Aggregator

rubygem-actioncable-8.0.2-1.fc43 rubygem-actionmailbox-8.0.2-1.fc43 rubygem-actionmailer-8.0.2-1.fc43 rubygem-actionpack-8.0.2-1.fc43 rubygem-actiontext-8.0.2-1.fc43 rubygem-actionview-8.0.2-1.fc43 rubygem-activejob-8.0.2-1.fc43 rubygem-activemodel-8.0.2…

39 minutes 37 seconds ago
FEDORA-2025-203b7db566 Packages in this update:
  • rubygem-actioncable-8.0.2-1.fc43
  • rubygem-actionmailbox-8.0.2-1.fc43
  • rubygem-actionmailer-8.0.2-1.fc43
  • rubygem-actionpack-8.0.2-1.fc43
  • rubygem-actiontext-8.0.2-1.fc43
  • rubygem-actionview-8.0.2-1.fc43
  • rubygem-activejob-8.0.2-1.fc43
  • rubygem-activemodel-8.0.2-1.fc43
  • rubygem-activerecord-8.0.2-1.fc43
  • rubygem-activestorage-8.0.2-1.fc43
  • rubygem-activesupport-8.0.2-1.fc43
  • rubygem-rack-3.1.16-1.fc43
  • rubygem-rack-protection-4.1.1-1.fc43
  • rubygem-rack-session-2.1.1-1.fc43
  • rubygem-rackup-2.2.1-2.fc43
  • rubygem-rails-8.0.2-1.fc43
  • rubygem-railties-8.0.2-2.fc43
  • rubygem-sinatra-4.1.1-1.fc43
Update description:

https://fedoraproject.org/wiki/Changes/Ruby_on_Rails_8.0

USN-7641-1: Bind vulnerability

5 hours 4 minutes ago
It was discovered that Bind incorrectly handled configurations where the stale-answer-client-timeout option is set to 0. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.

USN-7640-1: Linux kernel (IoT) vulnerabilities

5 hours 16 minutes ago
It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. (CVE-2025-2312) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Drivers core; - Network block device driver; - Character device driver; - iSCSI Boot Firmware Table Attributes driver; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Media drivers; - MemoryStick subsystem; - Network drivers; - NTB driver; - PCI subsystem; - PPS (Pulse Per Second) driver; - PTP clock framework; - RapidIO drivers; - Real Time Clock drivers; - SCSI subsystem; - SLIMbus drivers; - QCOM SoC drivers; - Trusted Execution Environment drivers; - Thermal drivers; - USB DSL drivers; - USB Device Class drivers; - USB core drivers; - USB Gadget drivers; - USB Host Controller drivers; - Renesas USBHS Controller drivers; - File systems infrastructure; - BTRFS file system; - Ceph distributed file system; - JFS file system; - NILFS2 file system; - UBI file system; - KVM subsystem; - L3 Master device support module; - Netfilter; - Process Accounting mechanism; - printk logging mechanism; - Scheduler infrastructure; - Tracing infrastructure; - Memory management; - 802.1Q VLAN protocol; - Asynchronous Transfer Mode (ATM) subsystem; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Networking core; - IPv4 networking; - IPv6 networking; - Logical Link layer; - NFC subsystem; - Open vSwitch; - Rose network layer; - Network traffic control; - Sun RPC protocol; - Wireless networking; - Tomoyo security module; - USB sound devices; (CVE-2025-21753, CVE-2025-22071, CVE-2025-21898, CVE-2025-22073, CVE-2024-58072, CVE-2025-21905, CVE-2024-57986, CVE-2025-21749, CVE-2024-58020, CVE-2025-21806, CVE-2025-21917, CVE-2025-21719, CVE-2025-21835, CVE-2025-21735, CVE-2025-21922, CVE-2025-21781, CVE-2025-21904, CVE-2025-39735, CVE-2025-21715, CVE-2025-22007, CVE-2024-58010, CVE-2024-58052, CVE-2025-22021, CVE-2025-21996, CVE-2025-22086, CVE-2025-21971, CVE-2023-53034, CVE-2025-21721, CVE-2025-22035, CVE-2025-21722, CVE-2025-22045, CVE-2025-21935, CVE-2024-58069, CVE-2024-58017, CVE-2025-21823, CVE-2025-21959, CVE-2024-26996, CVE-2024-58058, CVE-2025-21846, CVE-2024-58009, CVE-2025-22018, CVE-2025-21926, CVE-2024-57980, CVE-2025-21728, CVE-2025-21909, CVE-2025-21992, CVE-2024-26689, CVE-2024-57973, CVE-2025-21772, CVE-2024-56599, CVE-2025-21791, CVE-2025-21718, CVE-2025-21866, CVE-2025-21708, CVE-2024-58055, CVE-2025-21957, CVE-2025-37937, CVE-2025-21704, CVE-2024-58093, CVE-2025-21877, CVE-2025-22054, CVE-2023-52664, CVE-2025-21776, CVE-2024-50055, CVE-2025-21765, CVE-2025-21862, CVE-2025-21865, CVE-2024-58014, CVE-2021-47211, CVE-2025-21956, CVE-2025-21736, CVE-2021-47191, CVE-2025-21647, CVE-2025-21920, CVE-2024-58051, CVE-2025-21782, CVE-2025-21934, CVE-2023-52741, CVE-2025-38637, CVE-2025-21925, CVE-2025-21763, CVE-2025-22063, CVE-2024-26982, CVE-2025-23136, CVE-2024-57979, CVE-2025-22079, CVE-2025-22005, CVE-2025-21785, CVE-2025-21859, CVE-2024-58085, CVE-2025-21764, CVE-2024-53168, CVE-2024-58002, CVE-2025-21928, CVE-2025-21914, CVE-2024-56551, CVE-2024-58007, CVE-2024-58001, CVE-2024-57981, CVE-2024-58083, CVE-2025-21762, CVE-2025-21910, CVE-2025-21760, CVE-2025-21948, CVE-2025-21993, CVE-2024-58090, CVE-2025-21991, CVE-2025-21848, CVE-2025-21811, CVE-2024-58071, CVE-2025-21787, CVE-2025-21731, CVE-2025-21814, CVE-2025-22004, CVE-2025-21744, CVE-2025-21858, CVE-2025-21916, CVE-2023-52927, CVE-2025-22020, CVE-2025-21871, CVE-2025-21761, CVE-2024-58063, CVE-2024-57977)

