Rust, MinGW, Mapserver, Libinput updates for Fedora

Fedora Linux 9302 Published by

New security patches have arrived for Fedora Linux systems requiring immediate attention from administrators. This release targets both Fedora 42 and Fedora 43 branches with a wide array of package fixes. Additionally, you will find updates for popular libraries like rust, mapserver, and mingw tools that handle cross platform development tasks.

Fedora 42 Update: rust-1.94.1-1.fc42
Fedora 42 Update: mingw-binutils-2.43.1-6.fc42
Fedora 42 Update: mingw-gstreamer1-plugins-base-1.26.11-1.fc42
Fedora 42 Update: mingw-gstreamer1-plugins-good-1.26.11-1.fc42
Fedora 42 Update: mingw-gstreamer1-1.26.11-1.fc42
Fedora 42 Update: mingw-gstreamer1-plugins-bad-free-1.26.11-1.fc42
Fedora 42 Update: mapserver-8.4.1-3.fc42
Fedora 42 Update: mingw-python3-3.11.15-2.fc42
Fedora 42 Update: mingw-libpng-1.6.56-1.fc42
Fedora 43 Update: libinput-1.30.3-1.fc43
Fedora 43 Update: mingw-binutils-2.45.1-2.fc43
Fedora 43 Update: mingw-gstreamer1-plugins-bad-free-1.26.11-1.fc43
Fedora 43 Update: mingw-gstreamer1-1.26.11-1.fc43
Fedora 43 Update: mingw-gstreamer1-plugins-base-1.26.11-1.fc43
Fedora 43 Update: mingw-gstreamer1-plugins-good-1.26.11-1.fc43
Fedora 43 Update: mapserver-8.4.1-3.fc43
Fedora 43 Update: mingw-python3-3.11.15-2.fc43
Fedora 43 Update: mingw-libpng-1.6.56-1.fc43
Fedora 43 Update: rust-sccache-0.14.0-2.fc43




[SECURITY] Fedora 42 Update: rust-1.94.1-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f47b1861e4
2026-04-05 00:58:39.922021+00:00
--------------------------------------------------------------------------------

Name : rust
Product : Fedora 42
Version : 1.94.1
Release : 1.fc42
URL : https://www.rust-lang.org
Summary : The Rust Programming Language
Description :
Rust is a systems programming language that runs blazingly fast, prevents
segfaults, and guarantees thread safety.

This package includes the Rust compiler and documentation generator.

--------------------------------------------------------------------------------
Update Information:

Update to 1.94.1
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 26 2026 Paul Murphy [murp@redhat.com] - 1.94.1-1
- Update to Rust 1.94.1
* Tue Mar 17 2026 Jesus Checa Hidalgo [jchecahi@redhat.com] - 1.94.0-2
- Disable `package::publish_to_crates_io_warns` cargo test
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2449686 - CVE-2026-33056 rust: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449686
[ 2 ] Bug #2451697 - rust-1.94.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451697
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f47b1861e4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: mingw-binutils-2.43.1-6.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fe96f3532b
2026-04-05 00:58:39.922013+00:00
--------------------------------------------------------------------------------

Name : mingw-binutils
Product : Fedora 42
Version : 2.43.1
Release : 6.fc42
URL : http://www.gnu.org/software/binutils/
Summary : Cross-compiled version of binutils for Win32 and Win64 environments
Description :
Cross compiled binutils (utilities like 'strip', 'as', 'ld') which
understand Windows executables and DLLs.

--------------------------------------------------------------------------------
Update Information:

