-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-beac8e1f11 2026-03-13 00:58:40.063303+00:00 --------------------------------------------------------------------------------
Name : dnf5 Product : Fedora 42 Version : 5.2.18.0 Release : 2.fc42 URL : https://github.com/rpm-software-management/dnf5 Summary : Command-line package manager Description : DNF5 is a command-line package manager that automates the process of installing, upgrading, configuring, and removing computer programs in a consistent manner. It supports RPM packages, modulemd modules, and comps groups & environments. -------------------------------------------------------------------------------- Update Information: This release fixes CVE-2026-3836 (a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 10 2026 Petr Pisar <[email protected]> - 5.2.18.0-2 - Fix a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client (CVE-2026-3836) (bug #2445771) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2445770 - CVE-2026-3836 dnf5: dnf5: Denial of Service via path traversal in D-Bus locale configuration https://bugzilla.redhat.com/show_bug.cgi?id=2445770 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-beac8e1f11' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
