Aggregator

Version:next-20251127 (linux-next) Released:2025-11-27

FEDORA-2025-20ca419536 Packages in this update:

• python-spotipy-2.25.2-1.fc43

Update description:

update to version 2.25.2

FEDORA-2025-9501cd4d8c Packages in this update:

• python-spotipy-2.25.2-1.fc42

Update description:

update to version 2.25.2

FEDORA-2025-be2a1b5e6a Packages in this update:

• python-spotipy-2.25.2-1.fc41

Update description:

update to version 2.25.2

FEDORA-2025-f0df882417 Packages in this update:

• timg-1.6.3-5.fc42

Update description:

Rebuilt with latest patched stb_image: memory-safety fixes

FEDORA-2025-d2b7d94014 Packages in this update:

• timg-1.6.3-5.fc43

Update description:

Rebuilt with latest patched stb_image: memory-safety fixes

USN-7886-1 fixed vulnerabilities in Python. This update provides the corresponding updates for python3.13 in Ubuntu 25.04 and Ubuntu 25.10. Original advisory details: It was discovered that Python inefficiently handled expanding system environment variables. An attacker could possibly use this issue to cause Python to consume excessive resources, leading to a denial of service. (CVE-2025-6075) Caleb Brown discovered that Python incorrectly handled the ZIP64 End of Central Directory (EOCD) Locator record offset value. An attacker could possibly use this issue to obfuscate malicious content. (CVE-2025-8291)

FEDORA-2025-b6422d64f9 Packages in this update:

• 7zip-25.01-1.fc43

Update description:

Various CVE fixes, most importantly CVE-2025-11001

This also backports the Debian patch (PR unfortunately stalled upstream, with no communication from upstream developers) to not echo passwords when dealing with encrypted archives.

FEDORA-EPEL-2025-0a81d38451 Packages in this update:

• 7zip-25.01-1.el10_1

Update description:

Various CVE fixes, most importantly CVE-2025-11001

This also backports the Debian patch (PR unfortunately stalled upstream, with no communication from upstream developers) to not echo passwords when dealing with encrypted archives.

FEDORA-EPEL-2025-2bed30c65f Packages in this update:

• 7zip-25.01-1.el10_2

Update description:

Various CVE fixes, most importantly CVE-2025-11001

This also backports the Debian patch (PR unfortunately stalled upstream, with no communication from upstream developers) to not echo passwords when dealing with encrypted archives.

FEDORA-2025-b5a4903ea0 Packages in this update:

• 7zip-25.01-1.fc44

Update description:

Automatic update for 7zip-25.01-1.fc44.

Changelog * Wed Nov 26 2025 Michel Lind <salimma@fedoraproject.org> - 25.01-1 - Update to 25.01 - 25.00+ fixes CVE-2025-11001; Resolves: rhbz#2416011 - Backport Debian patch to disable echo-ing password; Resolves: rhbz#2412315

FEDORA-2025-90281e4554 Packages in this update:

• unbound-1.24.2-1.fc43

Update description: Update to 1.24.2 (rhbz#2417261)

• Additional fix for CVE-2025-11411

https://nlnetlabs.nl/projects/unbound/download/#unbound-1-24-2

Do not always initialize QUIC library, even if not usage of QUIC is configured.

It was discovered that EDK II was susceptible to a predictable TCP Initial Sequence Number. An attacker could possibly use this issue to gain unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2023-45236, CVE-2023-45237) It was discovered that EDK II incorrectly handled S3 sleep. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-1298) It was discovered that the EDK II PE/COFF loader incorrectly handled certain memory operations. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-38796) It was discovered that the EDK II PE image hashing function incorrectly handled certain memory operations. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-38797) It was discovered that the EDK II BIOS incorrectly handled certain memory operations. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-38805, CVE-2025-2295) It was discovered that EDK II incorrectly handled the enabling of MCE. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2025-3770) It was discovered that the OpenSSL library embedded in EDK II contained multiple vulnerabilties. An attacker could possibly use these issues to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2021-3712, CVE-2022-0778, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6237, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511, CVE-2024-41996, CVE-2024-4741, CVE-2024-5535, CVE-2024-6119, CVE-2024-9143, CVE-2025-9232)

FEDORA-2025-38b1c0f3b5 Packages in this update:

• unbound-1.24.2-1.fc42

Update description: Update to 1.24.2 (rhbz#2417261)

• Additional fix for CVE-2025-11411

https://nlnetlabs.nl/projects/unbound/download/#unbound-1-24-2

FEDORA-EPEL-2025-16dc0220ef Packages in this update:

• fcgi-2.4.7-1.el9

Update description:

2.4.7 release, fixes CVE-2025-23016

FEDORA-2025-93042e260c Packages in this update:

• fcgi-2.4.7-1.fc43

Update description:

2.4.7 release, fixes CVE-2025-23016

FEDORA-2025-67511a59e3 Packages in this update:

• fcgi-2.4.7-1.fc41

Update description:

2.4.7 release, fixes CVE-2025-23016

FEDORA-EPEL-2025-f8b4636e06 Packages in this update:

• fcgi-2.4.7-1.el10_1

Update description:

2.4.7 release, fixes CVE-2025-23016

FEDORA-EPEL-2025-596d7a5bb9 Packages in this update:

• fcgi-2.4.7-1.el10_2

Update description:

2.4.7 release, fixes CVE-2025-23016

FEDORA-2025-d7c1457e7e Packages in this update:

• fcgi-2.4.7-1.fc42

Update description:

2.4.7 release, fixes CVE-2025-23016