Fedora recently pushed security updates across versions 42, 43, and 44 to patch vulnerabilities affecting both graphics libraries and web server modules. The SDL2_image package jumped to version 2.8.12, which closes a dangerous information disclosure hole linked to CVE-2026-35444. At the same time, the mod_md Apache extension received a patch for CVE-2026-29168 to secure automated certificate provisioning. You can install these corrections right away by using the dnf upgrade tool with the specific advisory codes listed in each notice.

Fedora 42 Update: SDL2_image-2.8.12-1.fc42
Fedora 43 Update: mod_md-2.6.11-2.fc43
Fedora 43 Update: SDL2_image-2.8.12-1.fc43
Fedora 44 Update: mod_md-2.6.11-2.fc44

[SECURITY] Fedora 42 Update: SDL2_image-2.8.12-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8ac58f5cf3
2026-05-19 01:43:16.573492+00:00
--------------------------------------------------------------------------------

Name : SDL2_image
Product : Fedora 42
Version : 2.8.12
Release : 1.fc42
URL : https://github.com/libsdl-org/SDL_image
Summary : Image loading library for SDL
Description :
Simple DirectMedia Layer (SDL) is a cross-platform multimedia library
designed to provide fast access to the graphics frame buffer and audio
device. This package contains a simple library for loading images of
various formats (BMP, PPM, PCX, GIF, JPEG, PNG) as SDL surfaces.

--------------------------------------------------------------------------------
Update Information:

Update to bugfix release 2.8.12.
--------------------------------------------------------------------------------
ChangeLog:

* Sun May 10 2026 Simone Caronni [negativo17@gmail.com] - 2.8.12-1
- Update to 2.8.12
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.8.8-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.8.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.8.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2455888 - CVE-2026-35444 SDL2_image: SDL_image: Information disclosure via crafted XCF files [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2455888
[ 2 ] Bug #2455889 - CVE-2026-35444 SDL2_image: SDL_image: Information disclosure via crafted XCF files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2455889
[ 3 ] Bug #2456290 - SDL2_image-2.8.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2456290
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8ac58f5cf3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: mod_md-2.6.11-2.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-707b7050da
2026-05-19 01:33:21.199281+00:00
--------------------------------------------------------------------------------

Name : mod_md
Product : Fedora 43
Version : 2.6.11
Release : 2.fc43
URL : https://icing.github.io/mod_md/
Summary : Certificate provisioning using ACME for the Apache HTTP Server
Description :
This module manages common properties of domains for one or more
virtual hosts. Specifically it can use the ACME protocol to automate
certificate provisioning. Certificates will be configured for managed
domains and their virtual hosts automatically, including at renewal.

--------------------------------------------------------------------------------
Update Information:

CVE-2026-29168 fix
--------------------------------------------------------------------------------
ChangeLog:

* Sun May 10 2026 Lubo?? Uhliarik [luhliari@redhat.com] - 1:2.6.11-2
- CVE-2026-29168 fix
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-707b7050da' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 43 Update: SDL2_image-2.8.12-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f1f87b465a
2026-05-19 01:33:21.199267+00:00
--------------------------------------------------------------------------------

Name : SDL2_image
Product : Fedora 43
Version : 2.8.12
Release : 1.fc43
URL : https://github.com/libsdl-org/SDL_image
Summary : Image loading library for SDL
Description :
Simple DirectMedia Layer (SDL) is a cross-platform multimedia library
designed to provide fast access to the graphics frame buffer and audio
device. This package contains a simple library for loading images of
various formats (BMP, PPM, PCX, GIF, JPEG, PNG) as SDL surfaces.

--------------------------------------------------------------------------------
Update Information:

Update to bugfix release 2.8.12.
--------------------------------------------------------------------------------
ChangeLog:

* Sun May 10 2026 Simone Caronni [negativo17@gmail.com] - 2.8.12-1
- Update to 2.8.12
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.8.8-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.8.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2455888 - CVE-2026-35444 SDL2_image: SDL_image: Information disclosure via crafted XCF files [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2455888
[ 2 ] Bug #2455889 - CVE-2026-35444 SDL2_image: SDL_image: Information disclosure via crafted XCF files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2455889
[ 3 ] Bug #2456290 - SDL2_image-2.8.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2456290
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f1f87b465a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: mod_md-2.6.11-2.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c9b72de46a
2026-05-19 01:07:08.579602+00:00
--------------------------------------------------------------------------------

Name : mod_md
Product : Fedora 44
Version : 2.6.11
Release : 2.fc44
URL : https://icing.github.io/mod_md/
Summary : Certificate provisioning using ACME for the Apache HTTP Server
Description :
This module manages common properties of domains for one or more
virtual hosts. Specifically it can use the ACME protocol to automate
certificate provisioning. Certificates will be configured for managed
domains and their virtual hosts automatically, including at renewal.

--------------------------------------------------------------------------------
Update Information:

CVE-2026-29168 fix
--------------------------------------------------------------------------------
ChangeLog:

* Sun May 10 2026 Lubo?? Uhliarik [luhliari@redhat.com] - 1:2.6.11-2
- CVE-2026-29168 fix
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c9b72de46a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------