Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

Fedora 42 Prometheus 3.10.0 Critical Security Fix 2026-c9fb6d2b76

fedora
Calendar Grey March 7, 2026
Dist Fedora Esm H88
Fedora 42 Prometheus monitoring system update to 3.10.0 addresses critical security issues improving system robustness.
Rename from golang-github-prometheus and upgrade to 3.10.0

Summary

The Prometheus monitoring system and time series database.

Update Information:

Rename from golang-github-prometheus and upgrade to 3.10.0

Change Log

* Thu Feb 26 2026 Mikel Olasagasti Uranga - 3.10.0-1 - Update to 3.10.0 - Closes rhbz#2390501 * Mon Feb 23 2026 Mikel Olasagasti Uranga - 2.55.1-1 - Initial package after renaming from golang-github-prometheus - Closes rhbz#2383787

References


[ 1 ] Bug #2398776 - CVE-2025-47910 golang-github-prometheus: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398776 [ 2 ] Bug #2399447 - CVE-2025-47906 golang-github-prometheus: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399447 [ 3 ] Bug #2407977 - CVE-2025-58189 golang-github-prometheus: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2407977 [ 4 ] Bug #2408652 - CVE-2025-61725 golang-github-prometheus: Excessive CPU consumption in ParseAddress in net/mail [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408652 [ 5 ] Bug #2409447 - CVE-2025-61723 golang-github-prometheus: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409447 [ 6 ] Bug #...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c9fb6d2b76' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: prometheus
Product: Fedora 42
Version: 3.10.0
Release: 1.fc42
Summary: Prometheus monitoring system and time series database

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.