MinGW-Openexr, YarnPKG, VIM updates for Fedora

Fedora Linux 9281 Published 2026-03-17 06:42 by Philipp Esselbach

News

Multiple security advisories were issued for Fedora Linux to patch critical vulnerabilities across versions 42 through 44. Updates include packages like mingw-openexr, yarnpkg, and vim that received critical fixes during this release cycle. Major security bugs were fixed involving heap buffer overflow flaws that could lead to denial of service or arbitrary code execution.

Fedora 42 Update: mingw-openexr-3.3.8-1.fc42
Fedora 42 Update: yarnpkg-1.22.22-17.fc42
Fedora 43 Update: vim-9.2.148-1.fc43
Fedora 43 Update: mingw-openexr-3.3.8-1.fc43
Fedora 44 Update: mingw-openexr-3.4.6-1.fc44
Fedora 44 Update: yarnpkg-1.22.22-17.fc44

[SECURITY] Fedora 42 Update: mingw-openexr-3.3.8-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-45845d11c3
2026-03-17 02:11:42.422067+00:00
--------------------------------------------------------------------------------

Name : mingw-openexr
Product : Fedora 42
Version : 3.3.8
Release : 1.fc42
URL : http://www.openexr.com/
Summary : MinGW Windows openexr library
Description :
MinGW Windows openexr library.

--------------------------------------------------------------------------------
Update Information:

Update to openexr-3.4.6 resp 3.3.8.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar 8 2026 Sandro Mani [manisandro@gmail.com] - 3.3.8-1
- Update to 3.3.8
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2442257 - CVE-2026-26981 mingw-openexr: OpenEXR: Denial of Service via heap-buffer-overflow when parsing a malformed EXR file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2442257
[ 2 ] Bug #2444289 - CVE-2026-27622 mingw-openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444289
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-45845d11c3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: yarnpkg-1.22.22-17.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8aad5411e
2026-03-17 02:11:42.422063+00:00
--------------------------------------------------------------------------------

Name : yarnpkg
Product : Fedora 42
Version : 1.22.22
Release : 17.fc42
URL : https://github.com/yarnpkg/yarn
Summary : Fast, reliable, and secure dependency management.
Description :
Fast, reliable, and secure dependency management.

--------------------------------------------------------------------------------
Update Information:

Update vendor bundle.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 7 2026 Sandro Mani [manisandro@gmail.com] - 1.22.22-17
- Refresh vendor bundle
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2422491 - CVE-2025-64718 yarnpkg: js-yaml prototype pollution in merge [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2422491
[ 2 ] Bug #2422506 - CVE-2025-64718 yarnpkg: js-yaml prototype pollution in merge [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2422506
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8aad5411e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: vim-9.2.148-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7eaf665007
2026-03-17 00:48:48.647205+00:00
--------------------------------------------------------------------------------

Name : vim
Product : Fedora 43
Version : 9.2.148
Release : 1.fc43
URL : https://www.vim.org/
Summary : The VIM editor
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor. Vi was the first real screen-based editor for UNIX, and is
still very popular. VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.

--------------------------------------------------------------------------------
Update Information:

patchlevel 148
Security fix for CVE-2026-32249
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 13 2026 Zdenek Dohnal [zdohnal@redhat.com] - 2:9.2.148-1
- patchlevel 148
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447110 - CVE-2026-32249 vim: NFA regex engine NULL pointer dereference
https://bugzilla.redhat.com/show_bug.cgi?id=2447110
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7eaf665007' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: mingw-openexr-3.3.8-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f958585e24
2026-03-17 00:48:48.647163+00:00
--------------------------------------------------------------------------------

Name : mingw-openexr
Product : Fedora 43
Version : 3.3.8
Release : 1.fc43
URL : http://www.openexr.com/
Summary : MinGW Windows openexr library
Description :
MinGW Windows openexr library.

--------------------------------------------------------------------------------
Update Information:

Update to openexr-3.4.6 resp 3.3.8.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar 8 2026 Sandro Mani [manisandro@gmail.com] - 3.3.8-1
- Update to 3.3.8
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2442257 - CVE-2026-26981 mingw-openexr: OpenEXR: Denial of Service via heap-buffer-overflow when parsing a malformed EXR file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2442257
[ 2 ] Bug #2444289 - CVE-2026-27622 mingw-openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444289
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f958585e24' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: mingw-openexr-3.4.6-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-4656ccedf8
2026-03-17 00:15:03.527053+00:00
--------------------------------------------------------------------------------

Name : mingw-openexr
Product : Fedora 44
Version : 3.4.6
Release : 1.fc44
URL : http://www.openexr.com/
Summary : MinGW Windows openexr library
Description :
MinGW Windows openexr library.

--------------------------------------------------------------------------------
Update Information:

Update to openexr-3.4.6 resp 3.3.8.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 7 2026 Sandro Mani [manisandro@gmail.com] - 3.4.6-1
- Update to 3.4.6
* Sun Feb 22 2026 Sandro Mani [manisandro@gmail.com] - 3.4.5-1
- Update to 3.4.5
* Thu Feb 19 2026 Simone Caronni [negativo17@gmail.com] - 3.4.4-3
- Rebuilt for OpenJPH update.
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2442257 - CVE-2026-26981 mingw-openexr: OpenEXR: Denial of Service via heap-buffer-overflow when parsing a malformed EXR file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2442257
[ 2 ] Bug #2444289 - CVE-2026-27622 mingw-openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444289
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-4656ccedf8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: yarnpkg-1.22.22-17.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-db0c5d039c
2026-03-17 00:15:03.527046+00:00
--------------------------------------------------------------------------------

Name : yarnpkg
Product : Fedora 44
Version : 1.22.22
Release : 17.fc44
URL : https://github.com/yarnpkg/yarn
Summary : Fast, reliable, and secure dependency management.
Description :
Fast, reliable, and secure dependency management.

--------------------------------------------------------------------------------
Update Information:

Update vendor bundle.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 7 2026 Sandro Mani [manisandro@gmail.com] - 1.22.22-17
- Refresh vendor bundle
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2422491 - CVE-2025-64718 yarnpkg: js-yaml prototype pollution in merge [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2422491
[ 2 ] Bug #2422506 - CVE-2025-64718 yarnpkg: js-yaml prototype pollution in merge [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2422506
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-db0c5d039c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

Imagemagick security update for Debian 10 ELTS

Linux kernel updates for Ubuntu

MinGW-Openexr, YarnPKG, VIM updates for Fedora

[SECURITY] Fedora 42 Update: mingw-openexr-3.3.8-1.fc42

[SECURITY] Fedora 42 Update: yarnpkg-1.22.22-17.fc42

[SECURITY] Fedora 43 Update: vim-9.2.148-1.fc43

[SECURITY] Fedora 43 Update: mingw-openexr-3.3.8-1.fc43

[SECURITY] Fedora 44 Update: mingw-openexr-3.4.6-1.fc44

[SECURITY] Fedora 44 Update: yarnpkg-1.22.22-17.fc44

Windows

Linux

macOS

Community