Aggregator

FEDORA-EPEL-2025-8e15323af1 Packages in this update:

• openssl3-3.5.1-6.1.el8

Update description:

Rebase to latest c9s openssl

Security Fix(es):

• openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230)

FEDORA-2025-0e41e63705 Packages in this update:

• wireshark-4.6.1-1.fc43

Update description:

New version 4.6.1. Beware of the move of files from /usr/lib64/wireshark/extcap/ to /usr/libexec/wireshark/extcap. Any custom user scripts should be moved too.

FEDORA-2025-f810869906 Packages in this update:

• wireshark-4.6.1-1.fc42

Update description:

New version 4.6.1 Beware of the move of files from /usr/lib64/wireshark/extcap/ to /usr/libexec/wireshark/extcap. Any custom user scripts should be moved too.

FEDORA-EPEL-2025-160e69562b Packages in this update:

• singularity-ce-4.3.5-1.el8

Update description:

Upgrade to 4.3.5 upstream version.

FEDORA-EPEL-2025-6e760d6083 Packages in this update:

• singularity-ce-4.3.5-1.el10_2

Update description:

Upgrade to 4.3.5 upstream version.

FEDORA-EPEL-2025-e2803aecfe Packages in this update:

• singularity-ce-4.3.5-1.el10_1

Update description:

Upgrade to 4.3.5 upstream version.

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - HSI subsystem; - Bluetooth subsystem; - Timer subsystem; (CVE-2025-37838, CVE-2025-38118, CVE-2025-38352)

FEDORA-EPEL-2025-a51b0db53c Packages in this update:

• singularity-ce-4.3.5-1.el9

Update description:

Upgrade to 4.3.5 upstream version.

FEDORA-EPEL-2025-49b2eb404d Packages in this update:

• yarnpkg-1.22.22-14.el9

Update description:

Fix CVE-2205-64756.

FEDORA-2025-4be1cd8390 Packages in this update:

• yarnpkg-1.22.22-14.fc42

Update description:

Fix CVE-2205-64756.

FEDORA-EPEL-2025-ff22419251 Packages in this update:

• yarnpkg-1.22.22-14.el10_2

Update description:

Fix CVE-2205-64756.

FEDORA-2025-de6cf573f0 Packages in this update:

• yarnpkg-1.22.22-14.fc43

Update description:

Fix CVE-2205-64756.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - Hardware monitoring drivers; - InfiniBand drivers; - Mailbox framework; - Network drivers; - AFS file system; - Ceph distributed file system; - Network file system (NFS) server daemon; - NILFS2 file system; - File systems infrastructure; - KVM subsystem; - L3 Master device support module; - Tracing infrastructure; - Memory management; - Appletalk network protocol; - Netfilter; - Open vSwitch; (CVE-2021-47385, CVE-2022-49026, CVE-2022-49390, CVE-2024-49935, CVE-2024-49963, CVE-2024-50067, CVE-2024-50095, CVE-2024-50179, CVE-2024-53090, CVE-2024-53112, CVE-2024-53217, CVE-2024-58083, CVE-2025-21715, CVE-2025-21722, CVE-2025-21761, CVE-2025-21791, CVE-2025-21811, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666, CVE-2025-39964, CVE-2025-40018)

Jelte Fennema-Nio discovered that the PostgreSQL CREATE STATISTICS command did not correctly check for schema CREATE privileges. An authenticated attacker could possibly use this issue to create a denial of service against other CREATE STATISTICS users. (CVE-2025-12817) Aleksey Solovev discovered that the PostgreSQL libpq client library incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause libpq to crash, resulting in a denial of service. (CVE-2025-12818)

FEDORA-2025-54d78b9fed Packages in this update:

• singularity-ce-4.3.5-1.fc42

Update description:

Upgrade to 4.3.5 upstream version.

FEDORA-2025-894ea1b6a5 Packages in this update:

• dr_libs-0^20251201.877b096-1.fc43

Update description: dr_flac v0.13.2 - 2025-12-02

• Improve robustness of the parsing of picture metadata to improve support for memory constrained embedded devices.
• Fix a warning about an assigned by unused variable.
• Improvements to drflac_open_and_read_pcm_frames_*() and family to avoid excessively large memory allocations from malformed files.

v0.13.1 - 2025-09-10

• Fix an error with the NXDK build.

dr_mp3 v0.7.2 - 2025-12-02

• Reduce stack space to improve robustness on embedded systems.
• Fix a compilation error with MSVC Clang toolset relating to cpuid.
• Fix an error with APE tag parsing.

The APE tag parsing defect may have security implications, github.com/mackron/dr_libs/issues/291.

v0.7.1 - 2025-09-10

• Silence a warning with GCC.
• Fix an error with the NXDK build.
• Fix a decoding inconsistency when seeking. Prior to this change, reading to the end of the stream immediately after initializing will result in a different number of samples read than if the stream is seeked to the start and read to the end.

dr_wav v0.14.2 - 2025-12-02

• Fix a compilation warning.

v0.14.1 - 2025-09-10

• Fix an error with the NXDK build.

FEDORA-2025-5ad0214a85 Packages in this update:

• singularity-ce-4.3.5-1.fc43

Update description:

Upgrade to 4.3.5 upstream version.