Aggregator

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; - Clock framework and drivers; - GPU drivers; - IIO subsystem; - InfiniBand drivers; - Media drivers; - MemoryStick subsystem; - Network drivers; - NTB driver; - PCI subsystem; - Remote Processor subsystem; - Thermal drivers; - Virtio Host (VHOST) subsystem; - 9P distributed file system; - File systems infrastructure; - JFS file system; - Network file system (NFS) server daemon; - NTFS3 file system; - SMB network file system; - Memory management; - RDMA verbs API; - Kernel fork() syscall; - Tracing infrastructure; - Watch queue notification mechanism; - Asynchronous Transfer Mode (ATM) subsystem; - Networking core; - IPv4 networking; - IPv6 networking; - Netfilter; - Network traffic control; - SCTP protocol; - TLS protocol; - SoC Audio for Freescale CPUs drivers; (CVE-2025-39728, CVE-2025-23136, CVE-2025-22062, CVE-2025-22035, CVE-2025-22020, CVE-2025-22083, CVE-2025-22071, CVE-2025-22060, CVE-2025-22073, CVE-2025-22044, CVE-2025-22063, CVE-2025-22079, CVE-2025-22057, CVE-2025-22095, CVE-2025-39735, CVE-2025-39682, CVE-2025-22058, CVE-2025-22021, CVE-2025-22018, CVE-2025-22056, CVE-2025-22054, CVE-2025-22080, CVE-2025-22039, CVE-2025-22019, CVE-2025-22038, CVE-2025-22028, CVE-2023-53034, CVE-2024-58092, CVE-2025-38637, CVE-2025-22089, CVE-2025-40114, CVE-2025-22068, CVE-2025-37937, CVE-2025-22070, CVE-2025-22072, CVE-2025-22086, CVE-2025-22050, CVE-2025-22040, CVE-2025-22065, CVE-2025-38575, CVE-2025-22064, CVE-2025-22033, CVE-2025-22041, CVE-2025-22090, CVE-2025-22036, CVE-2025-23138, CVE-2025-22047, CVE-2025-38240, CVE-2025-22066, CVE-2025-22042, CVE-2025-38152, CVE-2025-22055, CVE-2025-22081, CVE-2025-22045, CVE-2025-22053, CVE-2025-22075, CVE-2025-22027, CVE-2025-22025, CVE-2025-22097)

Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Ublk userspace block driver; - Bus devices; - DMA engine subsystem; - Arm Firmware Framework for ARMv8-A(FFA); - Cirrus firmware drivers; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - I2C subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - TI TPS6594 PFSM driver; - MMC subsystem; - MTD block device drivers; - Network drivers; - NVME drivers; - x86 platform drivers; - RapidIO drivers; - Voltage and Current Regulator drivers; - Remote Processor subsystem; - S/390 drivers; - SCSI subsystem; - TCM subsystem; - Trusted Execution Environment drivers; - TTY drivers; - ChipIdea USB driver; - USB Type-C support driver; - Framebuffer layer; - TSM Common Guest driver; - File systems infrastructure; - BTRFS file system; - Ceph distributed file system; - Ext4 file system; - F2FS file system; - JFFS2 file system; - JFS file system; - Network file systems library; - Network file system (NFS) client; - Network file system (NFS) server daemon; - SMB network file system; - Memory Management; - Bluetooth subsystem; - Tracing infrastructure; - io_uring subsystem; - IPC subsystem; - BPF subsystem; - Perf events; - Kernel exit() syscall; - IRQ subsystem; - Scheduler infrastructure; - Maple Tree data structure library; - Memory management; - Asynchronous Transfer Mode (ATM) subsystem; - Ethernet bridge; - Networking core; - IPv6 networking; - MultiProtocol Label Switching driver; - Netfilter; - NFC subsystem; - Rose network layer; - Network traffic control; - Sun RPC protocol; - TIPC protocol; - TLS protocol; - Unix domain sockets; - VMware vSockets driver; - WCD audio codecs; - USB sound devices; (CVE-2025-38339, CVE-2025-38391, CVE-2025-38262, CVE-2025-38345, CVE-2025-38387, CVE-2025-38373, CVE-2025-38395, CVE-2025-38330, CVE-2025-38425, CVE-2025-38210, CVE-2025-38206, CVE-2025-38219, CVE-2025-38245, CVE-2025-38253, CVE-2025-38401, CVE-2025-38410, CVE-2025-38086, CVE-2025-38340, CVE-2025-38368, CVE-2025-38385, CVE-2025-38384, CVE-2025-38326, CVE-2025-38224, CVE-2025-38338, CVE-2025-38191, CVE-2025-39682, CVE-2025-38343, CVE-2025-38090, CVE-2025-38228, CVE-2025-38182, CVE-2025-38231, CVE-2025-38183, CVE-2025-38184, CVE-2025-38237, CVE-2025-38413, CVE-2025-38356, CVE-2025-38246, CVE-2025-38202, CVE-2025-38248, CVE-2025-38254, CVE-2025-38426, CVE-2025-38429, CVE-2025-38364, CVE-2025-38388, CVE-2025-38435, CVE-2025-38403, CVE-2025-38186, CVE-2025-38199, CVE-2025-38402, CVE-2025-38181, CVE-2025-38264, CVE-2025-38362, CVE-2025-38341, CVE-2025-38422, CVE-2025-38331, CVE-2025-38423, CVE-2025-38233, CVE-2025-38337, CVE-2025-38328, CVE-2025-38196, CVE-2025-38412, CVE-2025-38205, CVE-2025-38242, CVE-2025-38324, CVE-2025-38354, CVE-2025-38347, CVE-2025-38217, CVE-2025-38393, CVE-2025-38392, CVE-2025-38390, CVE-2025-38321, CVE-2025-38541, CVE-2025-38363, CVE-2025-38203, CVE-2025-38250, CVE-2025-38418, CVE-2025-38336, CVE-2025-38333, CVE-2025-38194, CVE-2025-38372, CVE-2025-38348, CVE-2025-38370, CVE-2025-38411, CVE-2025-38188, CVE-2025-38365, CVE-2025-38241, CVE-2025-38201, CVE-2025-38259, CVE-2025-38355, CVE-2025-38227, CVE-2025-38225, CVE-2025-38405, CVE-2025-38329, CVE-2025-38232, CVE-2025-38344, CVE-2025-38238, CVE-2025-38239, CVE-2025-38260, CVE-2025-38257, CVE-2025-38399, CVE-2025-38419, CVE-2025-38430, CVE-2025-38251, CVE-2025-38332, CVE-2025-38220, CVE-2025-38417, CVE-2025-38396, CVE-2025-38234, CVE-2025-38434, CVE-2025-38197, CVE-2025-38436, CVE-2025-38408, CVE-2025-38204, CVE-2025-38222, CVE-2025-38361, CVE-2025-38218, CVE-2025-38212, CVE-2025-38198, CVE-2025-38255, CVE-2025-38389, CVE-2025-38085, CVE-2025-38244, CVE-2025-38089, CVE-2025-38428, CVE-2025-38369, CVE-2025-38189, CVE-2025-38084, CVE-2025-38400, CVE-2025-38382, CVE-2025-38223, CVE-2025-38325, CVE-2025-38263, CVE-2025-38249, CVE-2025-38346, CVE-2025-38320, CVE-2025-38409, CVE-2025-38374, CVE-2025-38208, CVE-2025-38256, CVE-2025-38371, CVE-2025-38192, CVE-2025-38406, CVE-2025-38360, CVE-2025-38258, CVE-2025-38226, CVE-2025-38376, CVE-2025-38375, CVE-2025-38200, CVE-2025-38523, CVE-2025-38334, CVE-2025-38236, CVE-2025-38386, CVE-2025-38421, CVE-2025-38087, CVE-2025-38416, CVE-2025-38179, CVE-2025-38420, CVE-2025-38424, CVE-2025-38377, CVE-2025-38359, CVE-2025-38342, CVE-2025-38431, CVE-2025-38407, CVE-2025-38427, CVE-2025-38229, CVE-2025-38353, CVE-2025-38383, CVE-2025-38211, CVE-2025-38322, CVE-2025-38381, CVE-2025-38261)

FEDORA-2025-0753bddd6c Packages in this update:

• bpfman-0.5.4-3.fc42

Update description:

This update fixes CVE-2025-0977 (RUSTSEC-2025-0004), a use-after-free vulnerability in the Rust openssl crate's ssl::select_next_proto function. The openssl crate has been updated from version 0.10.67 to 0.10.70 in the vendored dependencies.

FEDORA-2025-e67231423f Packages in this update:

• bpfman-0.5.4-3.fc43

Update description:

This update fixes CVE-2025-0977 (RUSTSEC-2025-0004), a use-after-free vulnerability in the Rust openssl crate's ssl::select_next_proto function. The openssl crate has been updated from version 0.10.67 to 0.10.70 in the vendored dependencies.

FEDORA-2025-78747a63cd Packages in this update:

• luksmeta-10-1.fc41

Update description:

New upstream release v10 Fix: CVE-2025-11568

FEDORA-2025-457000540a Packages in this update:

• luksmeta-10-1.fc42

Update description:

New upstream release v10 Fix: CVE-2025-11568

FEDORA-2025-e53e8fdc0a Packages in this update:

• luksmeta-10-1.fc43

Update description:

Fix handling of large metadata Fix: CVE-2025-11568

Version:next-20251031 (linux-next) Released:2025-10-31

FEDORA-2025-9d12a32bce Packages in this update:

• golang-github-openprinting-ipp-usb-0.9.30-7.fc41

Update description:

Rebuild with the latest golang in repos

FEDORA-2025-d9921d4ed5 Packages in this update:

• golang-github-openprinting-ipp-usb-0.9.30-7.fc42

Update description:

Rebuild with the latest golang in repos

FEDORA-2025-46b6a955b3 Packages in this update:

• golang-github-openprinting-ipp-usb-0.9.30-7.fc43

Update description:

