Fedora Linux 9417 Published by

New Fedora 43 and 44 security updates are available. The kernel updates repair a data fork mapping error and enable driver support for the Sony IMX471 camera sensor. Prometheus advances to version 3.13.1 to block a memory allocation flaw that triggered denial of service attacks through HTTP/3 trailers. FreeRDP upgrades to version 3.28.0 to patch three remote desktop protocol vulnerabilities that previously allowed information disclosure and arbitrary code execution.

Fedora 43 Update: kernel-7.1.3-101.fc43
Fedora 43 Update: prometheus-3.13.1-1.fc43
Fedora 44 Update: kernel-7.1.3-201.fc44
Fedora 44 Update: prometheus-3.13.1-1.fc44
Fedora 44 Update: freerdp-3.28.0-1.fc44
Fedora 43 Update: freerdp-3.28.0-1.fc43




[SECURITY] Fedora 43 Update: kernel-7.1.3-101.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-085c9e92a4
2026-07-14 18:18:56.519144+00:00
--------------------------------------------------------------------------------

Name : kernel
Product : Fedora 43
Version : 7.1.3
Release : 101.fc43
URL : https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package

--------------------------------------------------------------------------------
Update Information:

The 7.1.3-101/201 builds contain an important fix for XFS filesystem users.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 14 2026 Justin M. Forbes [jforbes@fedoraproject.org] [7.1.3-1]
- xfs: resample the data fork mapping after cycling ILOCK (Darrick J. Wong)
- redhat: configs: fedora: Enable Sony IMX471 image sensor (Kate Hsuan)
- media: i2c: imx471: Add Sony IMX471 image sensor driver (Kate Hsuan)
- platform: int3472: discrete: con_id vana for Sony IMX471 as power enable (Kate Hsuan)
- media: ipu-bridge: Add Sony IMX471 for Lenovo X1 Carbon G14 (Kate Hsuan)
- media: ipu-bridge: Add DMI information of Lenovo X9 to the image upside-down list (Kate Hsuan)
- redhat: move ynltool debuginfo to kernel-tools-debuginfo (Augusto Caringi)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-085c9e92a4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: prometheus-3.13.1-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6a44db4fa9
2026-07-14 18:18:56.519132+00:00
--------------------------------------------------------------------------------

Name : prometheus
Product : Fedora 43
Version : 3.13.1
Release : 1.fc43
URL : https://github.com/prometheus/prometheus
Summary : Prometheus monitoring system and time series database
Description :
The Prometheus monitoring system and time series database.

--------------------------------------------------------------------------------
Update Information:

Update to 3.13.1
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jul 11 2026 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 3.13.1-1
- Update to 3.13.1 - Closes rhbz#2498963
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2498932 - CVE-2026-40898 prometheus: quic-go: Denial of Service via excessive memory allocation in HTTP/3 trailers [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2498932
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6a44db4fa9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: kernel-7.1.3-201.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e8e294a7fa
2026-07-14 18:01:28.598629+00:00
--------------------------------------------------------------------------------

Name : kernel
Product : Fedora 44
Version : 7.1.3
Release : 201.fc44
URL : https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package

--------------------------------------------------------------------------------
Update Information:

The 7.1.3-101/201 builds contain an important fix for XFS filesystem users.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 14 2026 Justin M. Forbes [jforbes@fedoraproject.org] [7.1.3-1]
- xfs: resample the data fork mapping after cycling ILOCK (Darrick J. Wong)
- redhat: configs: fedora: Enable Sony IMX471 image sensor (Kate Hsuan)
- media: i2c: imx471: Add Sony IMX471 image sensor driver (Kate Hsuan)
- platform: int3472: discrete: con_id vana for Sony IMX471 as power enable (Kate Hsuan)
- media: ipu-bridge: Add Sony IMX471 for Lenovo X1 Carbon G14 (Kate Hsuan)
- media: ipu-bridge: Add DMI information of Lenovo X9 to the image upside-down list (Kate Hsuan)
- redhat: move ynltool debuginfo to kernel-tools-debuginfo (Augusto Caringi)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e8e294a7fa' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: prometheus-3.13.1-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e07fd81708
2026-07-14 18:01:28.598622+00:00
--------------------------------------------------------------------------------

Name : prometheus
Product : Fedora 44
Version : 3.13.1
Release : 1.fc44
URL : https://github.com/prometheus/prometheus
Summary : Prometheus monitoring system and time series database
Description :
The Prometheus monitoring system and time series database.

--------------------------------------------------------------------------------
Update Information:

Update to 3.13.1
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jul 11 2026 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 3.13.1-1
- Update to 3.13.1 - Closes rhbz#2498963
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2498932 - CVE-2026-40898 prometheus: quic-go: Denial of Service via excessive memory allocation in HTTP/3 trailers [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2498932
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e07fd81708' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: freerdp-3.28.0-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-931f893f1b
2026-07-15 01:03:58.675206+00:00
--------------------------------------------------------------------------------

Name : freerdp
Product : Fedora 44
Version : 3.28.0
Release : 1.fc44
URL : http://www.freerdp.com/
Summary : Free implementation of the Remote Desktop Protocol (RDP)
Description :
The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP
project.

xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows
machines, xrdp and VirtualBox.

--------------------------------------------------------------------------------
Update Information:

Update to 3.28.0
It fixes CVE-2026-57156, CVE-2026-57157 and CVE-2026-57158.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul 13 2026 Ondrej Holy [oholy@redhat.com] - 2:3.28.0-1
- Update to 3.28.0 (CVE-2026-57156, CVE-2026-57157, CVE-2026-57158)
Resolves: rhbz#2497324
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2499199 - CVE-2026-57158 freerdp: FreeRDP: Information disclosure via truncated RDPGFX planar payload [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2499199
[ 2 ] Bug #2499200 - CVE-2026-57157 freerdp: FreeRDP: Out-of-bounds read leads to information disclosure and denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2499200
[ 3 ] Bug #2499226 - CVE-2026-57156 freerdp: FreeRDP: Arbitrary code execution or denial of service via integer overflow in RDP message processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2499226
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-931f893f1b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: freerdp-3.28.0-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e2afc3151d
2026-07-15 00:40:37.238800+00:00
--------------------------------------------------------------------------------

Name : freerdp
Product : Fedora 43
Version : 3.28.0
Release : 1.fc43
URL : http://www.freerdp.com/
Summary : Free implementation of the Remote Desktop Protocol (RDP)
Description :
The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP
project.

xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows
machines, xrdp and VirtualBox.

--------------------------------------------------------------------------------
Update Information:

Update to 3.28.0
It fixes CVE-2026-57156, CVE-2026-57157 and CVE-2026-57158.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul 13 2026 Ondrej Holy [oholy@redhat.com] - 2:3.28.0-1
- Update to 3.28.0 (CVE-2026-57156, CVE-2026-57157, CVE-2026-57158)
Resolves: rhbz#2497324
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2499199 - CVE-2026-57158 freerdp: FreeRDP: Information disclosure via truncated RDPGFX planar payload [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2499199
[ 2 ] Bug #2499200 - CVE-2026-57157 freerdp: FreeRDP: Out-of-bounds read leads to information disclosure and denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2499200
[ 3 ] Bug #2499226 - CVE-2026-57156 freerdp: FreeRDP: Arbitrary code execution or denial of service via integer overflow in RDP message processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2499226
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e2afc3151d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new