Fedora Security Advisories

salt-3007.5-2.fc41

4 hours 33 minutes ago
FEDORA-2025-b712778148 Packages in this update:
  • salt-3007.5-2.fc41
Update description:

Contains fixes for regressions introduced during CVE bugfix update (3007.4).

salt-3007.5-2.fc42

4 hours 33 minutes ago
FEDORA-2025-c903306aee Packages in this update:
  • salt-3007.5-2.fc42
Update description:

Contains fixes for regressions introduced during CVE bugfix update (3007.4).

sudo-1.9.17-2.p1.fc41

12 hours 15 minutes ago
FEDORA-2025-29c6186ffb Packages in this update:
  • sudo-1.9.17-2.p1.fc41
Update description:

Rebase to sudo 1.9.17p1

  • sudo-1_9_16p2 is available. Resolves: rhbz#2309626
  • sudo: LPE via host option. Resolves: CVE-2025-32462
  • Properly apply system buildflags.
  • Use new build macros, drop unneeded %defattr.

sudo-1.9.17-2.p1.fc42

12 hours 16 minutes ago
FEDORA-2025-44c3b13554 Packages in this update:
  • sudo-1.9.17-2.p1.fc42
Update description:

Rebase to sudo 1.9.17p1

  • sudo-1_9_16p2 is available. Resolves: rhbz#2309626
  • sudo: LPE via host option. Resolves: CVE-2025-32462
  • Properly apply system buildflags.
  • Use new build macros, drop unneeded %defattr.

python3.6-3.6.15-47.fc42

1 day 11 hours ago
FEDORA-2025-266a1353a1 Packages in this update:
  • python3.6-3.6.15-47.fc42
Update description:

Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435

python3.6-3.6.15-47.fc41

1 day 11 hours ago
FEDORA-2025-a8abfbb35c Packages in this update:
  • python3.6-3.6.15-47.fc41
Update description:

Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435

ov-0.42.1-1.fc43

1 day 12 hours ago
FEDORA-2025-c4c8863fd7 Packages in this update:
  • ov-0.42.1-1.fc43
Update description:

Automatic update for ov-0.42.1-1.fc43.

Changelog * Fri Jul 4 2025 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 0.42.1-1 - Update to 0.42.1 and go-vendor-tools. Closes rhbz#2348375 rhbz#2352321

php-8.3.23-1.fc41

1 day 17 hours ago
FEDORA-2025-da047483d8 Packages in this update:
  • php-8.3.23-1.fc41
Update description:

PHP version 8.3.23 (03 Jul 2025)

Core:

  • Fixed GH-18695 (zend_ast_export() - float number is not preserved). (Oleg Efimov)
  • Do not delete main chunk in zend_gc. (danog, Arnaud)
  • Fix compile issues with zend_alloc and some non-default options. (nielsdos)

Curl:

  • Fix memory leak when setting a list via curl_setopt fails. (nielsdos)
  • Fix incorrect OpenSSL version detection. (Peter Kokot)

Date:

  • Fix leaks with multiple calls to DatePeriod iterator current(). (nielsdos)

FPM:

  • Fixed GH-18662 (fpm_get_status segfault). (txuna)

Hash:

  • Fixed bug GH-14551 (PGO build fails with xxhash). (nielsdos)

Intl:

  • Fix memory leak in intl_datetime_decompose() on failure. (nielsdos)
  • Fix memory leak in locale lookup on failure. (nielsdos)

ODBC:

  • Fix memory leak on php_odbc_fetch_hash() failure. (nielsdos)

Opcache:

  • Fixed bug GH-18743 (Incompatibility in Inline TLS Assembly on Alpine 3.22). (nielsdos, Arnaud)

OpenSSL:

  • Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure. (nielsdos)
  • Fixed bug php#74796 (Requests through http proxy set peer name). (Jakub Zelenka)

PGSQL:

  • Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors during escaping). (CVE-2025-1735) (Jakub Zelenka)

Phar:

  • Add missing filter cleanups on phar failure. (nielsdos)
  • Fixed bug GH-18642 (Signed integer overflow in ext/phar fseek). (nielsdos)

PHPDBG:

  • Fix 'phpdbg --help' segfault on shutdown with USE_ZEND_ALLOC=0. (nielsdos)

PDO ODBC:

  • Fix memory leak if WideCharToMultiByte() fails. (nielsdos)

PGSQL:

  • Fix warning not being emitted when failure to cancel a query with pg_cancel_query(). (Girgias)

Random:

  • Fix reference type confusion and leak in user random engine. (nielsdos, timwolla)

Readline:

  • Fix memory leak when calloc() fails in php_readline_completion_cb(). (nielsdos)

SOAP:

  • Fix memory leaks in php_http.c when call_user_function() fails. (nielsdos)
  • Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix). (CVE-2025-6491) (Lekssays, nielsdos)

Standard:

  • Fixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames). (CVE-2025-1220) (Jakub Zelenka)

Tidy:

  • Fix memory leak in tidy output handler on error. (nielsdos)
  • Fix tidyOptIsReadonly deprecation, using tidyOptGetCategory. (David Carlier)

php-8.4.10-1.fc42

1 day 17 hours ago
FEDORA-2025-2c344545bf Packages in this update:
  • php-8.4.10-1.fc42
Update description:

PHP version 8.4.10 (03 Jul 2025)

BcMath:

  • Fixed bug GH-18641 (Accessing a BcMath\Number property by ref crashes). (nielsdos)

Core:

  • Fixed bugs GH-17711 and GH-18022 (Infinite recursion on deprecated attribute evaluation) and GH-18464 (Recursion protection for deprecation constants not released on bailout). (DanielEScherzer and ilutov)
  • Fixed GH-18695 (zend_ast_export() - float number is not preserved). (Oleg Efimov)
  • Fix handling of references in zval_try_get_long(). (nielsdos)
  • Do not delete main chunk in zend_gc. (danog, Arnaud)
  • Fix compile issues with zend_alloc and some non-default options. (nielsdos)

Curl:

  • Fix memory leak when setting a list via curl_setopt fails. (nielsdos)

Date:

  • Fix leaks with multiple calls to DatePeriod iterator current(). (nielsdos)

DOM:

  • Fixed bug GH-18744 (classList works not correctly if copy HTMLElement by clone keyword). (nielsdos)

FPM:

  • Fixed GH-18662 (fpm_get_status segfault). (txuna)

Hash:

  • Fixed bug GH-14551 (PGO build fails with xxhash). (nielsdos)

Intl:

  • Fix memory leak in intl_datetime_decompose() on failure. (nielsdos)
  • Fix memory leak in locale lookup on failure. (nielsdos)

Opcache:

  • Fixed bug GH-18743 (Incompatibility in Inline TLS Assembly on Alpine 3.22). (nielsdos, Arnaud)

ODBC:

  • Fix memory leak on php_odbc_fetch_hash() failure. (nielsdos)

OpenSSL:

  • Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure. (nielsdos)
  • Fixed bug php#74796 (Requests through http proxy set peer name). (Jakub Zelenka)

PGSQL:

  • Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors during escaping). (CVE-2025-1735) (Jakub Zelenka)

PDO ODBC:

  • Fix memory leak if WideCharToMultiByte() fails. (nielsdos)

PDO Sqlite:

  • Fixed memory leak with Pdo_Sqlite::createCollation when the callback has an incorrect return type. (David Carlier)

Phar:

  • Add missing filter cleanups on phar failure. (nielsdos)
  • Fixed bug GH-18642 (Signed integer overflow in ext/phar fseek). (nielsdos)

PHPDBG:

  • Fix 'phpdbg --help' segfault on shutdown with USE_ZEND_ALLOC=0. (nielsdos)

PGSQL:

  • Fix warning not being emitted when failure to cancel a query with pg_cancel_query(). (Girgias)

Random:

  • Fix reference type confusion and leak in user random engine. (nielsdos, timwolla)

Readline:

  • Fix memory leak when calloc() fails in php_readline_completion_cb(). (nielsdos)

SimpleXML:

  • Fixed bug GH-18597 (Heap-buffer-overflow in zend_alloc.c when assigning string with UTF-8 bytes). (nielsdos)

SOAP:

  • Fix memory leaks in php_http.c when call_user_function() fails. (nielsdos)
  • Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix). (CVE-2025-6491) (Lekssays, nielsdos)

Standard:

  • Fixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames). (CVE-2025-1220) (Jakub Zelenka)

Tidy:

  • Fix memory leak in tidy output handler on error. (nielsdos)
  • Fix tidyOptIsReadonly deprecation, using tidyOptGetCategory. (David Carlier)

doctl-1.132.0-1.fc43

2 days ago
FEDORA-2025-90442d9001 Packages in this update:
  • doctl-1.132.0-1.fc43
Update description:

Automatic update for doctl-1.132.0-1.fc43.

Changelog * Thu Jul 3 2025 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 1.132.0-1 - Update to 1.320.0 - Closes rhbz#2335930 rhbz#2340087 rhbz#2350817 rhbz#2352159 * Wed Feb 26 2025 Maxwell G <maxwell@gtmx.me> - 1.122.0-1 - Update to 1.122.0 (rhbz#2335930). Vendor dependencies. * Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1.120.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
Checked
51 minutes 52 seconds ago