Fedora has released several security updates for various packages, including Python 3.12, Foomuuri (a firewall generator), HarfBuzz (a text shaping library), FreeRDP (an RDP client), and Forgejo (a lightweight software forge). These updates address vulnerabilities such as denial-of-service attacks, heap-use-after-free errors, and buffer overflows in the affected packages. The CVEs fixed include CVE-2025-12084, CVE-2026-22693, CVE-2026-22857, CVE-2026-22859, and others.

Fedora 42 Update: python3.12-3.12.12-2.fc42
Fedora 42 Update: foomuuri-0.31-1.fc42
Fedora 43 Update: harfbuzz-11.5.1-2.fc43
Fedora 43 Update: freerdp-3.20.2-1.fc43
Fedora 43 Update: forgejo-13.0.4-1.fc43

[SECURITY] Fedora 42 Update: python3.12-3.12.12-2.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8e0e785a72
2026-01-16 17:52:00.310342+00:00
--------------------------------------------------------------------------------

Name : python3.12
Product : Fedora 42
Version : 3.12.12
Release : 2.fc42
URL : https://www.python.org/
Summary : Version 3.12 of the Python interpreter
Description :
Python 3.12 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

The python3.12 package provides the "python3.12" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.12-libs package,
which should be installed automatically along with python3.12.
The remaining parts of the Python standard library are broken out into the
python3.12-tkinter and python3.12-test packages, which may need to be installed
separately.

Documentation for Python is provided in the python3.12-docs package.

Packages containing additional libraries for Python are generally named with
the "python3.12-" prefix.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2025-12084
Require at least the same expat version as used during the build time
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 6 2026 Lum??r Balhar [lbalhar@redhat.com] - 3.12.12-2
- Security fix for CVE-2025-12084
- Require at least the same expat version as used during the build time
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2421612 - CVE-2025-12084 python3.12: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2421612
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8e0e785a72' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 42 Update: foomuuri-0.31-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-63f333201f
2026-01-16 17:52:00.310303+00:00
--------------------------------------------------------------------------------

Name : foomuuri
Product : Fedora 42
Version : 0.31
Release : 1.fc42
URL : https://github.com/FoobarOy/foomuuri
Summary : Multizone bidirectional nftables firewall
Description :
Foomuuri is a firewall generator for nftables based on the concept of zones.
It is suitable for all systems from personal machines to corporate firewalls,
and supports advanced features such as a rich rule language, IPv4/IPv6 rule
splitting, dynamic DNS lookups, a D-Bus API and FirewallD emulation for
NetworkManager's zone support.

--------------------------------------------------------------------------------
Update Information:

Upstream update to v0.31 with fixes to CVE-2025-67603 and CVE-2025-67858.
CVE-2025-67603: Add PolicyKit authorization to D-Bus methods.
CVE-2025-67858: Verify interface input parameter on D-Bus methods.
Security hardening:
Add ProtectSystem=full to all systemd service files. This changes /etc
to read-only for all Foomuuri processes. Make sure you don't write any
state files there in your startup hook or Foomuuri Monitor event hook.
Change umask to 022 when using --fork to fork as a background daemon
process.
More strict IP address verify for iplist entries.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 7 2026 Kim B. Heino [b@bbbs.net] - 0.31-1
- Upgrade to 0.31
- CVE-2025-67603: Add PolicyKit authorization to D-Bus methods
- CVE-2025-67858: Verify interface input parameter on D-Bus methods
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-63f333201f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: harfbuzz-11.5.1-2.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b38fe572ef
2026-01-16 17:41:28.527944+00:00
--------------------------------------------------------------------------------

Name : harfbuzz
Product : Fedora 43
Version : 11.5.1
Release : 2.fc43
URL : https://github.com/harfbuzz/harfbuzz/
Summary : Text shaping library
Description :
HarfBuzz is an implementation of the OpenType Layout engine.

--------------------------------------------------------------------------------
Update Information:

Backport security fix for CVE-2026-22693 (fix RHBZ#2429288)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 14 2026 Parag Nemade - 11.5.1-2
- Backport security fix for CVE-2026-22693 (fix RHBZ#2429288)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2429288 - CVE-2026-22693 harfbuzz: Null Pointer Dereference in harfbuzz [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2429288
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b38fe572ef' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: freerdp-3.20.2-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-79f923d917
2026-01-16 17:41:28.527941+00:00
--------------------------------------------------------------------------------

Name : freerdp
Product : Fedora 43
Version : 3.20.2
Release : 1.fc43
URL : http://www.freerdp.com/
Summary : Free implementation of the Remote Desktop Protocol (RDP)
Description :
The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP
project.

xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows
machines, xrdp and VirtualBox.

--------------------------------------------------------------------------------
Update Information:

Update to 3.20.2
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 14 2026 Ondrej Holy [oholy@redhat.com] - 2:3.20.2-1
- Update to 3.20.2
* Wed Jan 14 2026 Ondrej Holy [oholy@redhat.com] - 2:3.20.1-1
- Update to 3.20.1
Resolves: rhbz#2423151
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2429784 - CVE-2026-22857 freerdp: FreeRDP heap-use-after-free [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2429784
[ 2 ] Bug #2429789 - CVE-2026-22859 freerdp: FreeRDP heap-buffer-overflow [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2429789
[ 3 ] Bug #2429797 - CVE-2026-22852 freerdp: FreeRDP heap-buffer-overflow [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2429797
[ 4 ] Bug #2429803 - CVE-2026-22854 freerdp: FreeRDP heap-buffer-overflow [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2429803
[ 5 ] Bug #2429806 - CVE-2026-22855 freerdp: FreeRDP heap-buffer-overflow [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2429806
[ 6 ] Bug #2429812 - CVE-2026-22853 freerdp: FreeRDP heap-buffer-overflow [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2429812
[ 7 ] Bug #2429816 - CVE-2026-22858 freerdp: FreeRDP global-buffer-overflow [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2429816
[ 8 ] Bug #2429818 - CVE-2026-22856 freerdp: FreeRDP heap-use-after-free [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2429818
[ 9 ] Bug #2429819 - CVE-2026-22851 freerdp: FreeRDP RDPGFX ResetGraphics race [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2429819
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-79f923d917' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: forgejo-13.0.4-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a4a01fb680
2026-01-17 00:47:43.123280+00:00
--------------------------------------------------------------------------------

Name : forgejo
Product : Fedora 43
Version : 13.0.4
Release : 1.fc43
URL : https://forgejo.org
Summary : A lightweight software forge
Description :
Forgejo (pronounced /for??d????e.jo/) is a lightweight software forge. Use it to
host git repositories, track their issues and allow people to contribute to
them!

--------------------------------------------------------------------------------
Update Information:

This is an upstream bug and security fix release. Please view the upstream
release notes for more details.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 8 2026 Nils Philippsen [nils@redhat.com] - 13.0.4-1
- Update to 13.0.4
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a4a01fb680' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------