Fedora Security Advisories

cloud-init-24.2-5.fc42

Fedora Security Advisories
1 week 5 days ago
FEDORA-2025-b93ee7b368 Packages in this update:
  • cloud-init-24.2-5.fc42
Update description:

Backport fixes for CVE-2024-6174 and CVE-2024-11584

  • cloud-init included the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. An unprivelege user could trigger hotplug-hook commands (CVE-2024-11584)

  • When a non-x86 platform is detected, cloud-init granted root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration (CVE-2024-6174)

Note that the fix for CVE-2024-6174 includes a change that may break non-x86 OpenStack Nova users. Affected users may wish to use ConfigDrive as a workaround

cloud-init-24.2-4.fc41

Fedora Security Advisories
1 week 5 days ago
FEDORA-2025-58f05c43ae Packages in this update:
  • cloud-init-24.2-4.fc41
Update description:

Backport fixes for CVE-2024-6174 and CVE-2024-11584

  • cloud-init included the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. An unprivelege user could trigger hotplug-hook commands (CVE-2024-11584)

  • When a non-x86 platform is detected, cloud-init granted root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration (CVE-2024-6174)

Note that the fix for CVE-2024-6174 includes a change that may break non-x86 OpenStack Nova users. Affected users may wish to use ConfigDrive as a workaround

libinput-1.28.903-1.fc42

Fedora Security Advisories
1 week 6 days ago
FEDORA-2025-deb3a02c42 Packages in this update:
  • libinput-1.28.903-1.fc42
Update description:

libinput 1.28.903 - fixes key events accidentally printed (and thus logged to the system log) if debug logs were enabled at the compositor level. Only affects the recent 1.28.901 and 1.28.902 releases, mutter/wlroots are unaffected but kwin and Xorg may log depending on whether the user has enabled debug logging (which is unlikely).

grpcurl-1.9.3-1.fc43

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-2025-ac4268959b Packages in this update:
  • grpcurl-1.9.3-1.fc43
Update description:

Automatic update for grpcurl-1.9.3-1.fc43.

Changelog * Fri Jul 18 2025 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 1.9.3-1 - Update to 1.9.3 - Closes rhbz#2351413 rhbz#2352295 rhbz#2348829

golang-github-prometheus-2.55.1-1.fc43

Fedora Security Advisories
2 weeks 3 days ago
FEDORA-2025-3afa669ec0 Packages in this update:
  • golang-github-prometheus-2.55.1-1.fc43
Update description:

Automatic update for golang-github-prometheus-2.55.1-1.fc43.

Changelog * Thu Jul 17 2025 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 2.55.1-1 - Update to 2.55.1 and adopt Go Vendor Tools - Closes rhbz#2043259 rhbz#2300767 rhbz#2340460 rhbz#2348696 rhbz#2348822 rhbz#2351890 rhbz#2354422 * Fri Jan 17 2025 Fedora Release Engineering <releng@fedoraproject.org> - 2.32.1-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Wed Jul 24 2024 Miroslav Suchý <msuchy@redhat.com> - 2.32.1-17 - convert ASL 2.0 license to SPDX * Thu Jul 18 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.32.1-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> - 2.32.1-15 - Rebuild for golang 1.22.0 * Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.32.1-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Jan 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.32.1-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.32.1-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

chromium-138.0.7204.157-1.el10_1

Fedora Security Advisories
2 weeks 3 days ago
FEDORA-EPEL-2025-8030a3f1df Packages in this update:
  • chromium-138.0.7204.157-1.el10_1
Update description:

Update to 138.0.7204.157

* CVE-2025-7656: Integer overflow in V8 * CVE-2025-7657: Use after free in WebRTC * CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU

chromium-138.0.7204.157-1.fc41

Fedora Security Advisories
2 weeks 3 days ago
FEDORA-2025-3c3f7d86db Packages in this update:
  • chromium-138.0.7204.157-1.fc41
Update description:

Update to 138.0.7204.157

* CVE-2025-7656: Integer overflow in V8 * CVE-2025-7657: Use after free in WebRTC * CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU

rubygem-actioncable-8.0.2-1.fc43 rubygem-actionmailbox-8.0.2-1.fc43 rubygem-actionmailer-8.0.2-1.fc43 rubygem-actionpack-8.0.2-1.fc43 rubygem-actiontext-8.0.2-1.fc43 rubygem-actionview-8.0.2-1.fc43 rubygem-activejob-8.0.2-1.fc43 rubygem-activemodel-8.0.2…

