Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Fedora 43 QGIS Critical Remote Code Exec Issue FEDORA-2026-b84eea4f2a

fedora
Calendar Grey March 16, 2026
Dist Fedora Esm H88
Critical update for QGIS on Fedora 43 fixes remote code execution risk via GitHub Actions workflow.
Update to qgis-3.44.8.

Summary

Geographic Information System (GIS) manages, analyzes, and displays

databases of geographic information. QGIS supports shape file

viewing and editing, spatial data storage with PostgreSQL/PostGIS, projection

on-the-fly, map composition, and a number of other features via a plugin

interface. QGIS also supports display of various geo-referenced raster and

Digital Elevation Model (DEM) formats including GeoTIFF, Arc/Info ASCII Grid,

and USGS ASCII DEM.

Update Information:

Update to qgis-3.44.8.

Change Log

* Fri Mar 6 2026 Sandro Mani - 3.44.8-1 - Update to 3.44.8 * Sun Feb 15 2026 Sandro Mani - 3.44.7-3 - Rebuild (PDAL) * Thu Feb 12 2026 Sandro Mani - 3.44.7-2 - Rebuild (qt)

References


[ 1 ] Bug #2433154 - CVE-2026-24480 qgis: QGIS GitHub Actions workflow: Remote Code Execution and repository compromise via insecure `pull_request_target` configuration [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433154 [ 2 ] Bug #2433156 - CVE-2026-24480 qgis: QGIS GitHub Actions workflow: Remote Code Execution and repository compromise via insecure `pull_request_target` configuration [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2433156

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b84eea4f2a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: qgis
Product: Fedora 43
Version: 3.44.8
Release: 1.fc43
Summary: A user friendly Open Source Geographic Information System

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here