Aggregator

FEDORA-2025-47bff6f74d Packages in this update:

• tinygltf-2.9.7-1.fc43

Update description:

Update to 2.9.7

FEDORA-2025-ac8ed4a110 Packages in this update:

• tinygltf-2.9.7-1.fc42

Update description:

Update to 2.9.7

Joshua Rogers discovered that OpenVPN incorrectly handled HMAC verification checks. A remote attacker could possibly use this issue to bypass source IP address validation.

It was discovered that CUPS incorrectly handled input from users in the web configuration settings. An attacker could use this issue to insert malicious configuration options, causing a denial of service or possibly executing arbitrary code.

It was discovered that the libxml2 Python bindings incorrectly handled certain return values. An attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service. (CVE-2025-32414) It was discovered that libxml2 incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service. (CVE-2025-32415) It was discovered that libxslt, used by libxml2, incorrectly handled certain attributes. An attacker could use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This update adds a fix to libxml2 to mitigate the libxslt vulnerability. (CVE-2025-7425)

USN-7582-1 fixed a vulnerability in libxml2. This update provides the corresponding fix for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that libxslt, used by libxml2, incorrectly handled certain attributes. An attacker could use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This update adds a fix to libxml2 to mitigate the libxslt vulnerability.

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Version:next-20251127 (linux-next) Released:2025-11-27

FEDORA-2025-20ca419536 Packages in this update:

• python-spotipy-2.25.2-1.fc43

Update description:

update to version 2.25.2

FEDORA-2025-9501cd4d8c Packages in this update:

• python-spotipy-2.25.2-1.fc42

Update description:

update to version 2.25.2

FEDORA-2025-be2a1b5e6a Packages in this update:

• python-spotipy-2.25.2-1.fc41

Update description:

update to version 2.25.2

FEDORA-2025-f0df882417 Packages in this update:

• timg-1.6.3-5.fc42

Update description:

Rebuilt with latest patched stb_image: memory-safety fixes

FEDORA-2025-d2b7d94014 Packages in this update:

• timg-1.6.3-5.fc43

Update description:

Rebuilt with latest patched stb_image: memory-safety fixes

USN-7886-1 fixed vulnerabilities in Python. This update provides the corresponding updates for python3.13 in Ubuntu 25.04 and Ubuntu 25.10. Original advisory details: It was discovered that Python inefficiently handled expanding system environment variables. An attacker could possibly use this issue to cause Python to consume excessive resources, leading to a denial of service. (CVE-2025-6075) Caleb Brown discovered that Python incorrectly handled the ZIP64 End of Central Directory (EOCD) Locator record offset value. An attacker could possibly use this issue to obfuscate malicious content. (CVE-2025-8291)

FEDORA-2025-b6422d64f9 Packages in this update:

• 7zip-25.01-1.fc43

Update description:

Various CVE fixes, most importantly CVE-2025-11001

This also backports the Debian patch (PR unfortunately stalled upstream, with no communication from upstream developers) to not echo passwords when dealing with encrypted archives.

FEDORA-EPEL-2025-0a81d38451 Packages in this update:

• 7zip-25.01-1.el10_1

Update description:

Various CVE fixes, most importantly CVE-2025-11001

This also backports the Debian patch (PR unfortunately stalled upstream, with no communication from upstream developers) to not echo passwords when dealing with encrypted archives.

FEDORA-EPEL-2025-2bed30c65f Packages in this update:

• 7zip-25.01-1.el10_2

Update description:

Various CVE fixes, most importantly CVE-2025-11001

This also backports the Debian patch (PR unfortunately stalled upstream, with no communication from upstream developers) to not echo passwords when dealing with encrypted archives.

FEDORA-2025-b5a4903ea0 Packages in this update:

• 7zip-25.01-1.fc44

Update description:

Automatic update for 7zip-25.01-1.fc44.

Changelog * Wed Nov 26 2025 Michel Lind <salimma@fedoraproject.org> - 25.01-1 - Update to 25.01 - 25.00+ fixes CVE-2025-11001; Resolves: rhbz#2416011 - Backport Debian patch to disable echo-ing password; Resolves: rhbz#2412315