|
|
Log in / Subscribe / Register

Fedora alert FEDORA-2026-29f4f47ade (micropython)



From:
              updates--- via package-announce <package-announce@lists.fedoraproject.org>


To:
              package-announce@lists.fedoraproject.org


Subject:
              [SECURITY] Fedora 43 Update: micropython-1.28.0-1.fc43


Date:
              Thu, 16 Apr 2026 00:56:05 +0000


Message-ID:
              <20260416005605.7237C88A9B@bastion01.rdu3.fedoraproject.org>


Archive-link:
              Article


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-29f4f47ade
2026-04-16 00:53:32.960281+00:00
--------------------------------------------------------------------------------

Name        : micropython
Product     : Fedora 43
Version     : 1.28.0
Release     : 1.fc43
URL         : http://micropython.org/
Summary     : Implementation of Python 3 with very low memory footprint
Description :
Implementation of Python 3 with very low memory footprint

--------------------------------------------------------------------------------
Update Information:

Update to 1.28.0
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr  6 2026 Lumír Balhar <lbalhar@redhat.com> - 1.28.0-1
- Update to 1.28.0
- Security fix for CVE-2026-1998
- Update mbedtls submodule to 3.6.6
- mbedtls security fixes for CVE-2026-25834, CVE-2026-34871, CVE-2026-25833
- CVE-2025-52496, CVE-2025-52497, CVE-2025-49087, CVE-2025-54764, CVE-2025-59438
 Resolves: rhbz#2455368, rhbz#2376688, rhbz#2376701, rhbz#2382261, rhbz#2405245,
 rhbz#2405374, rhbz#2437327, rhbz#2454032, rhbz#2454086, rhbz#2454213
* Fri Jan 16 2026 Fedora Release Engineering <releng@fedoraproject.org> - 1.27.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2376688 - CVE-2025-52496 micropython: Mbed TLS AESNI Race Condition Vulnerability
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2376688
  [ 2 ] Bug #2376701 - CVE-2025-52497 micropython: Mbed TLS PEM Parsing Buffer Underflow
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2376701
  [ 3 ] Bug #2382261 - CVE-2025-49087 micropython: Mbed TLS PKCS#7 Timing Vulnerability
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2382261
  [ 4 ] Bug #2405245 - CVE-2025-54764 micropython: Mbedtls timing attacks in RSA operations
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2405245
  [ 5 ] Bug #2405374 - CVE-2025-59438 micropython: MbedTLS Padding oracle through timing of cipher
error reporting [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2405374
  [ 6 ] Bug #2437327 - CVE-2026-1998 micropython: micropython runtime.c mp_import_all memory
corruption [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2437327
  [ 7 ] Bug #2454032 - CVE-2026-25833 micropython: buffer underflow in x509_inet_pton_ipv6()
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2454032
  [ 8 ] Bug #2454086 - CVE-2026-34871 micropython: entropy on Linux can fall back to /dev/urandom
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2454086
  [ 9 ] Bug #2454213 - CVE-2026-25834 micropython: Mbed TLS: Algorithm downgrade vulnerability
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2454213
  [ 10 ] Bug #2455368 - micropython-1.28.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2455368
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-29f4f47ade' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------





Attachment: None (type=text/plain)

-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds