Python-Diskcache, Cmake, Giflib updates for Fedora

Fedora Linux 9289 Published 2026-03-24 07:05 by Philipp Esselbach

News

Fedora users across versions 42, 43, and 44 must prioritize installing these new security patches immediately to protect their systems. The python-diskcache package requires a specific update to fix a vulnerability involving arbitrary code execution through insecure pickle deserialization. Meanwhile cmake and giflib have also received updates to resolve reachable assertion errors and potential memory corruption risks found within those tools.

Fedora 42 Update: python-diskcache-5.6.3-12.fc42
Fedora 43 Update: cmake-3.31.11-1.fc43
Fedora 43 Update: giflib-5.2.2-9.fc43
Fedora 43 Update: python-diskcache-5.6.3-12.fc43
Fedora 44 Update: python-diskcache-5.6.3-12.fc44

[SECURITY] Fedora 42 Update: python-diskcache-5.6.3-12.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9e5037f4e6
2026-03-24 01:11:27.883794+00:00
--------------------------------------------------------------------------------

Name : python-diskcache
Product : Fedora 42
Version : 5.6.3
Release : 12.fc42
URL : https://grantjenks.com/docs/diskcache/
Summary : Python disk-backed cache
Description :
DiskCache is an Apache2 licensed disk and file backed cache library,
written in pure-Python, and compatible with Django.

--------------------------------------------------------------------------------
Update Information:

Incorporate patch from Sam Doran to fix CVE-2025-69872
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar 15 2026 Benson Muite [fed500@fedoraproject.org] - 5.6.4-12
- Incorporate patch from Sam Doran to fix CVE-2025-69872
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 5.6.3-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Sep 19 2025 Python Maint - 5.6.3-10
- Rebuilt for Python 3.14.0rc3 bytecode
* Fri Aug 15 2025 Python Maint - 5.6.3-9
- Rebuilt for Python 3.14.0rc2 bytecode
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 5.6.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jun 26 2025 Python Maint - 5.6.3-7
- Rebuilt for Python 3.14
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2439089 - CVE-2025-69872 python-diskcache: python-diskcache: Arbitrary code execution via insecure pickle deserialization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2439089
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9e5037f4e6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: cmake-3.31.11-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-46d93351cd
2026-03-24 00:51:06.436667+00:00
--------------------------------------------------------------------------------

Name : cmake
Product : Fedora 43
Version : 3.31.11
Release : 1.fc43
URL : http://www.cmake.org
Summary : Cross-platform make system
Description :
CMake is used to control the software compilation process using simple
platform and compiler independent configuration files. CMake generates
native makefiles and workspaces that can be used in the compiler
environment of your choice. CMake is quite sophisticated: it is possible
to support complex environments requiring system configuration, preprocessor
generation, code generation, and template instantiation.

--------------------------------------------------------------------------------
Update Information:

Update to v3.31.11.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar 22 2026 Bj??rn Esser [besser82@fedoraproject.org] - 3.31.11-1
- cmake-3.31.11
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2390122 - CVE-2025-9301 cmake: cmake reachable assertion [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2390122
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-46d93351cd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 43 Update: giflib-5.2.2-9.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c260342365
2026-03-24 00:51:06.436664+00:00
--------------------------------------------------------------------------------

Name : giflib
Product : Fedora 43
Version : 5.2.2
Release : 9.fc43
URL : http://www.sourceforge.net/projects/giflib/
Summary : A library and utilities for processing GIFs
Description :
giflib is a library for reading and writing gif images.

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2026-23868.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 21 2026 Sandro Mani [manisandro@gmail.com] - 5.2.2-9
- Backport patch for CVE-2026-23868
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2446289 - CVE-2026-23868 giflib: Giflib: Double-free vulnerability leading to memory corruption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2446289
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c260342365' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: python-diskcache-5.6.3-12.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-319d85836c
2026-03-24 00:51:06.436611+00:00
--------------------------------------------------------------------------------

Name : python-diskcache
Product : Fedora 43
Version : 5.6.3
Release : 12.fc43
URL : https://grantjenks.com/docs/diskcache/
Summary : Python disk-backed cache
Description :
DiskCache is an Apache2 licensed disk and file backed cache library,
written in pure-Python, and compatible with Django.

--------------------------------------------------------------------------------
Update Information:

Incorporate patch from Sam Doran to fix CVE-2025-69872
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar 15 2026 Benson Muite [fed500@fedoraproject.org] - 5.6.4-12
- Incorporate patch from Sam Doran to fix CVE-2025-69872
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 5.6.3-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2439090 - CVE-2025-69872 python-diskcache: python-diskcache: Arbitrary code execution via insecure pickle deserialization [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2439090
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-319d85836c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: python-diskcache-5.6.3-12.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-56264d0a56
2026-03-24 00:15:36.325643+00:00
--------------------------------------------------------------------------------

Name : python-diskcache
Product : Fedora 44
Version : 5.6.3
Release : 12.fc44
URL : https://grantjenks.com/docs/diskcache/
Summary : Python disk-backed cache
Description :
DiskCache is an Apache2 licensed disk and file backed cache library,
written in pure-Python, and compatible with Django.

--------------------------------------------------------------------------------
Update Information:

Incorporate patch from Sam Doran to fix CVE-2025-69872
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar 15 2026 Benson Muite [fed500@fedoraproject.org] - 5.6.4-12
- Incorporate patch from Sam Doran to fix CVE-2025-69872
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2439090 - CVE-2025-69872 python-diskcache: python-diskcache: Arbitrary code execution via insecure pickle deserialization [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2439090
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-56264d0a56' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

Mapserver, VLC, Strongswan updates for Debian

Libvpx, Gimp, Python, and more updates for RHEL

Python-Diskcache, Cmake, Giflib updates for Fedora

[SECURITY] Fedora 42 Update: python-diskcache-5.6.3-12.fc42

[SECURITY] Fedora 43 Update: cmake-3.31.11-1.fc43

[SECURITY] Fedora 43 Update: giflib-5.2.2-9.fc43

[SECURITY] Fedora 43 Update: python-diskcache-5.6.3-12.fc43

[SECURITY] Fedora 44 Update: python-diskcache-5.6.3-12.fc44

Windows

Linux

macOS

Community