cups-2.4.14-1.fc43
FEDORA-2025-3596273b51
Packages in this update:
- cups-2.4.14-1.fc43
2.4.14 (fixes CVE-2025-58060 and CVE-2025-58364)
Aggregator
USN-7746-1: cipher-base vulnerability
Nikita Skovoroda discovered that cipher-base did not properly manage
certain inputs. An attacker could possibly use this issue to manipulate
the internal state of hash functions, resulting in hash collisions,
denial of service, or other unspecified impact.
6.16.7: stable
Version:6.16.7 (stable)
Released:2025-09-11
Source:linux-6.16.7.tar.xz
PGP Signature:linux-6.16.7.tar.sign
Patch:full (incremental)
ChangeLog:ChangeLog-6.16.7
6.12.47: longterm
Version:6.12.47 (longterm)
Released:2025-09-11
Source:linux-6.12.47.tar.xz
PGP Signature:linux-6.12.47.tar.sign
Patch:full (incremental)
ChangeLog:ChangeLog-6.12.47
6.6.106: longterm
Version:6.6.106 (longterm)
Released:2025-09-11
Source:linux-6.6.106.tar.xz
PGP Signature:linux-6.6.106.tar.sign
Patch:full (incremental)
ChangeLog:ChangeLog-6.6.106
6.1.152: longterm
Version:6.1.152 (longterm)
Released:2025-09-11
Source:linux-6.1.152.tar.xz
PGP Signature:linux-6.1.152.tar.sign
Patch:full (incremental)
ChangeLog:ChangeLog-6.1.152
5.15.193: longterm
Version:5.15.193 (longterm)
Released:2025-09-11
Source:linux-5.15.193.tar.xz
PGP Signature:linux-5.15.193.tar.sign
Patch:full (incremental)
ChangeLog:ChangeLog-5.15.193
5.10.244: longterm
Version:5.10.244 (longterm)
Released:2025-09-11
Source:linux-5.10.244.tar.xz
PGP Signature:linux-5.10.244.tar.sign
Patch:full (incremental)
ChangeLog:ChangeLog-5.10.244
USN-7745-1: CUPS vulnerabilities
It was discovered that CUPS incorrectly handled authentication types other
than Basic. An attacker could possibly use this issue to bypass
authentication. (CVE-2025-58060)
It was discovered that CUPS incorrectly handled deserialization and
validation of printer attributes. An attacker could possibly use this
issue to cause a denial of service. (CVE-2025-58364)
USN-7744-1: QEMU vulnerabilities
It was discovered that QEMU incorrectly handled certain virtio devices. A
privileged guest attacker could use this issue to cause QEMU to crash,
leading to a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-3446)
It was discovered that QEMU incorrectly handled SDHCI device emulation. A
guest attacker could possibly use this issue to cause QEMU to crash,
leading to a denial of service. This issue only affected Ubuntu 22.04 LTS
and Ubuntu 24.04 LTS. (CVE-2024-3447)
It was discovered that QEMU incorrectly handled calculating the checksum
of a short-sized fragmented packet. A guest attacker could possibly use
this issue to cause QEMU to crash, leading to a denial of service. This
issue only affected Ubuntu 24.04 LTS. (CVE-2024-3567)
It was discovered that the QEMU qemu-img utility incorrectly handled
certain crafted image files. An attacker could use this issue to cause QEMU
to consume resources, leading to a denial of service, or possibly read and
write to an existing external file. This issue only affected Ubuntu 22.04
LTS and Ubuntu 24.04 LTS. (CVE-2024-4467)
It was discovered that QEMU incorrectly handled the RSS feature on
virtio-net devices. A privileged guest attacker could possibly use this
issue to cause QEMU to crash, leading to a denial of service. This
issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-6505)
It was discovered that QEMU incorrectly handled the NBD server. An attacker
could use this issue to cause QEMU to consume resources, leading to a
denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu
24.04 LTS. (CVE-2024-7409)
It was discovered that QEMU incorrectly handled certain USB devices. A
guest attacker could possibly use this issue to cause QEMU to crash,
leading to a denial of service. This issue only affected Ubuntu 22.04 LTS
and Ubuntu 24.04 LTS. (CVE-2024-8354)
It was discovered that the QEMU package incorrectly set up a binfmt_misc
registration with the C (Credential) flag. A local attacker could use this
with a suid/sgid binary to escalate privileges. This update will no longer
run foreign-architecture binaries with suid/sgid with elevated privileges.
next-20250911: linux-next
Version:next-20250911 (linux-next)
Released:2025-09-11
DSA-5999-1 libjson-xs-perl - security update
DSA-6000-1 libcpanel-json-xs-perl - security update
DSA-5998-1 cups - security update
USN-7743-1: libxml2 vulnerability
Nikita Sveshnikov discovered that libxml2 incorrectly handled recursion
when processing XPath expressions. An attacker could possibly use this
issue to cause a denial of service.
gh-2.79.0-1.fc42
FEDORA-2025-d4c9910925
Packages in this update:
- gh-2.79.0-1.fc42
Update to 2.79.0
gh-2.79.0-1.fc41
FEDORA-2025-24e111e6f1
Packages in this update:
- gh-2.79.0-1.fc41
Update to 2.79.0
next-20250910: linux-next
Version:next-20250910 (linux-next)
Released:2025-09-10