Python, AWStats, Incus updates for Fedora

Fedora Linux 9319 Published by

Fedora 42 and 43 just rolled out a batch of security updates that target several core packages across both distributions. Python interpreters for versions 3.11, 3.12, and the new 3.15 alpha all received critical patches to fix command injection flaws and memory handling vulnerabilities. The awstats web analytics tool got a quick fix for an arbitrary code execution bug, while the Incus container manager addressed over a dozen issues ranging from local privilege escalation to image cache poisoning. System administrators can apply these important fixes right away by running the standard dnf upgrade command with the provided advisory identifiers.

Fedora 42 Update: python3.12-3.12.13-3.fc42
Fedora 42 Update: python3.11-3.11.15-4.fc42
Fedora 42 Update: awstats-8.0-1.fc42
Fedora 42 Update: incus-6.23-3.fc42
Fedora 42 Update: python3.15-3.15.0~a8-1.fc42
Fedora 43 Update: awstats-8.0-2.fc43
Fedora 43 Update: incus-6.23-3.fc43
Fedora 43 Update: python-msal-1.36.0-1.fc43




[SECURITY] Fedora 42 Update: python3.12-3.12.13-3.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-30fbc5a8b2
2026-04-20 01:04:24.758023+00:00
--------------------------------------------------------------------------------

Name : python3.12
Product : Fedora 42
Version : 3.12.13
Release : 3.fc42
URL : https://www.python.org/
Summary : Version 3.12 of the Python interpreter
Description :
Python 3.12 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

The python3.12 package provides the "python3.12" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.12-libs package,
which should be installed automatically along with python3.12.
The remaining parts of the Python standard library are broken out into the
python3.12-tkinter and python3.12-test packages, which may need to be installed
separately.

Documentation for Python is provided in the python3.12-docs package.

Packages containing additional libraries for Python are generally named with
the "python3.12-" prefix.

--------------------------------------------------------------------------------
Update Information:

Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-6100, CVE-2026-2297,
CVE-2026-3644, CVE-2026-4224
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 16 2026 Charalampos Stratakis [cstratak@redhat.com] - 3.12.13-3
- Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-6100, CVE-2026-2297, CVE-2026-3644, CVE-2026-4224
Resolves: rhbz#2444705, rhbz#2448189, rhbz#2448205, rhbz#2457942, rhbz#2458014, rhbz#2458222
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2444705 - CVE-2026-2297 python3.12: CPython: Logging Bypass in Legacy .pyc File Handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444705
[ 2 ] Bug #2448189 - CVE-2026-3644 python3.12: Incomplete control character validation in http.cookies [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448189
[ 3 ] Bug #2448205 - CVE-2026-4224 python3.12: Stack overflow parsing XML with deeply nested DTD content models [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448205
[ 4 ] Bug #2457942 - CVE-2026-1502 python3.12: Python: HTTP header injection via CR/LF in proxy tunnel headers [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457942
[ 5 ] Bug #2458014 - CVE-2026-6100 python3.12: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458014
[ 6 ] Bug #2458222 - CVE-2026-4786 python3.12: Python: Arbitrary code execution via command injection in webbrowser.open() API [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458222
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-30fbc5a8b2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: python3.11-3.11.15-4.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dd34c4467b
2026-04-20 01:04:24.758020+00:00
--------------------------------------------------------------------------------

Name : python3.11
Product : Fedora 42
Version : 3.11.15
Release : 4.fc42
URL : https://www.python.org/
Summary : Version 3.11 of the Python interpreter
Description :
Python 3.11 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

The python3.11 package provides the "python3.11" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.11-libs package,
which should be installed automatically along with python3.11.
The remaining parts of the Python standard library are broken out into the
python3.11-tkinter and python3.11-test packages, which may need to be installed
separately.

Documentation for Python is provided in the python3.11-docs package.

Packages containing additional libraries for Python are generally named with
the "python3.11-" prefix.

