Python 3.14, .NET 8/9/10, Docker Engine, pgAdmin 4, Krita updates for Fedora

Fedora Linux 9398 Published 2026-06-28 07:04 by Philipp Esselbach

News

Fedora distributed a batch of security updates across Fedora 43 and 44 to address multiple critical vulnerabilities in widely used software. The Fedora 43 release includes Python 3.14 and its documentation package, both patched against denial-of-service flaws in the XML parser and Unicode module. Fedora 44 users receive security patches for the entire .NET 8, 9, and 10 runtime lineup, alongside fixed CVEs in the Moby container engine, pgAdmin 4, Krita, and the Python mistune markdown parser.

Fedora 43 Update: python3-docs-3.14.6-1.fc43
Fedora 43 Update: python3.14-3.14.6-1.fc43
Fedora 44 Update: python-pydantic-settings-2.14.2-1.fc44
Fedora 44 Update: dotnet9.0-9.0.118-1.fc44
Fedora 44 Update: moby-engine-29.6.0-1.fc44
Fedora 44 Update: dotnet8.0-8.0.128-1.fc44
Fedora 44 Update: krita-6.0.2.1-1.fc44
Fedora 44 Update: dotnet10.0-10.0.109-1.fc44
Fedora 44 Update: pgadmin4-9.16-1.fc44
Fedora 44 Update: python-mistune-3.2.1-1.fc44

[SECURITY] Fedora 43 Update: python3-docs-3.14.6-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b17b2a984a
2026-06-28 01:07:37.245943+00:00
--------------------------------------------------------------------------------

Name : python3-docs
Product : Fedora 43
Version : 3.14.6
Release : 1.fc43
URL : https://www.python.org/
Summary : Documentation for the Python 3 programming language
Description :
The python3-docs package contains documentation on the Python 3
programming language and interpreter.

--------------------------------------------------------------------------------
Update Information:

New Python release including bugfixes and security fixes.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 11 2026 Karolina Surma [ksurma@redhat.com] - 3.14.6-1
- Update to Python 3.14.6
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2484199 - CVE-2026-7210 python3.14: Python/Expat: Denial of Service via crafted XML document [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484199
[ 2 ] Bug #2484550 - CVE-2026-3276 python3.14: Python unicodedata: Denial of Service due to excessive CPU consumption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484550
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b17b2a984a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: python3.14-3.14.6-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b17b2a984a
2026-06-28 01:07:37.245943+00:00
--------------------------------------------------------------------------------

Name : python3.14
Product : Fedora 43
Version : 3.14.6
Release : 1.fc43
URL : https://www.python.org/
Summary : Version 3.14 of the Python interpreter
Description :
Python 3.14 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

--------------------------------------------------------------------------------
Update Information:

New Python release including bugfixes and security fixes.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 11 2026 Karolina Surma [ksurma@redhat.com] - 3.14.6-1
- Update to Python 3.14.6
* Wed Jun 3 2026 Python Maint - 3.14.5-2
- Rebuilt as non-main Python on Fedora 45+
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2484199 - CVE-2026-7210 python3.14: Python/Expat: Denial of Service via crafted XML document [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484199
[ 2 ] Bug #2484550 - CVE-2026-3276 python3.14: Python unicodedata: Denial of Service due to excessive CPU consumption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484550
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b17b2a984a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: python-pydantic-settings-2.14.2-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6b7571be30
2026-06-28 00:56:23.048223+00:00
--------------------------------------------------------------------------------

Name : python-pydantic-settings
Product : Fedora 44
Version : 2.14.2
Release : 1.fc44
URL : https://github.com/pydantic/pydantic-settings
Summary : Settings management using pydantic
Description :
Settings management using pydantic.

--------------------------------------------------------------------------------
Update Information:

Update to 2.14.2; fixes GHSA-4xgf-cpjx-pc3j.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 19 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 2.14.2-1
- Update to 2.14.2; close RHBZ#2490754; fixes GHSA-4xgf-cpjx-pc3j
* Thu Jun 4 2026 Python Maint - 2.14.1-2
- Rebuilt for Python 3.15
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2490754 - python-pydantic-settings-2.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2490754
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6b7571be30' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: dotnet9.0-9.0.118-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0dce096c13
2026-06-28 00:56:23.048176+00:00
--------------------------------------------------------------------------------

Name : dotnet9.0
Product : Fedora 44
Version : 9.0.118
Release : 1.fc44
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

