Fedora Security Advisories

FEDORA-2025-7c8f6f12d1 Packages in this update:

• mbedtls-3.6.5-1.fc42

Update description:

• Update to 3.6.5

Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.5

FEDORA-2025-005897ba3d Packages in this update:

• avr-binutils-2.45-2.fc44

Update description:

Automatic update for avr-binutils-2.45-2.fc44.

Changelog * Thu Oct 16 2025 Michal Hlavinka <mhlavink@redhat.com> - 1:2.45-2 - fix CVE-2025-11081: out-of-bounds read (rhbz#2400332)

FEDORA-2025-5c621a5a8a Packages in this update:

• dokuwiki-20250514b-1.fc44
• php-php81_bc-strftime-0.7.6-1.fc44

Update description:

• Initial build for PHP81_BC\strftime
• Update DokuWiki to version 2025-05-14b "Librarian"

FEDORA-2025-e6ce056923 Packages in this update:

• dokuwiki-20250514b-1.fc43
• php-php81_bc-strftime-0.7.6-1.fc43

Update description:

• Initial build for PHP81_BC\strftime
• Update DokuWiki to version 2025-05-14b "Librarian"

FEDORA-2025-de6dc8333b Packages in this update:

• chromium-141.0.7390.76-1.fc43

Update description:

Update to 141.0.7390.76

Update to 141.0.7390.65

* High CVE-2025-11458: Heap buffer overflow in Sync * High CVE-2025-11460: Use after free in Storage * Medium CVE-2025-11211: Out of bounds read in WebCodecs

FEDORA-2025-3fc300c873 Packages in this update:

• firefox-144.0-2.fc42

Update description:

• Updated to latest upstream (144.0)

FEDORA-2025-b7a5f19bd6 Packages in this update:

• firefox-144.0-2.fc41

Update description:

• Updated to latest upstream (144.0)

FEDORA-2025-4051bc12a4 Packages in this update:

• wireshark-4.6.0-1.fc42

Update description:

New version 4.6.0

FEDORA-2025-54df0e65ea Packages in this update:

• wireshark-4.4.10-1.fc41

Update description:

New version 4.6.0

FEDORA-2025-f7d3e3c373 Packages in this update:

• wireshark-4.6.0-1.fc43

Update description:

New version 4.6.0

FEDORA-2025-97d8911108 Packages in this update:

• dovecot-2.4.1-6.fc43

Update description:

fix CVE-2025-30189

FEDORA-EPEL-2025-aff6264b34 Packages in this update:

• gi-docgen-2025.5-1.el9

Update description: gi-docgen 2025.5 - 2025-10-11

This is a security fix for CVE-2025-11687. “The severity of this issue depends on what else is hosted on the same domain as the docs. XSS on a website that hosts only gi-docgen docs and nothing else is likely harmless.”

Fixed

• Make sure to escape query strings

FEDORA-EPEL-2025-e8d68871b1 Packages in this update:

• gi-docgen-2025.5-1.el10_0

Update description: gi-docgen 2025.5 - 2025-10-11

This is a security fix for CVE-2025-11687. “The severity of this issue depends on what else is hosted on the same domain as the docs. XSS on a website that hosts only gi-docgen docs and nothing else is likely harmless.”

Fixed

• Make sure to escape query strings

FEDORA-EPEL-2025-e15c7512f4 Packages in this update:

• gi-docgen-2025.5-1.el10_1

Update description: gi-docgen 2025.5 - 2025-10-11

This is a security fix for CVE-2025-11687. “The severity of this issue depends on what else is hosted on the same domain as the docs. XSS on a website that hosts only gi-docgen docs and nothing else is likely harmless.”

Fixed

• Make sure to escape query strings

FEDORA-EPEL-2025-af9e67fa0c Packages in this update:

• gi-docgen-2025.5-1.el10_2

Update description: gi-docgen 2025.5 - 2025-10-11

This is a security fix for CVE-2025-11687. “The severity of this issue depends on what else is hosted on the same domain as the docs. XSS on a website that hosts only gi-docgen docs and nothing else is likely harmless.”

Fixed

• Make sure to escape query strings

FEDORA-2025-52dc5ac7d9 Packages in this update:

• gi-docgen-2025.5-1.fc41

Update description: gi-docgen 2025.5 - 2025-10-11

This is a security fix for CVE-2025-11687. “The severity of this issue depends on what else is hosted on the same domain as the docs. XSS on a website that hosts only gi-docgen docs and nothing else is likely harmless.”

Fixed

• Make sure to escape query strings

FEDORA-2025-b4184a589e Packages in this update:

• gi-docgen-2025.5-1.fc42

Update description: gi-docgen 2025.5 - 2025-10-11

This is a security fix for CVE-2025-11687. “The severity of this issue depends on what else is hosted on the same domain as the docs. XSS on a website that hosts only gi-docgen docs and nothing else is likely harmless.”

Fixed

• Make sure to escape query strings

FEDORA-2025-86cf4f2eed Packages in this update:

• gi-docgen-2025.5-1.fc43

Update description: gi-docgen 2025.5 - 2025-10-11

This is a security fix for CVE-2025-11687. “The severity of this issue depends on what else is hosted on the same domain as the docs. XSS on a website that hosts only gi-docgen docs and nothing else is likely harmless.”

Fixed

• Make sure to escape query strings

FEDORA-2025-489e2f5272 Packages in this update:

• python3.12-3.12.12-1.fc42

Update description:

Update to 3.12.12

FEDORA-2025-8e17ba12e5 Packages in this update:

• python3.12-3.12.12-1.fc43

Update description:

Update to 3.12.12