MinGW, Thunderbird, VIM, and more updates for Fedora

Fedora Linux 9250 Published by

Fedora has released security updates for several packages, including mingw-libpng, mingw-libsoup, thunderbird, python-pillow, vim, mingw-python3, pgadmin4, libssh, and freerdp. These updates address various vulnerabilities, such as heap buffer overflows, out-of-bounds reads, arbitrary code execution, and denial of service attacks.

Fedora 43 Update: mingw-libpng-1.6.55-1.fc43
Fedora 43 Update: mingw-libsoup-2.74.3-17.fc43
Fedora 43 Update: thunderbird-147.0-2.fc43
Fedora 43 Update: python-pillow-11.3.0-7.fc43
Fedora 43 Update: vim-9.1.2146-1.fc43
Fedora 43 Update: mingw-python3-3.11.14-7.fc43
Fedora 43 Update: pgadmin4-9.12-1.fc43
Fedora 42 Update: thunderbird-147.0-6.fc42
Fedora 42 Update: pgadmin4-9.12-1.fc42
Fedora 42 Update: mingw-libsoup-2.74.3-17.fc42
Fedora 42 Update: libssh-0.11.4-1.fc42
Fedora 42 Update: libpng-1.6.55-1.fc42
Fedora 42 Update: mingw-python3-3.11.14-7.fc42
Fedora 42 Update: freerdp-3.22.0-1.fc42




[SECURITY] Fedora 43 Update: mingw-libpng-1.6.55-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dba3079676
2026-02-18 04:24:13.329239+00:00
--------------------------------------------------------------------------------

Name : mingw-libpng
Product : Fedora 43
Version : 1.6.55
Release : 1.fc43
URL : http://www.libpng.org/pub/png/
Summary : MinGW Windows Libpng library
Description :
MinGW Windows Libpng library.

--------------------------------------------------------------------------------
Update Information:

Update to libpng-1.6.55.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 12 2026 Sandro Mani [manisandro@gmail.com] - 1.6.55-1
- Update to 1.6.55
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2438672 - CVE-2026-25646 mingw-libpng: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2438672
[ 2 ] Bug #2438684 - CVE-2026-25646 mingw-libpng: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438684
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dba3079676' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: mingw-libsoup-2.74.3-17.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-44af0f2383
2026-02-18 04:24:13.329210+00:00
--------------------------------------------------------------------------------

Name : mingw-libsoup
Product : Fedora 43
Version : 2.74.3
Release : 17.fc43
URL : https://wiki.gnome.org/Projects/libsoup
Summary : MinGW library for HTTP and XML-RPC functionality
Description :
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
the SOAP and non-SOAP parts have now been split into separate packages.

libsoup uses the Glib main loop and is designed to work well with GTK
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it).

This is the MinGW build of Libsoup

--------------------------------------------------------------------------------
Update Information:

Backport fixes for CVE-2026-0716, CVE-2026-0719.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Feb 7 2026 Sandro Mani [manisandro@gmail.com] - 2.74.3-17
- Backport fixes for CVE-2026-0716 and CVE-2026-0719
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2427902 - CVE-2026-0716 mingw-libsoup: Out-of-Bounds Read in libsoup WebSocket Frame Processing [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2427902
[ 2 ] Bug #2427905 - CVE-2026-0716 mingw-libsoup: Out-of-Bounds Read in libsoup WebSocket Frame Processing [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2427905
[ 3 ] Bug #2427909 - CVE-2026-0719 mingw-libsoup: libsoup: Arbitrary code execution via stack-based buffer overflow in NTLM authentication [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2427909
[ 4 ] Bug #2427912 - CVE-2026-0719 mingw-libsoup: libsoup: Arbitrary code execution via stack-based buffer overflow in NTLM authentication [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2427912
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-44af0f2383' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: thunderbird-147.0-2.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6b5abf91a9
2026-02-18 04:24:13.329264+00:00
--------------------------------------------------------------------------------

