Per the upstream release announcement¹, this release fixes "various security flaws, which allowed an attacker to overwrite arbitrary paths, remotely execute code, and/or overwrite files in the .git/ directory etc. See the release notes attached for the list for their descriptions and CVE identifiers."
Refer to the 2.14.6 release notes² for details on these vulnerabilities.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2019-1cec196e20
Please login to add feedback.