Fedora Security Advisories

FEDORA-EPEL-2025-56a6ede4ef Packages in this update:

• salt3006-3006.12-1.el9

Update description:

Resolves multiple CVEs. Update to 3006.12.

This update contains various bugfixes to the 3006 LTS.

FEDORA-2025-77d16adbcd Packages in this update:

• dotnet9.0-9.0.107-1.fc42

Update description:

This is the .NET monthly update for June 2025.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.6/9.0.107.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.6/9.0.6.md

FEDORA-2025-092006d075 Packages in this update:

• dotnet9.0-9.0.107-1.fc41

Update description:

This is the .NET monthly update for June 2025.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.6/9.0.107.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.6/9.0.6.md

FEDORA-2025-3eb7c0066f Packages in this update:

• apache-commons-beanutils-1.9.4-39.fc41

Update description:

Fix improper access control vulnerability Resolves: CVE-2025-48734

FEDORA-2025-48e8e5f8ed Packages in this update:

• apache-commons-beanutils-1.9.4-39.fc42

Update description:

Fix improper access control vulnerability Resolves: CVE-2025-48734

FEDORA-EPEL-2025-73b10a6316 Packages in this update:

• chromium-137.0.7151.103-1.el10_1

Update description:

Update to 137.0.7151.103

• CVE-2025-5958: Use after free in Media
• CVE-2025-5959: Type Confusion in V8

FEDORA-EPEL-2025-549cb45f1c Packages in this update:

• chromium-137.0.7151.103-1.el9

Update description:

Update to 137.0.7151.103

• CVE-2025-5958: Use after free in Media
• CVE-2025-5959: Type Confusion in V8

FEDORA-2025-01bd4e4d20 Packages in this update:

• mediawiki-1.43.1-1.fc42

Update description:

https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/OXIGQIHBL26HFKG6TT5SWSH7K7W6RO4H/

https://phabricator.wikimedia.org/T382326

FEDORA-2025-aa9ea529fb Packages in this update:

• chromium-137.0.7151.103-1.fc41

Update description:

Update to 137.0.7151.103

• CVE-2025-5958: Use after free in Media
• CVE-2025-5959: Type Confusion in V8

FEDORA-2025-41bc291ca0 Packages in this update:

• chromium-137.0.7151.103-1.fc42

Update description:

Update to 137.0.7151.103

• CVE-2025-5958: Use after free in Media
• CVE-2025-5959: Type Confusion in V8

FEDORA-2025-883496c803 Packages in this update:

• thunderbird-128.11.1-1.fc41

Update description:

Update to 128.11.1

• https://www.mozilla.org/en-US/security/advisories/mfsa2025-49/

FEDORA-2025-1ac9269cc4 Packages in this update:

• thunderbird-128.11.1-1.fc42

Update description:

Update to 128.11.1

• https://www.mozilla.org/en-US/security/advisories/mfsa2025-49/

FEDORA-2025-047d8f57ea Packages in this update:

• perl-File-Find-Rule-0.35-1.fc41

Update description:

Fix CVE-2011-10007

FEDORA-2025-eef56e1ee1 Packages in this update:

• perl-File-Find-Rule-0.35-1.fc42

Update description:

Fix CVE-2011-10007

FEDORA-2025-a99a329e1b Packages in this update:

• perl-CryptX-0.087-1.fc43

Update description:

Automatic update for perl-CryptX-0.087-1.fc43.

Changelog * Wed Jun 11 2025 Xavier Bachelot <xavier@bachelot.org> - 0.087-1 - Update to 0.087 (RHBZ#2372355,RHBZ#2372356,RHBZ#2372357,RHBZ#2372358) - Fix CVE-2025-40914

FEDORA-EPEL-2025-9c03a7aa1d Packages in this update:

• konsole5-23.08.5-2.el9

Update description:

FIx CVE-2025-49091 - Konsole Remote Code Execution Vulnerability

FEDORA-EPEL-2025-5fa07de5ca Packages in this update:

• konsole5-22.04.1-2.el8

Update description:

FIx CVE-2025-49091 - Konsole Remote Code Execution Vulnerability

FEDORA-2025-25aa48d158 Packages in this update:

• libtpms-0.9.7-1.fc41

Update description:

Upgrade to libtpms 0.9.7 fixing CVE-2025-49133

FEDORA-2025-77cdabc09b Packages in this update:

• libtpms-0.10.1-1.fc42

Update description:

Upgrade to libtpms 0.10.1 fixing CVE-2025-49133

FEDORA-EPEL-2025-a36cdc1182 Packages in this update:

• kea-2.6.3-1.el9

Update description:

• New version 2.6.3 (rhbz#2368989)
• Fix for: CVE-2025-32801, CVE-2025-32802, CVE-2025-32803
• kea.conf: Remove /tmp/ from socket-name for existing configurations
• kea.conf: Set pseudo-random password for default config to secure fresh install and allow CA startup without user intervention
• kea.conf: Restrict directory permissions
• Sync service files with upstream
• Fix leases ownership when switching from root to kea user (rhbz#2324168)

Release Notes:

The new default configuration file, kea-ctrl-agent.conf, introduces an authentication setting, "password-file", which restricts access to the REST API. On Fedora, the kea-api-password file is automatically populated with a pseudo-random password to secure new installations.

For system upgrades, it is strongly recommended to update any custom configurations to restrict access to the REST API.

For more details, including information on CVE fixes and incompatible changes, refer to the upstream release notes:

https://downloads.isc.org/isc/kea/2.6.3/Kea-2.6.3-ReleaseNotes.txt