Backport fixes for multiple CVEs.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 27 2026 Sandro Mani [manisandro@gmail.com] - 2.43.1-6
- Backport fixes for CVE-2025-11081, CVE-2025-11839, CVE-2025-11840,
CVE-2025-69644, CVE-2025-69645, CVE-2025-69646, CVE-2025-69647,
CVE-2025-69648, CVE-2025-69649, CVE-2025-69650, CVE-2025-69651,
CVE-2025-69652, CVE-2026-4647
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2404507 - CVE-2025-11839 mingw-binutils: GNU Binutils prdbg.c tg_tag_type return value [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2404507
[ 2 ] Bug #2404556 - CVE-2025-11840 mingw-binutils: GNU Binutils out-of-bounds read [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2404556
[ 3 ] Bug #2445279 - CVE-2025-69646 mingw-binutils: Binutils: Denial of Service via malformed DWARF debug_rnglists data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2445279
[ 4 ] Bug #2445283 - CVE-2025-69644 mingw-binutils: Binutils: Denial of Service via crafted binary with malformed DWARF debug information [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2445283
[ 5 ] Bug #2445286 - CVE-2025-69645 mingw-binutils: Binutils objdump: Denial of Service via crafted DWARF debug information [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2445286
[ 6 ] Bug #2445389 - CVE-2025-69651 mingw-binutils: Binutils: Denial of Service via crafted ELF binary processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2445389
[ 7 ] Bug #2448118 - CVE-2025-69650 mingw-binutils: double free in readelf via crafted ELF binary with malformed relocation data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448118
[ 8 ] Bug #2448126 - CVE-2025-69649 mingw-binutils: NULL pointer dereference in readelf via crafted ELF binary with malformed header fields [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448126
[ 9 ] Bug #2448137 - CVE-2025-69652 mingw-binutils: abort in readelf via crafted ELF binary with malformed DWARF abbrev or debug information [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448137
[ 10 ] Bug #2448145 - CVE-2025-69647 mingw-binutils: infinite loop in readelf via crafted binary with malformed DWARF loclists data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448145
[ 11 ] Bug #2448153 - CVE-2025-69648 mingw-binutils: infinite loop in readelf via crafted binary with malformed DWARF .debug_rnglists data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448153
[ 12 ] Bug #2450319 - CVE-2026-4647 mingw-binutils: Out-of-Bounds Read in XCOFF Relocation Processing in GNU Binutils BFD Library [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2450319
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fe96f3532b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: mingw-gstreamer1-plugins-base-1.26.11-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3cc99e7d09
2026-04-05 00:58:39.922003+00:00
--------------------------------------------------------------------------------

Name : mingw-gstreamer1-plugins-base
Product : Fedora 42
Version : 1.26.11
Release : 1.fc42
URL : http://gstreamer.freedesktop.org/
Summary : Cross compiled GStreamer1 media framework base plug-ins
Description :
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plug-ins.

This package contains a set of well-maintained base plug-ins.

--------------------------------------------------------------------------------
Update Information:

Update to gstreamer-1.26.11.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 27 2026 Sandro Mani [manisandro@gmail.com] - 1.26.11-1
- Update to 1.26.11
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.26.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447936 - CVE-2026-2920 mingw-gstreamer1: GStreamer: Arbitrary code execution via ASF file processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2447936
[ 2 ] Bug #2448013 - CVE-2026-3084 mingw-gstreamer1: GStreamer: Remote Code Execution via integer underflow in H.266 Codec Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448013
[ 3 ] Bug #2448019 - CVE-2026-2922 mingw-gstreamer1: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448019
[ 4 ] Bug #2448020 - CVE-2026-2921 mingw-gstreamer1: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448020
[ 5 ] Bug #2448021 - CVE-2026-2923 mingw-gstreamer1: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448021
[ 6 ] Bug #2448022 - CVE-2026-3085 mingw-gstreamer1: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448022
[ 7 ] Bug #2448029 - CVE-2026-3081 mingw-gstreamer1: GStreamer: Arbitrary code execution via H.266 codec parsing stack-based buffer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448029
[ 8 ] Bug #2448030 - CVE-2026-3083 mingw-gstreamer1: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448030
[ 9 ] Bug #2448032 - CVE-2026-3086 mingw-gstreamer1: GStreamer: Remote Code Execution via Out-Of-Bounds Write in H.266 Codec Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448032
[ 10 ] Bug #2448038 - CVE-2026-3082 mingw-gstreamer1: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448038
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3cc99e7d09' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: mingw-gstreamer1-plugins-good-1.26.11-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3cc99e7d09
2026-04-05 00:58:39.922003+00:00
--------------------------------------------------------------------------------

Name : mingw-gstreamer1-plugins-good
Product : Fedora 42
Version : 1.26.11
Release : 1.fc42
URL : http://gstreamer.freedesktop.org/
Summary : Cross compiled GStreamer1 plug-ins good
Description :
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plugins.

GStreamer Good Plugins is a collection of well-supported plugins of
good quality and under the LGPL license.

