Fedora Security Advisories

FEDORA-2025-ea90f8d03c Packages in this update:

• dolphin-emu-2503a-11.fc43

Update description:

Add CVE and bug fixes to bundled mbedtls in dolphin-emu

FEDORA-2025-cbd9bd51dd Packages in this update:

• dolphin-emu-2503a-4.fc42

Update description:

Add CVE and bug fixes to bundled mbedtls in dolphin-emu

FEDORA-2025-01148de25a Packages in this update:

• skopeo-1.20.0-4.fc42

Update description:

Security fix for CVE-2025-58189 and CVE-2025-61725

FEDORA-2025-af04521261 Packages in this update:

• skopeo-1.20.0-5.fc43

Update description:

Security fix for CVE-2025-58189, CVE-2025-61725

FEDORA-2025-0753bddd6c Packages in this update:

• bpfman-0.5.4-3.fc42

Update description:

This update fixes CVE-2025-0977 (RUSTSEC-2025-0004), a use-after-free vulnerability in the Rust openssl crate's ssl::select_next_proto function. The openssl crate has been updated from version 0.10.67 to 0.10.70 in the vendored dependencies.

FEDORA-2025-e67231423f Packages in this update:

• bpfman-0.5.4-3.fc43

Update description:

This update fixes CVE-2025-0977 (RUSTSEC-2025-0004), a use-after-free vulnerability in the Rust openssl crate's ssl::select_next_proto function. The openssl crate has been updated from version 0.10.67 to 0.10.70 in the vendored dependencies.

FEDORA-2025-78747a63cd Packages in this update:

• luksmeta-10-1.fc41

Update description:

New upstream release v10 Fix: CVE-2025-11568

FEDORA-2025-457000540a Packages in this update:

• luksmeta-10-1.fc42

Update description:

New upstream release v10 Fix: CVE-2025-11568

FEDORA-2025-e53e8fdc0a Packages in this update:

• luksmeta-10-1.fc43

Update description:

Fix handling of large metadata Fix: CVE-2025-11568

FEDORA-2025-9d12a32bce Packages in this update:

• golang-github-openprinting-ipp-usb-0.9.30-7.fc41

Update description:

Rebuild with the latest golang in repos

FEDORA-2025-d9921d4ed5 Packages in this update:

• golang-github-openprinting-ipp-usb-0.9.30-7.fc42

Update description:

Rebuild with the latest golang in repos

FEDORA-2025-46b6a955b3 Packages in this update:

• golang-github-openprinting-ipp-usb-0.9.30-7.fc43

Update description:

Rebuild with the latest golang in repos

FEDORA-2025-ece4f3816e Packages in this update:

• dotnet9.0-9.0.111-1.fc41

Update description:

This is the October 2025 release of .NET 9, updating the SDK to version 9.0.111 and runtime to version to 9.0.10.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.10/9.0.111.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.10/9.0.10.md

FEDORA-2025-e9c0b9e1b4 Packages in this update:

• dotnet9.0-9.0.111-1.fc42

Update description:

This is the October 2025 release of .NET 9, updating the SDK to version 9.0.111 and runtime to version to 9.0.10.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.10/9.0.111.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.10/9.0.10.md

FEDORA-2025-08b0c5ec40 Packages in this update:

• dotnet9.0-9.0.111-1.fc43

Update description:

This is the October 2025 release of .NET 9, updating the SDK to version 9.0.111 and runtime to version to 9.0.10.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.10/9.0.111.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.10/9.0.10.md

This is the September 2025 release of .NET 9.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.9/9.0.110.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.9/9.0.9.md

FEDORA-2025-2ff6e32273 Packages in this update:

• varnish-7.7.3-2.fc44

Update description:

Automatic update for varnish-7.7.3-2.fc44.

Changelog * Wed Oct 29 2025 Luboš Uhliarik <luhliari@redhat.com> - 7.7.3-2 - Add tmpfiles.d rules for /var directories (bootc compatibility) * Mon Sep 15 2025 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.7.3-1 - New upstream release: A security release - Includes fix for VSV00017 aka CVE-2025-8671, rhbz#2388222 * Thu Jul 31 2025 Luboš Uhliarik <luhliari@redhat.com> - 7.7.1-4 - bundle jemalloc in RHEL * Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 7.7.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Thu May 22 2025 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.7.1-2 - Correct ABI and VRT versions - Pulled el7 support - Use systemd setup for users * Tue May 20 2025 Luboš Uhliarik <luhliari@redhat.com> - 7.7.1-1 - new version 7.7.1 * Thu Mar 27 2025 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.7.0-2 - Fix for eln build (merged from yselkowitz) - Fix for failing h2 switch check. Enabling full test suite again * Mon Mar 24 2025 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.7.0-1 - New upstream release - fedora now has completed the bin/sbin merge * Sun Jan 19 2025 Fedora Release Engineering <releng@fedoraproject.org> - 7.6.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Mon Dec 2 2024 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.6.1-1 - New upstream release * Mon Sep 16 2024 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.6.0-1 - New upstream release - Updated checkout of pkg-varnish * Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Tue Mar 19 2024 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.5.0-1 - New upstream release - Moved somethings around to make the diff from the upstream spec less - Upped some memory requirements in some of the tests. Necessary on aarch64 and ppc64le (and ppc32) - Reduced number of parallel jobs on s390x builders as builds tend to fail when stressed - Retired armv7hl * Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7.4.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Wed Nov 8 2023 Ingvar Hagelund <ingvar@redpill-linpro.com> - 7.4.2-1 - New upstream release. A security release - Includes fix for CVE-2023-44487 aka VSV00013, rhbz#2243328, HTTP/2 Rapid Reset Attack

FEDORA-2025-e121742c9d Packages in this update:

• kea-3.0.2-1.fc42

Update description:

• New version 3.0.2 (rhbz#2407048)
• Fixes CVE-2025-11232 (rhbz#2407228)

FEDORA-2025-a7cea1535d Packages in this update:

• kea-3.0.2-1.fc43

Update description:

• New version 3.0.2 (rhbz#2407048)
• Fixes CVE-2025-11232 (rhbz#2407229)

FEDORA-2025-2406078e57 Packages in this update:

• mupen64plus-2.6.0-8.fc41

Update description:

Patch CVE-2025-29366 and CVE-2025-29366

There should be no change in behaviour.

FEDORA-2025-123e2abe71 Packages in this update:

• mupen64plus-2.6.0-8.fc43

Update description:

Patch CVE-2025-29366 and CVE-2025-29366 There should be no change in behaviour.