Fedora 44 chezmoi Significant Denial Of Service Resolution 2026-905e9afc79
fedora
June 12, 2026
Update to 2.70.5
Summary
Manage your dotfiles across multiple diverse machines, securely.
Update Information:
Update to 2.70.5
Topics Covered
Change Log
* Thu Jun 4 2026 Mikel Olasagasti Uranga
References
[ 1 ] Bug #2454534 - CVE-2026-34165 chezmoi: go-git: Denial of Service via crafted .idx file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454534 [ 2 ] Bug #2454535 - CVE-2026-33762 chezmoi: go-git: Denial of Service via crafted Git index file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454535 [ 3 ] Bug #2456013 - CVE-2026-33817 chezmoi: go.etcd.io/bbolt: Denial of Service via index out-of-range error [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456013 [ 4 ] Bug #2458980 - CVE-2026-5160 chezmoi: github.com/yuin/goldmark/renderer/html: Cross-site Scripting due to improper URL validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458980
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-905e9afc79' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Name: chezmoi
Product: Fedora 44
Version: 2.70.5
Release: 1.fc44
Summary: Manage your dotfiles across multiple diverse machines
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!