Fedora 43 QGIS Critical Remote Code Exec Issue FEDORA-2026-b84eea4f2a
fedora
March 16, 2026
Update to qgis-3.44.8.
Summary
Geographic Information System (GIS) manages, analyzes, and displays
databases of geographic information. QGIS supports shape file
viewing and editing, spatial data storage with PostgreSQL/PostGIS, projection
on-the-fly, map composition, and a number of other features via a plugin
interface. QGIS also supports display of various geo-referenced raster and
Digital Elevation Model (DEM) formats including GeoTIFF, Arc/Info ASCII Grid,
and USGS ASCII DEM.
Update Information:
Update to qgis-3.44.8.
Topics Covered
Change Log
* Fri Mar 6 2026 Sandro Mani
References
[ 1 ] Bug #2433154 - CVE-2026-24480 qgis: QGIS GitHub Actions workflow: Remote Code Execution and repository compromise via insecure `pull_request_target` configuration [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2433154
[ 2 ] Bug #2433156 - CVE-2026-24480 qgis: QGIS GitHub Actions workflow: Remote Code Execution and repository compromise via insecure `pull_request_target` configuration [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2433156
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b84eea4f2a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: qgis
Product: Fedora 43
Version: 3.44.8
Release: 1.fc43
URL: http://www.qgis.org
Summary: A user friendly Open Source Geographic Information System
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!