USN-7639-1: Apache HTTP Server vulnerabilities

5 hours 21 minutes ago
It was discovered that the Apache HTTP Server incorrectly handled certain Content-Type response headers. A remote attacker could possibly use this issue to perform HTTP response splitting attacks. (CVE-2024-42516) xiaojunjie discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain requests. A remote attacker could possibly use this issue to send outbound proxy requests to an arbitrary URL. (CVE-2024-43204) John Runyon discovered that the Apache HTTP Server mod_ssl module incorrectly escaped certain data. A remote attacker could possibly use this issue to insert escape characters into log files. (CVE-2024-47252) Sven Hebrok, Felix Cramer, Tim Storm, Maximilian Radoy, and Juraj Somorovsky discovered that the Apache HTTP Server mod_ssl module incorrectly handled TLS 1.3 session resumption. A remote attacker could possibly use this issue to bypass access control. (CVE-2025-23048) Anthony CORSIEZ discovered that the Apache HTTP Server mod_proxy_http2 module incorrectly handled missing host headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2025-49630) Robert Merget discovered that the Apache HTTP Server mod_ssl module incorrectly handled TLS upgrades. A remote attacker could possibly use this issue to hijack an HTTP session. This update removes the old "SSLEngine optional" configuration option, possibly requiring a configuration change in certain environments. (CVE-2025-49812) Gal Bar Nahum discovered that the Apache HTTP Server incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. (CVE-2025-53020)

USN-7585-7: Linux kernel (Raspberry Pi) vulnerabilities

5 hours 23 minutes ago
It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. (CVE-2025-2312) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - x86 architecture; - iSCSI Boot Firmware Table Attributes driver; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Media drivers; - MemoryStick subsystem; - Network drivers; - NTB driver; - PCI subsystem; - SCSI subsystem; - Thermal drivers; - JFS file system; - File systems infrastructure; - Tracing infrastructure; - 802.1Q VLAN protocol; - Asynchronous Transfer Mode (ATM) subsystem; - Bluetooth subsystem; - IPv6 networking; - Netfilter; - Network traffic control; - Sun RPC protocol; - USB sound devices; (CVE-2025-22007, CVE-2025-21959, CVE-2025-22021, CVE-2025-22063, CVE-2025-22045, CVE-2024-58093, CVE-2022-49636, CVE-2025-22020, CVE-2024-53168, CVE-2025-22071, CVE-2025-39735, CVE-2025-21991, CVE-2025-21992, CVE-2025-21996, CVE-2025-22035, CVE-2023-53034, CVE-2025-22054, CVE-2025-23136, CVE-2025-22073, CVE-2024-56551, CVE-2025-22005, CVE-2025-37937, CVE-2021-47211, CVE-2025-22086, CVE-2025-21956, CVE-2025-38637, CVE-2025-22004, CVE-2025-22018, CVE-2025-22079, CVE-2025-21957, CVE-2025-21993)

valkey-8.0.4-1.el9

16 hours 4 minutes ago
FEDORA-EPEL-2025-79c2e0f87a Packages in this update:
  • valkey-8.0.4-1.el9
Update description:

