Fedora users need to install several critical security patches rolling out for versions 42 through 44 of the Linux distribution this week. Among the most affected applications is the vim editor, which received a major update that resolves numerous vulnerabilities including arbitrary code execution risks. Smaller dependencies such as libtasn1 and kiss-fft also have new releases available to patch dangerous integer overflow flaws found in older builds. Installation requires running a simple command in your terminal environment to apply the fixes.

Fedora 42 Update: vim-9.2.148-1.fc42
Fedora 42 Update: kiss-fft-131.2.0-1.fc42
Fedora 43 Update: libtasn1-4.21.0-1.fc43
Fedora 43 Update: kiss-fft-131.2.0-1.fc43
Fedora 44 Update: mac-12.50-1.fc44
Fedora 44 Update: aqualung-2.0-6.fc44
Fedora 44 Update: kiss-fft-131.2.0-1.fc44

[SECURITY] Fedora 42 Update: vim-9.2.148-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1885157e34
2026-03-19 01:09:25.302292+00:00
--------------------------------------------------------------------------------

Name : vim
Product : Fedora 42
Version : 9.2.148
Release : 1.fc42
URL : https://www.vim.org/
Summary : The VIM editor
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor. Vi was the first real screen-based editor for UNIX, and is
still very popular. VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.

--------------------------------------------------------------------------------
Update Information:

patchlevel 148
Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419,
CVE-2026-28420, CVE-2026-28421, CVE-2026-28422
Security fix for CVE-2026-32249
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 13 2026 Zdenek Dohnal [zdohnal@redhat.com] - 2:9.2.148-1
- patchlevel 148
* Fri Mar 6 2026 Zdenek Dohnal [zdohnal@redhat.com] - 2:9.2.112-2
- fix tests which expect mouse=a
* Fri Mar 6 2026 Zdenek Dohnal [zdohnal@redhat.com] - 2:9.2.112-1
- patchlevel 112
* Thu Feb 26 2026 Zdenek Dohnal [zdohnal@redhat.com] - 2:9.2.045-2
- rebuilt
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2443455 - CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin
https://bugzilla.redhat.com/show_bug.cgi?id=2443455
[ 2 ] Bug #2443474 - CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted swap file
https://bugzilla.redhat.com/show_bug.cgi?id=2443474
[ 3 ] Bug #2443475 - CVE-2026-28422 vim: Vim: Integrity impact due to stack-buffer-overflow via wide terminal statusline rendering
https://bugzilla.redhat.com/show_bug.cgi?id=2443475
[ 4 ] Bug #2443481 - CVE-2026-28418 vim: Vim: Information disclosure via heap-based buffer overflow in Emacs-style tags file parsing
https://bugzilla.redhat.com/show_bug.cgi?id=2443481
[ 5 ] Bug #2443482 - CVE-2026-28419 vim: Vim: Information disclosure and denial of service via malformed tags file
https://bugzilla.redhat.com/show_bug.cgi?id=2443482
[ 6 ] Bug #2443484 - CVE-2026-28420 vim: Vim: Information disclosure and denial of service via crafted Unicode characters in terminal emulator
https://bugzilla.redhat.com/show_bug.cgi?id=2443484
[ 7 ] Bug #2447110 - CVE-2026-32249 vim: NFA regex engine NULL pointer dereference
https://bugzilla.redhat.com/show_bug.cgi?id=2447110
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1885157e34' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: kiss-fft-131.2.0-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-aeb63d9dfb
2026-03-19 01:09:25.302209+00:00
--------------------------------------------------------------------------------

Name : kiss-fft
Product : Fedora 42
Version : 131.2.0
Release : 1.fc42
URL : https://github.com/mborgerding/kissfft
Summary : A Fast Fourier Transform (FFT) library that tries to Keep it Simple, Stupid
Description :
KISS FFT - A mixed-radix Fast Fourier Transform based on the
principle, "Keep It Simple, Stupid."

There are many great fft libraries already around. Kiss FFT is
not trying to be better than any of them. It only attempts to be
a reasonably efficient, moderately useful FFT that can use fixed
or floating data types and can be incorporated into someone's C
program in a few minutes with trivial licensing.

--------------------------------------------------------------------------------
Update Information:

Update to 131.2.0
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 9 2026 Guido Aulisi [guido.aulisi@inps.it] - 131.2.0-1
- Update to 131.2.0
- Fix for CVE-2025-34297
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 131.1.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 131.1.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2405958 - kiss-fft-131.2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2405958
[ 2 ] Bug #2418142 - CVE-2025-34297 kiss-fft: KissFFT Integer Overflow Heap Buffer Overflow via kiss_fft_alloc [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2418142
[ 3 ] Bug #2418145 - CVE-2025-34297 kiss-fft: KissFFT Integer Overflow Heap Buffer Overflow via kiss_fft_alloc [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2418145
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-aeb63d9dfb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: libtasn1-4.21.0-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-4450956be5
2026-03-19 00:52:58.576835+00:00
--------------------------------------------------------------------------------

Name : libtasn1
Product : Fedora 43
Version : 4.21.0
Release : 1.fc43
URL : https://www.gnu.org/software/libtasn1/
Summary : The ASN.1 library used in GNUTLS
Description :
A library that provides Abstract Syntax Notation One (ASN.1, as specified
by the X.680 ITU-T recommendation) parsing and structures management, and
Distinguished Encoding Rules (DER, as per X.690) encoding and decoding functions.

