Hcloud, Rclone, Rust, and more updates for Fedora

Fedora Linux 9224 Published 2026-01-23 07:13 by Philipp Esselbach

News

Fedora Linux has released several security updates, including a patch for hcloud in Fedora 42. Other updates include fixes for rclone and multiple packages related to Rust in both Fedora 42 and 43. Additionally, updates have been made available for vsftpd, FreeRDP, and Ghostscript in Fedora 43. These patches are designed to enhance the security of Fedora Linux systems.

Fedora 42 Update: hcloud-1.59.0-1.fc42
Fedora 42 Update: rclone-1.72.1-1.fc42
Fedora 42 Update: rust-rkyv0.7-0.7.46-1.fc42
Fedora 42 Update: vsftpd-3.0.5-14.fc42
Fedora 42 Update: rust-rkyv_derive0.7-0.7.46-1.fc42
Fedora 43 Update: rust-rkyv_derive0.7-0.7.46-1.fc43
Fedora 43 Update: ghostscript-10.05.1-6.fc43
Fedora 43 Update: freerdp-3.21.0-1.fc43
Fedora 43 Update: vsftpd-3.0.5-14.fc43
Fedora 43 Update: rust-rkyv0.7-0.7.46-1.fc43

[SECURITY] Fedora 42 Update: hcloud-1.59.0-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9af71a53ce
2026-01-23 01:14:49.116922+00:00
--------------------------------------------------------------------------------

Name : hcloud
Product : Fedora 42
Version : 1.59.0
Release : 1.fc42
URL : https://github.com/hetznercloud/cli
Summary : A command-line interface for Hetzner Cloud
Description :
A command-line interface for Hetzner Cloud.

--------------------------------------------------------------------------------
Update Information:

Update to 1.59.0
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 14 2026 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.59.0-1
- Update to 1.59.0
* Wed Jan 14 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.51.0-5
- Unretire package: hcloud on rawhide
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 1.51.0-4
- rebuild
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 1.51.0-3
- Rebuild for golang-1.25.0
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.51.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2384159 - hcloud: go-viper information leak [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2384159
[ 2 ] Bug #2390869 - hcloud: go-viper's mapstructure May Leak Sensitive Information in Logs [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2390869
[ 3 ] Bug #2399717 - CVE-2025-11065 hcloud: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399717
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9af71a53ce' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 42 Update: rclone-1.72.1-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b4a6ca0bd0
2026-01-23 01:14:49.116917+00:00
--------------------------------------------------------------------------------

Name : rclone
Product : Fedora 42
Version : 1.72.1
Release : 1.fc42
URL : https://github.com/rclone/rclone
Summary : Rsync for cloud storage
Description :
"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive,
Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex
Files.

--------------------------------------------------------------------------------
Update Information:

Update to 1.72.1
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 13 2026 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.72.1-1
- Update to 1.72.1 - Closes rhbz#2421018
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2408685 - CVE-2025-61725 rclone: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2408685
[ 2 ] Bug #2420602 - CVE-2025-47913 rclone: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2420602
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b4a6ca0bd0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: rust-rkyv0.7-0.7.46-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-801214adba
2026-01-23 01:14:49.116911+00:00
--------------------------------------------------------------------------------

Name : rust-rkyv0.7
Product : Fedora 42
Version : 0.7.46
Release : 1.fc42
URL : https://crates.io/crates/rkyv
Summary : Zero-copy deserialization framework for Rust
Description :
Zero-copy deserialization framework for Rust.

--------------------------------------------------------------------------------
Update Information:

https://rustsec.org/advisories/RUSTSEC-2026-0001
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 13 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.46-1
- Update to version 0.7.46; Fixes RUSTSEC-2026-0001
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.7.45-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-801214adba' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: vsftpd-3.0.5-14.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f6fadfed32
2026-01-23 01:14:49.116932+00:00
--------------------------------------------------------------------------------

Name : vsftpd
Product : Fedora 42
Version : 3.0.5
Release : 14.fc42
URL : https://security.appspot.com/vsftpd.html
Summary : Very Secure Ftp Daemon
Description :
vsftpd is a Very Secure FTP daemon. It was written completely from
scratch.

