TigerVNC, FFmpeg, Prometheus, Erlang, Python, VIPS, and ThorVG updates for Fedora

Fedora Linux 9394 Published by

Fedora 43 and 44 have released a batch of security advisories that patch critical vulnerabilities across several widely used software packages. TigerVNC requires immediate attention since this update addresses eleven separate CVEs while FFmpeg gets upgraded to version 8.1.2 to close a denial of service gap. Administrators should also deploy the latest ThorVG and VIPS releases to stop untrusted SVG processing flaws and heap buffer overflows from compromising system stability. The notification also covers essential patches for Prometheus memory leaks, Erlang SFTP disclosure risks, and important XML handling corrections in the newest Python 3.14 release.

Fedora 44 Update: tigervnc-1.16.2-4.fc44
Fedora 44 Update: ffmpeg-8.1.2-1.fc44
Fedora 44 Update: thorvg-1.0.6-1.fc44
Fedora 44 Update: prometheus-3.12.0-1.fc44
Fedora 44 Update: erlang-26.2.5.21-3.fc44
Fedora 44 Update: python-scrapy-2.14.2-1.fc44
Fedora 44 Update: vips-8.18.3-2.fc44
Fedora 44 Update: python3-docs-3.14.6-1.fc44
Fedora 44 Update: python3.14-3.14.6-1.fc44
Fedora 43 Update: thorvg-1.0.6-1.fc43
Fedora 43 Update: prometheus-3.12.0-1.fc43
Fedora 43 Update: vips-8.18.3-2.fc43
Fedora 43 Update: python-scrapy-2.13.4-1.fc43
Fedora 43 Update: erlang-26.2.5.21-3.fc43



[SECURITY] Fedora 44 Update: tigervnc-1.16.2-4.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e7c97d043e
2026-06-23 01:06:46.785068+00:00
--------------------------------------------------------------------------------

Name : tigervnc
Product : Fedora 44
Version : 1.16.2
Release : 4.fc44
URL : https://www.tigervnc.com
Summary : A TigerVNC remote display system
Description :
Virtual Network Computing (VNC) is a remote display system which
allows you to view a computing 'desktop' environment not only on the
machine where it is running, but from anywhere on the Internet and
from a wide variety of machine architectures. This package contains a
client which will allow you to connect to other desktops running a VNC
server.

--------------------------------------------------------------------------------
Update Information:

Fixes CVE-2026-50256 CVE-2026-50257 CVE-2026-50258 CVE-2026-50259 CVE-2026-50260
CVE-2026-50261 CVE-2026-50262 CVE-2026-50263 CVE-2026-50264.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 18 2026 Jan Grulich [jgrulich@redhat.com] - 1.16.2-4
- Rebuild (xorg-x11-server)
Fixes CVE-2026-50256 CVE-2026-50257 CVE-2026-50258 CVE-2026-50259
CVE-2026-50260 CVE-2026-50261 CVE-2026-50262 CVE-2026-50263
CVE-2026-50264
* Fri Jun 12 2026 Yaakov Selkowitz [yselkowi@redhat.com] - 1.16.2-3
- Rebuilt for openssl 4.0
* Thu Apr 16 2026 Jan Grulich [jgrulich@redhat.com] - 1.16.2-2
- Fixes CVEs: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001,
CVE-2026-34002, CVE-2026-34003
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2476414 - CVE-2026-34002 tigervnc: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2476414
[ 2 ] Bug #2476956 - CVE-2026-33999 tigervnc: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2476956
[ 3 ] Bug #2476958 - CVE-2026-34001 tigervnc: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2476958
[ 4 ] Bug #2476965 - CVE-2026-34003 tigervnc: X.Org X server: Information exposure and denial of service via out-of-bounds memory access [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2476965
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e7c97d043e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: ffmpeg-8.1.2-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bc8f441ba4
2026-06-23 01:06:46.785073+00:00
--------------------------------------------------------------------------------

Name : ffmpeg
Product : Fedora 44
Version : 8.1.2
Release : 1.fc44
URL : https://ffmpeg.org/
Summary : A complete solution to record, convert and stream audio and video
Description :
FFmpeg is a leading multimedia framework, able to decode, encode, transcode,
mux, demux, stream, filter and play pretty much anything that humans and
machines have created. It supports the most obscure ancient formats up to the
cutting edge. No matter if they were designed by some standards committee, the
community or a corporation.

This build of ffmpeg is limited in the number of codecs supported.