Name : thunderbird
Product : Fedora 43
Version : 147.0
Release : 2.fc43
URL : http://www.mozilla.org/projects/thunderbird/
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

--------------------------------------------------------------------------------
Update Information:

Update to latest upstream version.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 147.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Wed Jan 14 2026 Jan Horak [jhorak@redhat.com] - 147.0-1
- Update to 147.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6b5abf91a9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: python-pillow-11.3.0-7.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9f517a7495
2026-02-18 04:24:13.329249+00:00
--------------------------------------------------------------------------------

Name : python-pillow
Product : Fedora 43
Version : 11.3.0
Release : 7.fc43
URL : http://python-pillow.github.io/
Summary : Python image processing library
Description :
Python image processing library, fork of the Python Imaging Library (PIL)

This library provides extensive file format support, an efficient
internal representation, and powerful image processing capabilities.

There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt),
devel (development) and doc (documentation).

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2026-25990.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Feb 14 2026 Sandro Mani [manisandro@gmail.com] - 11.1.0-7
- Backport fix for CVE-2026-25990
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2439192 - CVE-2026-25990 python-pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2439192
[ 2 ] Bug #2439196 - CVE-2026-25990 python-pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2439196
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9f517a7495' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: vim-9.1.2146-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7eda235f65
2026-02-18 04:24:13.329242+00:00
--------------------------------------------------------------------------------

Name : vim
Product : Fedora 43
Version : 9.1.2146
Release : 1.fc43
URL : https://www.vim.org/
Summary : The VIM editor
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor. Vi was the first real screen-based editor for UNIX, and is
still very popular. VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.

--------------------------------------------------------------------------------
Update Information:

patchlevel 2146
Security fix for CVE-2026-25749
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 13 2026 Zdenek Dohnal [zdohnal@redhat.com] - 2:9.1.2146-1
- patchlevel 2146
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2437843 - CVE-2026-25749 vim: Vim: Arbitrary code execution via 'helpfile' option processing
https://bugzilla.redhat.com/show_bug.cgi?id=2437843
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7eda235f65' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: mingw-python3-3.11.14-7.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e0c0434efb
2026-02-18 04:24:13.329218+00:00
--------------------------------------------------------------------------------

Name : mingw-python3
Product : Fedora 43
Version : 3.11.14
Release : 7.fc43
URL : https://www.python.org/
Summary : MinGW Windows python3
Description :
MinGW Windows python3

--------------------------------------------------------------------------------
Update Information:

Backport fixes for CVE-2025-11468, CVE-2026-0672, CVE-2026-0865, CVE-2025-15282,
CVE-2026-1299
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 9 2026 Sandro Mani [manisandro@gmail.com] - 3.11.14-7
- Backport fixes for CVE-2025-11468, CVE-2026-0672, CVE-2026-0865,
CVE-2025-15282, CVE-2026-1299
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 3.11.14-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2431752 - CVE-2025-11468 mingw-python3: Missing character filtering in Python [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2431752
[ 2 ] Bug #2431762 - CVE-2026-0672 mingw-python3: Header injection in http.cookies.Morsel in Python [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2431762
[ 3 ] Bug #2431781 - CVE-2026-0865 mingw-python3: wsgiref.headers.Headers allows header newline injection in Python [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2431781
[ 4 ] Bug #2431790 - CVE-2025-15282 mingw-python3: Header injection via newlines in data URL mediatype in Python [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2431790
[ 5 ] Bug #2431806 - CVE-2025-11468 mingw-python3: Missing character filtering in Python [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431806
[ 6 ] Bug #2431817 - CVE-2026-0672 mingw-python3: Header injection in http.cookies.Morsel in Python [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431817
[ 7 ] Bug #2431818 - CVE-2026-0865 mingw-python3: wsgiref.headers.Headers allows header newline injection in Python [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431818
[ 8 ] Bug #2431839 - CVE-2025-15282 mingw-python3: Header injection via newlines in data URL mediatype in Python [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431839
[ 9 ] Bug #2433814 - CVE-2026-1299 mingw-python3: email header injection due to unquoted newlines [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2433814
[ 10 ] Bug #2433824 - CVE-2026-1299 mingw-python3: email header injection due to unquoted newlines [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2433824
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e0c0434efb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: pgadmin4-9.12-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-28db64f571
2026-02-18 04:24:13.329207+00:00
--------------------------------------------------------------------------------

