Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Fedora 44 openQA Urgent Security Advisory on Critical Code Execution Risk

fedora
Calendar Grey July 3, 2026
Dist Fedora Esm H88
Update for Fedora 44 addressing a critical security issue in openQA, fixing arbitrary code execution vulnerability.
This update includes new upstream snapshots of openQA and os-autoinst, with the usual mix of fixes and improvements

Summary

openQA is a testing framework that allows you to test GUI applications on one

hand and bootloader and kernel on the other. In both cases, it is difficult to

script tests and verify the output. Output can be a popup window or it can be

an error in early boot even before init is executed.

openQA is an automated test tool that makes it possible to test the whole

installation process of an operating system. It uses virtual machines to

reproduce the process, check the output (both serial console and screen) in

every step and send the necessary keystrokes and commands to proceed to the

next. openQA can check whether the system can be installed, whether it works

properly in 'live' mode, whether applications work or whether the system

responds as expected to different installation options and commands.

Even more importantly, openQA can run several combinations of tests for every

revision of the operating system, reporting the errors detected for each

combination of hardware configuration, installation options and variant of the

operating system.

Update Information:

This update includes new upstream snapshots of openQA and os-autoinst, with the usual mix of fixes and improvements. See upstream changelogs for details. For leptonica, this update removes an incorrect workaround for a GCC compilation issue, since GCC is now fixed. This should resolve incomplete processing of files on aarch64. Without this fix, os-autoinst's test suite fails.

Change Log

* Thu Jun 18 2026 Adam Williamson - 5^20260604git6376095-3 - Fix a couple of incorrect -devel package deps * Mon Jun 15 2026 Zbigniew Jędrzejewski-Szmek - 5^20260604git6376095-2 - Drop call to %sysusers_create_compat * Fri Jun 5 2026 Adam Williamson - 5^20260604git6376095-1 - Bump to latest git, re-sync spec, backport a couple of patches * Wed Mar 11 2026 Adam Williamson - 5^20260126git19189f0-3 - Drop shfmt from -devel dependencies (it was retired)

References


[ 1 ] Bug #2435305 - tesseract tests fail on Rawhide on aarch64 due to leptonica issue https://bugzilla.redhat.com/show_bug.cgi?id=2435305 [ 2 ] Bug #2454041 - CVE-2026-4800 openqa: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454041

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a72f110dcd' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: openqa
Product: Fedora 44
Version: 5^20260604git6376095
Release: 3.fc44
Summary: Framework for automated system-level testing (web-frontend, scheduler and tools)

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here