--------------------------------------------------------------------------------
Update Information:

Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-6100, CVE-2026-2297,
CVE 2026-3644, CVE-2026-4224
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 17 2026 Charalampos Stratakis [cstratak@redhat.com] - 3.11.15-4
- Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-6100, CVE-2026-2297, CVE 2026-3644, CVE-2026-4224
Resolves: rhbz#2457941, rhbz#2458221, rhbz#2458013, rhbz#2444704, rhbz#2448188, rhbz#2448204
* Sat Apr 11 2026 Miro Hron??ok [mhroncok@redhat.com] - 3.11.15-3
- Explicitly build with OpenSSL 3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2444704 - CVE-2026-2297 python3.11: CPython: Logging Bypass in Legacy .pyc File Handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444704
[ 2 ] Bug #2448188 - CVE-2026-3644 python3.11: Incomplete control character validation in http.cookies [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448188
[ 3 ] Bug #2448204 - CVE-2026-4224 python3.11: Stack overflow parsing XML with deeply nested DTD content models [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448204
[ 4 ] Bug #2457941 - CVE-2026-1502 python3.11: Python: HTTP header injection via CR/LF in proxy tunnel headers [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457941
[ 5 ] Bug #2458013 - CVE-2026-6100 python3.11: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458013
[ 6 ] Bug #2458221 - CVE-2026-4786 python3.11: Python: Arbitrary code execution via command injection in webbrowser.open() API [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458221
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dd34c4467b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 42 Update: awstats-8.0-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-29b65f46e8
2026-04-20 01:04:24.758011+00:00
--------------------------------------------------------------------------------

Name : awstats
Product : Fedora 42
Version : 8.0
Release : 1.fc42
URL : https://www.awstats.org/
Summary : Advanced Web Statistics
Description :
Advanced Web Statistics is a powerful and full-featured tool that generates
advanced web server graphical statistics. This server log analyzer works
from the command line or as a CGI and shows all information your log contains,
in graphical web pages. It can analyze a lot of web/wap/proxy servers such as
Apache, IIS, Weblogic, Webstar, Squid, ... but also mail or FTP servers.

This program can measure visits, unique visitors, authenticated users, pages,
domains/countries, OS busiest times, robot visits, type of files, search
engines/keywords used, visit duration, HTTP errors and more...
Statistics can be updated from a browser or your scheduler.
The program also supports virtual servers, plugins and a lot of features.

With the default configuration, the statistics are available at:
http://localhost/awstats/awstats.pl

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2025-63261 (rhbz #2450261)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 10 2026 Tim Jackson [rpm@timj.co.uk] - 8.0-1
- Fix CVE-2025-63261 (rhbz #2450261)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2450261 - CVE-2025-63261 awstats: AWStats: Arbitrary code execution via command injection vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2450261
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-29b65f46e8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: incus-6.23-3.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-4481307278
2026-04-20 01:04:24.758007+00:00
--------------------------------------------------------------------------------

Name : incus
Product : Fedora 42
Version : 6.23
Release : 3.fc42
URL : https://linuxcontainers.org/incus
Summary : Powerful system container and virtual machine manager
Description :
Container hypervisor based on LXC
Incus offers a REST API to remotely manage containers over the network,
using an image based work-flow and with support for live migration.

This package contains the Incus daemon.

--------------------------------------------------------------------------------
Update Information:

Remove incus dependency from incus-agent.
Update to 6.23
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 9 2026 Carl George [carlwgeorge@fedoraproject.org] - 6.23-3
- Remove incus dependency from incus-agent rhbz#2456888
* Mon Apr 6 2026 Reto Gantenbein [reto.gantenbein@linuxmonk.ch] - 6.23-2
- Fix static builds of vendored dependencies (RHBZ 2419661)
* Mon Apr 6 2026 Reto Gantenbein [reto.gantenbein@linuxmonk.ch] - 6.23-1
- Update to 6.23
* Mon Mar 30 2026 Neal Gompa [ngompa@fedoraproject.org] - 6.19.1-4
- Drop selinux subpackage in favor of container-selinux
* Tue Feb 3 2026 Maxwell G [maxwell@gtmx.me] - 6.19.1-3
- Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 6.19.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2390870 - incus: go-viper's mapstructure May Leak Sensitive Information in Logs [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2390870
[ 2 ] Bug #2398840 - CVE-2025-47910 incus: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398840
[ 3 ] Bug #2412795 - CVE-2025-58183 incus: Unbounded allocation when parsing GNU sparse map [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2412795
[ 4 ] Bug #2432454 - CVE-2026-23954 incus: container image templating arbitrary host file read and write [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2432454
[ 5 ] Bug #2432456 - CVE-2026-23953 incus: container environment configuration newline injection [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2432456
[ 6 ] Bug #2441165 - CVE-2025-69725 incus: Go-chi/chi: Open Redirect vulnerability allows redirection to malicious websites [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2441165
[ 7 ] Bug #2452041 - CVE-2026-33542 incus: Incus: Image cache poisoning due to insufficient image fingerprint validation [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2452041
[ 8 ] Bug #2452043 - CVE-2026-33897 incus: Incus: Arbitrary file read/write as root via pongo2 template chroot bypass [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2452043
[ 9 ] Bug #2452045 - CVE-2026-33711 incus: Incus: Local privilege escalation or denial of service via predictable temporary file paths [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2452045
[ 10 ] Bug #2452047 - CVE-2026-33743 incus: Incus: Denial of Service via specially crafted storage bucket backup [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2452047
[ 11 ] Bug #2452105 - CVE-2026-33898 incus: Incus: Privilege escalation and unauthorized access due to improper authentication token validation in web UI [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2452105
[ 12 ] Bug #2456888 - Installing incus-agent installs the entire incus stack
https://bugzilla.redhat.com/show_bug.cgi?id=2456888
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-4481307278' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: python3.15-3.15.0~a8-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-485183030a
2026-04-20 01:04:24.757988+00:00
--------------------------------------------------------------------------------

