Fedora 43 and Fedora 44 have received important security patches that address several critical vulnerabilities across core system components. The kernel updates focus on mitigating specific ARM64 processor errata while the OpenSSL release brings a major version bump alongside numerous cryptographic fixes. Vaultwarden and its web interface also saw significant upgrades to resolve authentication bypasses, privilege escalation risks, and information disclosure flaws. System administrators can apply these necessary changes quickly by running the standard dnf upgrade command with the provided advisory identifiers.

Fedora 43 Update: kernel-7.0.12-101.fc43
Fedora 43 Update: vaultwarden-1.36.0-1.fc43
Fedora 43 Update: vaultwarden-web-2026.4.1-1.fc43
Fedora 44 Update: kernel-7.0.12-201.fc44
Fedora 44 Update: openssl-3.5.7-1.fc44
Fedora 44 Update: vaultwarden-1.36.0-1.fc44
Fedora 44 Update: vaultwarden-web-2026.4.1-1.fc44

[SECURITY] Fedora 43 Update: kernel-7.0.12-101.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-75fcc75b5f
2026-06-12 01:07:40.519563+00:00
--------------------------------------------------------------------------------

Name : kernel
Product : Fedora 43
Version : 7.0.12
Release : 101.fc43
URL : https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package

--------------------------------------------------------------------------------
Update Information:

The 7.0.12-101/201 updates contain fixes for CVE-2025-10263. This CVE, while
important, only impacts specific aarch64 CPUs.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 10 2026 Justin M. Forbes [jforbes@fedoraproject.org] [7.0.12-1]
- New config setting for ARM64 Erratum (Justin M. Forbes)
- arm64: errata: Mitigate TLBI errata on NVIDIA Olympus CPU (Shanker Donthineni)
- arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Rutland)
- arm64: cputype: Add C1-Premium definitions (Mark Rutland)
- arm64: cputype: Add C1-Ultra definitions (Mark Rutland)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-75fcc75b5f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: vaultwarden-1.36.0-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-264f9ef567
2026-06-12 01:07:40.519543+00:00
--------------------------------------------------------------------------------

Name : vaultwarden
Product : Fedora 43
Version : 1.36.0
Release : 1.fc43
URL : https://github.com/dani-garcia/vaultwarden
Summary : Unofficial Bitwarden compatible server
Description :
Unofficial Bitwarden compatible server.

--------------------------------------------------------------------------------
Update Information:

update to 1.36.0
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 3 2026 Jonathan Wright [jonathan@almalinux.org] - 1.36.0-1
- update to 1.36.0 rhbz#2368636
- Fix bitwarden mobile app not working rhbz#2437599
- Fix CVE-2025-58160 vaultwarden: Tracing log pollution
- Fix CVE-2026-25537 vaultwarden: jsonwebtoken has Type Confusion that leads to potential authorization bypass
- Fix CVE-2026-25727 vaultwarden: time affected by a stack exhaustion denial of service attack
- Fix CVE-2026-26012 vaultwarden: Information disclosure due to bypassed collection permissions
- Fix CVE-2026-27898 vaultwarden: Information disclosure via API partial update
- Fix CVE-2026-27803 vaultwarden: Unauthorized collection management operations due to improper access control
- Fix CVE-2026-27801 vaultwarden: Two-factor authentication bypass allows unauthorized access and data deletion
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.34.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Tue Jul 29 2025 Jonathan Wright [jonathan@almalinux.org] - 1.34.2-1
- update to 1.34.2 rhbz#2368636
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2437473 - CVE-2026-25537 vaultwarden: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437473
[ 2 ] Bug #2438166 - CVE-2026-25727 vaultwarden: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438166
[ 3 ] Bug #2439261 - CVE-2026-26012 vaultwarden: Vaultwarden: Information disclosure due to bypassed collection permissions [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2439261
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-264f9ef567' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: vaultwarden-web-2026.4.1-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-064873552d
2026-06-12 01:07:40.519533+00:00
--------------------------------------------------------------------------------

Name : vaultwarden-web
Product : Fedora 43
Version : 2026.4.1
Release : 1.fc43
URL : https://github.com/dani-garcia/bw_web_builds
Summary : Web vault for vaultwarden
Description :
Web vault for vaultwarden.

