Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Fedora 43 Glow 2.1.2 Release Updated on 2026-6d67b00ef1 CVE Patches

fedora
Calendar Grey May 1, 2026
Scroller Fedora
Fedora 43 glow 2.1.2 update addresses CVE issues and dependency upgrades for terminal-based markdown reading.
Update to version 2.1.2

Summary

Glow is a terminal based markdown reader designed from the ground up to bring

out the beauty\u2014and power\u2014of the CLI. Use it to discover markdown files, read

documentation directly on the command line. Glow will find local markdown

files in subdirectories or a local Git repository.

Update Information:

Update to version 2.1.2. This also updates some of the vendored dependencies to fix CVEs, as well as building with the latest golang to fix even more CVEs.

Change Log

* Wed Apr 22 2026 Carl George - 2.1.2-1 - Update to version 2.1.2 rhbz#2457076 - Update vendored goldmark to 1.7.17 to resolve CVE-2026-5160 * Sun Mar 22 2026 Carl George - 2.1.1-10 - Adopt go-vendor-tools * Mon Feb 2 2026 Maxwell G - 2.1.1-9 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 * Fri Jan 16 2026 Fedora Release Engineering - 2.1.1-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Oct 10 2025 Alejandro Sez - 2.1.1-7 - rebuild

References


[ 1 ] Bug #2408174 - CVE-2025-58189 glow: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408174 [ 2 ] Bug #2409644 - CVE-2025-61723 glow: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409644 [ 3 ] Bug #2410595 - CVE-2025-58185 glow: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2410595 [ 4 ] Bug #2411493 - CVE-2025-58188 glow: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411493 [ 5 ] Bug #2457076 - glow-2.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2457076

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6d67b00ef1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: glow
Product: Fedora 43
Version: 2.1.2
Release: 1.fc43
Summary: Terminal based markdown reader

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.