--------------------------------------------------------------------------------
Update Information:

Update to gstreamer-1.26.11.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 27 2026 Sandro Mani [manisandro@gmail.com] - 1.26.11-1
- Update to 1.26.11
- Backport fix for CVE-2026-3083, CVE-2026-3085
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447936 - CVE-2026-2920 mingw-gstreamer1: GStreamer: Arbitrary code execution via ASF file processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2447936
[ 2 ] Bug #2448013 - CVE-2026-3084 mingw-gstreamer1: GStreamer: Remote Code Execution via integer underflow in H.266 Codec Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448013
[ 3 ] Bug #2448019 - CVE-2026-2922 mingw-gstreamer1: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448019
[ 4 ] Bug #2448020 - CVE-2026-2921 mingw-gstreamer1: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448020
[ 5 ] Bug #2448021 - CVE-2026-2923 mingw-gstreamer1: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448021
[ 6 ] Bug #2448022 - CVE-2026-3085 mingw-gstreamer1: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448022
[ 7 ] Bug #2448029 - CVE-2026-3081 mingw-gstreamer1: GStreamer: Arbitrary code execution via H.266 codec parsing stack-based buffer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448029
[ 8 ] Bug #2448030 - CVE-2026-3083 mingw-gstreamer1: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448030
[ 9 ] Bug #2448032 - CVE-2026-3086 mingw-gstreamer1: GStreamer: Remote Code Execution via Out-Of-Bounds Write in H.266 Codec Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448032
[ 10 ] Bug #2448038 - CVE-2026-3082 mingw-gstreamer1: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448038
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3cc99e7d09' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: mingw-gstreamer1-1.26.11-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3cc99e7d09
2026-04-05 00:58:39.922003+00:00
--------------------------------------------------------------------------------

Name : mingw-gstreamer1
Product : Fedora 42
Version : 1.26.11
Release : 1.fc42
URL : http://gstreamer.freedesktop.org/
Summary : MinGW Windows Streaming-Media Framework Runtime
Description :
GStreamer is a streaming-media framework, based on graphs of filters
which operate on media data. Applications using this library can do
anything from real-time sound processing to playing videos, and just
about anything else media-related. Its plug-in-based architecture
means that new data types or processing capabilities can be added by
installing new plug-ins.

--------------------------------------------------------------------------------
Update Information:

Update to gstreamer-1.26.11.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 27 2026 Sandro Mani [manisandro@gmail.com] - 1.26.11-1
- Update to 1.26.11
* Tue Aug 12 2025 Sandro Mani [manisandro@gmail.com] - 1.26.5-1
- Update to 1.26.5
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.26.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447936 - CVE-2026-2920 mingw-gstreamer1: GStreamer: Arbitrary code execution via ASF file processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2447936
[ 2 ] Bug #2448013 - CVE-2026-3084 mingw-gstreamer1: GStreamer: Remote Code Execution via integer underflow in H.266 Codec Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448013
[ 3 ] Bug #2448019 - CVE-2026-2922 mingw-gstreamer1: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448019
[ 4 ] Bug #2448020 - CVE-2026-2921 mingw-gstreamer1: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448020
[ 5 ] Bug #2448021 - CVE-2026-2923 mingw-gstreamer1: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448021
[ 6 ] Bug #2448022 - CVE-2026-3085 mingw-gstreamer1: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448022
[ 7 ] Bug #2448029 - CVE-2026-3081 mingw-gstreamer1: GStreamer: Arbitrary code execution via H.266 codec parsing stack-based buffer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448029
[ 8 ] Bug #2448030 - CVE-2026-3083 mingw-gstreamer1: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448030
[ 9 ] Bug #2448032 - CVE-2026-3086 mingw-gstreamer1: GStreamer: Remote Code Execution via Out-Of-Bounds Write in H.266 Codec Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448032
[ 10 ] Bug #2448038 - CVE-2026-3082 mingw-gstreamer1: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448038
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3cc99e7d09' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: mingw-gstreamer1-plugins-bad-free-1.26.11-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3cc99e7d09
2026-04-05 00:58:39.922003+00:00
--------------------------------------------------------------------------------

Name : mingw-gstreamer1-plugins-bad-free
Product : Fedora 42
Version : 1.26.11
Release : 1.fc42
URL : http://gstreamer.freedesktop.org/
Summary : Cross compiled GStreamer1 plug-ins "bad"
Description :
GStreamer is a streaming media framework, based on graphs of elements which
operate on media data.

This package contains plug-ins that aren't tested
well enough, or the code is not of good enough quality.

