OpenSSH, Uxplay, Wordpress, and more updates for Fedora

Fedora Linux 9286 Published 2026-03-21 08:12 by Philipp Esselbach

News

A batch of security advisories was issued for Fedora Linux versions 42, 43, and 44. These updates address significant flaws in packages such as openssh and cpp-httplib that could allow unauthorized access or denial of service events. System administrators must apply these changes using the dnf upgrade program with specific advisory identifiers.

Fedora 42 Update: openssh-9.9p1-13.fc42
Fedora 42 Update: uxplay-1.73.3-1.fc42
Fedora 42 Update: wordpress-6.9.4-1.fc42
Fedora 42 Update: cpp-httplib-0.37.1-2.fc42
Fedora 43 Update: libsoup3-3.6.6-2.fc43
Fedora 43 Update: glib2-2.86.4-2.fc43
Fedora 43 Update: wordpress-6.9.4-1.fc43
Fedora 43 Update: uxplay-1.73.3-1.fc43
Fedora 43 Update: cpp-httplib-0.37.1-2.fc43
Fedora 44 Update: python3.6-3.6.15-54.fc44
Fedora 44 Update: wordpress-6.9.4-1.fc44

[SECURITY] Fedora 42 Update: openssh-9.9p1-13.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-39819a3d62
2026-03-21 01:09:55.393298+00:00
--------------------------------------------------------------------------------

Name : openssh
Product : Fedora 42
Version : 9.9p1
Release : 13.fc42
URL : http://www.openssh.com/portable.html
Summary : An open source implementation of SSH protocol version 2
Description :
SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features.

This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.

--------------------------------------------------------------------------------
Update Information:

CVE-2026-3497: Fix information disclosure or denial of service due to
uninitialized variables in gssapi-keyex
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 18 2026 Zoltan Fridrich [zfridric@redhat.com] - 9.9p1-13
- CVE-2026-3497: Fix information disclosure or denial of service due
to uninitialized variables in gssapi-keyex
Resolves: rhbz#2447289
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2442505 - 0043-openssh-8.7p1-ssh-manpage.patch introduces duplicates in documentation
https://bugzilla.redhat.com/show_bug.cgi?id=2442505
[ 2 ] Bug #2447289 - CVE-2026-3497 openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2447289
[ 3 ] Bug #2447290 - CVE-2026-3497 openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2447290
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-39819a3d62' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: uxplay-1.73.3-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c47c476fdd
2026-03-21 01:09:55.393267+00:00
--------------------------------------------------------------------------------

Name : uxplay
Product : Fedora 42
Version : 1.73.3
Release : 1.fc42
URL : https://github.com/FDH2/UxPlay
Summary : AirPlay Unix mirroring server
Description :
An AirPlay2 Mirror and AirPlay2 Audio (but not Video) server that provides
screen-mirroring (with audio) of iOS/MacOS clients in a display window on
the server host (which can be shared using a screen-sharing application);
Apple Lossless Audio (ALAC) (e.g.,iTunes) can be streamed from client to
server in non-mirror mode.

--------------------------------------------------------------------------------
Update Information:

Update to 1.73.3; Fixes: RHBZ#2426392, RHBZ#2415186
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 12 2026 Davide Cavalca [dcavalca@fedoraproject.org] - 1.73.3-1
- Update to 1.73.3; Fixes: RHBZ#2426392, RHBZ#2415186
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.72.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2415186 - [abrt] uxplay: __libc_message_impl(): uxplay killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=2415186
[ 2 ] Bug #2425815 - CVE-2025-60458 uxplay: double free via specially crafted RTSP TEARDOWN request [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2425815
[ 3 ] Bug #2426392 - uxplay-1.73.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2426392
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c47c476fdd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: wordpress-6.9.4-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-675dd9b166
2026-03-21 01:09:55.393270+00:00
--------------------------------------------------------------------------------

Name : wordpress
Product : Fedora 42
Version : 6.9.4
Release : 1.fc42
URL : https://wordpress.org/
Summary : Blog tool and publishing platform
Description :
Wordpress is an online publishing / weblog package that makes it very easy,
almost trivial, to get information out to people on the web.

Important information in /usr/share/doc/wordpress/README.fedora

--------------------------------------------------------------------------------
Update Information:

Upstream announcements:
WordPress 6.9.2 Release
WordPress 6.9.3 and 7.0 beta 4
WordPress 6.9.4 Release
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 12 2026 Remi Collet [remi@remirepo.net] - 6.9.4-1
- WordPress 6.9.4 Release
* Wed Mar 11 2026 Remi Collet [remi@remirepo.net] - 6.9.3-1
- WordPress 6.9.3 Release
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2446481 - CVE-2026-3906 wordpress: WordPress: Unauthorized access to post notes via improper REST API permission check [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2446481
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-675dd9b166' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: cpp-httplib-0.37.1-2.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6ed9c65eaf
2026-03-21 01:09:55.393257+00:00
--------------------------------------------------------------------------------

Name : cpp-httplib
Product : Fedora 42
Version : 0.37.1
Release : 2.fc42
URL : https://github.com/yhirose/cpp-httplib
Summary : A C++11 single-file header-only cross platform HTTP/HTTPS library
Description :
A C++11 single-file header-only cross platform HTTP/HTTPS library.

It's extremely easy to setup. Just include the httplib.h file in your code!

--------------------------------------------------------------------------------
Update Information:

Update to 0.37.1 (rbhz#2445943)
Fixes Denial of Service via malformed Content-Length header
(CVE-2026-31870
Reenables 32-bit build
Update to 0.37.0 (rhbz#2441656)
Fixes Denial of Service via crafted HTTP POST request (CVE-2026-29076,
rhbz#2445663)
Update to 0.35.0
Payload size limit bypass via gzip decompression in ContentReader (streaming)
allows oversized request bodies (CVE-2026-28435, rhbz#2444638)
Default exception handler leaks e.what() to clients via EXCEPTION_WHAT response
header (CVE-2026-28434, rhbz#2444636)
https://github.com/yhirose/cpp-httplib/compare/v0.32.0...v0.37.0
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 12 2026 Petr Men????k [pemensik@redhat.com] - 0.37.1-2
- Build for 32 bits again
* Thu Mar 12 2026 Petr Men????k [pemensik@redhat.com] - 0.37.1-1
- Update to 0.37.1 (rhbz#2445943)
- Fixes Denial of Service via malformed Content-Length header
(CVE-2026-31870)
- https://github.com/yhirose/cpp-
httplib/security/advisories/GHSA-39q5-hh6x-jpxx
- https://github.com/yhirose/cpp-httplib/releases/tag/v0.37.1
* Mon Mar 9 2026 Petr Men????k [pemensik@redhat.com] - 0.37.0-1
- Update to 0.37.0 (rhbz#2441656)
- Fixes Denial of Service via crafted HTTP POST request (CVE-2026-29076)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2441656 - cpp-httplib-0.37.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2441656
[ 2 ] Bug #2444636 - CVE-2026-28434 cpp-httplib: default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444636
[ 3 ] Bug #2444638 - CVE-2026-28435 cpp-httplib: payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444638
[ 4 ] Bug #2445663 - CVE-2026-29076 cpp-httplib: cpp-httplib: Denial of Service via crafted HTTP POST request [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2445663
[ 5 ] Bug #2445943 - cpp-httplib-0.37.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2445943
[ 6 ] Bug #2446926 - CVE-2026-31870 cpp-httplib: cpp-httplib: Denial of Service via malformed Content-Length header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2446926
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6ed9c65eaf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 43 Update: libsoup3-3.6.6-2.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f029d04054
2026-03-21 00:54:25.948645+00:00
--------------------------------------------------------------------------------

Name : libsoup3
Product : Fedora 43
Version : 3.6.6
Release : 2.fc43
URL : https://wiki.gnome.org/Projects/libsoup
Summary : Soup, an HTTP library implementation
Description :
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
the SOAP and non-SOAP parts have now been split into separate packages.

libsoup uses the Glib main loop and is designed to work well with GTK
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it), but the SOAP parts were removed
long ago.

--------------------------------------------------------------------------------
Update Information:

Add patch for CVE-2026-1539 (Also remove Proxy-Authorization header on cross
origin redirect)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 19 2026 Milan Crha [mcrha@redhat.com] - 3.6.6-2
- Add patch for CVE-2026-1539 (Also remove Proxy-Authorization header on
cross origin redirect)
- Resolves: rhbz#2433867
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2433867 - CVE-2026-1539 libsoup3: libsoup: Credential leakage via HTTP redirects [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2433867
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f029d04054' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: glib2-2.86.4-2.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5637749c07
2026-03-21 00:54:25.948640+00:00
--------------------------------------------------------------------------------

Name : glib2
Product : Fedora 43
Version : 2.86.4
Release : 2.fc43
URL : https://www.gtk.org
Summary : A library of handy utility functions
Description :
GLib is the low-level core library that forms the basis for projects
such as GTK+ and GNOME. It provides data structure handling for C,
portability wrappers, and interfaces for such runtime functionality
as an event loop, threads, dynamic loading, and an object system.

