains special code editing features, a scripting language
(elisp), and the capability to read mail, news, and more without leaving
the editor.

This package provides an emacs binary with support for Wayland, using the
GTK toolkit.

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 22 2026 Peter Oliver [git@mavit.org.uk] - 1:30.2-2
- Fix CVE-2026-6861: memory corruption vulnerability when processing SVG
CSS.
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2460584 - CVE-2026-6861 emacs: Emacs: Memory corruption vulnerability when processing SVG CSS [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2460584
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-52dad6273a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: python3.6-3.6.15-57.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c1ca370c1a
2026-05-01 01:22:47.586698+00:00
--------------------------------------------------------------------------------

Name : python3.6
Product : Fedora 42
Version : 3.6.15
Release : 57.fc42
URL : https://www.python.org/
Summary : Version 3.6 of the Python interpreter
Description :
Python 3.6 package for developers.

This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.6, see other distributions
that support it, such as CentOS or RHEL with Software Collections
or older Fedora releases.

--------------------------------------------------------------------------------
Update Information:

Security fixes for CVE-2026-4786, CVE-2026-6100
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 17 2026 Charalampos Stratakis [cstratak@redhat.com] - 3.6.15-57
- Security fixes for CVE-2026-4786, CVE-2026-6100
Resolves: rhbz#2458018, rhbz#2458226
* Sat Apr 11 2026 Miro Hron??ok [mhroncok@redhat.com] - 3.6.15-56
- Explicitly build with OpenSSL 3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2458018 - CVE-2026-6100 python3.6: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458018
[ 2 ] Bug #2458226 - CVE-2026-4786 python3.6: Python: Arbitrary code execution via command injection in webbrowser.open() API [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458226
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c1ca370c1a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 42 Update: rust-rustls-webpki-0.103.13-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-204499102d
2026-05-01 01:22:47.586695+00:00
--------------------------------------------------------------------------------

Name : rust-rustls-webpki
Product : Fedora 42
Version : 0.103.13
Release : 1.fc42
URL : https://crates.io/crates/rustls-webpki
Summary : Web PKI X.509 Certificate Verification
Description :
Web PKI X.509 Certificate Verification.

--------------------------------------------------------------------------------
Update Information:

Update to version 0.103.13. Addresses RUSTSEC-2026-0098, RUSTSEC-2026-0099,
RUSTSEC-2026-0104.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 22 2026 Fabio Valentini [decathorpe@gmail.com] - 0.103.13-1
- Update to version 0.103.13; Fixes RHBZ#2457282
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-204499102d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: openbao-2.5.3-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c008e6a5da
2026-05-01 01:22:47.586665+00:00
--------------------------------------------------------------------------------

Name : openbao
Product : Fedora 42
Version : 2.5.3
Release : 1.fc42
URL : https://openbao.org
Summary : A tool for securely accessing secrets
Description :
Openbao secures, stores, and tightly controls access to tokens, passwords,
certificates, API keys, and other secrets in modern computing. Openbao handles
leasing, key revocation, key rolling, and auditing. Through a unified API, users
can access an encrypted Key/Value store and network encryption-as-a-service, or
generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH
credentials, and more.

--------------------------------------------------------------------------------
Update Information:

Update to upstream 2.5.3, fix CVE-2026-34986, CVE-2026-39388, CVE-2026-39396,
CVE-2026-40264
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 21 2026 Dave Dykstra - 2.5.3-1
- update to upstream 2.5.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2455630 - CVE-2026-34986 openbao: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2455630
[ 2 ] Bug #2459846 - openbao-2.5.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2459846
[ 3 ] Bug #2460057 - CVE-2026-39388 openbao: OpenBao: Token renewal vulnerability via incorrect certificate matching in Certificate authentication. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460057
[ 4 ] Bug #2460059 - CVE-2026-39396 openbao: OpenBao: Denial of Service via decompression bomb in OCI plugin extraction [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460059
[ 5 ] Bug #2460061 - CVE-2026-40264 openbao: OpenBao: Unauthorized token management by privileged administrator [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460061
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c008e6a5da' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: dotnet9.0-9.0.116-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ac43e01af9
2026-05-01 01:22:47.586663+00:00
--------------------------------------------------------------------------------