--------------------------------------------------------------------------------
Update Information:

Update to gstreamer-1.26.11.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 27 2026 Sandro Mani [manisandro@gmail.com] - 1.26.11-1
- Update to 1.26.11
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447936 - CVE-2026-2920 mingw-gstreamer1: GStreamer: Arbitrary code execution via ASF file processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2447936
[ 2 ] Bug #2448013 - CVE-2026-3084 mingw-gstreamer1: GStreamer: Remote Code Execution via integer underflow in H.266 Codec Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448013
[ 3 ] Bug #2448019 - CVE-2026-2922 mingw-gstreamer1: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448019
[ 4 ] Bug #2448020 - CVE-2026-2921 mingw-gstreamer1: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448020
[ 5 ] Bug #2448021 - CVE-2026-2923 mingw-gstreamer1: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448021
[ 6 ] Bug #2448022 - CVE-2026-3085 mingw-gstreamer1: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448022
[ 7 ] Bug #2448029 - CVE-2026-3081 mingw-gstreamer1: GStreamer: Arbitrary code execution via H.266 codec parsing stack-based buffer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448029
[ 8 ] Bug #2448030 - CVE-2026-3083 mingw-gstreamer1: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448030
[ 9 ] Bug #2448032 - CVE-2026-3086 mingw-gstreamer1: GStreamer: Remote Code Execution via Out-Of-Bounds Write in H.266 Codec Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448032
[ 10 ] Bug #2448038 - CVE-2026-3082 mingw-gstreamer1: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448038
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3cc99e7d09' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: mapserver-8.4.1-3.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-178c482e71
2026-04-05 00:58:39.921993+00:00
--------------------------------------------------------------------------------

Name : mapserver
Product : Fedora 42
Version : 8.4.1
Release : 3.fc42
URL : http://www.mapserver.org
Summary : Platform for publishing spatial data and interactive mapping applications to the web
Description :
MapServer is an Open Source platform for publishing spatial data and
interactive mapping applications to the web.

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2026-33721.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 27 2026 Sandro Mani [manisandro@gmail.com] - 8.4.1-3
- Backport fix for CVE-2026-33721
* Wed Oct 1 2025 Sandro Mani [manisandro@gmail.com] - 8.4.1-2
- Sync package description with upstream text
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2452127 - CVE-2026-33721 mapserver: MapServer: Denial of Service via crafted Styled Layer Descriptor [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2452127
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-178c482e71' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: mingw-python3-3.11.15-2.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ff5da930eb
2026-04-05 00:58:39.922001+00:00
--------------------------------------------------------------------------------

Name : mingw-python3
Product : Fedora 42
Version : 3.11.15
Release : 2.fc42
URL : https://www.python.org/
Summary : MinGW Windows python3
Description :
MinGW Windows python3

--------------------------------------------------------------------------------
Update Information:

Update to python-3.11.15, backport fixes for CVE-2026-4519, CVE-2026-3644,
CVE-2026-4224, CVE-2026-2297
Update to python-3.11.15.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 27 2026 Sandro Mani [manisandro@gmail.com] - 3.11.15-2
- Backport fixes for CVE-2026-4519, CVE-2026-3644, CVE-2026-4224
* Fri Mar 27 2026 Sandro Mani [manisandro@gmail.com] - 3.11.15-1
- Update to 3.11.15
- Backport fix for CVE-2026-2297
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2444702 - CVE-2026-2297 mingw-python3: CPython: Logging Bypass in Legacy .pyc File Handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444702
[ 2 ] Bug #2448186 - CVE-2026-3644 mingw-python3: Incomplete control character validation in http.cookies [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448186
[ 3 ] Bug #2448202 - CVE-2026-4224 mingw-python3: Stack overflow parsing XML with deeply nested DTD content models [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448202
[ 4 ] Bug #2449725 - CVE-2026-4519 mingw-python3: Python: Command-line option injection in webbrowser.open() via crafted URLs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449725
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ff5da930eb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: mingw-libpng-1.6.56-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f911c124c2
2026-04-05 00:58:39.921990+00:00
--------------------------------------------------------------------------------

Name : mingw-libpng
Product : Fedora 42
Version : 1.6.56
Release : 1.fc42
URL : http://www.libpng.org/pub/png/
Summary : MinGW Windows Libpng library
Description :
MinGW Windows Libpng library.

