2 weeks 2 days ago
FEDORA-2025-80c24c67b6
Packages in this update:
- chromium-141.0.7390.122-1.fc42
Update description:
Update to 141.0.7390.122
- High CVE-2025-12036 chromium: Inappropriate implementation in V8
2 weeks 2 days ago
FEDORA-EPEL-2025-bab8ce5461
Packages in this update:
- chromium-141.0.7390.122-1.el9
Update description:
Update to 141.0.7390.122
- High CVE-2025-12036 chromium: Inappropriate implementation in V8
2 weeks 2 days ago
FEDORA-2025-2d70cfaa80
Packages in this update:
Update description:
- Updated to latest upstream (114.0)
2 weeks 2 days ago
2 weeks 2 days ago
2 weeks 2 days ago
2 weeks 2 days ago
2 weeks 2 days ago
FEDORA-2025-87154673fe
Packages in this update:
Update description:
Rebuild for CVE-2025-47906.
https://pkg.go.dev/vuln/GO-2025-3956
2 weeks 2 days ago
FEDORA-2025-6738ea943a
Packages in this update:
Update description:
Rebuild for CVE-2025-47906.
https://pkg.go.dev/vuln/GO-2025-3956
2 weeks 2 days ago
Version:next-20251023 (linux-next)
Released:2025-10-23
2 weeks 2 days ago
Shaun Mirani discovered that GStreamer Good Plugins incorrectly handled
certain malformed media files. An attacker could possibly use this issue to
cause GStreamer Good Plugins to crash, resulting in a denial of service, or
disclose sensitive information.
2 weeks 2 days ago
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- ACPI drivers;
- Ublk userspace block driver;
- Clock framework and drivers;
- GPU drivers;
- IIO subsystem;
- InfiniBand drivers;
- Media drivers;
- MemoryStick subsystem;
- Network drivers;
- NTB driver;
- PCI subsystem;
- Remote Processor subsystem;
- Thermal drivers;
- Virtio Host (VHOST) subsystem;
- 9P distributed file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) server daemon;
- NTFS3 file system;
- SMB network file system;
- Memory management;
- RDMA verbs API;
- Kernel fork() syscall;
- Tracing infrastructure;
- Watch queue notification mechanism;
- Asynchronous Transfer Mode (ATM) subsystem;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- Netfilter;
- Network traffic control;
- SCTP protocol;
- TLS protocol;
- SoC Audio for Freescale CPUs drivers;
(CVE-2025-39728, CVE-2025-23136, CVE-2025-22062, CVE-2025-22035,
CVE-2025-22020, CVE-2025-22083, CVE-2025-22071, CVE-2025-22060,
CVE-2025-22073, CVE-2025-22044, CVE-2025-22063, CVE-2025-22079,
CVE-2025-22057, CVE-2025-22095, CVE-2025-39735, CVE-2025-39682,
CVE-2025-22058, CVE-2025-22021, CVE-2025-22018, CVE-2025-22056,
CVE-2025-22054, CVE-2025-22080, CVE-2025-22039, CVE-2025-22019,
CVE-2025-22038, CVE-2025-22028, CVE-2023-53034, CVE-2024-58092,
CVE-2025-38637, CVE-2025-22089, CVE-2025-40114, CVE-2025-22068,
CVE-2025-37937, CVE-2025-22070, CVE-2025-22072, CVE-2025-22086,
CVE-2025-22050, CVE-2025-22040, CVE-2025-22065, CVE-2025-38575,
CVE-2025-22064, CVE-2025-22033, CVE-2025-22041, CVE-2025-22090,
CVE-2025-22036, CVE-2025-23138, CVE-2025-22047, CVE-2025-38240,
CVE-2025-22066, CVE-2025-22042, CVE-2025-38152, CVE-2025-22055,
CVE-2025-22081, CVE-2025-22045, CVE-2025-22053, CVE-2025-22075,
CVE-2025-22027, CVE-2025-22025, CVE-2025-22097)
2 weeks 2 days ago
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Network drivers;
- Netlink;
(CVE-2024-26700, CVE-2025-38727, CVE-2023-52593, CVE-2024-26896)
2 weeks 2 days ago
Zuyao Xu and Xiang Li discovered that Bind incorrectly handled certain
malformed DNSKEY records. A remote attacker could possibly use this issue
to cause Bind to consume resources, resulting in a denial of service.
(CVE-2025-8677)
Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan discovered that Bind
incorrectly accepted certain records from answers. A remote attacker could
possibly use this issue to perform a cache poisoning attack.
