Fedora Security Advisories

• apt-3.1.15-2.fc42
• python-apt-3.1.0-1.fc42

Update to latest upstream release apt 3.1.15 and python-apt 3.1.0, also fix a security issue in python-apt

Update to latest upstream release apt 3.1.15

• apt-3.1.15-2.fc43
• python-apt-3.1.0-1.fc43

Update to latest upstream release apt 3.1.15 and python-apt 3.1.0

Update to latest upstream release apt 3.1.15, also fix build problem with previous release

• thunderbird-147.0-2.fc43

Update to latest upstream version.

• thunderbird-147.0-6.fc42

Update to latest upstream version.

• rsync-3.4.1-5.fc42

Updating tests

Fix for CVE-2025-10158

• python-pillow-11.1.0-3.fc42

Backport fix for CVE-2026-25990.

• python-pillow-11.3.0-7.fc43

Backport fix for CVE-2026-25990.

• mupdf-1.27.1-4.fc43
• python-PyMuPDF-1.27.1-2.fc43
• qpdfview-0.5.0-25.fc43
• zathura-pdf-mupdf-0.4.4-9.fc43

mupdf 1.27.1 and dependencies

• libpng-1.6.55-1.fc42

Version 1.6.54 [January 12, 2026] Fixed CVE-2026-22695 (medium severity): Heap buffer over-read in png_image_read_direct_scaled. Fixed CVE-2026-22801 (medium severity): Integer truncation causing heap buffer over-read in png_image_write_*.

Version 1.6.55 [February 9, 2026] Fixed CVE-2026-25646 (high severity): Heap buffer overflow in png_set_quantize.

• libpng-1.6.55-1.fc43

Version 1.6.54 [January 12, 2026] Fixed CVE-2026-22695 (medium severity): Heap buffer over-read in png_image_read_direct_scaled. Fixed CVE-2026-22801 (medium severity): Integer truncation causing heap buffer over-read in png_image_write_*.

Version 1.6.55 [February 9, 2026] Fixed CVE-2026-25646 (high severity): Heap buffer overflow in png_set_quantize.

• mupdf-1.26.3-5.fc42

fix CVE-2026-25556 (rhbz#2437973)

• rsync-3.4.1-4.fc42

Fix for CVE-2025-10158

• rsync-3.4.1-5.fc43

Fix for CVE-2025-10158

• python-uv-build-0.10.2-1.fc42
• rust-ambient-id-0.0.10-1.fc42
• uv-0.10.2-1.fc42

Update uv and python-uv-build to 0.10.2. There are some minor breaking changes in uv; most users should not have to change anything. See https://github.com/astral-sh/uv/blob/0.10.2/CHANGELOG.md for details. There are no breaking changes to python-uv-build.

• vim-9.1.2146-1.fc42

patchlevel 2146

Security fix for CVE-2026-25749

• vim-9.1.2146-1.fc43

patchlevel 2146

Security fix for CVE-2026-25749

• python3.13-3.13.12-1.fc43

Update to 3.13.12

• python3.13-3.13.12-1.el10_1

Update to 3.13.12

• python3.13-3.13.12-1.fc42
• python3-docs-3.13.12-1.fc42

Update to 3.13.12

• python3.13-3.13.12-1.el10_2

Update to 3.13.12