--------------------------------------------------------------------------------
Update Information:

Update to libpng-1.6.56.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 27 2026 Sandro Mani [manisandro@gmail.com] - 1.6.56-1
- Update to 1.6.56
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2452119 - CVE-2026-33636 mingw-libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2452119
[ 2 ] Bug #2452132 - CVE-2026-33636 mingw-libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2452132
[ 3 ] Bug #2452147 - CVE-2026-33416 mingw-libpng: libpng: Arbitrary code execution due to use-after-free vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2452147
[ 4 ] Bug #2452158 - CVE-2026-33416 mingw-libpng: libpng: Arbitrary code execution due to use-after-free vulnerability [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2452158
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f911c124c2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: libinput-1.30.3-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5aafda8cd8
2026-04-05 00:52:10.725744+00:00
--------------------------------------------------------------------------------

Name : libinput
Product : Fedora 43
Version : 1.30.3
Release : 1.fc43
URL : http://www.freedesktop.org/wiki/Software/libinput/
Summary : Input device library
Description :
libinput is a library that handles input devices for display servers and other
applications that need to directly deal with input devices.

It provides device detection, device handling, input device event processing
and abstraction so minimize the amount of custom input code the user of
libinput need to provide the common set of functionality that users expect.

--------------------------------------------------------------------------------
Update Information:

libinput 1.30.3, fixes Lua plugin sandbox escape (CVE-2026-35093,CVE-2026-35094)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 2 2026 Peter Hutterer [peter.hutterer@redhat.com] - 1.30.3-1
- libinput 1.30.3 (CVE-2026-35093, CVE-2026-35094)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5aafda8cd8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: mingw-binutils-2.45.1-2.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9174e6ea37
2026-04-05 00:52:10.725729+00:00
--------------------------------------------------------------------------------

Name : mingw-binutils
Product : Fedora 43
Version : 2.45.1
Release : 2.fc43
URL : http://www.gnu.org/software/binutils/
Summary : Cross-compiled version of binutils for Win32 and Win64 environments
Description :
Cross compiled binutils (utilities like 'strip', 'as', 'ld') which
understand Windows executables and DLLs.

--------------------------------------------------------------------------------
Update Information:

Backport fixes for multiple CVEs.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 27 2026 Sandro Mani [manisandro@gmail.com] - 2.45.1-2
- Backport fixes CVE-2025-11839, CVE-2025-11840, CVE-2025-69644, CVE-2025-69646,
CVE-2025-69649, CVE-2025-69652, CVE-2026-4647
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2404507 - CVE-2025-11839 mingw-binutils: GNU Binutils prdbg.c tg_tag_type return value [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2404507
[ 2 ] Bug #2404556 - CVE-2025-11840 mingw-binutils: GNU Binutils out-of-bounds read [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2404556
[ 3 ] Bug #2445279 - CVE-2025-69646 mingw-binutils: Binutils: Denial of Service via malformed DWARF debug_rnglists data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2445279
[ 4 ] Bug #2445283 - CVE-2025-69644 mingw-binutils: Binutils: Denial of Service via crafted binary with malformed DWARF debug information [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2445283
[ 5 ] Bug #2445286 - CVE-2025-69645 mingw-binutils: Binutils objdump: Denial of Service via crafted DWARF debug information [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2445286
[ 6 ] Bug #2445389 - CVE-2025-69651 mingw-binutils: Binutils: Denial of Service via crafted ELF binary processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2445389
[ 7 ] Bug #2448118 - CVE-2025-69650 mingw-binutils: double free in readelf via crafted ELF binary with malformed relocation data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448118
[ 8 ] Bug #2448126 - CVE-2025-69649 mingw-binutils: NULL pointer dereference in readelf via crafted ELF binary with malformed header fields [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448126
[ 9 ] Bug #2448137 - CVE-2025-69652 mingw-binutils: abort in readelf via crafted ELF binary with malformed DWARF abbrev or debug information [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448137
[ 10 ] Bug #2448145 - CVE-2025-69647 mingw-binutils: infinite loop in readelf via crafted binary with malformed DWARF loclists data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448145
[ 11 ] Bug #2448153 - CVE-2025-69648 mingw-binutils: infinite loop in readelf via crafted binary with malformed DWARF .debug_rnglists data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448153
[ 12 ] Bug #2450319 - CVE-2026-4647 mingw-binutils: Out-of-Bounds Read in XCOFF Relocation Processing in GNU Binutils BFD Library [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2450319
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9174e6ea37' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: mingw-gstreamer1-plugins-bad-free-1.26.11-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e6d8e9fd49
2026-04-05 00:52:10.725721+00:00
--------------------------------------------------------------------------------

Name : mingw-gstreamer1-plugins-bad-free
Product : Fedora 43
Version : 1.26.11
Release : 1.fc43
URL : http://gstreamer.freedesktop.org/
Summary : Cross compiled GStreamer1 plug-ins "bad"
Description :
GStreamer is a streaming media framework, based on graphs of elements which
operate on media data.