Valkey 8.0.4 - Released Mon 07 July 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Security fixes

  • CVE-2025-32023 prevent out-of-bounds write during hyperloglog operations (#2146)
  • CVE-2025-48367 retry accept on transient errors (#2315)

Security fixes backported from 8.1.2

  • CVE-2025-27151 Check length of AOF file name in valkey-check-aof (#2146)

valkey-8.0.4-1.fc41

16 hours 4 minutes ago
FEDORA-2025-34895333b5 Packages in this update:
  • valkey-8.0.4-1.fc41
Update description:

Valkey 8.0.4 - Released Mon 07 July 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Security fixes

  • CVE-2025-32023 prevent out-of-bounds write during hyperloglog operations (#2146)
  • CVE-2025-48367 retry accept on transient errors (#2315)

Security fixes backported from 8.1.2

  • CVE-2025-27151 Check length of AOF file name in valkey-check-aof (#2146)

valkey-8.0.4-1.fc42

16 hours 4 minutes ago
FEDORA-2025-8e2eddc063 Packages in this update:
  • valkey-8.0.4-1.fc42
Update description:

Valkey 8.0.4 - Released Mon 07 July 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Security fixes

  • CVE-2025-32023 prevent out-of-bounds write during hyperloglog operations (#2146)
  • CVE-2025-48367 retry accept on transient errors (#2315)

Security fixes backported from 8.1.2

  • CVE-2025-27151 Check length of AOF file name in valkey-check-aof (#2146)

valkey-8.0.4-1.el8

16 hours 4 minutes ago
FEDORA-EPEL-2025-8cce4f2f71 Packages in this update:
  • valkey-8.0.4-1.el8
Update description:

Valkey 8.0.4 - Released Mon 07 July 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Security fixes

  • CVE-2025-32023 prevent out-of-bounds write during hyperloglog operations (#2146)
  • CVE-2025-48367 retry accept on transient errors (#2315)

Security fixes backported from 8.1.2

  • CVE-2025-27151 Check length of AOF file name in valkey-check-aof (#2146)

vim-9.1.1552-1.fc41

16 hours 9 minutes ago
FEDORA-2025-cc42339ef7 Packages in this update:
  • vim-9.1.1552-1.fc41
Update description:

The newest upstream commit

Security fixes for CVE-2025-53906, CVE-2025-53905

vim-9.1.1552-1.fc42

16 hours 37 minutes ago
FEDORA-2025-9395406660 Packages in this update:
  • vim-9.1.1552-1.fc42
Update description:

The newest upstream commit

Security fixes for CVE-2025-53906, CVE-2025-53905

USN-7610-3: Linux kernel (Low Latency) vulnerabilities

1 day 22 hours ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Netfilter; - Network traffic control; (CVE-2025-38001, CVE-2025-37997, CVE-2025-37798, CVE-2025-38000, CVE-2025-37932, CVE-2025-37890)

asnmap-1.1.1-1.fc43

1 day 23 hours ago
FEDORA-2025-6ef99deed4 Packages in this update:
  • asnmap-1.1.1-1.fc43
Update description:

Automatic update for asnmap-1.1.1-1.fc43.

Changelog * Mon Jul 14 2025 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 1.1.1-1 - Update to 1.1.1 and adopt Go Vendor Tools - Closes rhbz#2360621 rhbz#2360582 rhbz#2359392 rhbz#2352135 rhbz#2339903 rhbz#2333242 rhbz#2267159 * Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.6-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild

USN-7637-1: libjxl vulnerabilities

2 days 6 hours ago
It was discovered that libjxl did not perform proper bounds checking when parsing Exif tags. An attacker could possibly use this issue to cause libjxl to crash, resulting in a denial of service. (CVE-2023-0645) It was discovered that libjxl did not perform proper bounds checking when decoding patches. An attacker could possibly use this issue to cause libjxl to enter an infinite loop, resulting in a denial of service. (CVE-2023-35790) It was discovered that libjxl did not perform proper bounds checking when performing JPEG recompression. An attacker could possibly use this issue to cause libjxl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2024-11403) It was discovered that libjxl incorrectly handled parsing certain image files. An attacker could possibly use this issue to cause libjxl to consume excessive amounts of memory, resulting in a denial of service. (CVE-2024-11498)