(CVE-2025-40778)
Amit Klein and Omer Ben Simhon discovered that Bind used a weak PRNG. A
remote attacker could possibly use this issue to perform a cache poisoning
attack. (CVE-2025-40780)
2 weeks 2 days ago
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- ACPI drivers;
- Ublk userspace block driver;
- Clock framework and drivers;
- GPU drivers;
- IIO subsystem;
- InfiniBand drivers;
- Media drivers;
- MemoryStick subsystem;
- Network drivers;
- NTB driver;
- PCI subsystem;
- Remote Processor subsystem;
- Thermal drivers;
- Virtio Host (VHOST) subsystem;
- 9P distributed file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) server daemon;
- NTFS3 file system;
- SMB network file system;
- Memory management;
- RDMA verbs API;
- Kernel fork() syscall;
- Tracing infrastructure;
- Watch queue notification mechanism;
- Asynchronous Transfer Mode (ATM) subsystem;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- Netfilter;
- Network traffic control;
- SCTP protocol;
- TLS protocol;
- SoC Audio for Freescale CPUs drivers;
(CVE-2025-39728, CVE-2025-23136, CVE-2025-22062, CVE-2025-22035,
CVE-2025-22020, CVE-2025-22083, CVE-2025-22071, CVE-2025-22060,
CVE-2025-22073, CVE-2025-22044, CVE-2025-22063, CVE-2025-22079,
CVE-2025-22057, CVE-2025-22095, CVE-2025-39735, CVE-2025-39682,
CVE-2025-22058, CVE-2025-22021, CVE-2025-22018, CVE-2025-22056,
CVE-2025-22054, CVE-2025-22080, CVE-2025-22039, CVE-2025-22019,
CVE-2025-22038, CVE-2025-22028, CVE-2023-53034, CVE-2024-58092,
CVE-2025-38637, CVE-2025-22089, CVE-2025-40114, CVE-2025-22068,
CVE-2025-37937, CVE-2025-22070, CVE-2025-22072, CVE-2025-22086,
CVE-2025-22050, CVE-2025-22040, CVE-2025-22065, CVE-2025-38575,
CVE-2025-22064, CVE-2025-22033, CVE-2025-22041, CVE-2025-22090,
CVE-2025-22036, CVE-2025-23138, CVE-2025-22047, CVE-2025-38240,
CVE-2025-22066, CVE-2025-22042, CVE-2025-38152, CVE-2025-22055,
CVE-2025-22081, CVE-2025-22045, CVE-2025-22053, CVE-2025-22075,
CVE-2025-22027, CVE-2025-22025, CVE-2025-22097)
2 weeks 2 days ago
FEDORA-2025-945dff8564
Packages in this update:
- dtk6core-6.0.27-11.fc42
- dtk6gui-6.0.27-12.fc42
- dtk6log-0.0.2-13.fc42
- dtk6widget-6.0.27-10.fc42
- fcitx5-qt-5.1.10-10.fc42
- gammaray-3.1.0-15.fc42
- kddockwidgets-1.7.0-27.fc42
- LabPlot-2.12.1-11.fc42
- mingw-qt6-qt3d-6.9.3-1.fc42
- mingw-qt6-qt5compat-6.9.3-1.fc42
- mingw-qt6-qtactiveqt-6.9.3-1.fc42
- mingw-qt6-qtbase-6.9.3-1.fc42
- mingw-qt6-qtcharts-6.9.3-1.fc42
- mingw-qt6-qtdeclarative-6.9.3-1.fc42
- mingw-qt6-qtimageformats-6.9.3-1.fc42
- mingw-qt6-qtlocation-6.9.3-1.fc42
- mingw-qt6-qtmultimedia-6.9.3-1.fc42
- mingw-qt6-qtpositioning-6.9.3-1.fc42
- mingw-qt6-qtscxml-6.9.3-1.fc42
- mingw-qt6-qtsensors-6.9.3-1.fc42
- mingw-qt6-qtserialport-6.9.3-1.fc42
- mingw-qt6-qtshadertools-6.9.3-1.fc42
- mingw-qt6-qtsvg-6.9.3-1.fc42
- mingw-qt6-qttools-6.9.3-1.fc42
- mingw-qt6-qttranslations-6.9.3-1.fc42
- mingw-qt6-qtwebchannel-6.9.3-1.fc42
- mingw-qt6-qtwebsockets-6.9.3-1.fc42
- nheko-0.12.1-10.fc42
- python-pyqt6-6.9.0-5.fc42
- qt6-6.9.3-1.fc42
- qt6-qt3d-6.9.3-1.fc42
- qt6-qt5compat-6.9.3-1.fc42
- qt6-qtbase-6.9.3-1.fc42
- qt6-qtcharts-6.9.3-1.fc42
- qt6-qtcoap-6.9.3-1.fc42
- qt6-qtconnectivity-6.9.3-1.fc42
- qt6-qtdatavis3d-6.9.3-1.fc42
- qt6-qtdeclarative-6.9.3-1.fc42
- qt6-qthttpserver-6.9.3-1.fc42
- qt6-qtimageformats-6.9.3-1.fc42
- qt6-qtlanguageserver-6.9.3-1.fc42