--------------------------------------------------------------------------------
Update Information:

The latest stable FFmpeg release from the 8.1 release branch.
https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/n8.1.2:/Changelog
Fixes CVE-2026-30999 .
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 17 2026 Dominik Mierzejewski [dominik@greysector.net] - 8.1.2-1
- Updated to 8.1.2 (resolves rhbz#2489751)
* Thu May 21 2026 Dominik Mierzejewski [dominik@greysector.net] - 8.1.1-2
- Add Conflicts to prevent installation of mismatched -free and -freeworld
builds
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2457971 - CVE-2026-30999 ffmpeg: FFmpeg: Denial of Service via heap buffer overflow in av_bprint_finalize() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457971
[ 2 ] Bug #2489751 - ffmpeg-8.1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2489751
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bc8f441ba4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: thorvg-1.0.6-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3d1fcd4ffc
2026-06-23 01:06:46.785055+00:00
--------------------------------------------------------------------------------

Name : thorvg
Product : Fedora 44
Version : 1.0.6
Release : 1.fc44
URL : https://www.thorvg.org/
Summary : Lightweight vector-based scenes and animation drawing library
Description :
ThorVG is an open-source graphics library designed for creating vector-based
scenes and animations. It combines immense power with remarkable lightweight
efficiency, as Thor embodies a dual meaning???symbolizing both thunderous
strength and lightning-fast agility. Embracing the philosophy of simpler is
better, the ThorVG project provides intuitive, user-friendly interfaces while
maintaining a compact footprint and minimal overhead.

The following list shows primitives that are supported by ThorVG:
- Lines & Shapes: rectangles, circles, and paths with coordinate control
- Filling: solid colors, linear & radial gradients, and path clipping
- Stroking: stroke width, joins, caps, dash patterns, and trimming
- Scene Management: retainable scene graph and object transformations
- Composition: various blending and masking
- Text: unicode characters with horizontal text layout using scalable fonts (TTF)
- Images: SVG, JPG, PNG, WebP, and raw bitmaps
- Effects: blur, drop shadow, fill, tint, tritone and color replacement
- Animations: Lottie

--------------------------------------------------------------------------------
Update Information:

Update to 1.0.6
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 14 2026 Benson Muite [fed500@fedoraproject.org] - 1.0.6-1
- Update to 1.0.6
* Sat Feb 14 2026 Benson Muite [fed500@fedoraproject.org] - 1.0.1-1
- Update to 1.0.1 rhbz#2433764
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.15.16-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2483802 - CVE-2026-45729 thorvg: ThorVG: Denial of Service via untrusted SVG data processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483802
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3d1fcd4ffc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 44 Update: prometheus-3.12.0-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ebaf2bfd71
2026-06-23 01:06:46.785053+00:00
--------------------------------------------------------------------------------

Name : prometheus
Product : Fedora 44
Version : 3.12.0
Release : 1.fc44
URL : https://github.com/prometheus/prometheus
Summary : Prometheus monitoring system and time series database
Description :
The Prometheus monitoring system and time series database.

--------------------------------------------------------------------------------
Update Information:

Update to 3.12.0
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 12 2026 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 3.12.0-1
- Update to 3.12.0 - Closes rhbz#2482792
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2481306 - CVE-2026-42154 prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481306
[ 2 ] Bug #2481308 - CVE-2026-42151 prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481308
[ 3 ] Bug #2486235 - CVE-2026-45287 prometheus: OpenTelemetry-Go: Denial of Service due to file descriptor leak [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486235
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ebaf2bfd71' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: erlang-26.2.5.21-3.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ef630b13b0
2026-06-23 01:06:46.785029+00:00
--------------------------------------------------------------------------------

Name : erlang
Product : Fedora 44
Version : 26.2.5.21
Release : 3.fc44
URL : https://www.erlang.org
Summary : General-purpose programming language and runtime environment
Description :
Erlang is a general-purpose programming language and runtime
environment. Erlang has built-in support for concurrency, distribution
and fault tolerance. Erlang is used in several large telecommunication
systems from Ericsson.

--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2026-48855
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jun 13 2026 Peter Lemenkov [lemenkov@gmail.com] - 26.2.5.21-3
- Backport fix for CVE-2026-48855
* Tue Jun 2 2026 Peter Lemenkov [lemenkov@gmail.com] - 26.2.5.21-2
- Ditch outdated src subpackage
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2488319 - CVE-2026-48855 erlang: Erlang OTP ssh: Information disclosure via symlink resolution in SFTP [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488319
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ef630b13b0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: python-scrapy-2.14.2-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bdf3581452
2026-06-23 01:06:46.785036+00:00
--------------------------------------------------------------------------------

Name : python-scrapy
Product : Fedora 44
Version : 2.14.2
Release : 1.fc44
URL : https://scrapy.org
Summary : A high-level Python Screen Scraping framework
Description :
Scrapy is a fast high-level screen scraping and web crawling
framework, used to crawl websites and extract structured data
from their pages. It can be used for a wide range of purposes,
from data mining to monitoring and automated testing.

