containernetworking-plugins-1.9.0-1.fc41
FEDORA-2025-db05be2555
Packages in this update:
- containernetworking-plugins-1.9.0-1.fc41
Update to release v1.9.0
Aggregator
checkpointctl-1.4.1-1.fc41
FEDORA-2025-3a607d134b
Packages in this update:
- checkpointctl-1.4.1-1.fc41
Update checkpointctl to 1.4.1
checkpointctl-1.4.1-1.fc42
FEDORA-2025-909f303a85
Packages in this update:
- checkpointctl-1.4.1-1.fc42
Update checkpointctl to 1.4.1 (CVE-2025-47906)
checkpointctl-1.4.1-1.fc43
FEDORA-2025-ebfdef0115
Packages in this update:
- checkpointctl-1.4.1-1.fc43
Update checkpointctl to 1.4.1
containernetworking-plugins-1.9.0-1.fc42
FEDORA-2025-bab8cb971e
Packages in this update:
- containernetworking-plugins-1.9.0-1.fc42
Update to release v1.9.0
containernetworking-plugins-1.9.0-1.fc43
FEDORA-2025-294d534170
Packages in this update:
- containernetworking-plugins-1.9.0-1.fc43
Update to release v1.9.0
containernetworking-plugins-1.9.0-1.fc44
FEDORA-2025-c67591d0a2
Packages in this update:
- containernetworking-plugins-1.9.0-1.fc44
Automatic update for containernetworking-plugins-1.9.0-1.fc44.
Changelog * Tue Dec 9 2025 Bradley G Smith <bradley.g.smith@gmail.com> - 1.9.0-1 - Update to release v1.9.0 - Resolves: rhbz#2420515 - Resolves CVE-2025-58188: rhbz#2411454, rhbz#2411189, rhbz#2410923 - Resolves CVE-2025-58185: rhbz#2410556, rhbz#2410277, rhbz#2409991 - Resolves CVE-2025-61723: rhbz#2409605, rhbz#2409325, rhbz#2409043 - Resolves CVE-2025-58189: rhbz#2408135, rhbz#2407858, rhbz#2407588 - Fixes CVE-2025-67499, a bug in the nftables backend for the portmap plugin - Additional changesUSN-7919-1: GNU binutils vulnerabilities
It was discovered that GNU binutils' dump_dwarf_section function could be
manipulated to perform an out-of-bounds read. A local attacker could
possibly use this issue to cause GNU binutils to crash, resulting in a
denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-11081)
It was discovered that GNU binutils incorrectly handled certain files. A
local attacker could possibly use this issue to cause a crash or execute
arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04
LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 25.10.
(CVE-2025-11082)
It was discovered that GNU binutils incorrectly handled certain inputs. A
local attacker could possibly use this issue to cause a crash or execute
arbitrary code. This issue was only fixed in Ubuntu 25.10.
(CVE-2025-11083)
It was discovered that certain GNU binutils functions could be manipulated
to perform out-of-bounds reads. A local attacker could possibly use this
issue to cause GNU binutils to crash, resulting in a denial of service.
(CVE-2025-11412, CVE-2025-11413, CVE-2025-11414)
It was discovered that GNU binutils' _bfd_x86_elf_late_size_sections
function could be manipulated to perform an out-of-bounds read. A local
attacker could possibly use this issue to cause GNU binutils to crash,
resulting in a denial of service. This issue only affected Ubuntu 18.04
LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04,
and Ubuntu 25.10. (CVE-2025-11494)
It was discovered that GNU binutils' elf_x86_64_relocate_section function
could be manipulated to cause a heap-based buffer overflow. A local
attacker could possibly use this issue to cause GNU binutils to crash,
resulting in a denial of service. This issue was only fixed in Ubuntu
25.04 and Ubuntu 25.10. (CVE-2025-11495)
fonttools-4.61.0-1.fc42 python-unicodedata2-17.0.0-1.fc42
FEDORA-2025-58e2bb0f1e
Packages in this update:
- fonttools-4.61.0-1.fc42
- python-unicodedata2-17.0.0-1.fc42
Update to 17.0.0 version (#2412270) Update fonttools 4.61.0
DSA-6078-1 firefox-esr - security update
DSA-6079-1 ffmpeg - security update
DSA-6076-1 libpng1.6 - security update
DSA-6077-1 pdns-recursor - security update
DSA-6075-1 wordpress - security update
next-20251210: linux-next
Version:next-20251210 (linux-next)
Released:2025-12-10
USN-7918-1: Netty vulnerabilities
Jeppe Bonde Weikop discovered that Netty incorrectly parsed HTTP
messages. When Netty is used with certain reverse proxies, a
remote attacker could possibly use this issue to perform HTTP request
smuggling attacks. (CVE-2025-58056)
Jonas Konrad discovered that Netty did not properly manage memory when
decoding compressed data. A remote attacker could possibly use this
issue to cause Netty to consume excessive memory, resulting in a denial
of service. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu
20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04, and
Ubuntu 25.10. (CVE-2025-58057)
python-django4.2-4.2.27-1.fc42
FEDORA-2025-b1379d950d
Packages in this update:
- python-django4.2-4.2.27-1.fc42
- Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL
- Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML Deserializer
- Fixes CVE-2025-64459: Potential SQL injection via _connector keyword argument (4.2.26)
- Fixes CVE-2025-59681: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB (4.2.25)
- Fixes CVE-2025-59682: Potential partial directory-traversal via archive.extract() (4.2.25)
- Fixes CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases (4.2.24)
python-django4.2-4.2.27-1.fc41
FEDORA-2025-c08e0795c0
Packages in this update:
- python-django4.2-4.2.27-1.fc41
- Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL
- Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML Deserializer
- Fixes CVE-2025-64459: Potential SQL injection via _connector keyword argument (4.2.26)
- Fixes CVE-2025-59681: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB (4.2.25)
- Fixes CVE-2025-59682: Potential partial directory-traversal via archive.extract() (4.2.25)
- Fixes CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases (4.2.24)
python-django4.2-4.2.27-1.el9
FEDORA-EPEL-2025-f43c018f46
Packages in this update:
- python-django4.2-4.2.27-1.el9
- Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL
- Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML Deserializer
- Fixes CVE-2025-64459: Potential SQL injection via _connector keyword argument (4.2.26)
- Fixes CVE-2025-59681: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB (4.2.25)
- Fixes CVE-2025-59682: Potential partial directory-traversal via archive.extract() (4.2.25)
- Fixes CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases (4.2.24)
python-django5-5.2.9-1.fc43
FEDORA-2025-24dfd3b072
Packages in this update:
- python-django5-5.2.9-1.fc43
- Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL
- Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML Deserializer
- Fixes CVE-2025-64459: Potential SQL injection via _connector keyword argument (5.2.8)
- Fixes CVE-2025-59681: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB (5.2.7)
- Fixes CVE-2025-59682: Potential partial directory-traversal via archive.extract() (5.2.7)
- Fixes CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases (5.2.6)