Aggregator

FEDORA-2025-5805ed7a8f Packages in this update:

• ruby-3.4.7-26.fc42

Update description:

• Upgrade to Ruby 3.4.7.
• Fix URI Credential Leakage Bypass previous fixes. Resolves: CVE-2025-61594
• Fix REXML denial of service. Resolves: rhbz#2396204 Resolves: CVE-2025-58767

USN-7839-1 fixed vulnerabilities in Go Cryptography. This update provides the corresponding update in the Go Cryptography module included in Google Guest Agent. Original advisory details: Damien Tournoud, Patrick Dawkins, Vince Parker, and Jules Duvivier discovered that Go Cryptography incorrectly handled public keys during SSH operations. An attacker could possibly use this issue to bypass authorization mechanisms.

Version:next-20251103 (linux-next) Released:2025-11-03

Version:6.18-rc4 (mainline) Released:2025-11-02 Source:linux-6.18-rc4.tar.gz Patch:full (incremental)

FEDORA-2025-f30852616f Packages in this update:

• dotnet8.0-8.0.121-1.fc41

Update description:

This is the October 2025 release of .NET 8.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.21/8.0.121.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.21/8.0.21.md

FEDORA-2025-f74de9283d Packages in this update:

• dotnet8.0-8.0.121-1.fc42

Update description:

This is the October 2025 release of .NET 8.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.21/8.0.121.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.21/8.0.21.md

FEDORA-2025-9171c95e17 Packages in this update:

• dotnet8.0-8.0.121-1.fc43

Update description:

This is the October 2025 release of .NET 8.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.21/8.0.121.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.21/8.0.21.md

FEDORA-2025-d44581756d Packages in this update:

• libnbd-1.23.10-1.fc43

Update description:

New upstream development version 1.23.10

New upstream development version 1.23.9

FEDORA-2025-fe7ea8bbdd Packages in this update:

• mbedtls-2.28.10-2.fc41

Update description:

Backport CVE fixes from 3.6

Version:6.17.7 (stable) Released:2025-11-02 Source:linux-6.17.7.tar.xz PGP Signature:linux-6.17.7.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.17.7

Version:6.12.57 (longterm) Released:2025-11-02 Source:linux-6.12.57.tar.xz PGP Signature:linux-6.12.57.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.57

Version:6.6.116 (longterm) Released:2025-11-02 Source:linux-6.6.116.tar.xz PGP Signature:linux-6.6.116.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.116

FEDORA-2025-6c9c483e21 Packages in this update:

• cef-141.0.11^chromium141.0.7390.122-1.fc43

Update description:

Update to 141.0.7390.122

• High CVE-2025-12036 chromium: Inappropriate implementation in V8
• High CVE-2025-11756: Use after free in Safe Browsing
• High CVE-2025-11458: Heap buffer overflow in Sync
• High CVE-2025-11460: Use after free in Storage
• Medium CVE-2025-11211: Out of bounds read in WebCodecs
• High CVE-2025-11205: Heap buffer overflow in WebGPU
• High CVE-2025-11206: Heap buffer overflow in Video
• Medium CVE-2025-11207: Side-channel information leakage in Storage
• Medium CVE-2025-11208: Inappropriate implementation in Media
• Medium CVE-2025-11209: Inappropriate implementation in Omnibox
• Medium CVE-2025-11210: Side-channel information leakage in Tab
• Medium CVE-2025-11211: Out of bounds read in Media
• Medium CVE-2025-11212: Inappropriate implementation in Media
• Medium CVE-2025-11213: Inappropriate implementation in Omnibox
• Medium CVE-2025-11215: Off by one error in V8
• Low CVE-2025-11216: Inappropriate implementation in Storage
• Low CVE-2025-11219: Use after free in V8
• CVE-2025-10890: Side-channel information leakage in V8
• CVE-2025-10891: Integer overflow in V8
• CVE-2025-10892: Integer overflow in V8

FEDORA-2025-313f6d7702 Packages in this update:

• cef-141.0.11^chromium141.0.7390.122-1.fc42

Update description:

Update to 141.0.7390.122

• High CVE-2025-12036 chromium: Inappropriate implementation in V8
• High CVE-2025-11756: Use after free in Safe Browsing
• High CVE-2025-11458: Heap buffer overflow in Sync
• High CVE-2025-11460: Use after free in Storage
• Medium CVE-2025-11211: Out of bounds read in WebCodecs
• High CVE-2025-11205: Heap buffer overflow in WebGPU
• High CVE-2025-11206: Heap buffer overflow in Video
• Medium CVE-2025-11207: Side-channel information leakage in Storage
• Medium CVE-2025-11208: Inappropriate implementation in Media
• Medium CVE-2025-11209: Inappropriate implementation in Omnibox
• Medium CVE-2025-11210: Side-channel information leakage in Tab
• Medium CVE-2025-11211: Out of bounds read in Media
• Medium CVE-2025-11212: Inappropriate implementation in Media
• Medium CVE-2025-11213: Inappropriate implementation in Omnibox
• Medium CVE-2025-11215: Off by one error in V8
• Low CVE-2025-11216: Inappropriate implementation in Storage
• Low CVE-2025-11219: Use after free in V8
• CVE-2025-10890: Side-channel information leakage in V8
• CVE-2025-10891: Integer overflow in V8
• CVE-2025-10892: Integer overflow in V8

FEDORA-2025-ea90f8d03c Packages in this update:

• dolphin-emu-2503a-11.fc43

Update description:

Add CVE and bug fixes to bundled mbedtls in dolphin-emu

FEDORA-2025-cbd9bd51dd Packages in this update:

• dolphin-emu-2503a-4.fc42

Update description:

Add CVE and bug fixes to bundled mbedtls in dolphin-emu

FEDORA-2025-01148de25a Packages in this update:

• skopeo-1.20.0-4.fc42

Update description:

Security fix for CVE-2025-58189 and CVE-2025-61725

FEDORA-2025-af04521261 Packages in this update:

• skopeo-1.20.0-5.fc43

Update description:

Security fix for CVE-2025-58189, CVE-2025-61725

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; - Clock framework and drivers; - GPU drivers; - IIO subsystem; - InfiniBand drivers; - Media drivers; - MemoryStick subsystem; - Network drivers; - NTB driver; - PCI subsystem; - Remote Processor subsystem; - Thermal drivers; - Virtio Host (VHOST) subsystem; - 9P distributed file system; - File systems infrastructure; - JFS file system; - Network file system (NFS) server daemon; - NTFS3 file system; - SMB network file system; - Memory management; - RDMA verbs API; - Kernel fork() syscall; - Tracing infrastructure; - Watch queue notification mechanism; - Asynchronous Transfer Mode (ATM) subsystem; - Networking core; - IPv4 networking; - IPv6 networking; - Netfilter; - Network traffic control; - SCTP protocol; - TLS protocol; - SoC Audio for Freescale CPUs drivers; (CVE-2025-39728, CVE-2025-23136, CVE-2025-22062, CVE-2025-22035, CVE-2025-22020, CVE-2025-22083, CVE-2025-22071, CVE-2025-22060, CVE-2025-22073, CVE-2025-22044, CVE-2025-22063, CVE-2025-22079, CVE-2025-22057, CVE-2025-22095, CVE-2025-39735, CVE-2025-39682, CVE-2025-22058, CVE-2025-22021, CVE-2025-22018, CVE-2025-22056, CVE-2025-22054, CVE-2025-22080, CVE-2025-22039, CVE-2025-22019, CVE-2025-22038, CVE-2025-22028, CVE-2023-53034, CVE-2024-58092, CVE-2025-38637, CVE-2025-22089, CVE-2025-40114, CVE-2025-22068, CVE-2025-37937, CVE-2025-22070, CVE-2025-22072, CVE-2025-22086, CVE-2025-22050, CVE-2025-22040, CVE-2025-22065, CVE-2025-38575, CVE-2025-22064, CVE-2025-22033, CVE-2025-22041, CVE-2025-22090, CVE-2025-22036, CVE-2025-23138, CVE-2025-22047, CVE-2025-38240, CVE-2025-22066, CVE-2025-22042, CVE-2025-38152, CVE-2025-22055, CVE-2025-22081, CVE-2025-22045, CVE-2025-22053, CVE-2025-22075, CVE-2025-22027, CVE-2025-22025, CVE-2025-22097)