Fedora Security Advisories

FEDORA-2026-6c1a1c78c1 Packages in this update:

• nix-2.31.4-1.fc43

Update description:

• update to 2.31.4
• fixes nix-daemon critical GHSA-g3g9-5vj6-r3gj (CVE-2026-39860):
• https://github.com/NixOS/nix/security/advisories/GHSA-g3g9-5vj6-r3gj

FEDORA-2026-db2b4e5b64 Packages in this update:

• thunderbird-149.0.1-2.fc42

Update description:

Update to latest upstream version.

FEDORA-2026-8463c31b61 Packages in this update:

• thunderbird-149.0.1-3.fc43

Update description:

Update to latest upstream version.

FEDORA-2026-1902c187b6 Packages in this update:

• thunderbird-149.0.1-2.fc44

Update description:

Update to latest upstream version.

FEDORA-2026-8c7366e046 Packages in this update:

• nix-2.34.5-1.fc44

Update description:

• update to 2.34
• https://nix.dev/manual/nix/2.34/release-notes/rl-2.33.html
• https://nix.dev/manual/nix/2.34/release-notes/rl-2.34.html
• includes fix for nix-daemon critical GHSA-g3g9-5vj6-r3gj (CVE-2026-39860)

FEDORA-2026-49fd0d9636 Packages in this update:

• moby-engine-29.4.0-1.fc42

Update description:

• Update to release v29.4.0
• Resolves: rhbz#2455894
• Resolves CVE-2026-34986: rhbz#2455665
• Upstream new features and fixes

FEDORA-2026-a5015b57b9 Packages in this update:

• moby-engine-29.4.0-1.fc43

Update description:

• Update to release v29.4.0
• Resolves: rhbz#2455894
• Resolves CVE-2026-34986: rhbz#2455665
• Upstream new features and fixes

FEDORA-2026-853a2fa7e5 Packages in this update:

• moby-engine-29.4.0-1.fc44

Update description:

• Update to release v29.4.0
• Resolves: rhbz#2455894
• Resolves CVE-2026-34986: rhbz#2455665
• Upstream new features and fixes

FEDORA-2026-e520168745 Packages in this update:

• moby-engine-29.4.0-1.fc45

Update description:

Automatic update for moby-engine-29.4.0-1.fc45.

Changelog * Tue Apr 7 2026 Bradley G Smith <bradley.g.smith@gmail.com> - 29.4.0-1 - Update to release v29.4.0 - Resolves: rhbz#2455894 - Resolves CVE-2026-34986: rhbz#2455665 - Upstream new features and fixes

FEDORA-2026-dd4a7e240e Packages in this update:

• erlang-26.2.5.19-1.fc42

Update description:

Erlang ver. 26.2.5.19

FEDORA-2026-53a7ddccc8 Packages in this update:

• erlang-26.2.5.19-1.fc43

Update description:

Erlang ver. 26.2.5.19

FEDORA-2026-2a93359b0b Packages in this update:

• erlang-26.2.5.19-1.fc44

Update description:

Erlang ver. 26.2.5.19

FEDORA-2026-442968c3d0 Packages in this update:

• usd-26.03-2.fc44

Update description:

Backport fix for CVE-2026-34544 in OpenEXRCore

FEDORA-2026-04d6f223e0 Packages in this update:

• python-flask-httpauth-4.8.1-1.fc43

Update description:

Update to version 4.8.1 (#2454342)

FEDORA-2026-fd53570465 Packages in this update:

• python-flask-httpauth-4.8.1-1.fc44

Update description:

Update to version 4.8.1 (#2454342)

FEDORA-2026-a436c41faf Packages in this update:

• mingw-LibRaw-0.22.1-1.fc44

Update description:

Update to libraw-0.22.1.

Backport fixes for CVE-2026-5318 and CVE-2026-5342.

FEDORA-2026-3aebe19127 Packages in this update:

• NetworkManager-ssh-1.4.4-1.fc43

Update description:

Add sshpass -P prompt

Fix CVE-2025-9615

FEDORA-2026-d939698c2e Packages in this update:

• mingw-openexr-3.3.9-1.fc42

Update description:

Update to openexr-3.3.9.

FEDORA-2026-c803743b67 Packages in this update:

• mingw-openexr-3.3.9-1.fc43

Update description:

Update to openexr-3.3.9.

FEDORA-2026-c6c617fe35 Packages in this update:

• libpng-1.6.56-1.fc44

Update description:

1.6.56 is release fixes for the following two security vulnerabilities:

• CVE-2026-33416 (high severity): Use-after-free memory bug in the transparency and palette-handling code. Similar to its predecessor CVE-2026-25646, this latent bug has existed for 25 years. Both Halil Oktay and Ryo Shimada discovered it within days of one another.

• CVE-2026-33636 (high severity): Out-of-bounds read and write vulnerability in the ARM Neon palette-expansion code. This one was found and fixed by Taegu Ha and has existed since 1.6.36.

The images that trigger these bugs are valid. Users are encouraged to update immediately.