Fedora 42 Update: gnupg2-2.4.9-2.fc42
Fedora 43 Update: rsync-3.4.1-5.fc43
Fedora 43 Update: libpng-1.6.55-1.fc43
[SECURITY] Fedora 42 Update: gnupg2-2.4.9-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-59fdfa64f5
2026-02-17 01:16:30.424623+00:00
--------------------------------------------------------------------------------
Name : gnupg2
Product : Fedora 42
Version : 2.4.9
Release : 2.fc42
URL : https://www.gnupg.org/
Summary : Utility for secure communication and data storage
Description :
GnuPG is GNU's tool for secure communication and data storage. It can
be used to encrypt data and to create digital signatures. It includes
an advanced key management facility and is compliant with the proposed
OpenPGP Internet standard as described in RFC2440 and the S/MIME
standard as described by several RFCs.
GnuPG 2.0 is a newer version of GnuPG with additional support for
S/MIME. It has a different design philosophy that splits
functionality up into several modules. The S/MIME and smartcard functionality
is provided by the gnupg2-smime package.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2026-24882: Stack-based buffer overflow in tpm2daemon allows arbitrary
code execution
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 3 2026 Jakub Jelen [jjelen@redhat.com] - 2.4.9-2
- Fix CVE-2026-24882: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2433663 - CVE-2026-24882 gnupg2: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2433663
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-59fdfa64f5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rsync-3.4.1-5.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-77de001ef5
2026-02-17 00:55:36.783755+00:00
--------------------------------------------------------------------------------
Name : rsync
Product : Fedora 43
Version : 3.4.1
Release : 5.fc43
URL : https://rsync.samba.org/
Summary : A program for synchronizing files over a network
Description :
Rsync uses a reliable algorithm to bring remote and host files into
sync very quickly. Rsync is fast because it just sends the differences
in the files over the network instead of sending the complete
files. Rsync is often used as a very powerful mirroring process or
just as a more capable replacement for the rcp command. A technical
report which describes the rsync algorithm is included in this
package.
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2025-10158
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 13 2026 Michal Ruprich [mruprich@redhat.com] - 3.4.1-5
- Fix for CVE-2025-10158
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2415718 - CVE-2025-10158 rsync: Rsync: Out of bounds array access via negative index [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2415718
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-77de001ef5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: libpng-1.6.55-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a9ae661fa2
2026-02-17 00:55:36.783763+00:00
--------------------------------------------------------------------------------
Name : libpng
Product : Fedora 43
Version : 1.6.55
Release : 1.fc43
URL : http://www.libpng.org/pub/png/
Summary : A library of functions for manipulating PNG image format files
Description :
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files. PNG
is a bit-mapped graphics format similar to the GIF format. PNG was
created to replace the GIF format, since GIF uses a patented data
compression algorithm.
Libpng should be installed if you need to manipulate PNG format image
files.
--------------------------------------------------------------------------------
Update Information:
Version 1.6.54 [January 12, 2026]
Fixed CVE-2026-22695 (medium severity):
Heap buffer over-read in png_image_read_direct_scaled.
Fixed CVE-2026-22801 (medium severity):
Integer truncation causing heap buffer over-read in png_image_write_*.
Version 1.6.55 [February 9, 2026]
Fixed CVE-2026-25646 (high severity):
Heap buffer overflow in png_set_quantize.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 13 2026 Michal Hlavinka [mhlavink@redhat.com] - 2:1.6.55-1
- updated to 1.6.55 (#2429529)
* Wed Feb 11 2026 Michal Hlavinka [mhlavink@redhat.com] - 2:1.6.54-1
- updated to 1.6.54
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2:1.6.53-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437248 - CVE-2026-22801 libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437248
[ 2 ] Bug #2438669 - CVE-2026-25646 libpng: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2438669
[ 3 ] Bug #2438681 - CVE-2026-25646 libpng: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438681
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a9ae661fa2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