--------------------------------------------------------------------------------
Update Information:

Add patch for CVE-2026-0988 (Integer overflow in g_buffered_input_stream_peek()
leads to segmentation fault)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 19 2026 Milan Crha [mcrha@redhat.com] - 2.86.4-2
- Add patch for CVE-2026-0988 (Integer overflow in
g_buffered_input_stream_peek() leads to segmentation fault)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2429913 - CVE-2026-0988 glib2: GLib: Denial of Service via Integer Overflow in g_buffered_input_stream_peek() [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2429913
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5637749c07' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: wordpress-6.9.4-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5774d46593
2026-03-21 00:54:25.948585+00:00
--------------------------------------------------------------------------------

Name : wordpress
Product : Fedora 43
Version : 6.9.4
Release : 1.fc43
URL : https://wordpress.org/
Summary : Blog tool and publishing platform
Description :
Wordpress is an online publishing / weblog package that makes it very easy,
almost trivial, to get information out to people on the web.

Important information in /usr/share/doc/wordpress/README.fedora

--------------------------------------------------------------------------------
Update Information:

Upstream announcements:
WordPress 6.9.2 Release
WordPress 6.9.3 and 7.0 beta 4
WordPress 6.9.4 Release
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 12 2026 Remi Collet [remi@remirepo.net] - 6.9.4-1
- WordPress 6.9.4 Release
* Wed Mar 11 2026 Remi Collet [remi@remirepo.net] - 6.9.3-1
- WordPress 6.9.3 Release
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2446481 - CVE-2026-3906 wordpress: WordPress: Unauthorized access to post notes via improper REST API permission check [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2446481
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5774d46593' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: uxplay-1.73.3-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a00f52ac25
2026-03-21 00:54:25.948577+00:00
--------------------------------------------------------------------------------

Name : uxplay
Product : Fedora 43
Version : 1.73.3
Release : 1.fc43
URL : https://github.com/FDH2/UxPlay
Summary : AirPlay Unix mirroring server
Description :
An AirPlay2 Mirror and AirPlay2 Audio (but not Video) server that provides
screen-mirroring (with audio) of iOS/MacOS clients in a display window on
the server host (which can be shared using a screen-sharing application);
Apple Lossless Audio (ALAC) (e.g.,iTunes) can be streamed from client to
server in non-mirror mode.

--------------------------------------------------------------------------------
Update Information:

Update to 1.73.3; Fixes: RHBZ#2426392, RHBZ#2415186
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 12 2026 Davide Cavalca [dcavalca@fedoraproject.org] - 1.73.3-1
- Update to 1.73.3; Fixes: RHBZ#2426392, RHBZ#2415186
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.72.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2415186 - [abrt] uxplay: __libc_message_impl(): uxplay killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=2415186
[ 2 ] Bug #2425814 - CVE-2025-60458 uxplay: double free via specially crafted RTSP TEARDOWN request [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2425814
[ 3 ] Bug #2426392 - uxplay-1.73.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2426392
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a00f52ac25' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: cpp-httplib-0.37.1-2.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c2049f7220
2026-03-21 00:54:25.948557+00:00
--------------------------------------------------------------------------------

Name : cpp-httplib
Product : Fedora 43
Version : 0.37.1
Release : 2.fc43
URL : https://github.com/yhirose/cpp-httplib
Summary : A C++11 single-file header-only cross platform HTTP/HTTPS library
Description :
A C++11 single-file header-only cross platform HTTP/HTTPS library.

It's extremely easy to setup. Just include the httplib.h file in your code!

--------------------------------------------------------------------------------
Update Information:

Update to 0.37.0 (rhbz#2441656)
Fixes Denial of Service via crafted HTTP POST request (CVE-2026-29076,
rhbz#2445663)
Update to 0.35.0
Payload size limit bypass via gzip decompression in ContentReader (streaming)
allows oversized request bodies (CVE-2026-28435, rhbz#2444638)
Default exception handler leaks e.what() to clients via EXCEPTION_WHAT response
header (CVE-2026-28434, rhbz#2444636)
https://github.com/yhirose/cpp-httplib/compare/v0.32.0...v0.37.0
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 12 2026 Petr Men????k [pemensik@redhat.com] - 0.37.1-2
- Build for 32 bits again
* Thu Mar 12 2026 Petr Men????k [pemensik@redhat.com] - 0.37.1-1
- Update to 0.37.1 (rhbz#2445943)
- Fixes Denial of Service via malformed Content-Length header
(CVE-2026-31870)
- https://github.com/yhirose/cpp-
httplib/security/advisories/GHSA-39q5-hh6x-jpxx
- https://github.com/yhirose/cpp-httplib/releases/tag/v0.37.1
* Mon Mar 9 2026 Petr Men????k [pemensik@redhat.com] - 0.37.0-1
- Update to 0.37.0 (rhbz#2441656)
- Fixes Denial of Service via crafted HTTP POST request (CVE-2026-29076)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2441656 - cpp-httplib-0.37.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2441656
[ 2 ] Bug #2444636 - CVE-2026-28434 cpp-httplib: default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444636
[ 3 ] Bug #2444638 - CVE-2026-28435 cpp-httplib: payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444638
[ 4 ] Bug #2445663 - CVE-2026-29076 cpp-httplib: cpp-httplib: Denial of Service via crafted HTTP POST request [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2445663
[ 5 ] Bug #2446926 - CVE-2026-31870 cpp-httplib: cpp-httplib: Denial of Service via malformed Content-Length header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2446926
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c2049f7220' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: python3.6-3.6.15-54.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-cb86172c17
2026-03-21 00:15:22.234333+00:00
--------------------------------------------------------------------------------

Name : python3.6
Product : Fedora 44
Version : 3.6.15
Release : 54.fc44
URL : https://www.python.org/
Summary : Version 3.6 of the Python interpreter
Description :
Python is an accessible, high-level, dynamically typed, interpreted programming
language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

The python3.6 package provides the "python3" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.6-libs package,
which should be installed automatically along with python3.6.
The remaining parts of the Python standard library are broken out into the
python3.6-tkinter and python3.6-test packages, which may need to be installed
separately.

Documentation for Python is provided in the python3.6-docs package.

Packages containing additional libraries for Python are generally named with
the "python3.6-" prefix.

--------------------------------------------------------------------------------
Update Information:

Rebuilt for improvements of %python_wheel_inject_sbom in python-rpm-
macros-3.14-11.
Security fix for CVE-2025-12084
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 12 2026 Miro Hron??ok [mhroncok@redhat.com] - 3.6.15-54
- Rebuilt for improvements of %python_wheel_inject_sbom in python-rpm-macros-3.14-11
* Thu Feb 26 2026 Lum??r Balhar [lbalhar@redhat.com] - 3.6.15-53
- Security fix for CVE-2025-12084
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-cb86172c17' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: wordpress-6.9.4-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bf984d4931
2026-03-21 00:15:22.234290+00:00
--------------------------------------------------------------------------------

Name : wordpress
Product : Fedora 44
Version : 6.9.4
Release : 1.fc44
URL : https://wordpress.org/
Summary : Blog tool and publishing platform
Description :
Wordpress is an online publishing / weblog package that makes it very easy,
almost trivial, to get information out to people on the web.

Important information in /usr/share/doc/wordpress/README.fedora

--------------------------------------------------------------------------------
Update Information:

Upstream announcements:
WordPress 6.9.2 Release
WordPress 6.9.3 and 7.0 beta 4
WordPress 6.9.4 Release
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 12 2026 Remi Collet [remi@remirepo.net] - 6.9.4-1
- WordPress 6.9.4 Release
* Wed Mar 11 2026 Remi Collet [remi@remirepo.net] - 6.9.3-1
- WordPress 6.9.3 Release
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2446481 - CVE-2026-3906 wordpress: WordPress: Unauthorized access to post notes via improper REST API permission check [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2446481
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bf984d4931' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

ImageMagick, Libvirt, Chromium updates for Debian

GraphicsMagick, Python, Mumble, Tempo, Composer updates for SUSE

OpenSSH, Uxplay, Wordpress, and more updates for Fedora

[SECURITY] Fedora 42 Update: openssh-9.9p1-13.fc42

[SECURITY] Fedora 42 Update: uxplay-1.73.3-1.fc42

[SECURITY] Fedora 42 Update: wordpress-6.9.4-1.fc42

[SECURITY] Fedora 42 Update: cpp-httplib-0.37.1-2.fc42

[SECURITY] Fedora 43 Update: libsoup3-3.6.6-2.fc43

[SECURITY] Fedora 43 Update: glib2-2.86.4-2.fc43

[SECURITY] Fedora 43 Update: wordpress-6.9.4-1.fc43

[SECURITY] Fedora 43 Update: uxplay-1.73.3-1.fc43

[SECURITY] Fedora 43 Update: cpp-httplib-0.37.1-2.fc43

[SECURITY] Fedora 44 Update: python3.6-3.6.15-54.fc44

[SECURITY] Fedora 44 Update: wordpress-6.9.4-1.fc44

Windows

Linux

macOS

Community