Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Fedora 43: Composer 2.9.3 Moderate DoS Fix FEDORA-2026-0b03072979

fedora
Calendar Grey January 14, 2026
Dist Fedora Esm H88
Explore the security advisory for Composer 2.9.3 on Fedora 43, covering critical fixes and updates.
Version 2.9.3 - 2025-12-30 Security: Fixed ANSI sequence injection (GHSA-59pp-r3rg-353g / CVE-2025-67746) Fixed COMPOSER_NO_SECURITY_BLOCKING env var not being respected for update...

Summary

Composer helps you declare, manage and install dependencies of PHP projects,

ensuring you have the right stack everywhere.

Documentation: https://getcomposer.org/doc/

Update Information:

Version 2.9.3 - 2025-12-30 Security: Fixed ANSI sequence injection (GHSA-59pp-r3rg-353g / CVE-2025-67746) Fixed COMPOSER_NO_SECURITY_BLOCKING env var not being respected for updates done via the install command, and added --no-security-blocking flag to install as well (#12677) Fixed update --lock / update mirrors not working when locked packages contain vulnerabilities (#12645) Fixed client-certificate authentication implementation (#12667) Fixed php-ext schema not being validated in ValidatingArrayLoader (#12694) Fixed crash when --bump-after-update is used and the lock file is disabled (#12660) Fixed support for SecureTransport + LibreSSL on macOS (#12615) Fixed display of reasons for why advisories are ignored (#12668) Fixed compatibility issues when git has log.showSignature enabled (#12666) Fixed curl downloader not retrying when a timeout (err 28) failure occurs (#12662) Fixed EventDispatcher requiring a full Composer instance to function (#12629)

Topics%20covered

Topics Covered

security advisory denial of service security update fedora composer dependency manager

Change Log

* Wed Dec 31 2025 Remi Collet - 2.9.3-1 - update to 2.9.3

References


[ 1 ] Bug #2428108 - CVE-2025-67746 composer: Composer: Terminal output manipulation leading to Denial of Service [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2428108

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-0b03072979' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: composer
Product: Fedora 43
Version: 2.9.3
Release: 1.fc43
URL: https://getcomposer.org/
Summary: Dependency Manager for PHP

Topics%20covered

Topics Covered

security advisory denial of service security update fedora composer dependency manager

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here