Fedora alert FEDORA-2026-f08d5a8191 (python3.6)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 43 Update: python3.6-3.6.15-57.fc43 | |
| Date: | Fri, 01 May 2026 03:06:26 +0000 | |
| Message-ID: | <20260501030626.0B8016FEE1@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f08d5a8191 2026-05-01 03:01:50.286541+00:00 -------------------------------------------------------------------------------- Name : python3.6 Product : Fedora 43 Version : 3.6.15 Release : 57.fc43 URL : https://www.python.org/ Summary : Version 3.6 of the Python interpreter Description : Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software Collections or older Fedora releases. -------------------------------------------------------------------------------- Update Information: Security fixes for CVE-2026-4786, CVE-2026-6100 -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 17 2026 Charalampos Stratakis <cstratak@redhat.com> - 3.6.15-57 - Security fixes for CVE-2026-4786, CVE-2026-6100 Resolves: rhbz#2458018, rhbz#2458226 * Sat Apr 11 2026 Miro HronĨok <mhroncok@redhat.com> - 3.6.15-56 - Explicitly build with OpenSSL 3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2458018 - CVE-2026-6100 python3.6: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458018 [ 2 ] Bug #2458226 - CVE-2026-4786 python3.6: Python: Arbitrary code execution via command injection in webbrowser.open() API [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458226 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f08d5a8191' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
Attachment: None (type=text/plain)
-- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new