Name : python3.15
Product : Fedora 42
Version : 3.15.0~a8
Release : 1.fc42
URL : https://www.python.org/
Summary : Version 3.15 of the Python interpreter
Description :
Python 3.15 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

The python3.15 package provides the "python3.15" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.15-libs package,
which should be installed automatically along with python3.15.
The remaining parts of the Python standard library are broken out into the
python3.15-tkinter and python3.15-test packages, which may need to be installed
separately.

Documentation for Python is provided in the python3.15-docs package.

Packages containing additional libraries for Python are generally named with
the "python3.15-" prefix.

--------------------------------------------------------------------------------
Update Information:

New prerelease version
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Karolina Surma [ksurma@redhat.com] - 3.15.0~a8-1
- Update to Python 3.15.0a8
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2444708 - CVE-2026-2297 python3.15: CPython: Logging Bypass in Legacy .pyc File Handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444708
[ 2 ] Bug #2448192 - CVE-2026-3644 python3.15: Incomplete control character validation in http.cookies [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448192
[ 3 ] Bug #2448208 - CVE-2026-4224 python3.15: Stack overflow parsing XML with deeply nested DTD content models [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448208
[ 4 ] Bug #2449260 - CVE-2026-3479 python3.15: Python pkgutil.get_data(): Path Traversal via improper resource argument validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449260
[ 5 ] Bug #2449731 - CVE-2026-4519 python3.15: Python: Command-line option injection in webbrowser.open() via crafted URLs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449731
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-485183030a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: awstats-8.0-2.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fad30cb6e2
2026-04-20 00:44:47.956851+00:00
--------------------------------------------------------------------------------

Name : awstats
Product : Fedora 43
Version : 8.0
Release : 2.fc43
URL : https://www.awstats.org/
Summary : Advanced Web Statistics
Description :
Advanced Web Statistics is a powerful and full-featured tool that generates
advanced web server graphical statistics. This server log analyzer works
from the command line or as a CGI and shows all information your log contains,
in graphical web pages. It can analyze a lot of web/wap/proxy servers such as
Apache, IIS, Weblogic, Webstar, Squid, ... but also mail or FTP servers.

This program can measure visits, unique visitors, authenticated users, pages,
domains/countries, OS busiest times, robot visits, type of files, search
engines/keywords used, visit duration, HTTP errors and more...
Statistics can be updated from a browser or your scheduler.
The program also supports virtual servers, plugins and a lot of features.

With the default configuration, the statistics are available at:
http://localhost/awstats/awstats.pl

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2025-63261 (rhbz #2450263)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 10 2026 Tim Jackson [rpm@timj.co.uk] - 8.0-2
- Fix CVE-2025-63261 (rhbz #2450263)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2450263 - CVE-2025-63261 awstats: AWStats: Arbitrary code execution via command injection vulnerability [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2450263
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fad30cb6e2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: incus-6.23-3.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-094b7621cf
2026-04-20 00:44:47.956847+00:00
--------------------------------------------------------------------------------

Name : incus
Product : Fedora 43
Version : 6.23
Release : 3.fc43
URL : https://linuxcontainers.org/incus
Summary : Powerful system container and virtual machine manager
Description :
Container hypervisor based on LXC
Incus offers a REST API to remotely manage containers over the network,
using an image based work-flow and with support for live migration.

