libpng-1.6.51-1.fc43
FEDORA-2025-6af3ed0ae3
Packages in this update:
- libpng-1.6.51-1.fc43
- several security fixes
Aggregator
mingw-libpng-1.6.51-1.fc42
FEDORA-2025-9d0f04f316
Packages in this update:
- mingw-libpng-1.6.51-1.fc42
Update to libpng-1.6.51.
mingw-libpng-1.6.51-1.fc43
FEDORA-2025-f54c75f2f9
Packages in this update:
- mingw-libpng-1.6.51-1.fc43
Update to libpng-1.6.51.
glib2-2.86.2-1.fc43
FEDORA-2025-bab973d0b9
Packages in this update:
- glib2-2.86.2-1.fc43
- Update to 2.86.2
- Fix CVE-2025-13601 or #YWH-PGM9867-134
libcoap-4.3.5a-1.fc42
FEDORA-2025-6a43695048
Packages in this update:
- libcoap-4.3.5a-1.fc42
Update to security release 4.3.5a
libcoap-4.3.5a-1.fc43
FEDORA-2025-d408d76c4a
Packages in this update:
- libcoap-4.3.5a-1.fc43
Update to security release 4.3.5a
USN-7894-2: EDK II regression
USN-7894-1 fixed vulnerabilities in EDK II. The update introduced a
regression in the UEFI network boot. This update reverts the corresponding
fixes for CVE-2023-45236 and CVE-2023-45237 pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that EDK II was susceptible to a predictable TCP Initial
Sequence Number. An attacker could possibly use this issue to gain
unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2023-45236, CVE-2023-45237)
It was discovered that EDK II incorrectly handled S3 sleep. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-1298)
It was discovered that the EDK II PE/COFF loader incorrectly handled
certain memory operations. An attacker could possibly use this issue to
cause a denial of service, obtain sensitive information, or execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2024-38796)
It was discovered that the EDK II PE image hashing function incorrectly
handled certain memory operations. An attacker could possibly use this
issue to cause a denial of service, or execute arbitrary code.
(CVE-2024-38797)
It was discovered that the EDK II BIOS incorrectly handled certain memory
operations. An attacker could possibly use this issue to cause a denial of
service. (CVE-2024-38805, CVE-2025-2295)
It was discovered that EDK II incorrectly handled the enabling of MCE. An
attacker could possibly use this issue to cause a denial of service, or
execute arbitrary code. (CVE-2025-3770)
It was discovered that the OpenSSL library embedded in EDK II contained
multiple vulnerabilties. An attacker could possibly use these issues to
cause a denial of service, obtain sensitive information, or execute
arbitrary code. (CVE-2021-3712, CVE-2022-0778, CVE-2022-4304,
CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465,
CVE-2023-0466, CVE-2023-2650, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678,
CVE-2023-6237, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511,
CVE-2024-41996, CVE-2024-4741, CVE-2024-5535, CVE-2024-6119, CVE-2024-9143,
CVE-2025-9232)
next-20251128: linux-next
Version:next-20251128 (linux-next)
Released:2025-11-28
tinygltf-2.9.7-1.fc43
FEDORA-2025-47bff6f74d
Packages in this update:
- tinygltf-2.9.7-1.fc43
Update to 2.9.7
tinygltf-2.9.7-1.fc42
FEDORA-2025-ac8ed4a110
Packages in this update:
- tinygltf-2.9.7-1.fc42
Update to 2.9.7
USN-7898-1: OpenVPN vulnerability
Joshua Rogers discovered that OpenVPN incorrectly handled HMAC verification
checks. A remote attacker could possibly use this issue to bypass source IP
address validation.
USN-7897-1: CUPS vulnerability
It was discovered that CUPS incorrectly handled input from users in the web
configuration settings. An attacker could use this issue to insert
malicious configuration options, causing a denial of service or possibly
executing arbitrary code.
USN-7896-1: libxml2 vulnerabilities
It was discovered that the libxml2 Python bindings incorrectly handled
certain return values. An attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32414)
It was discovered that libxml2 incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32415)
It was discovered that libxslt, used by libxml2, incorrectly handled
certain attributes. An attacker could use this issue to cause a crash,
resulting in a denial of service, or possibly execute arbitrary code. This
update adds a fix to libxml2 to mitigate the libxslt vulnerability.
(CVE-2025-7425)
USN-7852-2: libxml2 vulnerability
USN-7582-1 fixed a vulnerability in libxml2. This update provides the
corresponding fix for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that libxslt, used by libxml2, incorrectly handled
certain attributes. An attacker could use this issue to cause a crash,
resulting in a denial of service, or possibly execute arbitrary code. This
update adds a fix to libxml2 to mitigate the libxslt vulnerability.
USN-7895-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
DSA-6064-1 tryton-server - security update
DSA-6065-1 krita - security update
next-20251127: linux-next
Version:next-20251127 (linux-next)
Released:2025-11-27
python-spotipy-2.25.2-1.fc43
FEDORA-2025-20ca419536
Packages in this update:
- python-spotipy-2.25.2-1.fc43
update to version 2.25.2
python-spotipy-2.25.2-1.fc42
FEDORA-2025-9501cd4d8c
Packages in this update:
- python-spotipy-2.25.2-1.fc42
update to version 2.25.2