Stay Secure with the Latest Linux Advisories

security advisorydenial of servicefedora

Fedora 42 dnf5 Critical CVE-2026-3836 Denial of Service 2026-beac8e1f11

This release fixes CVE-2026-3836 (a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-beac8e1f11 2026-03-13 00:58:40.063303+00:00 -------------------------------------------------------------------------------- Name : dnf5 Product : Fedora 42 Version : 5.2.18.0 Release : 2.fc42 URL : https://github.com/rpm-software-management/dnf5 Summary : Command-line package manager Description : DNF5 is a command-line package manager that automates the process of installing, upgrading, configuring, and removing computer programs in a consistent manner. It supports RPM packages, modulemd modules, and comps groups & environments. -------------------------------------------------------------------------------- Update Information: This release fixes CVE-2026-3836 (a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 10 2026 Petr Pisar - 5.2.18.0-2 - Fix a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client (CVE-2026-3836) (bug #2445771) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2445770 - CVE-2026-3836 dnf5: dnf5: Denial of Service via path traversal in D-Bus locale configuration https://bugzilla.redhat.com/show_bug.cgi?id=2445770 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-beac8e1f11' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keysused by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . This update addresses a critical crash in dnf5daemon-server affecting Fedora 42, related to unknown locale handling.. dnf5 Critical Update, Fedora 42 dnf5 advisory, Denial of Service dnf5, CVE-2026-3836 Fix, Fedora Package Manager Issue. . Severity: Critical. LinuxSecurity.com Team

Mar 13, 2026 •Critical Fedora