Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Fedora 43 forgejo-runner Critical DoS Threat Fix FEDORA-2026-cf660bc96a

fedora
Calendar Grey May 6, 2026
Dist Fedora Esm H88
Fix critical Denial of Service threats in forgejo-runner with important updates for Fedora 43.
Update vendor dependencies to fix: * CVE-2026-33762 * CVE-2026-33817 * CVE-2026-34165

Summary

The Forgejo Runner is a daemon that fetches workflows to run from a Forgejo instance, executes them,

sends back with the logs and ultimately reports its success or failure.

Update Information:

Update vendor dependencies to fix: * CVE-2026-33762 * CVE-2026-33817 * CVE-2026-34165

Change Log

* Thu Apr 23 2026 Diego Herrera - 12.7.3-2 - Backport dependency updates * Tue Apr 21 2026 Diego Herrera - 12.7.3-1 - Update to 12.7.3

References


[ 1 ] Bug #2454559 - CVE-2026-34165 forgejo-runner: go-git: Denial of Service via crafted .idx file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454559 [ 2 ] Bug #2454560 - CVE-2026-33762 forgejo-runner: go-git: Denial of Service via crafted Git index file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454560 [ 3 ] Bug #2456022 - CVE-2026-33817 forgejo-runner: go.etcd.io/bbolt: Denial of Service via index out-of-range error [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456022

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-cf660bc96a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: forgejo-runner
Product: Fedora 43
Version: 12.7.3
Release: 2.fc43
Summary: A daemon that fetches workflows to run from a Forgejo instance.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here