Stay Secure with the Latest Linux Advisories

security advisoryfedoraupdate

Fedora 43 Glow 2.1.2 Release Updated on 2026-6d67b00ef1 CVE Patches

Update to version 2.1.2. This also updates some of the vendored dependencies to fix CVEs, as well as building with the latest golang to fix even more CVEs.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-6d67b00ef1 2026-05-01 03:01:50.286553+00:00 -------------------------------------------------------------------------------- Name : glow Product : Fedora 43 Version : 2.1.2 Release : 1.fc43 URL : https://github.com/charmbracelet/glow Summary : Terminal based markdown reader Description : Glow is a terminal based markdown reader designed from the ground up to bring out the beauty\u2014and power\u2014of the CLI. Use it to discover markdown files, read documentation directly on the command line. Glow will find local markdown files in subdirectories or a local Git repository. -------------------------------------------------------------------------------- Update Information: Update to version 2.1.2. This also updates some of the vendored dependencies to fix CVEs, as well as building with the latest golang to fix even more CVEs. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2026 Carl George - 2.1.2-1 - Update to version 2.1.2 rhbz#2457076 - Update vendored goldmark to 1.7.17 to resolve CVE-2026-5160 * Sun Mar 22 2026 Carl George - 2.1.1-10 - Adopt go-vendor-tools * Mon Feb 2 2026 Maxwell G - 2.1.1-9 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 * Fri Jan 16 2026 Fedora Release Engineering - 2.1.1-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Oct 10 2025 Alejandro Sez - 2.1.1-7 - rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2408174 - CVE-2025-58189 glow: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408174 [ 2 ] Bug #2409644- CVE-2025-61723 glow: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409644 [ 3 ] Bug #2410595 - CVE-2025-58185 glow: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2410595 [ 4 ] Bug #2411493 - CVE-2025-58188 glow: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411493 [ 5 ] Bug #2457076 - glow-2.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2457076 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6d67b00ef1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 43 glow 2.1.2 update addresses CVE issues and dependency upgrades for terminal-based markdown reading.. Fedora 43 glow, terminal markdown reader, CVE updates, Fedora security advisory. . Severity: Important. LinuxSecurity.com Team

May 01, 2026 •Important Fedora