--------------------------------------------------------------------------------
Update Information:

updated to latest version for F43 and F44
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jun 13 2026 Filipe Rosset [filiperosset@fedoraproject.org] - 2.14.2-1
- Updated to latest 2.14.x series for F44
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2411735 - CVE-2025-6176 python-scrapy: Brotli decompression bomb DoS in scrapy/scrapy [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2411735
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bdf3581452' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: vips-8.18.3-2.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b9f00ad1b7
2026-06-23 01:06:46.785031+00:00
--------------------------------------------------------------------------------

Name : vips
Product : Fedora 44
Version : 8.18.3
Release : 2.fc44
URL : https://www.libvips.org/
Summary : C/C++ library for processing large images
Description :
VIPS is an image processing library. It is good for very large images
(even larger than the amount of RAM in your machine), and for working
with color.

This package should be installed if you want to use a program compiled
against VIPS.

--------------------------------------------------------------------------------
Update Information:

update to v8.18.3
enable uhdr
fix several security issues
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jun 13 2026 Adam Goode [adam@spicenitz.org] - 8.18.3-2
- Upload vips v8.18.3 sources
* Sat Jun 13 2026 Kleis Auke Wolthuizen [fedora@kleisauke.nl] - 8.18.3-1
- Update to 8.18.3
- Drop patches merged upstream
- Build against libultrahdr (rhbz#2427101)
* Sun May 31 2026 Richard Shaw [hobbes1069@gmail.com] - 8.18.0-8
- Rebuild for OpenColorIO 2.5.2.
* Mon May 25 2026 Richard Shaw [hobbes1069@gmail.com] - 8.18.0-7
- Rebuild for OpenEXR 3.4.12.
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2442677 - CVE-2026-3146 vips: libvips: Local denial of service due to null pointer dereference [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2442677
[ 2 ] Bug #2442681 - CVE-2026-3145 vips: libvips: Memory corruption via local manipulation [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2442681
[ 3 ] Bug #2442683 - CVE-2026-3147 vips: libvips: Heap-based buffer overflow [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2442683
[ 4 ] Bug #2443335 - CVE-2026-3282 vips: libvips unpremultiply.c vips_unpremultiply_build out-of-bounds [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2443335
[ 5 ] Bug #2443339 - CVE-2026-3284 vips: libvips extract.c vips_extract_area_build integer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2443339
[ 6 ] Bug #2443343 - CVE-2026-3283 vips: libvips extract.c vips_extract_band_build out-of-bounds [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2443343
[ 7 ] Bug #2443344 - CVE-2026-3281 vips: libvips bandrank.c vips_bandrank_build heap-based overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2443344
[ 8 ] Bug #2448617 - vips-8.18.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448617
[ 9 ] Bug #2459221 - CVE-2026-6491 vips: heap-based buffer over-read in im_minpos_vec() in libvips/deprecated/vips7compat.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2459221
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b9f00ad1b7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: python3-docs-3.14.6-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a2c583a4ab
2026-06-23 01:06:46.784974+00:00
--------------------------------------------------------------------------------

Name : python3-docs
Product : Fedora 44
Version : 3.14.6
Release : 1.fc44
URL : https://www.python.org/
Summary : Documentation for the Python 3 programming language
Description :
The python3-docs package contains documentation on the Python 3
programming language and interpreter.

--------------------------------------------------------------------------------
Update Information:

New Python release including bugfixes and security fixes.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 11 2026 Karolina Surma [ksurma@redhat.com] - 3.14.6-1
- Update to Python 3.14.6
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2484199 - CVE-2026-7210 python3.14: Python/Expat: Denial of Service via crafted XML document [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484199
[ 2 ] Bug #2484550 - CVE-2026-3276 python3.14: Python unicodedata: Denial of Service due to excessive CPU consumption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484550
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a2c583a4ab' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: python3.14-3.14.6-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a2c583a4ab
2026-06-23 01:06:46.784974+00:00
--------------------------------------------------------------------------------

Name : python3.14
Product : Fedora 44
Version : 3.14.6
Release : 1.fc44
URL : https://www.python.org/
Summary : Version 3.14 of the Python interpreter
Description :
Python 3.14 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