This package contains the Incus daemon.

--------------------------------------------------------------------------------
Update Information:

Remove incus dependency from incus-agent.
Update to 6.23
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 9 2026 Carl George [carlwgeorge@fedoraproject.org] - 6.23-3
- Remove incus dependency from incus-agent rhbz#2456888
* Mon Apr 6 2026 Reto Gantenbein [reto.gantenbein@linuxmonk.ch] - 6.23-2
- Fix static builds of vendored dependencies (RHBZ 2419661)
* Mon Apr 6 2026 Reto Gantenbein [reto.gantenbein@linuxmonk.ch] - 6.23-1
- Update to 6.23
* Mon Mar 30 2026 Neal Gompa [ngompa@fedoraproject.org] - 6.19.1-4
- Drop selinux subpackage in favor of container-selinux
* Tue Feb 3 2026 Maxwell G [maxwell@gtmx.me] - 6.19.1-3
- Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 6.19.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2412713 - CVE-2025-58183 incus: Unbounded allocation when parsing GNU sparse map [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2412713
[ 2 ] Bug #2419345 - incus-6.23.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2419345
[ 3 ] Bug #2419661 - incus-agent must be statically linked for VM exec to work
https://bugzilla.redhat.com/show_bug.cgi?id=2419661
[ 4 ] Bug #2432455 - CVE-2026-23954 incus: container image templating arbitrary host file read and write [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2432455
[ 5 ] Bug #2432457 - CVE-2026-23953 incus: container environment configuration newline injection [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2432457
[ 6 ] Bug #2436657 - Incus VMs do not boot due to unknown audio driver
https://bugzilla.redhat.com/show_bug.cgi?id=2436657
[ 7 ] Bug #2441179 - CVE-2025-69725 incus: Go-chi/chi: Open Redirect vulnerability allows redirection to malicious websites [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2441179
[ 8 ] Bug #2452042 - CVE-2026-33542 incus: Incus: Image cache poisoning due to insufficient image fingerprint validation [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2452042
[ 9 ] Bug #2452044 - CVE-2026-33897 incus: Incus: Arbitrary file read/write as root via pongo2 template chroot bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2452044
[ 10 ] Bug #2452046 - CVE-2026-33711 incus: Incus: Local privilege escalation or denial of service via predictable temporary file paths [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2452046
[ 11 ] Bug #2452048 - CVE-2026-33743 incus: Incus: Denial of Service via specially crafted storage bucket backup [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2452048
[ 12 ] Bug #2452106 - CVE-2026-33945 incus: Incus: Privilege escalation and denial of service via path traversal in systemd credential configuration [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2452106
[ 13 ] Bug #2456888 - Installing incus-agent installs the entire incus stack
https://bugzilla.redhat.com/show_bug.cgi?id=2456888
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-094b7621cf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: python-msal-1.36.0-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-891d8718e7
2026-04-20 00:44:47.956833+00:00
--------------------------------------------------------------------------------

Name : python-msal
Product : Fedora 43
Version : 1.36.0
Release : 1.fc43
URL : https://github.com/AzureAD/microsoft-authentication-library-for-python
Summary : Microsoft Authentication Library (MSAL) for Python
Description :
The Microsoft Authentication Library for Python enables applications to
integrate with the Microsoft identity platform. It allows you to sign in users
or apps with Microsoft identities (Azure AD, Microsoft Accounts and Azure AD
B2C accounts) and obtain tokens to call Microsoft APIs such as Microsoft Graph
or your own APIs registered with the Microsoft identity platform. It is built
using industry standard OAuth2 and OpenID Connect protocols.

--------------------------------------------------------------------------------
Update Information:

Update to v1.36.0
Full changelog: https://github.com/AzureAD/microsoft-authentication-library-for-
python/releases/tag/1.36.0
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 9 2026 Packit [hello@packit.dev] - 1.36.0-1
- Update to 1.36.0 upstream release
- Resolves: rhbz#2456886
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-891d8718e7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new


Pillow and ImageMagick updates for Debian

.NET, Scap-Security-Guide, Kernel, and more updates for Oracle Linux

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...