Name : pgadmin4
Product : Fedora 43
Version : 9.12
Release : 1.fc43
URL : https://www.pgadmin.org/
Summary : Administration tool for PostgreSQL
Description :
pgAdmin is the most popular and feature rich Open Source administration and development
platform for PostgreSQL, the most advanced Open Source database in the world.

--------------------------------------------------------------------------------
Update Information:

Update to pgadmin-9.12.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 6 2026 Sandro Mani [manisandro@gmail.com] - 9.12-1
- Update to 9.12
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2437044 - pgadmin4-9.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437044
[ 2 ] Bug #2437176 - CVE-2026-1707 pgadmin4: restore restriction bypass via key disclosure vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2437176
[ 3 ] Bug #2437177 - CVE-2026-1707 pgadmin4: restore restriction bypass via key disclosure vulnerability [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437177
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-28db64f571' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: thunderbird-147.0-6.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6ca1769cc2
2026-02-18 00:54:04.864925+00:00
--------------------------------------------------------------------------------

Name : thunderbird
Product : Fedora 42
Version : 147.0
Release : 6.fc42
URL : http://www.mozilla.org/projects/thunderbird/
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

--------------------------------------------------------------------------------
Update Information:

Update to latest upstream version.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 147.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Wed Jan 14 2026 Jan Horak [jhorak@redhat.com] - 147.0-1
- Update to 147.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6ca1769cc2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: pgadmin4-9.12-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-651f0e2b32
2026-02-18 00:54:04.864886+00:00
--------------------------------------------------------------------------------

Name : pgadmin4
Product : Fedora 42
Version : 9.12
Release : 1.fc42
URL : https://www.pgadmin.org/
Summary : Administration tool for PostgreSQL
Description :
pgAdmin is the most popular and feature rich Open Source administration and development
platform for PostgreSQL, the most advanced Open Source database in the world.

--------------------------------------------------------------------------------
Update Information:

Update to pgadmin-9.12.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 6 2026 Sandro Mani [manisandro@gmail.com] - 9.12-1
- Update to 9.12
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2437044 - pgadmin4-9.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437044
[ 2 ] Bug #2437176 - CVE-2026-1707 pgadmin4: restore restriction bypass via key disclosure vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2437176
[ 3 ] Bug #2437177 - CVE-2026-1707 pgadmin4: restore restriction bypass via key disclosure vulnerability [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437177
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-651f0e2b32' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: mingw-libsoup-2.74.3-17.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-07b73214fc
2026-02-18 00:54:04.864891+00:00
--------------------------------------------------------------------------------

Name : mingw-libsoup
Product : Fedora 42
Version : 2.74.3
Release : 17.fc42
URL : https://wiki.gnome.org/Projects/libsoup
Summary : MinGW library for HTTP and XML-RPC functionality
Description :
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
the SOAP and non-SOAP parts have now been split into separate packages.

libsoup uses the Glib main loop and is designed to work well with GTK
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it).

This is the MinGW build of Libsoup

--------------------------------------------------------------------------------
Update Information:

Backport fixes for CVE-2026-0716, CVE-2026-0719.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Feb 7 2026 Sandro Mani [manisandro@gmail.com] - 2.74.3-17
- Backport fixes for CVE-2026-0716 and CVE-2026-0719
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2427902 - CVE-2026-0716 mingw-libsoup: Out-of-Bounds Read in libsoup WebSocket Frame Processing [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2427902
[ 2 ] Bug #2427905 - CVE-2026-0716 mingw-libsoup: Out-of-Bounds Read in libsoup WebSocket Frame Processing [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2427905
[ 3 ] Bug #2427909 - CVE-2026-0719 mingw-libsoup: libsoup: Arbitrary code execution via stack-based buffer overflow in NTLM authentication [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2427909
[ 4 ] Bug #2427912 - CVE-2026-0719 mingw-libsoup: libsoup: Arbitrary code execution via stack-based buffer overflow in NTLM authentication [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2427912
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-07b73214fc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: libssh-0.11.4-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0d8264f449
2026-02-18 00:54:04.864913+00:00
--------------------------------------------------------------------------------