Update to .NET SDK 9.0.118 and Runtime 9.0.17
Fixes: CVE-2026-45490,CVE-2026-45491,CVE-2026-45591
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/9.0/9.0.17/9.0.118.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/9.0/9.0.17/9.0.17.md
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 17 2026 Omair Majid [omajid@redhat.com] - 9.0.118-1
- Update to .NET SDK 9.0.118 and Runtime 9.0.17
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0dce096c13' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: moby-engine-29.6.0-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d8e03bae55
2026-06-28 00:56:23.048194+00:00
--------------------------------------------------------------------------------

Name : moby-engine
Product : Fedora 44
Version : 29.6.0
Release : 1.fc44
URL : https://github.com/moby/moby
Summary : The open-source application container engine
Description :
Docker is an open source project to build, ship and run any application as a
lightweight container.

Docker containers are both hardware-agnostic and platform-agnostic. This means
they can run anywhere, from your laptop to the largest EC2 compute instance and
everything in between ??? and they do not require you to use a particular
language, framework or packaging system. That makes them great building blocks
for deploying and scaling web apps, databases, and backend services without
depending on a particular stack or provider.

--------------------------------------------------------------------------------
Update Information:

Update to release v29.6.0
Resolves: rhbz#2490590
Resolves CVE-2026-39828: rhbz#2489945
Resolves CVE-2026-39829: rhbz#2490099
Resolves CVE-2026-39830: rhbz#2490466
Upstream fixes and enhancements
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 19 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 29.6.0-1
- Update to release v29.6.0
- Resolves: rhbz#2490590
- Resolves CVE-2026-39828: rhbz#2489945
- Resolves CVE-2026-39829: rhbz#2490099
- Resolves CVE-2026-39830: rhbz#2490466
- Upstream fixes and enhancements
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2489945 - CVE-2026-39828 moby-engine: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489945
[ 2 ] Bug #2490099 - CVE-2026-39829 moby-engine: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2490099
[ 3 ] Bug #2490466 - CVE-2026-39830 moby-engine: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2490466
[ 4 ] Bug #2490590 - moby-engine-29.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2490590
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d8e03bae55' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: dotnet8.0-8.0.128-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-041785a779
2026-06-28 00:56:23.048185+00:00
--------------------------------------------------------------------------------

Name : dotnet8.0
Product : Fedora 44
Version : 8.0.128
Release : 1.fc44
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

Update to .NET SDK 8.0.128 and Runtime 8.0.28
Fixes: CVE-2026-45490,CVE-2026-45491,CVE-2026-45591
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.28/8.0.128.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.28/8.0.28.md
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 17 2026 Omair Majid [omajid@redhat.com] - 8.0.128-1
- Update to .NET SDK 8.0.128 and Runtime 8.0.28
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-041785a779' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: krita-6.0.2.1-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3bb1c72ffd
2026-06-28 00:56:23.048182+00:00
--------------------------------------------------------------------------------

Name : krita
Product : Fedora 44
Version : 6.0.2.1
Release : 1.fc44
URL : https://krita.org
Summary : Krita is a sketching and painting program
Description :
Krita is a sketching and painting program.
It was created with the following types of art in mind:
- concept art
- texture or matte painting
- illustrations and comics

--------------------------------------------------------------------------------
Update Information:

Update to 6.0.2.1
Fix CVE-2026-42144
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 17 2026 Than Ngo [than@redhat.com] - 6.0.2.1-1
- Fix rhbz#2481429, Update to 6.0.2.1
- Fix rhbz#2476570, CVE-2026-42144: integer overflow in PNM size check bypasses memory guard
* Fri Jun 5 2026 Python Maint - 6.0.1-7
- Rebuilt for Python 3.15
* Sat May 30 2026 Richard Shaw [hobbes1069@gmail.com] - 6.0.1-6
- Rebuild for OpenColorIO 2.5.2.
* Wed May 27 2026 Sandro Mani [manisandro@gmail.com] - 6.0.1-5
- Rebuild (quazip)
* Mon May 25 2026 Richard Shaw [hobbes1069@gmail.com] - 6.0.1-4
- Rebuild for OpenEXR 3.4.12.
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2476573 - CVE-2026-42144 krita: integer overflow in PNM size check bypasses memory guard (_load_pnm) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2476573
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3bb1c72ffd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: dotnet10.0-10.0.109-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dec081126f
2026-06-28 00:56:23.048174+00:00
--------------------------------------------------------------------------------

Name : dotnet10.0
Product : Fedora 44
Version : 10.0.109
Release : 1.fc44
URL : https://github.com/dotnet/
Summary : .NET 10.0 Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

Update to .NET SDK 10.0.109 and Runtime 10.0.9
Fixes: CVE-2026-45490,CVE-2026-45491,CVE-2026-45591
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/10.0/10.0.9/10.0.109.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/10.0/10.0.9/10.0.9.md
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 16 2026 Omair Majid [omajid@redhat.com] - 10.0.109-1
- Update to .NET SDK 10.0.109 and Runtime 10.0.9
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dec081126f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: pgadmin4-9.16-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c248414214
2026-06-28 00:56:23.048166+00:00
--------------------------------------------------------------------------------

Name : pgadmin4
Product : Fedora 44
Version : 9.16
Release : 1.fc44
URL : https://www.pgadmin.org/
Summary : Administration tool for PostgreSQL
Description :
pgAdmin is the most popular and feature rich Open Source administration and development
platform for PostgreSQL, the most advanced Open Source database in the world.

--------------------------------------------------------------------------------
Update Information:

Update to pgadmin-9.16.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 19 2026 Filipe Rosset [filiperosset@fedoraproject.org] - 9.16-1
- Update to 9.16 + spec cleanup and modernization
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2490658 - CVE-2026-12049 pgadmin4: pgAdmin 4: Open redirect vulnerability in multi-factor authentication can lead to phishing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2490658
[ 2 ] Bug #2490659 - CVE-2026-12050 pgadmin4: pgAdmin 4: Arbitrary SQL execution via SQL injection in restore point endpoint [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2490659
[ 3 ] Bug #2490661 - CVE-2026-12044 pgadmin4: pgAdmin 4: Arbitrary code execution via SQL injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2490661
[ 4 ] Bug #2490662 - CVE-2026-12047 pgadmin4: pgAdmin 4: HTML injection via unsanitized SDK exception messages in cloud deployment module [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2490662
[ 5 ] Bug #2490663 - CVE-2026-12045 pgadmin4: pgAdmin 4: Remote code execution via prompt injection in AI Assistant [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2490663
[ 6 ] Bug #2490664 - CVE-2026-12046 pgadmin4: pgAdmin 4: Remote Code Execution due to missing authentication on critical functions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2490664
[ 7 ] Bug #2490665 - CVE-2026-12048 pgadmin4: pgAdmin 4: Cross-site scripting allows arbitrary HTML injection and redirection to malicious sites [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2490665
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c248414214' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: python-mistune-3.2.1-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3b027683d8
2026-06-28 00:56:23.048161+00:00
--------------------------------------------------------------------------------

Name : python-mistune
Product : Fedora 44
Version : 3.2.1
Release : 1.fc44
URL : https://github.com/lepture/mistune
Summary : Markdown parser for Python
Description :
The fastest markdown parser in pure Python, inspired by marked.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2026-44898 by updating to 3.2.1.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 18 2026 Miro Hron??ok [miro@hroncok.cz] - 3.2.1-1
- Update to 3.2.1
- Security fix for CVE-2026-44898
- Fixes: rhbz#2424578
- Fixes: rhbz#2489782
* Thu Jun 4 2026 Python Maint - 3.1.3-7
- Rebuilt for Python 3.15
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2424578 - python-mistune-3.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2424578
[ 2 ] Bug #2489782 - CVE-2026-44898 python-mistune: Mistune: Arbitrary code execution via HTML injection in table of contents rendering [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489782
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3b027683d8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Xorg-Server, OpenVPN, and Chromium updates for Debian

Kernel, glibc, Nginx, PHP, Firefox, and Thunderbird updates for Oracle Linux

[SECURITY] Fedora 43 Update: python3-docs-3.14.6-1.fc43

[SECURITY] Fedora 43 Update: python3.14-3.14.6-1.fc43

[SECURITY] Fedora 44 Update: python-pydantic-settings-2.14.2-1.fc44

[SECURITY] Fedora 44 Update: dotnet9.0-9.0.118-1.fc44

[SECURITY] Fedora 44 Update: moby-engine-29.6.0-1.fc44

[SECURITY] Fedora 44 Update: dotnet8.0-8.0.128-1.fc44

[SECURITY] Fedora 44 Update: krita-6.0.2.1-1.fc44

[SECURITY] Fedora 44 Update: dotnet10.0-10.0.109-1.fc44

[SECURITY] Fedora 44 Update: pgadmin4-9.16-1.fc44

[SECURITY] Fedora 44 Update: python-mistune-3.2.1-1.fc44

Windows

Linux

macOS

Community