Fedora Security Advisories

FEDORA-2025-b6422d64f9 Packages in this update:

• 7zip-25.01-1.fc43

Update description:

Various CVE fixes, most importantly CVE-2025-11001

This also backports the Debian patch (PR unfortunately stalled upstream, with no communication from upstream developers) to not echo passwords when dealing with encrypted archives.

FEDORA-EPEL-2025-0a81d38451 Packages in this update:

• 7zip-25.01-1.el10_1

Update description:

Various CVE fixes, most importantly CVE-2025-11001

This also backports the Debian patch (PR unfortunately stalled upstream, with no communication from upstream developers) to not echo passwords when dealing with encrypted archives.

FEDORA-EPEL-2025-2bed30c65f Packages in this update:

• 7zip-25.01-1.el10_2

Update description:

Various CVE fixes, most importantly CVE-2025-11001

This also backports the Debian patch (PR unfortunately stalled upstream, with no communication from upstream developers) to not echo passwords when dealing with encrypted archives.

FEDORA-2025-b5a4903ea0 Packages in this update:

• 7zip-25.01-1.fc44

Update description:

Automatic update for 7zip-25.01-1.fc44.

Changelog * Wed Nov 26 2025 Michel Lind <salimma@fedoraproject.org> - 25.01-1 - Update to 25.01 - 25.00+ fixes CVE-2025-11001; Resolves: rhbz#2416011 - Backport Debian patch to disable echo-ing password; Resolves: rhbz#2412315

FEDORA-2025-90281e4554 Packages in this update:

• unbound-1.24.2-1.fc43

Update description: Update to 1.24.2 (rhbz#2417261)

• Additional fix for CVE-2025-11411

https://nlnetlabs.nl/projects/unbound/download/#unbound-1-24-2

Do not always initialize QUIC library, even if not usage of QUIC is configured.

FEDORA-2025-38b1c0f3b5 Packages in this update:

• unbound-1.24.2-1.fc42

Update description: Update to 1.24.2 (rhbz#2417261)

• Additional fix for CVE-2025-11411

https://nlnetlabs.nl/projects/unbound/download/#unbound-1-24-2

FEDORA-EPEL-2025-16dc0220ef Packages in this update:

• fcgi-2.4.7-1.el9

Update description:

2.4.7 release, fixes CVE-2025-23016

FEDORA-2025-93042e260c Packages in this update:

• fcgi-2.4.7-1.fc43

Update description:

2.4.7 release, fixes CVE-2025-23016

FEDORA-2025-67511a59e3 Packages in this update:

• fcgi-2.4.7-1.fc41

Update description:

2.4.7 release, fixes CVE-2025-23016

FEDORA-EPEL-2025-f8b4636e06 Packages in this update:

• fcgi-2.4.7-1.el10_1

Update description:

2.4.7 release, fixes CVE-2025-23016

FEDORA-EPEL-2025-596d7a5bb9 Packages in this update:

• fcgi-2.4.7-1.el10_2

Update description:

2.4.7 release, fixes CVE-2025-23016

FEDORA-2025-d7c1457e7e Packages in this update:

• fcgi-2.4.7-1.fc42

Update description:

2.4.7 release, fixes CVE-2025-23016

FEDORA-EPEL-2025-1099c414ec Packages in this update:

• fcgi-2.4.7-1.el8

Update description:

2.4.7 release, fixes CVE-2025-23016

FEDORA-2025-9831accfe9 Packages in this update:

• alexvsbus-2025.06.16.0-3.fc42

Update description:

Rebuilt against patched stb_image

Initial build for F42

FEDORA-2025-673ec8d684 Packages in this update:

• alexvsbus-2025.06.16.0-3.fc43

Update description:

Rebuilt against patched stb_image

Initial build for F43

FEDORA-2025-19c65f1d15 Packages in this update:

• CuraEngine-5.4.0-10.fc43

Update description:

• Rebuilt with latest patched stb_image: memory-safety fixes

FEDORA-2025-fc872e9426 Packages in this update:

• CuraEngine-5.4.0-10.fc42

Update description:

• Rebuilt with latest patched stb_image: memory-safety fixes

FEDORA-EPEL-2025-e1a26dce63 Packages in this update:

• stb-0-0.55.20251025gitf1c79c0.el8

Update description:

Patch two newly-reported memory-safety bugs in stb_image:

• https://github.com/nothings/stb/issues/1860
• https://github.com/nothings/stb/issues/1861

FEDORA-2025-698dc1bbfa Packages in this update:

• linux-firmware-20251125-1.fc43

Update description:

Update to 20251125:

• Revert "amdgpu: update GC 11.0.1 firmware"
• QCA: Add Bluetooth firmware for WCN685x uart interface
• qcom: Add ADSP firmware for qcs6490-thundercomm-rubikpi3
• qcom: venus-5.4: update firmware binary for v5.4
• qcom: venus-5.4: remove unused firmware file
• iwlwifi: add Sc/Wh FW for core98-181 release
• amdgpu: DMCUB updates for various ASICs
• rtl_bt: Update RTL8852B BT USB FW to 0x42D3_4E04
• ASoC: tas2781: Add more symbol links on SPI devices
• amdgpu: update numerous firmware
• amdgpu: add vce1 firmware
• mediatek MT7922: update bluetooth firmware to 20251118163447
• update firmware for MT7922 WiFi device
• qcom: update ADSP, CDSP firmware for kaanapali platform, change the license
• qcom: add ADSP, CDSP firmware for sm8750 platform
• rtl_nic: add firmware rtl9151a-1
• qcom: Update aic100 firmware files
• mt76: add firmware for MT7990
• mt76: update firmware for MT7992/MT7996
• cirrus: cs35l57: Add firmware for a few Dell products
• cirrus: cs42l45: Add firmware for Cirrus Logic CS42L45 SDCA codec
• qcom: Add sdx35 Foxconn vendor firmware image file
• Update AMD cpu microcode

FEDORA-2025-a45a370014 Packages in this update:

• linux-firmware-20251125-1.fc42

Update description:

Update to 20251125:

• Revert "amdgpu: update GC 11.0.1 firmware"
• QCA: Add Bluetooth firmware for WCN685x uart interface
• qcom: Add ADSP firmware for qcs6490-thundercomm-rubikpi3
• qcom: venus-5.4: update firmware binary for v5.4
• qcom: venus-5.4: remove unused firmware file
• iwlwifi: add Sc/Wh FW for core98-181 release
• amdgpu: DMCUB updates for various ASICs
• rtl_bt: Update RTL8852B BT USB FW to 0x42D3_4E04
• ASoC: tas2781: Add more symbol links on SPI devices
• amdgpu: update numerous firmware
• amdgpu: add vce1 firmware
• mediatek MT7922: update bluetooth firmware to 20251118163447
• update firmware for MT7922 WiFi device
• qcom: update ADSP, CDSP firmware for kaanapali platform, change the license
• qcom: add ADSP, CDSP firmware for sm8750 platform
• rtl_nic: add firmware rtl9151a-1
• qcom: Update aic100 firmware files
• mt76: add firmware for MT7990
• mt76: update firmware for MT7992/MT7996
• cirrus: cs35l57: Add firmware for a few Dell products
• cirrus: cs42l45: Add firmware for Cirrus Logic CS42L45 SDCA codec
• qcom: Add sdx35 Foxconn vendor firmware image file
• Update AMD cpu microcode