Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Fedora 43 gh 2.87.0 Advisory FEDORA-2026-21a2f3709a Critical DoS

fedora
Calendar Grey February 27, 2026
Dist Fedora Esm H88
Update to gh version 2.87.0 fixes critical security vulnerabilities for Fedora 43 ensuring enhanced protection and stability for users
Update to 2.87.0

Summary

A command-line interface to GitHub for use in your terminal or your scripts.

gh is a tool designed to enhance your workflow when working with GitHub. It

provides a seamless way to interact with GitHub repositories and perform various

actions right from the command line, eliminating the need to switch between your

terminal and the GitHub website.

Update Information:

Update to 2.87.0

Topics%20covered

Topics Covered

security advisory denial of service fedora important gh

Change Log

* Wed Feb 18 2026 Mikel Olasagasti Uranga - 2.87.0-2 - Drop patch included in 2.87.0 * Wed Feb 18 2026 Packit - 2.87.0-1 - Update to 2.87.0 upstream release - Resolves: rhbz#2440729 * Mon Feb 2 2026 Maxwell G - 2.86.0-3 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26

References


[ 1 ] Bug #2432198 - CVE-2026-23831 gh: Rekor denial of service [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2432198 [ 2 ] Bug #2433105 - CVE-2026-23991 gh: go-tuf client DoS via malformed server response [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433105 [ 3 ] Bug #2433107 - CVE-2026-23992 gh: go-tuf improperly validates the configured threshold for delegations [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433107 [ 4 ] Bug #2433108 - CVE-2026-23991 gh: go-tuf client DoS via malformed server response [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433108 [ 5 ] Bug #2433551 - CVE-2026-24117 gh: Rekor Server-Side Request Forgery (SSRF) [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433551 [ 6 ] Bug #2433598 - CVE-2026-24137 gh: sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal [fedora-43] https://bugzilla.redhat.com/sho...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-21a2f3709a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: gh
Product: Fedora 43
Version: 2.87.0
Release: 2.fc43
URL: https://github.com/cli/cli
Summary: GitHub's official command line tool

Topics%20covered

Topics Covered

security advisory denial of service fedora important gh

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here