PgAdmin, QGIS, Python updates for Fedora

Fedora Linux 9280 Published by

Fedora issued security updates that update pgadmin4, QGIS, and Python 3.6 across multiple distribution versions. The advisories highlight critical fixes including a remote code execution risk in QGIS workflows alongside scripting vulnerabilities found within the database administration tool. Python users will also receive a patch for a denial of service issue stemming from quadratic complexity in an XML module function.

Fedora 42 Update: pgadmin4-9.13-1.fc42
Fedora 42 Update: qgis-3.44.8-1.fc42
Fedora 42 Update: python3.6-3.6.15-53.fc42
Fedora 43 Update: python3.6-3.6.15-53.fc43
Fedora 44 Update: pgadmin4-9.13-1.fc44
Fedora 44 Update: qgis-3.44.8-1.fc44




[SECURITY] Fedora 42 Update: pgadmin4-9.13-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-416a89747f
2026-03-16 01:10:09.534356+00:00
--------------------------------------------------------------------------------

Name : pgadmin4
Product : Fedora 42
Version : 9.13
Release : 1.fc42
URL : https://www.pgadmin.org/
Summary : Administration tool for PostgreSQL
Description :
pgAdmin is the most popular and feature rich Open Source administration and development
platform for PostgreSQL, the most advanced Open Source database in the world.

--------------------------------------------------------------------------------
Update Information:

Update to pgadmin4-9.13.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 7 2026 Sandro Mani [manisandro@gmail.com] - 9.13-1
- Update to 9.13
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2439386 - CVE-2025-69873 pgadmin4: ReDoS via $data reference [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2439386
[ 2 ] Bug #2439405 - CVE-2025-69873 pgadmin4: ReDoS via $data reference [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2439405
[ 3 ] Bug #2442980 - CVE-2026-27901 pgadmin4: Svelte: Cross-Site Scripting and HTML injection via improper escaping of bind:innerText and bind:textContent [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2442980
[ 4 ] Bug #2442981 - CVE-2026-27901 pgadmin4: Svelte: Cross-Site Scripting and HTML injection via improper escaping of bind:innerText and bind:textContent [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2442981
[ 5 ] Bug #2443051 - CVE-2026-27902 pgadmin4: Svelte: Cross-Site Scripting via unsanitized error output [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2443051
[ 6 ] Bug #2444801 - pgadmin4-9.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2444801
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-416a89747f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: qgis-3.44.8-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-cd6e404295
2026-03-16 01:10:09.534349+00:00
--------------------------------------------------------------------------------

Name : qgis
Product : Fedora 42
Version : 3.44.8
Release : 1.fc42
URL : http://www.qgis.org
Summary : A user friendly Open Source Geographic Information System
Description :
Geographic Information System (GIS) manages, analyzes, and displays
databases of geographic information. QGIS supports shape file
viewing and editing, spatial data storage with PostgreSQL/PostGIS, projection
on-the-fly, map composition, and a number of other features via a plugin
interface. QGIS also supports display of various geo-referenced raster and
Digital Elevation Model (DEM) formats including GeoTIFF, Arc/Info ASCII Grid,
and USGS ASCII DEM.

--------------------------------------------------------------------------------
Update Information:

Update to qgis-3.44.8.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 6 2026 Sandro Mani [manisandro@gmail.com] - 3.44.8-1
- Update to 3.44.8
* Sun Feb 15 2026 Sandro Mani [manisandro@gmail.com] - 3.44.7-3
- Rebuild (PDAL)
* Thu Feb 12 2026 Sandro Mani [manisandro@gmail.com] - 3.44.7-2
- Rebuild (qt)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2433154 - CVE-2026-24480 qgis: QGIS GitHub Actions workflow: Remote Code Execution and repository compromise via insecure `pull_request_target` configuration [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2433154
[ 2 ] Bug #2433156 - CVE-2026-24480 qgis: QGIS GitHub Actions workflow: Remote Code Execution and repository compromise via insecure `pull_request_target` configuration [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2433156
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-cd6e404295' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: python3.6-3.6.15-53.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dd37d41d7f
2026-03-16 01:10:09.534308+00:00
--------------------------------------------------------------------------------

Name : python3.6
Product : Fedora 42
Version : 3.6.15
Release : 53.fc42
URL : https://www.python.org/
Summary : Version 3.6 of the Python interpreter
Description :
Python 3.6 package for developers.

