Aggregator

FEDORA-2025-4dd58248ff Packages in this update:

• yarnpkg-1.22.22-12.fc41

Update description:

Fix CVE-2025-59343.

FEDORA-EPEL-2025-862f09d922 Packages in this update:

• webkitgtk-2.50.0-3.el10_1

Update description:

Merge remote-tracking branch 'origin/rawhide' into epel10.1

FEDORA-2025-ddecb35946 Packages in this update:

• firefox-143.0.3-1.fc42

Update description:

• New upstream release (143.0.3)

FEDORA-2025-b18c05fecd Packages in this update:

• firefox-143.0.3-1.fc41

Update description:

• New upstream release (143.0.3)

FEDORA-2025-2503abb88f Packages in this update:

• mirrorlist-server-3.0.8-1.fc41
• rust-maxminddb-0.26.0-1.fc41
• rust-prometheus-0.14.0-1.fc41
• rust-prometheus_exporter-0.8.5-5.fc41
• rust-protobuf-3.7.2-1.fc41
• rust-protobuf-codegen-3.7.2-1.fc41
• rust-protobuf-parse-3.7.2-1.fc41
• rust-protobuf-support-3.7.2-1.fc41

Update description:

• Update mirrorlist-server to version 3.0.8.
• Update the maxminddb crate to version 0.26.0.
• Update the prometheus crate to version 0.14.0.
• Update the protobuf and protobuf-codegen crates to version 3.7.2.
• Initial packaging of the protobuf-parse and protobuf-support crates.

This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in the protobuf crate).

FEDORA-2025-1ac08db27d Packages in this update:

• mirrorlist-server-3.0.8-1.fc42
• rust-maxminddb-0.26.0-1.fc42
• rust-prometheus-0.14.0-1.fc42
• rust-prometheus_exporter-0.8.5-5.fc42
• rust-protobuf-3.7.2-1.fc42
• rust-protobuf-codegen-3.7.2-1.fc42
• rust-protobuf-parse-3.7.2-1.fc42
• rust-protobuf-support-3.7.2-1.fc42

Update description:

• Update mirrorlist-server to version 3.0.8.
• Update the maxminddb crate to version 0.26.0.
• Update the prometheus crate to version 0.14.0.
• Update the protobuf and protobuf-codegen crates to version 3.7.2.
• Initial packaging of the protobuf-parse and protobuf-support crates.

This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in the protobuf crate).

FEDORA-2025-9e77f6ddcb Packages in this update:

• mirrorlist-server-3.0.8-1.fc43
• rust-maxminddb-0.26.0-1.fc43
• rust-prometheus-0.14.0-1.fc43
• rust-prometheus_exporter-0.8.5-5.fc43
• rust-protobuf-3.7.2-1.fc43
• rust-protobuf-codegen-3.7.2-1.fc43
• rust-protobuf-parse-3.7.2-1.fc43
• rust-protobuf-support-3.7.2-1.fc43

Update description:

• Update mirrorlist-server to version 3.0.8.
• Update the maxminddb crate to version 0.26.0.
• Update the prometheus crate to version 0.14.0.
• Update the protobuf and protobuf-codegen crates to version 3.7.2.
• Initial packaging of the protobuf-parse and protobuf-support crates.

This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in the protobuf crate).

FEDORA-2025-41d833fe83 Packages in this update:

• mirrorlist-server-3.0.8-1.fc44
• rust-maxminddb-0.26.0-1.fc44
• rust-protobuf-3.7.2-1.fc44
• rust-protobuf-codegen-3.7.2-1.fc44
• rust-protobuf-parse-3.7.2-1.fc44
• rust-protobuf-support-3.7.2-1.fc44

Update description:

• Update mirrorlist-server to version 3.0.8.
• Update the maxminddb crate to version 0.26.0.
• Update the protobuf and protobuf-codegen crates to version 3.7.2.
• Initial packaging of the protobuf-parse and protobuf-support crates.

This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in the protobuf crate).

FEDORA-2025-5e448ba17a Packages in this update:

• oci-seccomp-bpf-hook-1.2.10-8.fc41

Update description:

security fix for CVE-2025-47906

FEDORA-2025-39dd3e6f91 Packages in this update:

• oci-seccomp-bpf-hook-1.2.10-9.fc42

Update description:

security fix for CVE-2025-47906

Stanislav Fort discovered that OpenSSL incorrectly handled memory when trying to decrypt CMS messages encrypted with password-based encryption. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-9230) Stanislav Fort discovered that OpenSSL had a timing side-channel in SM2 signature computations on ARM platforms. A remote attacker could possibly use this issue to recover private data. This issue only affected Ubuntu 25.04. (CVE-2025-9231) Stanislav Fort discovered that OpenSSL incorrectly handled memory during HTTP requests when "no_proxy" environment variable is set. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.04. (CVE-2025-9232)

FEDORA-2025-f94e6fe0b4 Packages in this update:

• httpd-2.4.64-1.fc41

Update description:

New version 2.4.64 and security fixes

FEDORA-2025-1a3968c333 Packages in this update:

• freeipa-4.12.5-2.1.fc41

Update description:

• CVE-2025-7493: host to admin escalation prevention: https://www.freeipa.org/release-notes/4-12-5.html

• Update FreeIPA to latest fixes from ipa-4-12 branch

FEDORA-2025-e41ba62ff1 Packages in this update:

• freeipa-4.12.5-2.fc42

Update description:

• CVE-2025-7493: host to admin escalation prevention: https://www.freeipa.org/release-notes/4-12-5.html

• Update FreeIPA to latest fixes from ipa-4-12 branch

FEDORA-EPEL-2025-353441fbbe Packages in this update:

• apptainer-1.4.3-1.el9

Update description:

Update to upstream 1.4.3, fix CVE-2025-58058

FEDORA-2025-402b80a0de Packages in this update:

• apptainer-1.4.3-1.fc42

Update description:

Update to upstream 1.4.3, fix CVE-2025-58058

FEDORA-EPEL-2025-999e2b79bc Packages in this update:

• apptainer-1.4.3-1.el10_0

Update description:

Update to upstream 1.4.3, fix CVE-2025-58058

FEDORA-EPEL-2025-d036e499d7 Packages in this update:

• apptainer-1.4.3-1.el10_1

Update description:

Update to upstream 1.4.3, fix CVE-2025-58058

FEDORA-2025-49400d941c Packages in this update:

• apptainer-1.4.3-1.fc41

Update description:

Update to upstream 1.4.3, fix CVE-2025-58058

FEDORA-EPEL-2025-8e4a1e1aa8 Packages in this update:

• apptainer-1.4.3-1.el10_2

Update description:

Update to upstream 1.4.3, fix CVE-2025-58058