Fedora Security Advisories

FEDORA-2025-87154673fe Packages in this update:

• vgrep-2.8.0-4.fc41

Update description:

Rebuild for CVE-2025-47906.

https://pkg.go.dev/vuln/GO-2025-3956

FEDORA-2025-6738ea943a Packages in this update:

• vgrep-2.8.0-4.fc42

Update description:

Rebuild for CVE-2025-47906.

https://pkg.go.dev/vuln/GO-2025-3956

FEDORA-2025-945dff8564 Packages in this update:

• dtk6core-6.0.27-11.fc42
• dtk6gui-6.0.27-12.fc42
• dtk6log-0.0.2-13.fc42
• dtk6widget-6.0.27-10.fc42
• fcitx5-qt-5.1.10-10.fc42
• gammaray-3.1.0-15.fc42
• kddockwidgets-1.7.0-27.fc42
• LabPlot-2.12.1-11.fc42
• mingw-qt6-qt3d-6.9.3-1.fc42
• mingw-qt6-qt5compat-6.9.3-1.fc42
• mingw-qt6-qtactiveqt-6.9.3-1.fc42
• mingw-qt6-qtbase-6.9.3-1.fc42
• mingw-qt6-qtcharts-6.9.3-1.fc42
• mingw-qt6-qtdeclarative-6.9.3-1.fc42
• mingw-qt6-qtimageformats-6.9.3-1.fc42
• mingw-qt6-qtlocation-6.9.3-1.fc42
• mingw-qt6-qtmultimedia-6.9.3-1.fc42
• mingw-qt6-qtpositioning-6.9.3-1.fc42
• mingw-qt6-qtscxml-6.9.3-1.fc42
• mingw-qt6-qtsensors-6.9.3-1.fc42
• mingw-qt6-qtserialport-6.9.3-1.fc42
• mingw-qt6-qtshadertools-6.9.3-1.fc42
• mingw-qt6-qtsvg-6.9.3-1.fc42
• mingw-qt6-qttools-6.9.3-1.fc42
• mingw-qt6-qttranslations-6.9.3-1.fc42
• mingw-qt6-qtwebchannel-6.9.3-1.fc42
• mingw-qt6-qtwebsockets-6.9.3-1.fc42
• nheko-0.12.1-10.fc42
• python-pyqt6-6.9.0-5.fc42
• qt6-6.9.3-1.fc42
• qt6-qt3d-6.9.3-1.fc42
• qt6-qt5compat-6.9.3-1.fc42
• qt6-qtbase-6.9.3-1.fc42
• qt6-qtcharts-6.9.3-1.fc42
• qt6-qtcoap-6.9.3-1.fc42
• qt6-qtconnectivity-6.9.3-1.fc42
• qt6-qtdatavis3d-6.9.3-1.fc42
• qt6-qtdeclarative-6.9.3-1.fc42
• qt6-qthttpserver-6.9.3-1.fc42
• qt6-qtimageformats-6.9.3-1.fc42
• qt6-qtlanguageserver-6.9.3-1.fc42
• qt6-qtlocation-6.9.3-1.fc42
• qt6-qtlottie-6.9.3-1.fc42
• qt6-qtmqtt-6.9.3-1.fc42
• qt6-qtmultimedia-6.9.3-1.fc42
• qt6-qtnetworkauth-6.9.3-1.fc42
• qt6-qtopcua-6.9.3-1.fc42
• qt6-qtpositioning-6.9.3-1.fc42
• qt6-qtquick3d-6.9.3-1.fc42
• qt6-qtquick3dphysics-6.9.3-1.fc42
• qt6-qtquicktimeline-6.9.3-1.fc42
• qt6-qtremoteobjects-6.9.3-1.fc42
• qt6-qtscxml-6.9.3-1.fc42
• qt6-qtsensors-6.9.3-1.fc42
• qt6-qtserialbus-6.9.3-1.fc42
• qt6-qtserialport-6.9.3-1.fc42
• qt6-qtshadertools-6.9.3-1.fc42
• qt6-qtspeech-6.9.3-1.fc42
• qt6-qtsvg-6.9.3-1.fc42
• qt6-qttools-6.9.3-1.fc42
• qt6-qttranslations-6.9.3-1.fc42
• qt6-qtvirtualkeyboard-6.9.3-1.fc42
• qt6-qtwayland-6.9.3-1.fc42
• qt6-qtwebchannel-6.9.3-1.fc42
• qt6-qtwebengine-6.9.3-1.fc42
• qt6-qtwebsockets-6.9.3-1.fc42
• qt6-qtwebview-6.9.3-1.fc42
• qt-creator-16.0.2-3.fc42
• zeal-0.7.2-14.fc42

Update description:

Qt 6.9.3 bugfix update.