This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.6, see other distributions
that support it, such as CentOS or RHEL with Software Collections
or older Fedora releases.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2025-12084
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 26 2026 Lum??r Balhar [lbalhar@redhat.com] - 3.6.15-53
- Security fix for CVE-2025-12084
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2422518 - CVE-2025-12084 python3.6: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2422518
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dd37d41d7f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: python3.6-3.6.15-53.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8ba3403ff7
2026-03-16 00:57:17.181960+00:00
--------------------------------------------------------------------------------

Name : python3.6
Product : Fedora 43
Version : 3.6.15
Release : 53.fc43
URL : https://www.python.org/
Summary : Version 3.6 of the Python interpreter
Description :
Python 3.6 package for developers.

This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.6, see other distributions
that support it, such as CentOS or RHEL with Software Collections
or older Fedora releases.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2025-12084
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 26 2026 Lum??r Balhar [lbalhar@redhat.com] - 3.6.15-53
- Security fix for CVE-2025-12084
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2422521 - CVE-2025-12084 python3.6: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2422521
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8ba3403ff7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 44 Update: pgadmin4-9.13-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-220c4ca745
2026-03-16 00:26:18.591080+00:00
--------------------------------------------------------------------------------

Name : pgadmin4
Product : Fedora 44
Version : 9.13
Release : 1.fc44
URL : https://www.pgadmin.org/
Summary : Administration tool for PostgreSQL
Description :
pgAdmin is the most popular and feature rich Open Source administration and development
platform for PostgreSQL, the most advanced Open Source database in the world.

--------------------------------------------------------------------------------
Update Information:

Update to pgadmin4-9.13.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 7 2026 Sandro Mani [manisandro@gmail.com] - 9.13-1
- Update to 9.13
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2439386 - CVE-2025-69873 pgadmin4: ReDoS via $data reference [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2439386
[ 2 ] Bug #2439405 - CVE-2025-69873 pgadmin4: ReDoS via $data reference [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2439405
[ 3 ] Bug #2442980 - CVE-2026-27901 pgadmin4: Svelte: Cross-Site Scripting and HTML injection via improper escaping of bind:innerText and bind:textContent [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2442980
[ 4 ] Bug #2442981 - CVE-2026-27901 pgadmin4: Svelte: Cross-Site Scripting and HTML injection via improper escaping of bind:innerText and bind:textContent [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2442981
[ 5 ] Bug #2443051 - CVE-2026-27902 pgadmin4: Svelte: Cross-Site Scripting via unsanitized error output [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2443051
[ 6 ] Bug #2444801 - pgadmin4-9.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2444801
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-220c4ca745' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: qgis-3.44.8-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8f09799b91
2026-03-16 00:26:18.591059+00:00
--------------------------------------------------------------------------------

Name : qgis
Product : Fedora 44
Version : 3.44.8
Release : 1.fc44
URL : http://www.qgis.org
Summary : A user friendly Open Source Geographic Information System
Description :
Geographic Information System (GIS) manages, analyzes, and displays
databases of geographic information. QGIS supports shape file
viewing and editing, spatial data storage with PostgreSQL/PostGIS, projection
on-the-fly, map composition, and a number of other features via a plugin
interface. QGIS also supports display of various geo-referenced raster and
Digital Elevation Model (DEM) formats including GeoTIFF, Arc/Info ASCII Grid,
and USGS ASCII DEM.

--------------------------------------------------------------------------------
Update Information:

Update to qgis-3.44.8.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 6 2026 Sandro Mani [manisandro@gmail.com] - 3.44.8-1
- Update to 3.44.8
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2433154 - CVE-2026-24480 qgis: QGIS GitHub Actions workflow: Remote Code Execution and repository compromise via insecure `pull_request_target` configuration [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2433154
[ 2 ] Bug #2433156 - CVE-2026-24480 qgis: QGIS GitHub Actions workflow: Remote Code Execution and repository compromise via insecure `pull_request_target` configuration [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2433156
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8f09799b91' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new


Chromium security update for Debian

Vsftpd security update for RHEL

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...