Aggregator

FEDORA-2025-597afa65a9 Packages in this update:

• rustup-1.28.2-6.fc43

Update description:

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.

FEDORA-2025-434186060b Packages in this update:

• rustup-1.28.2-6.fc42

Update description:

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.

FEDORA-2025-7180673d99 Packages in this update:

• rust-monitord-0.12.1-3.fc42
• rust-monitord-exporter-0.4.1-5.fc42

Update description:

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.

FEDORA-2025-7b8fe5b994 Packages in this update:

• rust-monitord-0.12.1-3.fc43
• rust-monitord-exporter-0.4.1-5.fc43

Update description:

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.

FEDORA-2025-467e4d1489 Packages in this update:

• rust-monitord-0.10.1-2.fc41
• rust-monitord-exporter-0.4.1-2.fc41

Update description:

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.

FEDORA-2025-b1dd6d1575 Packages in this update:

• rust-crypto-auditing-agent-0.2.3-3.fc41
• rust-crypto-auditing-client-0.2.3-2.fc41
• rust-crypto-auditing-event-broker-0.2.3-3.fc41

Update description:

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.

FEDORA-2025-b6f15a721e Packages in this update:

• rust-crypto-auditing-agent-0.2.3-5.fc43
• rust-crypto-auditing-client-0.2.3-4.fc43
• rust-crypto-auditing-event-broker-0.2.3-5.fc43

Update description:

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.

FEDORA-2025-eb42f0a2fb Packages in this update:

• rust-crypto-auditing-agent-0.2.3-5.fc42
• rust-crypto-auditing-client-0.2.3-4.fc42
• rust-crypto-auditing-event-broker-0.2.3-5.fc42

Update description:

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.

FEDORA-2025-7a724b2aa9 Packages in this update:

• rust-busd-0.3.1-4.fc42

Update description:

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.

FEDORA-2025-6346e0bb53 Packages in this update:

• rust-busd-0.3.1-4.fc41

Update description:

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.

FEDORA-2025-f4e467b889 Packages in this update:

• rust-busd-0.3.1-4.fc43

Update description:

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.

FEDORA-EPEL-2025-23446b9b74 Packages in this update:

• maturin-1.8.7-2.el10_2

Update description:

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.

FEDORA-2025-39e043b93d Packages in this update:

• maturin-1.8.7-2.fc43

Update description:

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.

FEDORA-2025-f0fd9ffe20 Packages in this update:

• maturin-1.8.7-2.fc42

Update description:

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.

FEDORA-2025-d0fde656f0 Packages in this update:

• maturin-1.8.7-2.fc41

Update description:

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.

FEDORA-2025-4b143118b8 Packages in this update:

• bustle-0.12.0-3.fc43

Update description:

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.

It was discovered that KMail Account Wizard used HTTP rather than HTTPS when retrieving certain email server configurations. An attacker could possibly use this issue to cause email clients to use an attacker-controlled email server.

Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk discovered that KMail could be made to leak the plaintext of S/MIME encrypted emails when retrieving external content in emails. Under certain configurations, if a user were tricked into opening a specially crafted email, an attacker could possibly use this issue to obtain the plaintext of an encrypted email. This update mitigates the issue by preventing KMail from automatically loading external content. This issue only affected Ubuntu 18.04 LTS. (CVE-2017-17689) It was discovered that KMail could be made to attach files to an email without the user's knowledge. If a user were tricked into sending an email created by a specially crafted "mailto" link, an attacker could possibly use this issue to obtain sensitive files. (CVE-2020-11880)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Overlay file system; - Network traffic control; (CVE-2025-21887, CVE-2024-57996, CVE-2025-38350, CVE-2025-37752)

Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk discovered that PIM Messagelib could be made to leak the plaintext of S/MIME encrypted emails when retrieving external content in emails. Under certain configurations, if a user were tricked into opening a specially crafted email using an application linked against PIM Messagelib, an attacker could possibly use this issue to obtain the plaintext of an encrypted email. This update mitigates the issue by preventing automatic loading of external content. (CVE-2017-17689) Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, and Jörg Schwenk discovered that PIM Messagelib could be made to leak the plaintext of S/MIME or PGP encrypted emails. If a user were tricked into replying to a specially crafted email using an application linked against PIM Messagelib, an attacker could possibly use this issue to obtain the plaintext of an encrypted email. (CVE-2019-10732)