This package contains plug-ins that aren't tested
well enough, or the code is not of good enough quality.

--------------------------------------------------------------------------------
Update Information:

Update to gstreamer-1.26.11.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 27 2026 Sandro Mani [manisandro@gmail.com] - 1.26.11-1
- Update to 1.26.11
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447936 - CVE-2026-2920 mingw-gstreamer1: GStreamer: Arbitrary code execution via ASF file processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2447936
[ 2 ] Bug #2448013 - CVE-2026-3084 mingw-gstreamer1: GStreamer: Remote Code Execution via integer underflow in H.266 Codec Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448013
[ 3 ] Bug #2448019 - CVE-2026-2922 mingw-gstreamer1: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448019
[ 4 ] Bug #2448020 - CVE-2026-2921 mingw-gstreamer1: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448020
[ 5 ] Bug #2448021 - CVE-2026-2923 mingw-gstreamer1: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448021
[ 6 ] Bug #2448022 - CVE-2026-3085 mingw-gstreamer1: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448022
[ 7 ] Bug #2448029 - CVE-2026-3081 mingw-gstreamer1: GStreamer: Arbitrary code execution via H.266 codec parsing stack-based buffer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448029
[ 8 ] Bug #2448030 - CVE-2026-3083 mingw-gstreamer1: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448030
[ 9 ] Bug #2448032 - CVE-2026-3086 mingw-gstreamer1: GStreamer: Remote Code Execution via Out-Of-Bounds Write in H.266 Codec Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448032
[ 10 ] Bug #2448038 - CVE-2026-3082 mingw-gstreamer1: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448038
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e6d8e9fd49' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: mingw-gstreamer1-1.26.11-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e6d8e9fd49
2026-04-05 00:52:10.725721+00:00
--------------------------------------------------------------------------------

Name : mingw-gstreamer1
Product : Fedora 43
Version : 1.26.11
Release : 1.fc43
URL : http://gstreamer.freedesktop.org/
Summary : MinGW Windows Streaming-Media Framework Runtime
Description :
GStreamer is a streaming-media framework, based on graphs of filters
which operate on media data. Applications using this library can do
anything from real-time sound processing to playing videos, and just
about anything else media-related. Its plug-in-based architecture
means that new data types or processing capabilities can be added by
installing new plug-ins.

--------------------------------------------------------------------------------
Update Information:

Update to gstreamer-1.26.11.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 27 2026 Sandro Mani [manisandro@gmail.com] - 1.26.11-1
- Update to 1.26.11
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447936 - CVE-2026-2920 mingw-gstreamer1: GStreamer: Arbitrary code execution via ASF file processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2447936
[ 2 ] Bug #2448013 - CVE-2026-3084 mingw-gstreamer1: GStreamer: Remote Code Execution via integer underflow in H.266 Codec Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448013
[ 3 ] Bug #2448019 - CVE-2026-2922 mingw-gstreamer1: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448019
[ 4 ] Bug #2448020 - CVE-2026-2921 mingw-gstreamer1: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448020
[ 5 ] Bug #2448021 - CVE-2026-2923 mingw-gstreamer1: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448021
[ 6 ] Bug #2448022 - CVE-2026-3085 mingw-gstreamer1: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448022
[ 7 ] Bug #2448029 - CVE-2026-3081 mingw-gstreamer1: GStreamer: Arbitrary code execution via H.266 codec parsing stack-based buffer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448029
[ 8 ] Bug #2448030 - CVE-2026-3083 mingw-gstreamer1: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448030
[ 9 ] Bug #2448032 - CVE-2026-3086 mingw-gstreamer1: GStreamer: Remote Code Execution via Out-Of-Bounds Write in H.266 Codec Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448032
[ 10 ] Bug #2448038 - CVE-2026-3082 mingw-gstreamer1: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448038
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e6d8e9fd49' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: mingw-gstreamer1-plugins-base-1.26.11-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e6d8e9fd49
2026-04-05 00:52:10.725721+00:00
--------------------------------------------------------------------------------

Name : mingw-gstreamer1-plugins-base
Product : Fedora 43
Version : 1.26.11
Release : 1.fc43
URL : http://gstreamer.freedesktop.org/
Summary : Cross compiled GStreamer1 media framework base plug-ins
Description :
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plug-ins.