Name : dotnet9.0
Product : Fedora 42
Version : 9.0.116
Release : 1.fc42
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

Update to .NET SDK 9.0.116 and Runtime 9.0.15
Fixes: CVE-2026-26171, CVE-2026-32178, CVE-2026-32203, CVE-2026-33116
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/9.0/9.0.15/9.0.116.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/9.0/9.0.15/9.0.15.md
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 17 2026 Omair Majid [omajid@redhat.com] - 9.0.116-1
- Update to .NET SDK 9.0.116 and Runtime 9.0.15
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ac43e01af9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: pyp2spec-0.14.1-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-91671b8061
2026-05-01 01:22:47.586660+00:00
--------------------------------------------------------------------------------

Name : pyp2spec
Product : Fedora 42
Version : 0.14.1
Release : 1.fc42
URL : https://github.com/befeleme/pyp2spec
Summary : Generate Fedora RPM spec files for Python projects
Description :
pyp2spec is a tech preview. It is a tool generating Fedora RPM spec files
for Python distributions. It utilizes the benefits of pyproject-rpm-macros.

--------------------------------------------------------------------------------
Update Information:

Automatic update for pyp2spec-0.14.1-1.fc42.
Changelog for pyp2spec
* Tue Apr 21 2026 Packit [hello@packit.dev] - 0.14.1-1
- Update to 0.14.1 upstream release
- Resolves: rhbz#2460051
- Resolves: rhbz#2449892
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] -
0.13.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Sep 19 2025 Python Maint - 0.13.0-3
- Rebuilt for Python 3.14.0rc3 bytecode
* Fri Aug 15 2025 Python Maint - 0.13.0-2
- Rebuilt for Python 3.14.0rc2 bytecode
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 21 2026 Packit [hello@packit.dev] - 0.14.1-1
- Update to 0.14.1 upstream release
- Resolves: rhbz#2460051
- Resolves: rhbz#2449892
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.13.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Sep 19 2025 Python Maint - 0.13.0-3
- Rebuilt for Python 3.14.0rc3 bytecode
* Fri Aug 15 2025 Python Maint - 0.13.0-2
- Rebuilt for Python 3.14.0rc2 bytecode
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2449892 - pyp2spec: RPM spec injection via unsanitized PyPI package metadata
https://bugzilla.redhat.com/show_bug.cgi?id=2449892
[ 2 ] Bug #2460051 - pyp2spec-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2460051
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-91671b8061' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: dotnet8.0-8.0.126-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-02b2a30c02
2026-05-01 01:22:47.586658+00:00
--------------------------------------------------------------------------------

Name : dotnet8.0
Product : Fedora 42
Version : 8.0.126
Release : 1.fc42
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

Update to .NET SDK 8.0.126 and Runtime 8.0.26
Fixes: CVE-2026-26171, CVE-2026-32178, CVE-2026-32203, CVE-2026-33116
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.26/8.0.126.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.26/8.0.26.md
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 17 2026 Omair Majid [omajid@redhat.com] - 8.0.126-1
- Update to .NET SDK 8.0.126 and Runtime 8.0.26
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-02b2a30c02' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: dotnet10.0-10.0.106-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ad17a2db6c
2026-05-01 01:22:47.586656+00:00
--------------------------------------------------------------------------------

Name : dotnet10.0
Product : Fedora 42
Version : 10.0.106
Release : 1.fc42
URL : https://github.com/dotnet/
Summary : .NET 10.0 Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

Update to .NET SDK 10.0.106 and Runtime 10.0.6
Fixes: CVE-2026-26171, CVE-2026-32178, CVE-2026-32203, CVE-2026-33116
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/10.0/10.0.6/10.0.106.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/10.0/10.0.6/10.0.6.md
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 17 2026 Omair Majid [omajid@redhat.com] - 10.0.106-1
- Update to .NET SDK 10.0.106 and Runtime 10.0.6
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ad17a2db6c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new


Firefox-ESR, Policykit, Calibre, and more updates for Debian

Grafana, Vim, PackageKit, and more updates for Oracle Linux

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...