Fedora Security Advisories

• linux-firmware-20260519-1.fc43

Update to 20260519:

• ASoC: tas2783: Add Firmware files for tas2783A projects
• add firmware for MT7927 WiFi device
• Add HP ISH firmware for Intel Panther Lake systems
• ti: Add PCM6240 firmware with multiple audio profiles support
• qcom: add CDSP firmware for shikra platform
• amdgpu: updates for various ASICs
• qcom: update ADSP firmware for x1e80100 platform
• qcom: Add cdsp1r.jsn for sa8775p platform
• Add firmware for Lontium LT9611C
• xe: Update GUC to v70.65.0 for LNL, BMG, PTL
• rtl_bt: Add missing rtl8761a_config.bin for RTL8761AU
• Add Dell ISH firmware 581.7783.0 for Intel Panther Lake systems.
• qcom: update ADSP firmware for x1e80100 platform
• linux-firmware:Add firmware for Lontium LT7911EXC bridge
• qcom/x1e80100/dell: mark that qcom/NOTICE.txt is applicable too
• qcom: Update CDSP firmware for Kaanapali platform
• qcom: vpu: add Gen2 firmware binary for Agatti
• amdgpu: DMCUB updates for various ASICs
• Add firmware file for Intel BlazarIGfp2/BlazarIW/ScorpiusGfp2
• Update firmware file for Intel BlazarI/BlazarU/BlazarU-HrPGfP/Scorpius core
• qcom: Update ADSP firmware for Glymur platform
• mediatek MT7925: update bluetooth firmware to 20260414153243
• update firmware for MT7925 WiFi device
• Revert "Update firmware file for Intel Quasar core"
• qcom: Add gpdspr.jsn for qcs8300 platform
• ath12k: QCC2072 hw1.0: add to WLAN.COL.1.0.c2-00074-QCACOLSWPL_V1_TO_SILICONZ-1
• ath12k: QCC2072 hw1.0: add board-2.bin
• ath12k: IPQ5424 hw1.0: add to WLAN.WBE.1.6-01275-QCAHKSWPL_SILICONZ-1
• ath12k: IPQ5424 hw1.0: add board-2.bin
• qcom: Update ADSP firmware for Kaanapali platform
• cirrus: cs35l56: Add firmware for Cirrus Amps for some Lenovo laptops (17aa235c 17aa235d)
• QCA: Update Bluetooth WCN6856 firmware 2.1.0-00665 to 2.1.0-00666
• amdgpu: DMCUB updates for DCN36
• Update AMD cpu microcode
• powervr: update Imagination Rogue firmware images
• qcom: Update ADSP firmware for Kaanapali platform
• i915: Xe3LPD DMC v2.34
• i915: Xe3LPD_3002 DMC v2.29
• qcom: Update ADSP firmware for QCM6490 platform
• firmware/amdgpu: Update DMCUB fw to Release 0.1.55.0
• mediatek: vpu: drop old sym link

• linux-firmware-20260519-1.fc44

Update to 20260519:

• ASoC: tas2783: Add Firmware files for tas2783A projects
• add firmware for MT7927 WiFi device
• Add HP ISH firmware for Intel Panther Lake systems
• ti: Add PCM6240 firmware with multiple audio profiles support
• qcom: add CDSP firmware for shikra platform
• amdgpu: updates for various ASICs
• qcom: update ADSP firmware for x1e80100 platform
• qcom: Add cdsp1r.jsn for sa8775p platform
• Add firmware for Lontium LT9611C
• xe: Update GUC to v70.65.0 for LNL, BMG, PTL
• rtl_bt: Add missing rtl8761a_config.bin for RTL8761AU
• Add Dell ISH firmware 581.7783.0 for Intel Panther Lake systems.
• qcom: update ADSP firmware for x1e80100 platform
• linux-firmware:Add firmware for Lontium LT7911EXC bridge
• qcom/x1e80100/dell: mark that qcom/NOTICE.txt is applicable too
• qcom: Update CDSP firmware for Kaanapali platform
• qcom: vpu: add Gen2 firmware binary for Agatti
• amdgpu: DMCUB updates for various ASICs
• Add firmware file for Intel BlazarIGfp2/BlazarIW/ScorpiusGfp2
• Update firmware file for Intel BlazarI/BlazarU/BlazarU-HrPGfP/Scorpius core
• qcom: Update ADSP firmware for Glymur platform
• mediatek MT7925: update bluetooth firmware to 20260414153243
• update firmware for MT7925 WiFi device
• Revert "Update firmware file for Intel Quasar core"
• qcom: Add gpdspr.jsn for qcs8300 platform
• ath12k: QCC2072 hw1.0: add to WLAN.COL.1.0.c2-00074-QCACOLSWPL_V1_TO_SILICONZ-1
• ath12k: QCC2072 hw1.0: add board-2.bin
• ath12k: IPQ5424 hw1.0: add to WLAN.WBE.1.6-01275-QCAHKSWPL_SILICONZ-1
• ath12k: IPQ5424 hw1.0: add board-2.bin
• qcom: Update ADSP firmware for Kaanapali platform
• cirrus: cs35l56: Add firmware for Cirrus Amps for some Lenovo laptops (17aa235c 17aa235d)
• QCA: Update Bluetooth WCN6856 firmware 2.1.0-00665 to 2.1.0-00666
• amdgpu: DMCUB updates for DCN36
• Update AMD cpu microcode
• powervr: update Imagination Rogue firmware images
• qcom: Update ADSP firmware for Kaanapali platform
• i915: Xe3LPD DMC v2.34
• i915: Xe3LPD_3002 DMC v2.29
• qcom: Update ADSP firmware for QCM6490 platform
• firmware/amdgpu: Update DMCUB fw to Release 0.1.55.0
• mediatek: vpu: drop old sym link