This package contains a set of well-maintained base plug-ins.

--------------------------------------------------------------------------------
Update Information:

Update to gstreamer-1.26.11.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 27 2026 Sandro Mani [manisandro@gmail.com] - 1.26.11-1
- Update to 1.26.11
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447936 - CVE-2026-2920 mingw-gstreamer1: GStreamer: Arbitrary code execution via ASF file processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2447936
[ 2 ] Bug #2448013 - CVE-2026-3084 mingw-gstreamer1: GStreamer: Remote Code Execution via integer underflow in H.266 Codec Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448013
[ 3 ] Bug #2448019 - CVE-2026-2922 mingw-gstreamer1: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448019
[ 4 ] Bug #2448020 - CVE-2026-2921 mingw-gstreamer1: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448020
[ 5 ] Bug #2448021 - CVE-2026-2923 mingw-gstreamer1: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448021
[ 6 ] Bug #2448022 - CVE-2026-3085 mingw-gstreamer1: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448022
[ 7 ] Bug #2448029 - CVE-2026-3081 mingw-gstreamer1: GStreamer: Arbitrary code execution via H.266 codec parsing stack-based buffer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448029
[ 8 ] Bug #2448030 - CVE-2026-3083 mingw-gstreamer1: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448030
[ 9 ] Bug #2448032 - CVE-2026-3086 mingw-gstreamer1: GStreamer: Remote Code Execution via Out-Of-Bounds Write in H.266 Codec Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448032
[ 10 ] Bug #2448038 - CVE-2026-3082 mingw-gstreamer1: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448038
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e6d8e9fd49' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: mingw-gstreamer1-plugins-good-1.26.11-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e6d8e9fd49
2026-04-05 00:52:10.725721+00:00
--------------------------------------------------------------------------------

Name : mingw-gstreamer1-plugins-good
Product : Fedora 43
Version : 1.26.11
Release : 1.fc43
URL : http://gstreamer.freedesktop.org/
Summary : Cross compiled GStreamer1 plug-ins good
Description :
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plugins.

GStreamer Good Plugins is a collection of well-supported plugins of
good quality and under the LGPL license.

--------------------------------------------------------------------------------
Update Information:

Update to gstreamer-1.26.11.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 27 2026 Sandro Mani [manisandro@gmail.com] - 1.26.11-1
- Update to 1.26.11
- Backport fix for CVE-2026-3083, CVE-2026-3085
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447936 - CVE-2026-2920 mingw-gstreamer1: GStreamer: Arbitrary code execution via ASF file processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2447936
[ 2 ] Bug #2448013 - CVE-2026-3084 mingw-gstreamer1: GStreamer: Remote Code Execution via integer underflow in H.266 Codec Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448013
[ 3 ] Bug #2448019 - CVE-2026-2922 mingw-gstreamer1: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448019
[ 4 ] Bug #2448020 - CVE-2026-2921 mingw-gstreamer1: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448020
[ 5 ] Bug #2448021 - CVE-2026-2923 mingw-gstreamer1: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448021
[ 6 ] Bug #2448022 - CVE-2026-3085 mingw-gstreamer1: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448022
[ 7 ] Bug #2448029 - CVE-2026-3081 mingw-gstreamer1: GStreamer: Arbitrary code execution via H.266 codec parsing stack-based buffer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448029
[ 8 ] Bug #2448030 - CVE-2026-3083 mingw-gstreamer1: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448030
[ 9 ] Bug #2448032 - CVE-2026-3086 mingw-gstreamer1: GStreamer: Remote Code Execution via Out-Of-Bounds Write in H.266 Codec Parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448032
[ 10 ] Bug #2448038 - CVE-2026-3082 mingw-gstreamer1: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448038
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e6d8e9fd49' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: mapserver-8.4.1-3.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6d7e0a8b45
2026-04-05 00:52:10.725708+00:00
--------------------------------------------------------------------------------

Name : mapserver
Product : Fedora 43
Version : 8.4.1
Release : 3.fc43
URL : http://www.mapserver.org
Summary : Platform for publishing spatial data and interactive mapping applications to the web
Description :
MapServer is an Open Source platform for publishing spatial data and
interactive mapping applications to the web.

