Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Fedora 42 bcftools Advisory FEDORA-2026-1fc0d39acd Critical DoS Risk

fedora
Calendar Grey March 28, 2026
Dist Fedora Esm H88
Explore the Fedora 42 bcftools update addressing significant security issues including buffer overflow and service denial.
Update to 1.23.1

Summary

BCFtools is a set of utilities that manipulate genomic variant calls in the

Variant Call Format (VCF) and its binary counterpart (BCF). All commands work

transparently with both VCFs and BCFs, both uncompressed and BGZF-compressed.

(This BCFtools includes the polysomy subcommand, which is implemented using

the GNU Scientific Library. Hence this package is licensed according to the

GNU General Public License, rather than the MIT license used when BCFtools

is built without the polysomy subcommand.)

Update Information:

Update to 1.23.1

Topics%20covered

Topics Covered

security advisory denial of service fedora buffer overflow htslib genomic variant

Change Log

* Thu Mar 19 2026 Rasmus Ory Nielsen - 1.23.1-1 - Updated to 1.23.1 - Removed patch now that issue 2495 is fixed upstream * Mon Jan 26 2026 Rasmus Ory Nielsen - 1.23-1 - Updated to 1.23 - Removed obsolete vcf_plugin_tests patch - Remove invalid `-errors` from PERL_LIBS to fix linker warnings * Mon Jan 26 2026 Jun Aruga - 1.15.1-17 - RISC-V has /lib64/lp64d/ symlink which confuses ldd. * Fri Jan 16 2026 Fedora Release Engineering - 1.15.1-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering - 1.15.1-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Wed Jul 23 2025 Fedora Release Engineering - 1.15.1-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Mon Jul 7 2025 Jitka Plesnikova - 1.15.1-13 - Perl 5.42 rebuild

References


[ 1 ] Bug #2448750 - CVE-2026-31962 htslib: htslib: Heap buffer overflow leading to arbitrary code execution via crafted CRAM file https://bugzilla.redhat.com/show_bug.cgi?id=2448750 [ 2 ] Bug #2448751 - CVE-2026-31965 htslib: HTSlib: Information disclosure or denial of service via out-of-bounds read in CRAM record processing https://bugzilla.redhat.com/show_bug.cgi?id=2448751 [ 3 ] Bug #2448755 - CVE-2026-31963 htslib: HTSlib: Arbitrary code execution via crafted CRAM file https://bugzilla.redhat.com/show_bug.cgi?id=2448755 [ 4 ] Bug #2448756 - CVE-2026-31964 htslib: HTSlib: Denial of Service via NULL pointer dereference in CRAM decoding https://bugzilla.redhat.com/show_bug.cgi?id=2448756

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-1fc0d39acd' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: bcftools
Product: Fedora 42
Version: 1.23.1
Release: 1.fc42
URL: https://www.htslib.org/
Summary: Tools for genomic variant calling and manipulating VCF/BCF files

Topics%20covered

Topics Covered

security advisory denial of service fedora buffer overflow htslib genomic variant

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here