Several security updates have been released for Fedora Linux, including patches for packages such as rust-lru and exim. The updates cover different versions of Fedora, specifically Fedora 43 and Fedora 42. For Fedora 42, the list includes updates to gpsd, mysql8.0, mysql8.4, python-biopython, and another update for exim. Rust-lru also received an update in Fedora 42.

Fedora 43 Update: rust-lru-0.16.3-1.fc43
Fedora 43 Update: exim-4.99.1-1.fc43
Fedora 42 Update: gpsd-3.25-17.fc42
Fedora 42 Update: rust-lru-0.16.3-1.fc42
Fedora 42 Update: mysql8.0-8.0.44-4.fc42
Fedora 42 Update: mysql8.4-8.4.7-5.fc42
Fedora 42 Update: python-biopython-1.86-2.fc42
Fedora 42 Update: exim-4.99.1-1.fc42

[SECURITY] Fedora 43 Update: rust-lru-0.16.3-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-cd2a3ce9e6
2026-01-20 01:41:34.264112+00:00
--------------------------------------------------------------------------------

Name : rust-lru
Product : Fedora 43
Version : 0.16.3
Release : 1.fc43
URL : https://crates.io/crates/lru
Summary : LRU cache implementation
Description :
A LRU cache implementation.

--------------------------------------------------------------------------------
Update Information:

Update to version 0.16.3. Includes the fix for RUSTSEC-2026-0002.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jan 11 2026 Fabio Valentini [decathorpe@gmail.com] - 0.16.3-1
- Update to version 0.16.3; Fixes RHBZ#2427568
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-cd2a3ce9e6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: exim-4.99.1-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-223569b08a
2026-01-20 01:41:34.264081+00:00
--------------------------------------------------------------------------------

Name : exim
Product : Fedora 43
Version : 4.99.1
Release : 1.fc43
URL : https://www.exim.org/
Summary : The exim mail transfer agent
Description :
Exim is a message transfer agent (MTA) developed at the University of
Cambridge for use on Unix systems connected to the Internet. It is
freely available under the terms of the GNU General Public Licence. In
style it is similar to Smail 3, but its facilities are more
general. There is a great deal of flexibility in the way mail can be
routed, and there are extensive facilities for checking incoming
mail. Exim can be installed in place of sendmail, although the
configuration of exim is quite different to that of sendmail.

--------------------------------------------------------------------------------
Update Information:

This is new exim version fixing CVE-2025-67896.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan 3 2026 Jaroslav ??karvada [jskarvad@redhat.com] - 4.99.1-1
- New version
Resolves: CVE-2025-67896
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2423180 - exim-4.99.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2423180
[ 2 ] Bug #2423183 - CVE-2025-26794 & CWE-122, CWE-787, CWE-843 in Exim 4.99
https://bugzilla.redhat.com/show_bug.cgi?id=2423183
[ 3 ] Bug #2430489 - CVE-2025-67896 exim: Exim: Remote heap corruption vulnerability [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2430489
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-223569b08a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 42 Update: gpsd-3.25-17.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a1552b48c3
2026-01-20 01:37:20.162017+00:00
--------------------------------------------------------------------------------

Name : gpsd
Product : Fedora 42
Version : 3.25
Release : 17.fc42
URL : https://gpsd.gitlab.io/gpsd/index.html
Summary : Service daemon for mediating access to a GPS
Description :
gpsd is a service daemon that mediates access to a GPS sensor
connected to the host computer by serial or USB interface, making its
data on the location/course/velocity of the sensor available to be
queried on TCP port 2947 of the host computer. With gpsd, multiple
GPS client applications (such as navigational and war-driving software)
can share access to a GPS without contention or loss of data. Also,
gpsd responds to queries with a format that is substantially easier to
parse than NMEA 0183.