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2026-33721.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 27 2026 Sandro Mani [manisandro@gmail.com] - 8.4.1-3
- Backport fix for CVE-2026-33721
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2452127 - CVE-2026-33721 mapserver: MapServer: Denial of Service via crafted Styled Layer Descriptor [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2452127
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6d7e0a8b45' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: mingw-python3-3.11.15-2.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-22d8c9f967
2026-04-05 00:52:10.725718+00:00
--------------------------------------------------------------------------------

Name : mingw-python3
Product : Fedora 43
Version : 3.11.15
Release : 2.fc43
URL : https://www.python.org/
Summary : MinGW Windows python3
Description :
MinGW Windows python3

--------------------------------------------------------------------------------
Update Information:

Update to python-3.11.15, backport fixes for CVE-2026-4519, CVE-2026-3644,
CVE-2026-4224, CVE-2026-2297
Update to python-3.11.15.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 27 2026 Sandro Mani [manisandro@gmail.com] - 3.11.15-2
- Backport fixes for CVE-2026-4519, CVE-2026-3644, CVE-2026-4224
* Fri Mar 27 2026 Sandro Mani [manisandro@gmail.com] - 3.11.15-1
- Update to 3.11.15
- Backport fix for CVE-2026-2297
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2444702 - CVE-2026-2297 mingw-python3: CPython: Logging Bypass in Legacy .pyc File Handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444702
[ 2 ] Bug #2448186 - CVE-2026-3644 mingw-python3: Incomplete control character validation in http.cookies [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448186
[ 3 ] Bug #2448202 - CVE-2026-4224 mingw-python3: Stack overflow parsing XML with deeply nested DTD content models [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448202
[ 4 ] Bug #2449725 - CVE-2026-4519 mingw-python3: Python: Command-line option injection in webbrowser.open() via crafted URLs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449725
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-22d8c9f967' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: mingw-libpng-1.6.56-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7576b56379
2026-04-05 00:52:10.725705+00:00
--------------------------------------------------------------------------------

Name : mingw-libpng
Product : Fedora 43
Version : 1.6.56
Release : 1.fc43
URL : http://www.libpng.org/pub/png/
Summary : MinGW Windows Libpng library
Description :
MinGW Windows Libpng library.

--------------------------------------------------------------------------------
Update Information:

Update to libpng-1.6.56.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 27 2026 Sandro Mani [manisandro@gmail.com] - 1.6.56-1
- Update to 1.6.56
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2452119 - CVE-2026-33636 mingw-libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2452119
[ 2 ] Bug #2452132 - CVE-2026-33636 mingw-libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2452132
[ 3 ] Bug #2452147 - CVE-2026-33416 mingw-libpng: libpng: Arbitrary code execution due to use-after-free vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2452147
[ 4 ] Bug #2452158 - CVE-2026-33416 mingw-libpng: libpng: Arbitrary code execution due to use-after-free vulnerability [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2452158
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7576b56379' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: rust-sccache-0.14.0-2.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3c1918cbd5
2026-04-05 00:52:10.725680+00:00
--------------------------------------------------------------------------------

Name : rust-sccache
Product : Fedora 43
Version : 0.14.0
Release : 2.fc43
URL : https://crates.io/crates/sccache
Summary : Sccache is a ccache-like tool
Description :
Sccache is a ccache-like tool. It is used as a compiler wrapper and
avoids compilation when possible. Sccache has the capability to utilize
caching in remote storage environments, including various cloud storage
options, or alternatively, in local storage.

--------------------------------------------------------------------------------
Update Information:

Update to version 0.14.0
Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 27 2026 Andreas Schneider [asn@redhat.com] - 0.14.0-1
- Update to version 0.14.0
* Mon Mar 23 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.13.0-4
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
- Restore binary package License expression, lost in a previous update
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2438014 - rust-sccache-0.14.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2438014
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3c1918cbd5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new


Libxml-Parser-Perl and Roundcube updates for Debian

Chromium, Python-Pillow, Flask-Cors updates for SUSE

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...