FEDORA-EPEL-2025-439963506c Packages in this update:

• rust-astral-tokio-tar-0.5.6-1.el10_0
• uv-0.6.17-3.el10_0

Update description:

Security fix for CVE-2025-62518: update rust-astral-tokio-tar to 0.5.6 and rebuild uv.

rust-astral-tokio-tar 0.5.6

• Fixed a parser desynchronization vulnerability when reading tar archives that contain mismatched size information in PAX/ustar headers.

  This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx and CVE-2025-62518.

FEDORA-2025-26e2e0c477 Packages in this update:

• qt5-qtbase-5.15.17-2.fc41

Update description:

Fix CVE-2025-5455 - QtCore Assertion Failure Denial of Service

FEDORA-2025-9a46af550f Packages in this update:

• qt5-qtbase-5.15.17-6.fc43

Update description:

Fix CVE-2025-5455 - QtCore Assertion Failure Denial of Service

FEDORA-2025-c50e4dfd3b Packages in this update:

• qt5-qtbase-5.15.17-2.fc42

Update description:

Fix CVE-2025-5455 - QtCore Assertion Failure Denial of Service

FEDORA-EPEL-2025-fd412e2ace Packages in this update:

• qt5-qtbase-5.15.17-2.el10_2

Update description:

Fix CVE-2025-5455 - QtCore Assertion Failure Denial of Service

FEDORA-2025-0b601ed2ad Packages in this update:

• xen-4.19.3-5.fc41

Update description:

x86: Incorrect input sanitisation in Viridian hypercalls [XSA-475, CVE-2025-58147, CVE-2025-58148]

FEDORA-2025-38b5313966 Packages in this update:

• xen-4.19.3-6.fc42

Update description:

x86: Incorrect input sanitisation in Viridian hypercalls [XSA-475, CVE-2025-58147, CVE-2025-58148]

FEDORA-2025-769eac3469 Packages in this update:

• xen-4.20.1-7.fc43

Update description:

x86: Incorrect input sanitisation in Viridian hypercalls [XSA-475, CVE-2025-58147, CVE-2025-58148]

FEDORA-2025-1131df0f70 Packages in this update:

• fluidsynth-2.4.8-2.fc42

Update description:

Fix world writeable /run/lock/fluidsynth Update to 2.4.8

FEDORA-EPEL-2025-5aefff4853 Packages in this update:

• fluidsynth-2.4.8-2.el10_1

Update description:

Fix world writeable /run/lock/fluidsynth Update to 2.4.8

FEDORA-2025-6db4dcdf66 Packages in this update:

• fluidsynth-2.4.8-2.fc41

Update description:

Fix world writeable /run/lock/fluidsynth Update to 2.4.8

FEDORA-EPEL-2025-ae4b2d1417 Packages in this update:

• fluidsynth-2.4.8-2.el9

Update description:

Fix world writeable /run/lock/fluidsynth Update to 2.4.8

FEDORA-EPEL-2025-1fe5205aa6 Packages in this update:

• fluidsynth-2.4.8-2.el10_2

Update description:

Fix world writeable /run/lock/fluidsynth Update to 2.4.8

FEDORA-2025-0ea3179bb0 Packages in this update:

• fluidsynth-2.4.8-2.fc43

Update description:

Fix world writeable /run/lock/fluidsynth Update to 2.4.8

FEDORA-2025-3ddbddd7e2 Packages in this update:

• samba-4.23.2-1.fc44

Update description:

Automatic update for samba-4.23.2-1.fc44.

Changelog * Fri Oct 17 2025 Günther Deschner <gd@samba.org> - 2:4.23.2-1 - Update to Samba 4.23.2 - resolves: rhbz#2404204 - resolves: rhbz#2391698 - Security fix for CVE-2025-9640 - resolves: rhbz#2394377 - Security fix for CVE-2025-10230

FEDORA-2025-c0830ff9f4 Packages in this update:

• samba-4.21.9-1.fc41

Update description:

Security fix for CVE-2025-9640 and CVE-2025-10230

FEDORA-2025-7d890563f6 Packages in this update:

• samba-4.22.6-1.fc42

Update description:

Update to Samba 4.22.6 - Security fix for CVE-2025-9640 and CVE-2025-10230