Alerts This Week
Warning Icon 1 697
Alerts This Week
Warning Icon 1 697

Fedora 43 Composer Key Command Injection Patch FEDORA-2026-08d2b77c9b

fedora
Calendar Grey April 16, 2026
Dist Fedora Esm H88
Fixes for security issues in Fedora 43 composer including command injection vulnerabilities. Update now!
Version 2.9.7 - 2026-04-14 Fixes regression calling custom script command aliases that are called a substring of a composer command (#12802) Version 2.9.6 - 2026-04-14 Security: Fi...

Summary

Composer helps you declare, manage and install dependencies of PHP projects,

ensuring you have the right stack everywhere.

Documentation: https://getcomposer.org/doc/

Update Information:

Version 2.9.7 - 2026-04-14 Fixes regression calling custom script command aliases that are called a substring of a composer command (#12802) Version 2.9.6 - 2026-04-14 Security: Fixed command injection via malicious Perforce reference (GHSA- gqw4-4w2p-838q / CVE-2026-40261) Security: Fixed command injection via malicious Perforce repository definition (GHSA-wg36-wvj6-r67p / CVE-2026-40176) Security: Fixed git credentials remaining in git mirror .git/config after clone or update failed (2bcbfc3d) Security: Fixed usage of insecure 3DES ciphers when ext-curl is missing (5e71d77e) Security: Fixed Perforce unescaped user input in queryP4User shell command (ef3fc088) Security: Hardened git/hg/perforce/fossil identifier validation to ensure branch names starting with - do not cause issues (6621d45, d836b90, 5e08c764) Fixed inconsistent treatment of SingleCommandApplication script commands wrt autoloading (#12758) Fixed GitHub API authentication errors not being visible t...

Topics%20covered

Topics Covered

security advisory fedora php important command injection dependency manager

Change Log

* Tue Apr 14 2026 Remi Collet - 2.9.7-1 - update to 2.9.7 * Tue Apr 14 2026 Remi Collet - 2.9.6-1 - update to 2.9.6

References

Fedora Update Notification FEDORA-2026-02c1f66b6a 2026-04-16 00:53:32.960292+00:00 Name : composer Product : Fedora 43 Version : 2.9.7 Release : 1.fc43 URL : https://getcomposer.org/ Summary : Dependency Manager for PHP Description : Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-02c1f66b6a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: composer
Product: Fedora 43
Version: 2.9.7
Release: 1.fc43
URL: https://getcomposer.org/
Summary: Dependency Manager for PHP

Topics%20covered

Topics Covered

security advisory fedora php important command injection dependency manager

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here