--------------------------------------------------------------------------------
Update Information:

New Python release including bugfixes and security fixes.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 11 2026 Karolina Surma [ksurma@redhat.com] - 3.14.6-1
- Update to Python 3.14.6
* Wed Jun 3 2026 Python Maint - 3.14.5-2
- Rebuilt as non-main Python on Fedora 45+
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2484199 - CVE-2026-7210 python3.14: Python/Expat: Denial of Service via crafted XML document [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484199
[ 2 ] Bug #2484550 - CVE-2026-3276 python3.14: Python unicodedata: Denial of Service due to excessive CPU consumption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484550
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a2c583a4ab' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: thorvg-1.0.6-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2641c0a950
2026-06-23 00:52:30.610769+00:00
--------------------------------------------------------------------------------

Name : thorvg
Product : Fedora 43
Version : 1.0.6
Release : 1.fc43
URL : https://www.thorvg.org/
Summary : Lightweight vector-based scenes and animation drawing library
Description :
ThorVG is an open-source graphics library designed for creating vector-based
scenes and animations. It combines immense power with remarkable lightweight
efficiency, as Thor embodies a dual meaning???symbolizing both thunderous
strength and lightning-fast agility. Embracing the philosophy of simpler is
better, the ThorVG project provides intuitive, user-friendly interfaces while
maintaining a compact footprint and minimal overhead.

The following list shows primitives that are supported by ThorVG:
- Lines & Shapes: rectangles, circles, and paths with coordinate control
- Filling: solid colors, linear & radial gradients, and path clipping
- Stroking: stroke width, joins, caps, dash patterns, and trimming
- Scene Management: retainable scene graph and object transformations
- Composition: various blending and masking
- Text: unicode characters with horizontal text layout using scalable fonts (TTF)
- Images: SVG, JPG, PNG, WebP, and raw bitmaps
- Effects: blur, drop shadow, fill, tint, tritone and color replacement
- Animations: Lottie

--------------------------------------------------------------------------------
Update Information:

Update to 1.0.6
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 14 2026 Benson Muite [fed500@fedoraproject.org] - 1.0.6-1
- Update to 1.0.6
* Sat Feb 14 2026 Benson Muite [fed500@fedoraproject.org] - 1.0.1-1
- Update to 1.0.1 rhbz#2433764
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.15.16-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Oct 24 2025 Benson Muite [fed500@fedoraproject.org] - 0.15.16-1
- Update to 0.15.16
* Mon Sep 1 2025 Benson Muite [fed500@fedoraproject.org] - 0.15.14-1
- Update to 0.15.14
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2483802 - CVE-2026-45729 thorvg: ThorVG: Denial of Service via untrusted SVG data processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483802
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2641c0a950' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: prometheus-3.12.0-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dfc0e362e6
2026-06-23 00:52:30.610767+00:00
--------------------------------------------------------------------------------

Name : prometheus
Product : Fedora 43
Version : 3.12.0
Release : 1.fc43
URL : https://github.com/prometheus/prometheus
Summary : Prometheus monitoring system and time series database
Description :
The Prometheus monitoring system and time series database.

--------------------------------------------------------------------------------
Update Information:

Update to 3.12.0
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 12 2026 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 3.12.0-1
- Update to 3.12.0 - Closes rhbz#2482792
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2481306 - CVE-2026-42154 prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481306
[ 2 ] Bug #2481308 - CVE-2026-42151 prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481308
[ 3 ] Bug #2486235 - CVE-2026-45287 prometheus: OpenTelemetry-Go: Denial of Service due to file descriptor leak [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486235
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dfc0e362e6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: vips-8.18.3-2.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3b2ddea116
2026-06-23 00:52:30.610743+00:00
--------------------------------------------------------------------------------

Name : vips
Product : Fedora 43
Version : 8.18.3
Release : 2.fc43
URL : https://www.libvips.org/
Summary : C/C++ library for processing large images
Description :
VIPS is an image processing library. It is good for very large images
(even larger than the amount of RAM in your machine), and for working
with color.

This package should be installed if you want to use a program compiled
against VIPS.