Rebuild with the latest golang in repos

FEDORA-2025-ece4f3816e Packages in this update:

• dotnet9.0-9.0.111-1.fc41

Update description:

This is the October 2025 release of .NET 9, updating the SDK to version 9.0.111 and runtime to version to 9.0.10.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.10/9.0.111.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.10/9.0.10.md

FEDORA-2025-e9c0b9e1b4 Packages in this update:

• dotnet9.0-9.0.111-1.fc42

Update description:

This is the October 2025 release of .NET 9, updating the SDK to version 9.0.111 and runtime to version to 9.0.10.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.10/9.0.111.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.10/9.0.10.md

FEDORA-2025-08b0c5ec40 Packages in this update:

• dotnet9.0-9.0.111-1.fc43

Update description:

This is the October 2025 release of .NET 9, updating the SDK to version 9.0.111 and runtime to version to 9.0.10.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.10/9.0.111.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.10/9.0.10.md

This is the September 2025 release of .NET 9.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.9/9.0.110.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.9/9.0.9.md

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - DMA engine subsystem; - GPU drivers; - HSI subsystem; - Ethernet team driver; - Ext4 file system; - Timer subsystem; - DCCP (Datagram Congestion Control Protocol); - IPv6 networking; - NET/ROM layer; - SCTP protocol; - USB sound devices; (CVE-2023-52574, CVE-2023-52650, CVE-2024-41006, CVE-2024-50006, CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767, CVE-2025-37838, CVE-2025-38352)

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - DMA engine subsystem; - GPU drivers; - HSI subsystem; - Ethernet team driver; - Framebuffer layer; - BTRFS file system; - Ext4 file system; - Network file system (NFS) server daemon; - Timer subsystem; - DCCP (Datagram Congestion Control Protocol); - IPv6 networking; - NET/ROM layer; - Packet sockets; - Network traffic control; - SCTP protocol; - VMware vSockets driver; - USB sound devices; (CVE-2023-52574, CVE-2023-52650, CVE-2024-35849, CVE-2024-41006, CVE-2024-49924, CVE-2024-50006, CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767, CVE-2025-21796, CVE-2025-37785, CVE-2025-37838, CVE-2025-38352, CVE-2025-38477, CVE-2025-38617, CVE-2025-38618)

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - DMA engine subsystem; - GPU drivers; - HSI subsystem; - Ethernet team driver; - Ext4 file system; - Timer subsystem; - DCCP (Datagram Congestion Control Protocol); - IPv6 networking; - NET/ROM layer; - SCTP protocol; - USB sound devices; (CVE-2023-52574, CVE-2023-52650, CVE-2024-41006, CVE-2024-50006, CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767, CVE-2025-37838, CVE-2025-38352)

It was discovered that libxslt, used by libxml2, incorrectly handled certain attributes. An attacker could use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This update adds a fix to libxml2 to mitigate the libxslt vulnerability.

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) A security issues was discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystem: - USB sound devices; (CVE-2024-53150)

FEDORA-2025-2ff6e32273 Packages in this update:

• varnish-7.7.3-2.fc44

Update description:

Automatic update for varnish-7.7.3-2.fc44.

Changelog * Wed Oct 29 2025 Luboš Uhliarik <luhliari@redhat.com> - 7.7.3-2 - Add tmpfiles.d rules for /var directories (bootc compatibility) * Mon Sep 15 2025 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.7.3-1 - New upstream release: A security release - Includes fix for VSV00017 aka CVE-2025-8671, rhbz#2388222 * Thu Jul 31 2025 Luboš Uhliarik <luhliari@redhat.com> - 7.7.1-4 - bundle jemalloc in RHEL * Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 7.7.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Thu May 22 2025 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.7.1-2 - Correct ABI and VRT versions - Pulled el7 support - Use systemd setup for users * Tue May 20 2025 Luboš Uhliarik <luhliari@redhat.com> - 7.7.1-1 - new version 7.7.1 * Thu Mar 27 2025 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.7.0-2 - Fix for eln build (merged from yselkowitz) - Fix for failing h2 switch check. Enabling full test suite again * Mon Mar 24 2025 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.7.0-1 - New upstream release - fedora now has completed the bin/sbin merge * Sun Jan 19 2025 Fedora Release Engineering <releng@fedoraproject.org> - 7.6.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Mon Dec 2 2024 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.6.1-1 - New upstream release * Mon Sep 16 2024 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.6.0-1 - New upstream release - Updated checkout of pkg-varnish * Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Tue Mar 19 2024 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.5.0-1 - New upstream release - Moved somethings around to make the diff from the upstream spec less - Upped some memory requirements in some of the tests. Necessary on aarch64 and ppc64le (and ppc32) - Reduced number of parallel jobs on s390x builders as builds tend to fail when stressed - Retired armv7hl * Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7.4.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Wed Nov 8 2023 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.4.2-1 - New upstream release. A security release - Includes fix for CVE-2023-44487 aka VSV00013, rhbz#2243328, HTTP/2 Rapid Reset Attack