--------------------------------------------------------------------------------
Update Information:

Resolve CVE-2025-14242
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 14 2026 Tomas Korbar [tkorbar@redhat.com] - 3.0.5-14
- Resolve CVE-2025-14242
* Thu Dec 18 2025 Fedor Vorobev [fvorobev@redhat.com] - 3.0.5-13
- Add a tmpfiles.d config. (image mode support)
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 3.0.5-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f6fadfed32' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: rust-rkyv_derive0.7-0.7.46-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-801214adba
2026-01-23 01:14:49.116911+00:00
--------------------------------------------------------------------------------

Name : rust-rkyv_derive0.7
Product : Fedora 42
Version : 0.7.46
Release : 1.fc42
URL : https://crates.io/crates/rkyv_derive
Summary : Derive macro for rkyv
Description :
Derive macro for rkyv.

--------------------------------------------------------------------------------
Update Information:

https://rustsec.org/advisories/RUSTSEC-2026-0001
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 13 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.46-1
- Update to version 0.7.46; Fixes RUSTSEC-2026-0001
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.7.45-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-801214adba' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: rust-rkyv_derive0.7-0.7.46-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-35d1dee2ab
2026-01-23 00:54:29.972485+00:00
--------------------------------------------------------------------------------

Name : rust-rkyv_derive0.7
Product : Fedora 43
Version : 0.7.46
Release : 1.fc43
URL : https://crates.io/crates/rkyv_derive
Summary : Derive macro for rkyv
Description :
Derive macro for rkyv.

--------------------------------------------------------------------------------
Update Information:

https://rustsec.org/advisories/RUSTSEC-2026-0001
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 13 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.46-1
- Update to version 0.7.46; Fixes RUSTSEC-2026-0001
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-35d1dee2ab' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: ghostscript-10.05.1-6.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c60e345359
2026-01-23 00:54:29.972552+00:00
--------------------------------------------------------------------------------

Name : ghostscript
Product : Fedora 43
Version : 10.05.1
Release : 6.fc43
URL : https://ghostscript.com/
Summary : Interpreter for PostScript language & PDF
Description :
This package provides useful conversion utilities based on Ghostscript software,
for converting PS, PDF and other document formats between each other.

Ghostscript is a suite of software providing an interpreter for Adobe Systems'
PostScript (PS) and Portable Document Format (PDF) page description languages.
Its primary purpose includes displaying (rasterization & rendering) and printing
of document pages, as well as conversions between different document formats.

--------------------------------------------------------------------------------
Update Information:

security fix for CVE-2025-59798, CVE-2025-59799, CVE-2025-59800 (fedora#2431544,
fedora#2431548, fedora#2431546)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 21 2026 Zdenek Dohnal [zdohnal@redhat.com] - 10.05.1-6
- security fix for CVE-2025-59798, CVE-2025-59799, CVE-2025-59800 (fedora#2431544, fedora#2431548, fedora#2431546)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2431544 - CVE-2025-59798 ghostscript: From CVEorg collector [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431544
[ 2 ] Bug #2431546 - CVE-2025-59800 ghostscript: From CVEorg collector [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431546
[ 3 ] Bug #2431548 - CVE-2025-59799 ghostscript: From CVEorg collector [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431548
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c60e345359' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: freerdp-3.21.0-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-23d669bf94
2026-01-23 00:54:29.972543+00:00
--------------------------------------------------------------------------------

Name : freerdp
Product : Fedora 43
Version : 3.21.0
Release : 1.fc43
URL : http://www.freerdp.com/
Summary : Free implementation of the Remote Desktop Protocol (RDP)
Description :
The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP
project.

xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows
machines, xrdp and VirtualBox.

