Aggregator

FEDORA-EPEL-2025-cc5498e802 Packages in this update:

• python-pdfminer-20220319-3.el8

Update description:

Backport security fix for GHSA-wf5f-4jwr-ppcp / CVE-2025-64512

FEDORA-2025-8a248ee4f4 Packages in this update:

• buildah-1.42.1-1.fc42
• podman-5.7.0-1.fc42

Update description:

Automatic update for podman-5.7.0-1.fc42, buildah-1.42.1-1.fc42.

Changelog for podman * Tue Nov 11 2025 Packit <hello@packit.dev> - 5:5.7.0-1 - Update to 5.7.0 upstream release * Thu Oct 30 2025 Packit <hello@packit.dev> - 5:5.7.0~rc2-1 - Update to 5.7.0-rc2 upstream release * Tue Oct 28 2025 Lokesh Mandvekar <lsm5@redhat.com> - 5:5.7.0~rc1-1 - bump to v5.7.0-rc1 Changelog for buildah * Tue Nov 11 2025 Packit <hello@packit.dev> - 2:1.42.1-1 - Update to 1.42.1 upstream release * Mon Nov 03 2025 Lokesh Mandvekar <lsm5@redhat.com> - 2:1.42.0-3 - Rebuild for CVE fixes * Thu Oct 23 2025 Lokesh Mandvekar <lsm5@redhat.com> - 2:1.42.0-2 - cleanup changelog * Wed Oct 22 2025 Packit <hello@packit.dev> - 2:1.42.0-1 - Update to 1.42.0 upstream release

Version:next-20251111 (linux-next) Released:2025-11-11

Hanno Böck discovered that Raptor incorrectly handled memory operations when processing certain input files. An attacker could possibly use this issue to cause Raptor to crash, resulting in a denial of service. (CVE-2020-25713) Pedro Ribeiro discovered that Raptor incorrectly handled parsing certain tuples. An attacker could possibly use this issue to cause Raptor to crash, resulting in a denial of service. (CVE-2024-57822) Pedro Ribeiro discovered that Raptor incorrectly handled parsing certain turtles. An attacker could use this issue to cause Raptor to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2024-57823)

Hanno Böck discovered that Raptor incorrectly handled memory operations when processing certain input files. An attacker could use this issue to cause Raptor to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-18926) Hanno Böck discovered that Raptor incorrectly handled memory operations when processing certain input files. An attacker could possibly use this issue to cause Raptor to crash, resulting in a denial of service. (CVE-2020-25713)

FEDORA-2025-baed7e9a64 Packages in this update:

• dotnet10.0-10.0.100~rc.2.25502.107-0.10.fc41

Update description:

Update .NET 10 to RC 2

FEDORA-2025-b9a310a7bf Packages in this update:

• dotnet10.0-10.0.100~rc.2.25502.107-0.10.fc42

Update description:

Update .NEt 10 to RC 2

FEDORA-2025-527c4681db Packages in this update:

• dotnet10.0-10.0.100~rc.2.25502.107-0.10.fc43

Update description:

Update .NET 10 to RC 2

Barak Gross discovered that some Intel® Xeon® processors with SGX enabled did not properly handle buffer restrictions. A local authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-20053) Avinash Maddy discovered that some Intel® processors did not properly isolate or compartmentalize the stream cache mechanisms. A local authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-20109) Joseph Nuzman discovered that some Intel® Xeon® processors did not properly manage references to active allocate resources. A local authenticated user could potentially use this issue to cause a denial of service (system crash). (CVE-2025-21090) It was discovered that some Intel® Xeon® 6 processors did not properly provide sufficient granularity of access control in the out of band management service module (OOB-MSM). An authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-22839) It was discovered that some Intel® Xeon® 6 Scalable processors did not properly handle a specific sequence of processor instructions, leading to unexpected behavior. A local authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-22840) Joseph Nuzman discovered that some Intel® Xeon® 6 processors with Intel® Trust Domain Extensions (Intel® TDX) did not properly handle overlap between protected memory ranges. A local authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-22889) Avraham Shalev discovered that some Intel® Xeon® processors did not properly provide sufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware. A local authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-24305) Aviv Eisen and Avraham Shalev discovered that some Intel® Xeon® 6 processors when using Intel® SGX or Intel® TDX did not properly protect against out-of-bounds writes in the memory subsystem. A local authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-26403) Aviv Eisen and Avraham Shalev discovered that some Intel® Xeon® 6 processors when using Intel® SGX or Intel® TDX did not properly implement security checks in the DDRIO configuration. A local authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-32086)

It was discovered that sudo-rs incorrectly handled passwords when timeouts occurred and the pwfeedback default was not set. This could result in a partially typed password being output to standard input, contrary to expectations. It was discovered that sudo-rs incorrectly handled the targetpw and rootpw default settings when creating timestamp files. A local attacker could possibly use this issue to bypass authentication in certain configurations.

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Virtio block driver; - DMA engine subsystem; - GPU drivers; - HSI subsystem; - Media drivers; - Network drivers; - Ethernet team driver; - TTY drivers; - Framebuffer layer; - BTRFS file system; - Ext4 file system; - Network file system (NFS) server daemon; - Timer subsystem; - DCCP (Datagram Congestion Control Protocol); - IPv6 networking; - NET/ROM layer; - Packet sockets; - SCTP protocol; - VMware vSockets driver; - USB sound devices; (CVE-2021-47149, CVE-2021-47294, CVE-2021-47319, CVE-2021-47330, CVE-2021-47589, CVE-2023-52574, CVE-2023-52650, CVE-2024-27078, CVE-2024-35849, CVE-2024-49924, CVE-2024-50006, CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767, CVE-2025-21796, CVE-2025-37785, CVE-2025-37838, CVE-2025-38352, CVE-2025-38617, CVE-2025-38618)

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS.

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS.

Version:next-20251110 (linux-next) Released:2025-11-10

Version:6.18-rc5 (mainline) Released:2025-11-09 Source:linux-6.18-rc5.tar.gz Patch:full (incremental)

FEDORA-FLATPAK-2025-069f618c90 Packages in this update:

• dolphin-emu-flatpak-2503a-4

Update description:

Fixed CVEs in bundled dependencies

FEDORA-2025-f7d7958683 Packages in this update:

• fvwm3-1.1.4-1.fc42

Update description:

FVWM3 ver. 1.1.4