Name : libssh
Product : Fedora 42
Version : 0.11.4
Release : 1.fc42
URL : http://www.libssh.org
Summary : A library implementing the SSH protocol
Description :
The ssh library was designed to be used by programmers needing a working SSH
implementation by the mean of a library. The complete control of the client is
made by the programmer. With libssh, you can remotely execute programs, transfer
files, use a secure and transparent tunnel for your remote programs. With its
Secure FTP implementation, you can play with remote files easily, without
third-party programs others than libcrypto (from openssl).

--------------------------------------------------------------------------------
Update Information:

New upstream release fixing various security issues.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 10 2026 Jakub Jelen [jjelen@redhat.com] - 0.11.4-1
- New upstream release fixing following security issues:
- CVE-2025-14821: libssh loads configuration files from the C:\etc directory on Windows
- CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request()
- CVE-2026-0965: Possible Denial of Service when parsing unexpected configuration files
- CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input
- CVE-2026-0967: Specially crafted patterns could cause DoS
- CVE-2026-0968: OOB Read in sftp_parse_longname()
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2438452 - libssh-0.12.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2438452
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0d8264f449' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: libpng-1.6.55-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-168ebcb4a8
2026-02-18 00:54:04.864922+00:00
--------------------------------------------------------------------------------

Name : libpng
Product : Fedora 42
Version : 1.6.55
Release : 1.fc42
URL : http://www.libpng.org/pub/png/
Summary : A library of functions for manipulating PNG image format files
Description :
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files. PNG
is a bit-mapped graphics format similar to the GIF format. PNG was
created to replace the GIF format, since GIF uses a patented data
compression algorithm.

Libpng should be installed if you need to manipulate PNG format image
files.

--------------------------------------------------------------------------------
Update Information:

Version 1.6.54 [January 12, 2026]
Fixed CVE-2026-22695 (medium severity):
Heap buffer over-read in png_image_read_direct_scaled.
Fixed CVE-2026-22801 (medium severity):
Integer truncation causing heap buffer over-read in png_image_write_*.
Version 1.6.55 [February 9, 2026]
Fixed CVE-2026-25646 (high severity):
Heap buffer overflow in png_set_quantize.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 13 2026 Michal Hlavinka [mhlavink@redhat.com] - 2:1.6.55-1
- updated to 1.6.55 (#2429529)
* Wed Feb 11 2026 Michal Hlavinka [mhlavink@redhat.com] - 2:1.6.54-1
- updated to 1.6.54
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2:1.6.53-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2437248 - CVE-2026-22801 libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437248
[ 2 ] Bug #2438669 - CVE-2026-25646 libpng: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2438669
[ 3 ] Bug #2438681 - CVE-2026-25646 libpng: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438681
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-168ebcb4a8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: mingw-python3-3.11.14-7.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c8b3418f91
2026-02-18 00:54:04.864895+00:00
--------------------------------------------------------------------------------

Name : mingw-python3
Product : Fedora 42
Version : 3.11.14
Release : 7.fc42
URL : https://www.python.org/
Summary : MinGW Windows python3
Description :
MinGW Windows python3

--------------------------------------------------------------------------------
Update Information:

Backport fixes for CVE-2025-11468, CVE-2026-0672, CVE-2026-0865, CVE-2025-15282,
CVE-2026-1299
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 9 2026 Sandro Mani [manisandro@gmail.com] - 3.11.14-7
- Backport fixes for CVE-2025-11468, CVE-2026-0672, CVE-2026-0865,
CVE-2025-15282, CVE-2026-1299
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 3.11.14-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2431752 - CVE-2025-11468 mingw-python3: Missing character filtering in Python [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2431752
[ 2 ] Bug #2431762 - CVE-2026-0672 mingw-python3: Header injection in http.cookies.Morsel in Python [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2431762
[ 3 ] Bug #2431781 - CVE-2026-0865 mingw-python3: wsgiref.headers.Headers allows header newline injection in Python [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2431781
[ 4 ] Bug #2431790 - CVE-2025-15282 mingw-python3: Header injection via newlines in data URL mediatype in Python [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2431790
[ 5 ] Bug #2431806 - CVE-2025-11468 mingw-python3: Missing character filtering in Python [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431806
[ 6 ] Bug #2431817 - CVE-2026-0672 mingw-python3: Header injection in http.cookies.Morsel in Python [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431817
[ 7 ] Bug #2431818 - CVE-2026-0865 mingw-python3: wsgiref.headers.Headers allows header newline injection in Python [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431818
[ 8 ] Bug #2431839 - CVE-2025-15282 mingw-python3: Header injection via newlines in data URL mediatype in Python [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431839
[ 9 ] Bug #2433814 - CVE-2026-1299 mingw-python3: email header injection due to unquoted newlines [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2433814
[ 10 ] Bug #2433824 - CVE-2026-1299 mingw-python3: email header injection due to unquoted newlines [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2433824
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c8b3418f91' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: freerdp-3.22.0-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fa67f40526
2026-02-18 00:54:04.864820+00:00
--------------------------------------------------------------------------------

Name : freerdp
Product : Fedora 42
Version : 3.22.0
Release : 1.fc42
URL : http://www.freerdp.com/
Summary : Free implementation of the Remote Desktop Protocol (RDP)
Description :
The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP
project.

xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows
machines, xrdp and VirtualBox.

--------------------------------------------------------------------------------
Update Information:

Update to 3.22.0
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 2 2026 Ondrej Holy [oholy@redhat.com] - 2:3.22.0-1
- Update to 3.22.0 (CVE-2026-23948, CVE-2026-24682, CVE-2026-24683,
CVE-2026-24676, CVE-2026-24677, CVE-2026-24678, CVE-2026-24684,
CVE-2026-24679, CVE-2026-24681, CVE-2026-24675, CVE-2026-24491,
CVE-2026-24680)
Resolves: rhbz#2433803
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2438245 - CVE-2026-24678 freerdp: FreeRDP: Denial of Service via use after free in ecam_channel_write [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2438245
[ 2 ] Bug #2438257 - CVE-2026-24675 freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2438257
[ 3 ] Bug #2438259 - CVE-2026-24681 freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2438259
[ 4 ] Bug #2438260 - CVE-2026-24677 freerdp: FreeRDP has a heap-buffer-overflow in ecam_encoder_compress_h264 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2438260
[ 5 ] Bug #2438262 - CVE-2026-24683 freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2438262
[ 6 ] Bug #2438264 - CVE-2026-24682 freerdp: FreeRDP has a Heap-buffer-overflow in audio_formats_free [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2438264
[ 7 ] Bug #2438267 - CVE-2026-24684 freerdp: FreeRDP has a Heap-use-after-free in play_thread [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2438267
[ 8 ] Bug #2438272 - CVE-2026-24491 freerdp: FreeRDP has a heap-use-after-free in video_timer [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2438272
[ 9 ] Bug #2438285 - CVE-2026-23948 freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2() [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2438285
[ 10 ] Bug #2438288 - CVE-2026-24679 freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2438288
[ 11 ] Bug #2438311 - CVE-2026-24680 freerdp: FreeRDP has a heap-use-after-free in update_pointer_new(SDL) [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2438311
[ 12 ] Bug #2438323 - CVE-2026-24676 freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2438323
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fa67f40526' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new


KDE Plasma 6.6 Brings Useful Upgrades and Accessibility Improvements

Golang and GIMP updates for AlmaLinux

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...