--------------------------------------------------------------------------------
Update Information:

Security fixes for CVE-2025-67268 and CVE-2025-67269.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 12 2026 Miroslav Lichvar [mlichvar@redhat.com] - 1:3.25-17
- fix buffer overflow in NMEA2000 driver (CVE-2025-67268)
- fix integer underflow in handling of Navcom packets (CVE-2025-67269)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2426827 - CVE-2025-67269 gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2426827
[ 2 ] Bug #2426828 - CVE-2025-67269 gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2426828
[ 3 ] Bug #2426932 - CVE-2025-67268 gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds write in NMEA2000 packet handling [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2426932
[ 4 ] Bug #2426933 - CVE-2025-67268 gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds write in NMEA2000 packet handling [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2426933
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a1552b48c3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: rust-lru-0.16.3-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e153bc6b6a
2026-01-20 01:37:20.161994+00:00
--------------------------------------------------------------------------------

Name : rust-lru
Product : Fedora 42
Version : 0.16.3
Release : 1.fc42
URL : https://crates.io/crates/lru
Summary : LRU cache implementation
Description :
A LRU cache implementation.

--------------------------------------------------------------------------------
Update Information:

Update to version 0.16.3. Includes the fix for RUSTSEC-2026-0002.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jan 11 2026 Fabio Valentini [decathorpe@gmail.com] - 0.16.3-1
- Update to version 0.16.3; Fixes RHBZ#2427568
* Mon Oct 20 2025 Fabio Valentini [decathorpe@gmail.com] - 0.16.2-1
- Update to version 0.16.2; Fixes RHBZ#2403982
* Fri Sep 12 2025 Fabio Valentini [decathorpe@gmail.com] - 0.16.1-1
- Update to version 0.16.1; Fixes RHBZ#2394055
* Wed Aug 13 2025 Fabio Valentini [decathorpe@gmail.com] - 0.16.0-1
- Update to version 0.16.0; Fixes RHBZ#2359224
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.14.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e153bc6b6a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: mysql8.0-8.0.44-4.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f9c97702ca
2026-01-20 01:37:20.161979+00:00
--------------------------------------------------------------------------------

Name : mysql8.0
Product : Fedora 42
Version : 8.0.44
Release : 4.fc42
URL : http://www.mysql.com
Summary : MySQL client programs and shared libraries
Description :
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MySQL client programs and generic MySQL files.

--------------------------------------------------------------------------------
Update Information:

MySQL 8.0.44
Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-44.html
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 25 2025 Michal Schorm [mschorm@redhat.com] - 8.0.44-4
- Bump release for tmpfiles.d fixup
* Thu Nov 20 2025 Michal Schorm [mschorm@redhat.com] - 8.0.44-3
- Bump release for tmpfiles.d fixup
* Mon Nov 3 2025 Nikola Davidova [ndavidov@redhat.com] - 8.0.44-2
- Bump release for tmpfiles.d change
* Thu Oct 30 2025 Pavol Sloboda [psloboda@redhat.com] - 8.0.44-1
- Rebase to MySQL 8.0.44
* Mon Oct 27 2025 Lukas Javorsky [ljavorsk@redhat.com] - 8.0.43-2
- Revert to soft static allocation of MariaDB and MySQL sysusers.d files
* Wed Aug 6 2025 Pavol Sloboda [psloboda@redhat.com] - 8.0.43-1
- Rebase to MySQL 8.0.43
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f9c97702ca' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: mysql8.4-8.4.7-5.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-942d35ff10
2026-01-20 01:37:20.161976+00:00
--------------------------------------------------------------------------------

Name : mysql8.4
Product : Fedora 42
Version : 8.4.7
Release : 5.fc42
URL : http://www.mysql.com
Summary : MySQL client programs and shared libraries
Description :
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MySQL client programs and generic MySQL files.

--------------------------------------------------------------------------------
Update Information:

MySQL 8.4.7
Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.4/en/news-8-4-7.html
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 2 2025 David Abdurachmanov [davidlt@rivosinc.com] - 8.4.7-5
- Disable numactrl and libquadmath on risc-v
- Disable ld.gold on risc-v
- Add list of skipped tests for risc-v
* Fri Nov 21 2025 Michal Schorm [mschorm@redhat.com] - 8.4.7-4
- Bump release for tmpfiles.d fixup
* Thu Nov 20 2025 Michal Schorm [mschorm@redhat.com] - 8.4.7-3
- Bump release for tmpfiles.d fixup
* Mon Nov 3 2025 Nikola Davidova [ndavidov@redhat.com] - 8.4.7-2
- Bump release for tmpfiles.d change
* Thu Oct 30 2025 Pavol Sloboda [psloboda@redhat.com] - 8.4.7-1
- Rebase to 8.4.7
* Mon Oct 27 2025 Lukas Javorsky [ljavorsk@redhat.com] - 8.4.6-4
- Revert to soft static allocation of MariaDB and MySQL sysusers.d files
* Tue Aug 26 2025 Pavol Sloboda [psloboda@redhat.com] - 8.4.6-3
- Bump release for package rebuild
* Wed Aug 6 2025 Franti??ek Zatloukal [fzatlouk@redhat.com] - 8.4.6-2
- Rebuilt for icu 77.1
* Thu Jul 24 2025 Pavol Sloboda [psloboda@redhat.com] - 8.4.6-1
- Rebase to 8.4.6
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2406217 - CVE-2025-53040 CVE-2025-53042 CVE-2025-53044 CVE-2025-53045 CVE-2025-53053 CVE-2025-53054 CVE-2025-53062 CVE-2025-53069 mysql8.4: CPU Oct 2025 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2406217
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-942d35ff10' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 42 Update: python-biopython-1.86-2.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-cd7f4e1676
2026-01-20 01:37:20.161936+00:00
--------------------------------------------------------------------------------

Name : python-biopython
Product : Fedora 42
Version : 1.86
Release : 2.fc42
URL : https://biopython.org/
Summary : Python tools for computational molecular biology
Description :
A set of freely available Python tools for computational molecular
biology.

--------------------------------------------------------------------------------
Update Information:

Initial fix for security bug CVE-2025-68463
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 9 2026 Antonio Trande [sagitter@fedoraproject.org] - 1.86-2
- Fix CVE_2025_68463| Fix_numpy 2.4 compatibility
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2423524 - CVE-2025-68463 python-biopython: python-biopython: Information disclosure via XML External Entity (XXE) vulnerability in Bio.Entrez [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2423524
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-cd7f4e1676' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: exim-4.99.1-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-aab8eaa2e3
2026-01-20 01:37:20.161907+00:00
--------------------------------------------------------------------------------

Name : exim
Product : Fedora 42
Version : 4.99.1
Release : 1.fc42
URL : https://www.exim.org/
Summary : The exim mail transfer agent
Description :
Exim is a message transfer agent (MTA) developed at the University of
Cambridge for use on Unix systems connected to the Internet. It is
freely available under the terms of the GNU General Public Licence. In
style it is similar to Smail 3, but its facilities are more
general. There is a great deal of flexibility in the way mail can be
routed, and there are extensive facilities for checking incoming
mail. Exim can be installed in place of sendmail, although the
configuration of exim is quite different to that of sendmail.

--------------------------------------------------------------------------------
Update Information:

This is new exim version fixing CVE-2025-67896.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan 3 2026 Jaroslav ??karvada [jskarvad@redhat.com] - 4.99.1-1
- New version
Resolves: CVE-2025-67896
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2423180 - exim-4.99.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2423180
[ 2 ] Bug #2423183 - CVE-2025-26794 & CWE-122, CWE-787, CWE-843 in Exim 4.99
https://bugzilla.redhat.com/show_bug.cgi?id=2423183
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-aab8eaa2e3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------