--------------------------------------------------------------------------------
Update Information:

update to v8.18.3
enable uhdr
fix several security issues
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jun 13 2026 Adam Goode [adam@spicenitz.org] - 8.18.3-2
- Upload vips v8.18.3 sources
* Sat Jun 13 2026 Kleis Auke Wolthuizen [fedora@kleisauke.nl] - 8.18.3-1
- Update to 8.18.3
- Drop patches merged upstream
- Build against libultrahdr (rhbz#2427101)
* Sun May 31 2026 Richard Shaw [hobbes1069@gmail.com] - 8.18.0-8
- Rebuild for OpenColorIO 2.5.2.
* Mon May 25 2026 Richard Shaw [hobbes1069@gmail.com] - 8.18.0-7
- Rebuild for OpenEXR 3.4.12.
* Wed Apr 8 2026 Gwyn Ciesla [gwync@protonmail.com] - 8.18.0-6
- Libraw rebuild
* Mon Feb 16 2026 Gwyn Ciesla [gwync@protonmail.com] - 8.18.0-5
- LibRaw rebuild
* Tue Jan 20 2026 Mamoru TASAKA [mtasaka@fedoraproject.org] - 8.18.0-4
- Fix build with glibc 2.43 which supports C23
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 8.18.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Sat Dec 20 2025 Kleis Auke Wolthuizen [fedora@kleisauke.nl] - 8.18.0-2
- Backport upstream patch to fix thumbnail generation on s390x
* Wed Dec 17 2025 Kleis Auke Wolthuizen [fedora@kleisauke.nl] - 8.18.0-1
- Update to 8.18.0
- Resolves: rhbz#2423186
- Build against LibRaw
- Switch from spng to libpng (preferred upstream)
- Disable new uhdr feature (lack of libuhdr)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2442677 - CVE-2026-3146 vips: libvips: Local denial of service due to null pointer dereference [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2442677
[ 2 ] Bug #2442681 - CVE-2026-3145 vips: libvips: Memory corruption via local manipulation [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2442681
[ 3 ] Bug #2442683 - CVE-2026-3147 vips: libvips: Heap-based buffer overflow [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2442683
[ 4 ] Bug #2443335 - CVE-2026-3282 vips: libvips unpremultiply.c vips_unpremultiply_build out-of-bounds [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2443335
[ 5 ] Bug #2443339 - CVE-2026-3284 vips: libvips extract.c vips_extract_area_build integer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2443339
[ 6 ] Bug #2443343 - CVE-2026-3283 vips: libvips extract.c vips_extract_band_build out-of-bounds [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2443343
[ 7 ] Bug #2443344 - CVE-2026-3281 vips: libvips bandrank.c vips_bandrank_build heap-based overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2443344
[ 8 ] Bug #2448617 - vips-8.18.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448617
[ 9 ] Bug #2459221 - CVE-2026-6491 vips: heap-based buffer over-read in im_minpos_vec() in libvips/deprecated/vips7compat.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2459221
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3b2ddea116' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: python-scrapy-2.13.4-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9a7f59fa7c
2026-06-23 00:52:30.610748+00:00
--------------------------------------------------------------------------------

Name : python-scrapy
Product : Fedora 43
Version : 2.13.4
Release : 1.fc43
URL : https://scrapy.org
Summary : A high-level Python Screen Scraping framework
Description :
Scrapy is a fast high-level screen scraping and web crawling
framework, used to crawl websites and extract structured data
from their pages. It can be used for a wide range of purposes,
from data mining to monitoring and automated testing.

--------------------------------------------------------------------------------
Update Information:

updated to latest version for F43 and F44
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jun 13 2026 Filipe Rosset [filiperosset@fedoraproject.org] - 2.13.4-1
- Updated to latest 2.13.x series for F43
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2411735 - CVE-2025-6176 python-scrapy: Brotli decompression bomb DoS in scrapy/scrapy [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2411735
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9a7f59fa7c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: erlang-26.2.5.21-3.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e692d95607
2026-06-23 00:52:30.610741+00:00
--------------------------------------------------------------------------------

Name : erlang
Product : Fedora 43
Version : 26.2.5.21
Release : 3.fc43
URL : https://www.erlang.org
Summary : General-purpose programming language and runtime environment
Description :
Erlang is a general-purpose programming language and runtime
environment. Erlang has built-in support for concurrency, distribution
and fault tolerance. Erlang is used in several large telecommunication
systems from Ericsson.

--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2026-48855
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jun 13 2026 Peter Lemenkov [lemenkov@gmail.com] - 26.2.5.21-3
- Backport fix for CVE-2026-48855
* Tue Jun 2 2026 Peter Lemenkov [lemenkov@gmail.com] - 26.2.5.21-2
- Ditch outdated src subpackage
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2488319 - CVE-2026-48855 erlang: Erlang OTP ssh: Information disclosure via symlink resolution in SFTP [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488319
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e692d95607' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new


FFmpeg update for Debian

PostgreSQL, .NET, Samba, and more updates for RHEL

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...