upstream update, fixes security-related bugs
CVE-2026-27456 - mount(8) TOCTOU symlink attack via loop device. The SUID mount follows symlinks when resolving loop backing file paths. On systems where non-root users are permitted to mount loop devices (via 'user' option in fstab), this allows access to arbitrary files.
CWE-190 - Integer overflow in libblkid parse_dos_extended(). A crafted MBR disk image can cause uint32_t wraparound in EBR chain processing, causing reported partitions to not match the on-disk layout. Tools like udisks may then register a partition at logical sector 0.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2026-67cf3d6ccaPlease log in to add feedback.
This update has been submitted for testing by kzak.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'passed'.
This update has been pushed to testing.
no regressions noted
This update can be pushed to stable now if the maintainer wishes
Works.
This update has been submitted for stable by bodhi.
There is an ongoing freeze; this will be pushed to stable after the freeze is over.
This update has been pushed to stable.