Fedora Security Advisories
2 weeks 3 days ago
FEDORA-2025-203b7db566 Packages in this update:
  • rubygem-actioncable-8.0.2-1.fc43
  • rubygem-actionmailbox-8.0.2-1.fc43
  • rubygem-actionmailer-8.0.2-1.fc43
  • rubygem-actionpack-8.0.2-1.fc43
  • rubygem-actiontext-8.0.2-1.fc43
  • rubygem-actionview-8.0.2-1.fc43
  • rubygem-activejob-8.0.2-1.fc43
  • rubygem-activemodel-8.0.2-1.fc43
  • rubygem-activerecord-8.0.2-1.fc43
  • rubygem-activestorage-8.0.2-1.fc43
  • rubygem-activesupport-8.0.2-1.fc43
  • rubygem-rack-3.1.16-1.fc43
  • rubygem-rack-protection-4.1.1-1.fc43
  • rubygem-rack-session-2.1.1-1.fc43
  • rubygem-rackup-2.2.1-2.fc43
  • rubygem-rails-8.0.2-1.fc43
  • rubygem-railties-8.0.2-2.fc43
  • rubygem-sinatra-4.1.1-1.fc43
Update description:

https://fedoraproject.org/wiki/Changes/Ruby_on_Rails_8.0

valkey-8.0.4-1.el9

Fedora Security Advisories
2 weeks 4 days ago
FEDORA-EPEL-2025-79c2e0f87a Packages in this update:
  • valkey-8.0.4-1.el9
Update description:

Valkey 8.0.4 - Released Mon 07 July 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Security fixes

  • CVE-2025-32023 prevent out-of-bounds write during hyperloglog operations (#2146)
  • CVE-2025-48367 retry accept on transient errors (#2315)

Security fixes backported from 8.1.2

  • CVE-2025-27151 Check length of AOF file name in valkey-check-aof (#2146)

valkey-8.0.4-1.fc41

Fedora Security Advisories
2 weeks 4 days ago
FEDORA-2025-34895333b5 Packages in this update:
  • valkey-8.0.4-1.fc41
Update description:

Valkey 8.0.4 - Released Mon 07 July 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Security fixes

  • CVE-2025-32023 prevent out-of-bounds write during hyperloglog operations (#2146)
  • CVE-2025-48367 retry accept on transient errors (#2315)

Security fixes backported from 8.1.2

  • CVE-2025-27151 Check length of AOF file name in valkey-check-aof (#2146)

valkey-8.0.4-1.fc42

Fedora Security Advisories
2 weeks 4 days ago
FEDORA-2025-8e2eddc063 Packages in this update:
  • valkey-8.0.4-1.fc42
Update description:

Valkey 8.0.4 - Released Mon 07 July 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Security fixes

  • CVE-2025-32023 prevent out-of-bounds write during hyperloglog operations (#2146)
  • CVE-2025-48367 retry accept on transient errors (#2315)

Security fixes backported from 8.1.2

  • CVE-2025-27151 Check length of AOF file name in valkey-check-aof (#2146)

valkey-8.0.4-1.el8

Fedora Security Advisories
2 weeks 4 days ago
FEDORA-EPEL-2025-8cce4f2f71 Packages in this update:
  • valkey-8.0.4-1.el8
Update description:

Valkey 8.0.4 - Released Mon 07 July 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Security fixes

  • CVE-2025-32023 prevent out-of-bounds write during hyperloglog operations (#2146)
  • CVE-2025-48367 retry accept on transient errors (#2315)

Security fixes backported from 8.1.2

  • CVE-2025-27151 Check length of AOF file name in valkey-check-aof (#2146)

vim-9.1.1552-1.fc41

Fedora Security Advisories
2 weeks 4 days ago
FEDORA-2025-cc42339ef7 Packages in this update:
  • vim-9.1.1552-1.fc41
Update description:

The newest upstream commit

Security fixes for CVE-2025-53906, CVE-2025-53905

vim-9.1.1552-1.fc42

Fedora Security Advisories
2 weeks 4 days ago
FEDORA-2025-9395406660 Packages in this update:
  • vim-9.1.1552-1.fc42
Update description:

The newest upstream commit

Security fixes for CVE-2025-53906, CVE-2025-53905

Checked
2 minutes 10 seconds ago
URL
https://bodhi.fedoraproject.org/rss/updates/?type=security