- qt6-qtlocation-6.9.3-1.fc42
- qt6-qtlottie-6.9.3-1.fc42
- qt6-qtmqtt-6.9.3-1.fc42
- qt6-qtmultimedia-6.9.3-1.fc42
- qt6-qtnetworkauth-6.9.3-1.fc42
- qt6-qtopcua-6.9.3-1.fc42
- qt6-qtpositioning-6.9.3-1.fc42
- qt6-qtquick3d-6.9.3-1.fc42
- qt6-qtquick3dphysics-6.9.3-1.fc42
- qt6-qtquicktimeline-6.9.3-1.fc42
- qt6-qtremoteobjects-6.9.3-1.fc42
- qt6-qtscxml-6.9.3-1.fc42
- qt6-qtsensors-6.9.3-1.fc42
- qt6-qtserialbus-6.9.3-1.fc42
- qt6-qtserialport-6.9.3-1.fc42
- qt6-qtshadertools-6.9.3-1.fc42
- qt6-qtspeech-6.9.3-1.fc42
- qt6-qtsvg-6.9.3-1.fc42
- qt6-qttools-6.9.3-1.fc42
- qt6-qttranslations-6.9.3-1.fc42
- qt6-qtvirtualkeyboard-6.9.3-1.fc42
- qt6-qtwayland-6.9.3-1.fc42
- qt6-qtwebchannel-6.9.3-1.fc42
- qt6-qtwebengine-6.9.3-1.fc42
- qt6-qtwebsockets-6.9.3-1.fc42
- qt6-qtwebview-6.9.3-1.fc42
- qt-creator-16.0.2-3.fc42
- zeal-0.7.2-14.fc42
Update description:
Qt 6.9.3 bugfix update.
2 weeks 2 days ago
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- ACPI drivers;
- Ublk userspace block driver;
- Clock framework and drivers;
- GPU drivers;
- IIO subsystem;
- InfiniBand drivers;
- Media drivers;
- MemoryStick subsystem;
- Network drivers;
- NTB driver;
- PCI subsystem;
- Remote Processor subsystem;
- Thermal drivers;
- Virtio Host (VHOST) subsystem;
- 9P distributed file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) server daemon;
- NTFS3 file system;
- SMB network file system;
- Memory management;
- RDMA verbs API;
- Kernel fork() syscall;
- Tracing infrastructure;
- Watch queue notification mechanism;
- Asynchronous Transfer Mode (ATM) subsystem;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- Netfilter;
- Network traffic control;
- SCTP protocol;
- TLS protocol;
- SoC Audio for Freescale CPUs drivers;
(CVE-2025-39728, CVE-2025-23136, CVE-2025-22062, CVE-2025-22035,
CVE-2025-22020, CVE-2025-22083, CVE-2025-22071, CVE-2025-22060,
CVE-2025-22073, CVE-2025-22044, CVE-2025-22063, CVE-2025-22079,
CVE-2025-22057, CVE-2025-22095, CVE-2025-39735, CVE-2025-39682,
CVE-2025-22058, CVE-2025-22021, CVE-2025-22018, CVE-2025-22056,
CVE-2025-22054, CVE-2025-22080, CVE-2025-22039, CVE-2025-22019,
CVE-2025-22038, CVE-2025-22028, CVE-2023-53034, CVE-2024-58092,
CVE-2025-38637, CVE-2025-22089, CVE-2025-40114, CVE-2025-22068,
CVE-2025-37937, CVE-2025-22070, CVE-2025-22072, CVE-2025-22086,
CVE-2025-22050, CVE-2025-22040, CVE-2025-22065, CVE-2025-38575,
CVE-2025-22064, CVE-2025-22033, CVE-2025-22041, CVE-2025-22090,
CVE-2025-22036, CVE-2025-23138, CVE-2025-22047, CVE-2025-38240,
CVE-2025-22066, CVE-2025-22042, CVE-2025-38152, CVE-2025-22055,
CVE-2025-22081, CVE-2025-22045, CVE-2025-22053, CVE-2025-22075,
CVE-2025-22027, CVE-2025-22025, CVE-2025-22097)
2 weeks 2 days ago
FEDORA-EPEL-2025-439963506c
Packages in this update:
- rust-astral-tokio-tar-0.5.6-1.el10_0
- uv-0.6.17-3.el10_0
Update description:
Security fix for CVE-2025-62518: update rust-astral-tokio-tar to 0.5.6 and rebuild uv.
rust-astral-tokio-tar 0.5.6
-
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
2 weeks 3 days ago
FEDORA-2025-26e2e0c477
Packages in this update:
- qt5-qtbase-5.15.17-2.fc41
Update description:
Fix CVE-2025-5455 - QtCore Assertion Failure Denial of Service
2 weeks 3 days ago
FEDORA-2025-9a46af550f
Packages in this update:
- qt5-qtbase-5.15.17-6.fc43
Update description:
Fix CVE-2025-5455 - QtCore Assertion Failure Denial of Service