--------------------------------------------------------------------------------
Update Information:

update to 2026.4.1
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 3 2026 Jonathan Wright [jonathan@almalinux.org] - 2026.4.1-1
- update to 2026.4.1 rhbz#2387335
- Fixes CVE-2026-27803 Unauthorized collection management operations due to improper access control
- Fixes CVE-2026-27801 Two-factor authentication bypass allows unauthorized access and data deletion
- Fixes CVE-2026-27802 Privilege Escalation via Unauthorized Bulk Permission Update
- Fixes CVE-2026-27898 Information disclosure via API partial update
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2025.7.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2444912 - CVE-2026-27898 vaultwarden-web: Vaultwarden: Information disclosure via API partial update [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2444912
[ 2 ] Bug #2444947 - CVE-2026-27801 vaultwarden-web: Vaultwarden: Two-factor authentication bypass allows unauthorized access and data deletion. [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2444947
[ 3 ] Bug #2444953 - CVE-2026-27802 vaultwarden-web: Vaultwarden: Privilege Escalation via Unauthorized Bulk Permission Update [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2444953
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-064873552d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: kernel-7.0.12-201.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8b619eef6f
2026-06-12 00:58:37.608056+00:00
--------------------------------------------------------------------------------

Name : kernel
Product : Fedora 44
Version : 7.0.12
Release : 201.fc44
URL : https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package

--------------------------------------------------------------------------------
Update Information:

The 7.0.12-101/201 updates contain fixes for CVE-2025-10263. This CVE, while
important, only impacts specific aarch64 CPUs.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 10 2026 Justin M. Forbes [jforbes@fedoraproject.org] [7.0.12-1]
- New config setting for ARM64 Erratum (Justin M. Forbes)
- arm64: errata: Mitigate TLBI errata on NVIDIA Olympus CPU (Shanker Donthineni)
- arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Rutland)
- arm64: cputype: Add C1-Premium definitions (Mark Rutland)
- arm64: cputype: Add C1-Ultra definitions (Mark Rutland)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8b619eef6f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: openssl-3.5.7-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-228373a496
2026-06-12 00:58:37.608052+00:00
--------------------------------------------------------------------------------

Name : openssl
Product : Fedora 44
Version : 3.5.7
Release : 1.fc44
URL : http://www.openssl.org/
Summary : Utilities from the general purpose cryptography library with TLS implementation
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

--------------------------------------------------------------------------------
Update Information:

Rebase to OpenSSL 3.5.7
Fixes CVE-2026-45447
Fixes CVE-2026-34182
Fixes CVE-2026-34183
Fixes CVE-2026-42764
Fixes CVE-2026-45445
Fixes CVE-2026-7383
Fixes CVE-2026-9076
Fixes CVE-2026-34180
Fixes CVE-2026-34181
Fixes CVE-2026-42766
Fixes CVE-2026-42767
Fixes CVE-2026-42768
Fixes CVE-2026-42769
Fixes CVE-2026-42770
Fixes CVE-2026-45446
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 10 2026 Dmitry Belyavskiy [dbelyavs@redhat.com] - 1:3.5.7-1
- Rebase to OpenSSL 3.5.7
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-228373a496' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: vaultwarden-1.36.0-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e14ea170b6
2026-06-12 00:58:37.608023+00:00
--------------------------------------------------------------------------------

Name : vaultwarden
Product : Fedora 44
Version : 1.36.0
Release : 1.fc44
URL : https://github.com/dani-garcia/vaultwarden
Summary : Unofficial Bitwarden compatible server
Description :
Unofficial Bitwarden compatible server.

--------------------------------------------------------------------------------
Update Information:

update to 1.36.0
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 3 2026 Jonathan Wright [jonathan@almalinux.org] - 1.36.0-1
- update to 1.36.0 rhbz#2368636
- Fix bitwarden mobile app not working rhbz#2437599
- Fix CVE-2025-58160 vaultwarden: Tracing log pollution
- Fix CVE-2026-25537 vaultwarden: jsonwebtoken has Type Confusion that leads to potential authorization bypass
- Fix CVE-2026-25727 vaultwarden: time affected by a stack exhaustion denial of service attack
- Fix CVE-2026-26012 vaultwarden: Information disclosure due to bypassed collection permissions
- Fix CVE-2026-27898 vaultwarden: Information disclosure via API partial update
- Fix CVE-2026-27803 vaultwarden: Unauthorized collection management operations due to improper access control
- Fix CVE-2026-27801 vaultwarden: Two-factor authentication bypass allows unauthorized access and data deletion
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e14ea170b6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: vaultwarden-web-2026.4.1-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-111cf6d28f
2026-06-12 00:58:37.608012+00:00
--------------------------------------------------------------------------------

Name : vaultwarden-web
Product : Fedora 44
Version : 2026.4.1
Release : 1.fc44
URL : https://github.com/dani-garcia/bw_web_builds
Summary : Web vault for vaultwarden
Description :
Web vault for vaultwarden.

--------------------------------------------------------------------------------
Update Information:

update to 2026.4.1
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 3 2026 Jonathan Wright [jonathan@almalinux.org] - 2026.4.1-1
- update to 2026.4.1 rhbz#2387335
- Fixes CVE-2026-27803 Unauthorized collection management operations due to improper access control
- Fixes CVE-2026-27801 Two-factor authentication bypass allows unauthorized access and data deletion
- Fixes CVE-2026-27802 Privilege Escalation via Unauthorized Bulk Permission Update
- Fixes CVE-2026-27898 Information disclosure via API partial update
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-111cf6d28f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new