2 weeks ago
FEDORA-EPEL-2025-cc5498e802
Packages in this update:
- python-pdfminer-20220319-3.el8
Update description:
Backport security fix for GHSA-wf5f-4jwr-ppcp / CVE-2025-64512
2 weeks ago
FEDORA-2025-8a248ee4f4
Packages in this update:
- buildah-1.42.1-1.fc42
- podman-5.7.0-1.fc42
Update description:
Automatic update for podman-5.7.0-1.fc42, buildah-1.42.1-1.fc42.
Changelog for podman
* Tue Nov 11 2025 Packit <
hello@packit.dev> - 5:5.7.0-1
- Update to 5.7.0 upstream release
* Thu Oct 30 2025 Packit <
hello@packit.dev> - 5:5.7.0~rc2-1
- Update to 5.7.0-rc2 upstream release
* Tue Oct 28 2025 Lokesh Mandvekar <
lsm5@redhat.com> - 5:5.7.0~rc1-1
- bump to v5.7.0-rc1
Changelog for buildah
* Tue Nov 11 2025 Packit <
hello@packit.dev> - 2:1.42.1-1
- Update to 1.42.1 upstream release
* Mon Nov 03 2025 Lokesh Mandvekar <
lsm5@redhat.com> - 2:1.42.0-3
- Rebuild for CVE fixes
* Thu Oct 23 2025 Lokesh Mandvekar <
lsm5@redhat.com> - 2:1.42.0-2
- cleanup changelog
* Wed Oct 22 2025 Packit <
hello@packit.dev> - 2:1.42.0-1
- Update to 1.42.0 upstream release
2 weeks ago
2 weeks ago
2 weeks ago
Version:next-20251111 (linux-next)
Released:2025-11-11
2 weeks 1 day ago
Hanno Böck discovered that Raptor incorrectly handled memory operations
when processing certain input files. An attacker could possibly use this
issue to cause Raptor to crash, resulting in a denial of service.
(CVE-2020-25713)
Pedro Ribeiro discovered that Raptor incorrectly handled parsing certain
tuples. An attacker could possibly use this issue to cause Raptor to crash,
resulting in a denial of service. (CVE-2024-57822)
Pedro Ribeiro discovered that Raptor incorrectly handled parsing certain
turtles. An attacker could use this issue to cause Raptor to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2024-57823)
2 weeks 1 day ago
Hanno Böck discovered that Raptor incorrectly handled memory operations
when processing certain input files. An attacker could use this issue to
cause Raptor to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2017-18926)
Hanno Böck discovered that Raptor incorrectly handled memory operations
when processing certain input files. An attacker could possibly use this
issue to cause Raptor to crash, resulting in a denial of service.
(CVE-2020-25713)
2 weeks 1 day ago
FEDORA-2025-baed7e9a64
Packages in this update:
- dotnet10.0-10.0.100~rc.2.25502.107-0.10.fc41
Update description:
Update .NET 10 to RC 2
2 weeks 1 day ago
FEDORA-2025-b9a310a7bf
Packages in this update:
- dotnet10.0-10.0.100~rc.2.25502.107-0.10.fc42
Update description:
Update .NEt 10 to RC 2
2 weeks 1 day ago
FEDORA-2025-527c4681db
Packages in this update:
- dotnet10.0-10.0.100~rc.2.25502.107-0.10.fc43
Update description:
Update .NET 10 to RC 2
2 weeks 1 day ago
Barak Gross discovered that some Intel® Xeon® processors with SGX enabled
did not properly handle buffer restrictions. A local authenticated user
could potentially use this issue to escalate their privileges.
(CVE-2025-20053)
Avinash Maddy discovered that some Intel® processors did not properly
isolate or compartmentalize the stream cache mechanisms. A local
authenticated user could potentially use this issue to escalate their
privileges. (CVE-2025-20109)
Joseph Nuzman discovered that some Intel® Xeon® processors did not properly
manage references to active allocate resources. A local authenticated user
could potentially use this issue to cause a denial of service (system
crash). (CVE-2025-21090)
It was discovered that some Intel® Xeon® 6 processors did not properly
provide sufficient granularity of access control in the out of band
management service module (OOB-MSM). An authenticated user could
potentially use this issue to escalate their privileges. (CVE-2025-22839)
It was discovered that some Intel® Xeon® 6 Scalable processors did not
properly handle a specific sequence of processor instructions, leading to
unexpected behavior. A local authenticated user could potentially use this
issue to escalate their privileges. (CVE-2025-22840)
Joseph Nuzman discovered that some Intel® Xeon® 6 processors with Intel®
Trust Domain Extensions (Intel® TDX) did not properly handle overlap
between protected memory ranges. A local authenticated user could
potentially use this issue to escalate their privileges. (CVE-2025-22889)
Avraham Shalev discovered that some Intel® Xeon® processors did not
properly provide sufficient control flow management in the Alias Checking
Trusted Module (ACTM) firmware. A local authenticated user could
potentially use this issue to escalate their privileges. (CVE-2025-24305)
Aviv Eisen and Avraham Shalev discovered that some Intel® Xeon® 6
processors when using Intel® SGX or Intel® TDX did not properly protect
against out-of-bounds writes in the memory subsystem. A local authenticated
user could potentially use this issue to escalate their privileges.
(CVE-2025-26403)
Aviv Eisen and Avraham Shalev discovered that some Intel® Xeon® 6
processors when using Intel® SGX or Intel® TDX did not properly implement
security checks in the DDRIO configuration. A local authenticated user
could potentially use this issue to escalate their privileges.
(CVE-2025-32086)
2 weeks 1 day ago
It was discovered that sudo-rs incorrectly handled passwords when timeouts
occurred and the pwfeedback default was not set. This could result in a
partially typed password being output to standard input, contrary to
expectations.
It was discovered that sudo-rs incorrectly handled the targetpw and rootpw
default settings when creating timestamp files. A local attacker could
possibly use this issue to bypass authentication in certain configurations.
2 weeks 1 day ago
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Virtio block driver;
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Media drivers;
- Network drivers;
- Ethernet team driver;
- TTY drivers;
- Framebuffer layer;
- BTRFS file system;
- Ext4 file system;
- Network file system (NFS) server daemon;
- Timer subsystem;
- DCCP (Datagram Congestion Control Protocol);
- IPv6 networking;
- NET/ROM layer;
- Packet sockets;
- SCTP protocol;
- VMware vSockets driver;
- USB sound devices;
(CVE-2021-47149, CVE-2021-47294, CVE-2021-47319, CVE-2021-47330,
CVE-2021-47589, CVE-2023-52574, CVE-2023-52650, CVE-2024-27078,
CVE-2024-35849, CVE-2024-49924, CVE-2024-50006, CVE-2024-50299,
CVE-2024-53124, CVE-2024-53150, CVE-2024-56767, CVE-2025-21796,
CVE-2025-37785, CVE-2025-37838, CVE-2025-38352, CVE-2025-38617,
CVE-2025-38618)
2 weeks 1 day ago
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS.
2 weeks 1 day ago
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS.
2 weeks 1 day ago
2 weeks 1 day ago
Version:next-20251110 (linux-next)
Released:2025-11-10
2 weeks 2 days ago
2 weeks 2 days ago
FEDORA-FLATPAK-2025-069f618c90
Packages in this update:
- dolphin-emu-flatpak-2503a-4
Update description:
Fixed CVEs in bundled dependencies
2 weeks 2 days ago
FEDORA-2025-f7d7958683
Packages in this update:
Update description:
FVWM3 ver. 1.1.4