--------------------------------------------------------------------------------
Update Information:

Update to 3.21.0
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 20 2026 Ondrej Holy [oholy@redhat.com] - 2:3.21.0-1
- Update to 3.21.0 (CVE-2026-23530, CVE-2026-23531, CVE-2026-23532,
CVE-2026-23533, CVE-2026-23534, CVE-2026-23732, CVE-2026-23883,
CVE-2026-23884)
Resolves: rhbz#2430928
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2:3.20.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2430897 - CVE-2026-23532 freerdp: FreeRDP: Denial of Service and potential code execution via client-side heap buffer overflow [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2430897
[ 2 ] Bug #2430902 - CVE-2026-23534 freerdp: FreeRDP: Arbitrary code execution and denial of service via client-side heap buffer overflow [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2430902
[ 3 ] Bug #2430907 - CVE-2026-23531 freerdp: FreeRDP: Heap buffer overflow via crafted RDPGFX surface updates leads to denial of service and potential code execution. [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2430907
[ 4 ] Bug #2430913 - CVE-2026-23533 freerdp: FreeRDP: Heap buffer overflow leads to denial of service and potential code execution [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2430913
[ 5 ] Bug #2430918 - CVE-2026-23530 freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server. [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2430918
[ 6 ] Bug #2430923 - CVE-2026-23883 freerdp: FreeRDP: Arbitrary code execution and denial of service via malicious server [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2430923
[ 7 ] Bug #2430932 - CVE-2026-23884 freerdp: FreeRDP: Denial of Service and potential code execution via use-after-free vulnerability [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2430932
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-23d669bf94' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: vsftpd-3.0.5-14.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-67442bdd84
2026-01-23 00:54:29.972515+00:00
--------------------------------------------------------------------------------

Name : vsftpd
Product : Fedora 43
Version : 3.0.5
Release : 14.fc43
URL : https://security.appspot.com/vsftpd.html
Summary : Very Secure Ftp Daemon
Description :
vsftpd is a Very Secure FTP daemon. It was written completely from
scratch.

--------------------------------------------------------------------------------
Update Information:

Resolve CVE-2025-14242
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 14 2026 Tomas Korbar [tkorbar@redhat.com] - 3.0.5-14
- Resolve CVE-2025-14242
* Thu Dec 18 2025 Fedor Vorobev [fvorobev@redhat.com] - 3.0.5-13
- Add a tmpfiles.d config. (image mode support)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-67442bdd84' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: rust-rkyv0.7-0.7.46-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-35d1dee2ab
2026-01-23 00:54:29.972485+00:00
--------------------------------------------------------------------------------

Name : rust-rkyv0.7
Product : Fedora 43
Version : 0.7.46
Release : 1.fc43
URL : https://crates.io/crates/rkyv
Summary : Zero-copy deserialization framework for Rust
Description :
Zero-copy deserialization framework for Rust.

--------------------------------------------------------------------------------
Update Information:

https://rustsec.org/advisories/RUSTSEC-2026-0001
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 13 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.46-1
- Update to version 0.7.46; Fixes RUSTSEC-2026-0001
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-35d1dee2ab' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

Rust 1.93.0 released

OpenJDK, OpenSSH, Glib2, and more updates for RHEL

Hcloud, Rclone, Rust, and more updates for Fedora

[SECURITY] Fedora 42 Update: hcloud-1.59.0-1.fc42

[SECURITY] Fedora 42 Update: rclone-1.72.1-1.fc42

[SECURITY] Fedora 42 Update: rust-rkyv0.7-0.7.46-1.fc42

[SECURITY] Fedora 42 Update: vsftpd-3.0.5-14.fc42

[SECURITY] Fedora 42 Update: rust-rkyv_derive0.7-0.7.46-1.fc42

[SECURITY] Fedora 43 Update: rust-rkyv_derive0.7-0.7.46-1.fc43

[SECURITY] Fedora 43 Update: ghostscript-10.05.1-6.fc43

[SECURITY] Fedora 43 Update: freerdp-3.21.0-1.fc43

[SECURITY] Fedora 43 Update: vsftpd-3.0.5-14.fc43

[SECURITY] Fedora 43 Update: rust-rkyv0.7-0.7.46-1.fc43

Windows

Linux

macOS

Community