• evince-48.1-2.fc42

Fix command injection CVE-2026-46529

• evince-48.1-5.fc44

Fix command injection CVE-2026-46529

• evince-48.1-2.fc43

Fix command injection CVE-2026-46529

• rrdtool-1.9.0-8.fc42

This is an update backporting some safety checks from the rrdtool-1.10.0.

• rrdtool-1.9.0-8.fc43

This is an update backporting some safety checks from the rrdtool-1.10.0.

• rrdtool-1.9.0-11.fc44

This is an update backporting some safety checks from the rrdtool-1.10.0.

• libsoup3-3.6.6-3.fc43

Patch for CVE-2026-5119

• rust-astral_async_http_range_reader-0.11.0-2.el10_3
• rust-astral_async_zip-0.0.18~rc4-2.el10_3
• rust-astral-tokio-tar-0.6.2-1.el10_3
• uv-0.11.15-1.el10_3

Update uv to 0.11.5, fixing GHSA-3cv2-h65g-fgmm and GHSA-4gg8-gxpx-9rph.

• python-uv-build-0.11.15-1.fc43
• rust-astral_async_http_range_reader-0.11.0-2.fc43
• rust-astral_async_zip-0.0.18~rc4-2.fc43
• rust-astral-tokio-tar-0.6.2-1.fc43
• uv-0.11.15-1.fc43

Update uv and python-uv-build to 0.11.5, fixing GHSA-3cv2-h65g-fgmm and GHSA-4gg8-gxpx-9rph.

• python-uv-build-0.11.15-1.fc44
• rust-astral_async_http_range_reader-0.11.0-2.fc44
• rust-astral_async_zip-0.0.18~rc4-2.fc44
• rust-astral-tokio-tar-0.6.2-1.fc44
• uv-0.11.15-1.fc44

Update uv and python-uv-build to 0.11.5, fixing GHSA-3cv2-h65g-fgmm and GHSA-4gg8-gxpx-9rph.

• python-uv-build-0.11.15-1.fc45
• rust-astral_async_http_range_reader-0.11.0-2.fc45
• rust-astral_async_zip-0.0.18~rc4-2.fc45
• uv-0.11.15-1.fc45

Update uv and python-uv-build to 0.11.5, fixing ee GHSA-3cv2-h65g-fgmm and GHSA-4gg8-gxpx-9rph.

• perl-Imager-1.031-1.fc44

Imager 1.031 - GIF: fix a heap buffer overflow with attacker controlled data CVE-2026-8454 Imager 1.030 - addtag(): store non-"int" numbers as strings - addtag: improve the regexp used to decide if a value can be stored as an int. - API: i_tags_get_int() - now fails if the value is stored as a string and is out of range for an int.

• kernel-6.19.14-106.fc42

The 6.19.14-106 kernel build contains additional mitigations for new code paths in fragnesia, and a couple of other security updates without fancy names or CVEs assigned yet.

• kernel-7.0.9-202.fc44

The 7.0.9-102/202 stable kernel builds contain additional mitigations for new code paths in fragnesia, and a couple of other security updates without fancy names or CVEs assigned yet.

The 7.0.9 stable kernel update contains a number of important fixes across the tree.

• kernel-7.0.9-102.fc43

The 7.0.9-102/202 stable kernel builds contain additional mitigations for new code paths in fragnesia, and a couple of other security updates without fancy names or CVEs assigned yet.

The 7.0.9 stable kernel update contains a number of important fixes across the tree.

• rust-astral-tokio-tar-0.6.2-1.el9

Update to version 0.6.2; Fixes RHBZ#2479647; Fixes GHSA-3cv2-h65g-fgmm

• postfix-3.9.11-1.fc42

This is an update fixing CVE-2026-43964.

• postfix-3.10.10-1.fc43

This is an update fixing CVE-2026-43964.