--------------------------------------------------------------------------------
Update Information:

Update to 4.21.0; fixes CVE-2025-13151
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 16 2026 Alexander Sosedkin [asosedkin@redhat.com] - 4.21.0-1
- Update to 4.21.0; fixes CVE-2025-13151
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-4450956be5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: kiss-fft-131.2.0-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-291357abab
2026-03-19 00:52:58.576727+00:00
--------------------------------------------------------------------------------

Name : kiss-fft
Product : Fedora 43
Version : 131.2.0
Release : 1.fc43
URL : https://github.com/mborgerding/kissfft
Summary : A Fast Fourier Transform (FFT) library that tries to Keep it Simple, Stupid
Description :
KISS FFT - A mixed-radix Fast Fourier Transform based on the
principle, "Keep It Simple, Stupid."

There are many great fft libraries already around. Kiss FFT is
not trying to be better than any of them. It only attempts to be
a reasonably efficient, moderately useful FFT that can use fixed
or floating data types and can be incorporated into someone's C
program in a few minutes with trivial licensing.

--------------------------------------------------------------------------------
Update Information:

Update to 131.2.0
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 9 2026 Guido Aulisi [guido.aulisi@inps.it] - 131.2.0-1
- Update to 131.2.0
- Fix for CVE-2025-34297
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 131.1.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2405958 - kiss-fft-131.2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2405958
[ 2 ] Bug #2418142 - CVE-2025-34297 kiss-fft: KissFFT Integer Overflow Heap Buffer Overflow via kiss_fft_alloc [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2418142
[ 3 ] Bug #2418145 - CVE-2025-34297 kiss-fft: KissFFT Integer Overflow Heap Buffer Overflow via kiss_fft_alloc [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2418145
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-291357abab' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: mac-12.50-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-62f9125c65
2026-03-19 00:15:36.606391+00:00
--------------------------------------------------------------------------------

Name : mac
Product : Fedora 44
Version : 12.50
Release : 1.fc44
URL : https://monkeysaudio.com
Summary : Monkey's Audio Codec
Description :
Monkey's Audio is a fast and easy way to compress digital music. Unlike
traditional methods such as mp3, ogg, or lqt that permanently discard
quality to save space, Monkey's Audio only makes perfect, bit-for-bit
copies of your music. That means it always sounds perfect ??? exactly the
same as the original. Even though the sound is perfect, it still saves a
lot of space.

--------------------------------------------------------------------------------
Update Information:

Latest Monkey's Audio Codec release. Changelog:
https://monkeysaudio.com/versionhistory.html .
Fixes CVE-2025-61043.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 10 2026 Dominik 'Rathann' Mierzejewski [dominik@greysector.net] - 12.50-1
- Updated to 12.50 (resolves rhbz#2363650)
* Tue Feb 24 2026 Dominik 'Rathann' Mierzejewski [dominik@greysector.net] - 12.35-3
- assume platform is Linux in headers if unspecified
* Mon Feb 23 2026 Dominik 'Rathann' Mierzejewski [dominik@greysector.net] - 12.35-2
- bump minimum CMake version (resolves rhbz#2380887)
* Mon Feb 23 2026 Dominik 'Rathann' Mierzejewski [dominik@greysector.net] - 12.35-1
- update to 12.35 (resolves rhbz#2363650)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2363650 - mac-12.50 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2363650
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-62f9125c65' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: aqualung-2.0-6.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-62f9125c65
2026-03-19 00:15:36.606391+00:00
--------------------------------------------------------------------------------

Name : aqualung
Product : Fedora 44
Version : 2.0
Release : 6.fc44
URL : https://aqualung.jeremyevans.net
Summary : Music Player for GNU/Linux
Description :
Aqualung is an advanced music player originally targeted at the GNU/Linux
operating system. It plays audio CDs, internet radio streams and pod casts as
well as sound files in just about any audio format and has the feature of
inserting no gaps between adjacent tracks.

--------------------------------------------------------------------------------
Update Information:

Latest Monkey's Audio Codec release. Changelog:
https://monkeysaudio.com/versionhistory.html .
Fixes CVE-2025-61043.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 24 2026 Dominik Mierzejewski [dominik@greysector.net] - 2.0-6
- rebuilt for mac 12.35
* Tue Feb 17 2026 Tom Callaway [spot@fedoraproject.org] - 2.0-5
- rebuild for lua 5.5
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2363650 - mac-12.50 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2363650
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-62f9125c65' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: kiss-fft-131.2.0-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ecc754cb95
2026-03-19 00:15:36.606251+00:00
--------------------------------------------------------------------------------

Name : kiss-fft
Product : Fedora 44
Version : 131.2.0
Release : 1.fc44
URL : https://github.com/mborgerding/kissfft
Summary : A Fast Fourier Transform (FFT) library that tries to Keep it Simple, Stupid
Description :
KISS FFT - A mixed-radix Fast Fourier Transform based on the
principle, "Keep It Simple, Stupid."

There are many great fft libraries already around. Kiss FFT is
not trying to be better than any of them. It only attempts to be
a reasonably efficient, moderately useful FFT that can use fixed
or floating data types and can be incorporated into someone's C
program in a few minutes with trivial licensing.

--------------------------------------------------------------------------------
Update Information:

Update to 131.2.0
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 9 2026 Guido Aulisi [guido.aulisi@inps.it] - 131.2.0-1
- Update to 131.2.0
- Fix for CVE-2025-34297
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2405958 - kiss-fft-131.2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2405958
[ 2 ] Bug #2418142 - CVE-2025-34297 kiss-fft: KissFFT Integer Overflow Heap Buffer Overflow via kiss_fft_alloc [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2418142
[ 3 ] Bug #2418145 - CVE-2025-34297 kiss-fft: KissFFT Integer Overflow Heap Buffer Overflow via kiss_fft_alloc [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2418145
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ecc754cb95' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new