python-spotipy-2.25.2-1.fc43
FEDORA-2025-20ca419536
Packages in this update:
- python-spotipy-2.25.2-1.fc43
update to version 2.25.2
Aggregator
python-spotipy-2.25.2-1.fc42
FEDORA-2025-9501cd4d8c
Packages in this update:
- python-spotipy-2.25.2-1.fc42
update to version 2.25.2
python-spotipy-2.25.2-1.fc41
FEDORA-2025-be2a1b5e6a
Packages in this update:
- python-spotipy-2.25.2-1.fc41
update to version 2.25.2
timg-1.6.3-5.fc42
FEDORA-2025-f0df882417
Packages in this update:
- timg-1.6.3-5.fc42
Rebuilt with latest patched stb_image: memory-safety fixes
timg-1.6.3-5.fc43
FEDORA-2025-d2b7d94014
Packages in this update:
- timg-1.6.3-5.fc43
Rebuilt with latest patched stb_image: memory-safety fixes
USN-7886-2: Python vulnerabilities
USN-7886-1 fixed vulnerabilities in Python. This update provides the
corresponding updates for python3.13 in Ubuntu 25.04 and Ubuntu 25.10.
Original advisory details:
It was discovered that Python inefficiently handled expanding system
environment variables. An attacker could possibly use this issue to cause
Python to consume excessive resources, leading to a denial of service.
(CVE-2025-6075)
Caleb Brown discovered that Python incorrectly handled the ZIP64 End of
Central Directory (EOCD) Locator record offset value. An attacker could
possibly use this issue to obfuscate malicious content. (CVE-2025-8291)
7zip-25.01-1.fc43
FEDORA-2025-b6422d64f9
Packages in this update:
- 7zip-25.01-1.fc43
Various CVE fixes, most importantly CVE-2025-11001
This also backports the Debian patch (PR unfortunately stalled upstream, with no communication from upstream developers) to not echo passwords when dealing with encrypted archives.
7zip-25.01-1.el10_1
FEDORA-EPEL-2025-0a81d38451
Packages in this update:
- 7zip-25.01-1.el10_1
Various CVE fixes, most importantly CVE-2025-11001
This also backports the Debian patch (PR unfortunately stalled upstream, with no communication from upstream developers) to not echo passwords when dealing with encrypted archives.
7zip-25.01-1.el10_2
FEDORA-EPEL-2025-2bed30c65f
Packages in this update:
- 7zip-25.01-1.el10_2
Various CVE fixes, most importantly CVE-2025-11001
This also backports the Debian patch (PR unfortunately stalled upstream, with no communication from upstream developers) to not echo passwords when dealing with encrypted archives.
7zip-25.01-1.fc44
FEDORA-2025-b5a4903ea0
Packages in this update:
- 7zip-25.01-1.fc44
Automatic update for 7zip-25.01-1.fc44.
Changelog * Wed Nov 26 2025 Michel Lind <salimma@fedoraproject.org> - 25.01-1 - Update to 25.01 - 25.00+ fixes CVE-2025-11001; Resolves: rhbz#2416011 - Backport Debian patch to disable echo-ing password; Resolves: rhbz#2412315unbound-1.24.2-1.fc43
FEDORA-2025-90281e4554
Packages in this update:
- unbound-1.24.2-1.fc43
- Additional fix for CVE-2025-11411
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-24-2
Do not always initialize QUIC library, even if not usage of QUIC is configured.
USN-7894-1: EDK II vulnerabilities
It was discovered that EDK II was susceptible to a predictable TCP Initial
Sequence Number. An attacker could possibly use this issue to gain
unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2023-45236, CVE-2023-45237)
It was discovered that EDK II incorrectly handled S3 sleep. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-1298)
It was discovered that the EDK II PE/COFF loader incorrectly handled
certain memory operations. An attacker could possibly use this issue to
cause a denial of service, obtain sensitive information, or execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2024-38796)
It was discovered that the EDK II PE image hashing function incorrectly
handled certain memory operations. An attacker could possibly use this
issue to cause a denial of service, or execute arbitrary code.
(CVE-2024-38797)
It was discovered that the EDK II BIOS incorrectly handled certain memory
operations. An attacker could possibly use this issue to cause a denial of
service. (CVE-2024-38805, CVE-2025-2295)
It was discovered that EDK II incorrectly handled the enabling of MCE. An
attacker could possibly use this issue to cause a denial of service, or
execute arbitrary code. (CVE-2025-3770)
It was discovered that the OpenSSL library embedded in EDK II contained
multiple vulnerabilties. An attacker could possibly use these issues to
cause a denial of service, obtain sensitive information, or execute
arbitrary code. (CVE-2021-3712, CVE-2022-0778, CVE-2022-4304,
CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465,
CVE-2023-0466, CVE-2023-2650, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678,
CVE-2023-6237, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511,
CVE-2024-41996, CVE-2024-4741, CVE-2024-5535, CVE-2024-6119, CVE-2024-9143,
CVE-2025-9232)
unbound-1.24.2-1.fc42
FEDORA-2025-38b1c0f3b5
Packages in this update:
- unbound-1.24.2-1.fc42
- Additional fix for CVE-2025-11411
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-24-2
fcgi-2.4.7-1.el9
FEDORA-EPEL-2025-16dc0220ef
Packages in this update:
- fcgi-2.4.7-1.el9
2.4.7 release, fixes CVE-2025-23016
fcgi-2.4.7-1.fc43
FEDORA-2025-93042e260c
Packages in this update:
- fcgi-2.4.7-1.fc43
2.4.7 release, fixes CVE-2025-23016
fcgi-2.4.7-1.fc41
FEDORA-2025-67511a59e3
Packages in this update:
- fcgi-2.4.7-1.fc41
2.4.7 release, fixes CVE-2025-23016
fcgi-2.4.7-1.el10_1
FEDORA-EPEL-2025-f8b4636e06
Packages in this update:
- fcgi-2.4.7-1.el10_1
2.4.7 release, fixes CVE-2025-23016
fcgi-2.4.7-1.el10_2
FEDORA-EPEL-2025-596d7a5bb9
Packages in this update:
- fcgi-2.4.7-1.el10_2
2.4.7 release, fixes CVE-2025-23016
fcgi-2.4.7-1.fc42
FEDORA-2025-d7c1457e7e
Packages in this update:
- fcgi-2.4.7-1.fc42
2.4.7 release, fixes CVE-2025-23016
fcgi-2.4.7-1.el8
FEDORA-EPEL-2025-1099c414ec
Packages in this update:
- fcgi-2.4.7-1.el8
2.4.7 release, fixes CVE-2025-23016