Fedora 42 Update: plantuml-1.2026.1-1.fc42
Fedora 42 Update: node-exporter-1.10.2-3.fc42
Fedora 43 Update: plantuml-1.2026.1-1.fc43
Fedora 43 Update: node-exporter-1.10.2-3.fc43
[SECURITY] Fedora 42 Update: plantuml-1.2026.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0d819a3a70
2026-02-09 01:11:14.394464+00:00
--------------------------------------------------------------------------------
Name : plantuml
Product : Fedora 42
Version : 1.2026.1
Release : 1.fc42
URL : http://plantuml.com/
Summary : Program to generate UML diagram from a text description
Description :
PlantUML is a program allowing to draw UML diagrams, using a simple
and human readable text description. It is extremely useful for code
documenting, sketching project architecture during team conversations
and so on.
PlantUML supports the following diagram types
- sequence diagram
- use case diagram
- class diagram
- activity diagram
- component diagram
- state diagram
--------------------------------------------------------------------------------
Update Information:
Update to version 1.2026.1
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 31 2026 blinxen - 1:1.2026.1-1
- Update to verison 1.2026.1 (rhbz#2428317)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2430307 - CVE-2026-0858 plantuml: PlantUML: Arbitrary script execution via Stored Cross-Site Scripting in GraphViz diagrams [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2430307
[ 2 ] Bug #2430308 - CVE-2026-0858 plantuml: PlantUML: Arbitrary script execution via Stored Cross-Site Scripting in GraphViz diagrams [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2430308
[ 3 ] Bug #2430309 - CVE-2026-0858 plantuml: PlantUML: Arbitrary script execution via Stored Cross-Site Scripting in GraphViz diagrams [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2430309
[ 4 ] Bug #2430310 - CVE-2026-0858 plantuml: PlantUML: Arbitrary script execution via Stored Cross-Site Scripting in GraphViz diagrams [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2430310
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0d819a3a70' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: node-exporter-1.10.2-3.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-126cd91d11
2026-02-09 01:11:14.394467+00:00
--------------------------------------------------------------------------------
Name : node-exporter
Product : Fedora 42
Version : 1.10.2
Release : 3.fc42
URL : https://github.com/prometheus/node_exporter
Summary : Exporter for machine metrics
Description :
Prometheus exporter for hardware and OS metrics exposed by *NIX kernels, written
in Go with pluggable metric collectors.
--------------------------------------------------------------------------------
Update Information:
Update to 1.10.2
Update was blocked by a ppc64 issue, but a workaround has been found.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 30 2026 Alejandro S??ez [asm@redhat.com] - 1.10.2-3
- Fix race condition
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.10.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Thu Dec 4 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.10.2-1
- Update to 1.10.2 - Closes rhbz#2406209 rhbz#2408331 rhbz#2409804
rhbz#2410754 rhbz#2411650
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 1.9.1-4
- rebuild
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 1.9.1-3
- Rebuild for golang-1.25.0
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.9.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2398866 - CVE-2025-47910 node-exporter: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398866
[ 2 ] Bug #2399538 - CVE-2025-47906 node-exporter: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399538
[ 3 ] Bug #2408076 - CVE-2025-58189 node-exporter: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2408076
[ 4 ] Bug #2409546 - CVE-2025-61723 node-exporter: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2409546
[ 5 ] Bug #2410497 - CVE-2025-58185 node-exporter: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2410497
[ 6 ] Bug #2411395 - CVE-2025-58188 node-exporter: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2411395
[ 7 ] Bug #2424021 - [Minor Incident] CVE-2025-52881 node-exporter: container escape and denial of service due to arbitrary write gadgets and procfs write redirects [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2424021
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-126cd91d11' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: plantuml-1.2026.1-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e25e1b1d0f
2026-02-09 01:03:56.600978+00:00
--------------------------------------------------------------------------------
Name : plantuml
Product : Fedora 43
Version : 1.2026.1
Release : 1.fc43
URL : http://plantuml.com/
Summary : Program to generate UML diagram from a text description
Description :
PlantUML is a program allowing to draw UML diagrams, using a simple
and human readable text description. It is extremely useful for code
documenting, sketching project architecture during team conversations
and so on.
PlantUML supports the following diagram types
- sequence diagram
- use case diagram
- class diagram
- activity diagram
- component diagram
- state diagram
--------------------------------------------------------------------------------
Update Information:
Update to version 1.2026.1
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 28 2026 blinxen - 1:1.2026.1-1
- Update to verison 1.2026.1 (rhbz#2428317)
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1:1.2025.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Sat Nov 8 2025 blinxen - 1:1.2025.10-1
- Update to version 1.2025.10
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2430307 - CVE-2026-0858 plantuml: PlantUML: Arbitrary script execution via Stored Cross-Site Scripting in GraphViz diagrams [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2430307
[ 2 ] Bug #2430308 - CVE-2026-0858 plantuml: PlantUML: Arbitrary script execution via Stored Cross-Site Scripting in GraphViz diagrams [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2430308
[ 3 ] Bug #2430309 - CVE-2026-0858 plantuml: PlantUML: Arbitrary script execution via Stored Cross-Site Scripting in GraphViz diagrams [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2430309
[ 4 ] Bug #2430310 - CVE-2026-0858 plantuml: PlantUML: Arbitrary script execution via Stored Cross-Site Scripting in GraphViz diagrams [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2430310
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e25e1b1d0f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: node-exporter-1.10.2-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9ba46f22d5
2026-02-09 01:03:56.600983+00:00
--------------------------------------------------------------------------------
Name : node-exporter
Product : Fedora 43
Version : 1.10.2
Release : 3.fc43
URL : https://github.com/prometheus/node_exporter
Summary : Exporter for machine metrics
Description :
Prometheus exporter for hardware and OS metrics exposed by *NIX kernels, written
in Go with pluggable metric collectors.
--------------------------------------------------------------------------------
Update Information:
Update to 1.10.2
Update was blocked by a ppc64 issue, but a workaround has been found.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 30 2026 Alejandro S??ez [asm@redhat.com] - 1.10.2-3
- Fix race condition
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.10.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Thu Dec 4 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.10.2-1
- Update to 1.10.2 - Closes rhbz#2406209 rhbz#2408331 rhbz#2409804
rhbz#2410754 rhbz#2411650
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 1.9.1-4
- rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2424066 - [Minor Incident] CVE-2025-52881 node-exporter: container escape and denial of service due to arbitrary write gadgets and procfs write redirects [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2424066
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9ba46f22d5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
