Aggregator

FEDORA-EPEL-2025-a36cdc1182 Packages in this update:

• kea-2.6.3-1.el9

Update description:

• New version 2.6.3 (rhbz#2368989)
• Fix for: CVE-2025-32801, CVE-2025-32802, CVE-2025-32803
• kea.conf: Remove /tmp/ from socket-name for existing configurations
• kea.conf: Set pseudo-random password for default config to secure fresh install and allow CA startup without user intervention
• kea.conf: Restrict directory permissions
• Sync service files with upstream
• Fix leases ownership when switching from root to kea user (rhbz#2324168)

Release Notes:

The new default configuration file, kea-ctrl-agent.conf, introduces an authentication setting, "password-file", which restricts access to the REST API. On Fedora, the kea-api-password file is automatically populated with a pseudo-random password to secure new installations.

For system upgrades, it is strongly recommended to update any custom configurations to restrict access to the REST API.

For more details, including information on CVE fixes and incompatible changes, refer to the upstream release notes:

https://downloads.isc.org/isc/kea/2.6.3/Kea-2.6.3-ReleaseNotes.txt

It was discovered that AMD Microcode incorrectly handled memory addresses. An attacker with local administrator privilege could possibly use this issue to cause loss of integrity of a confidential guest running under AMD SEV-SNP. (CVE-2023-20584, CVE-2023-31356) Josh Eads, Kristoffer Janke, Eduardo Nava, Tavis Ormandy and Matteo Rizzo discovered that AMD Microcode incorrectly verified signatures. An attacker with local administrator privilege could possibly use this issue to cause loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP. (CVE-2024-56161)

Josh Eads, Kristoffer Janke, Eduardo Nava, Tavis Ormandy and Matteo Rizzo discovered that AMD Microcode incorrectly verified signatures. An attacker with local administrator privilege could possibly use this issue to cause loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.

Qualys discovered that systemd incorrectly handled metadata when processing application crashes. An attacker could possibly use this issue to expose sensitive information.

USN-7545-1 fixed a vulnerability in Apport. The update introduced a regression that prevented core dumps from being generated inside containers. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Qualys discovered that Apport incorrectly handled metadata when processing application crashes. An attacker could possibly use this issue to leak sensitive information.

FEDORA-2025-b870671130 Packages in this update:

• kea-2.6.3-1.fc41

Update description:

• New version 2.6.3 (rhbz#2368989)
• Fix for: CVE-2025-32801, CVE-2025-32802, CVE-2025-32803
• kea.conf: Remove /tmp/ from socket-name for existing configurations
• kea.conf: Set pseudo-random password for default config to secure fresh install and allow CA startup without user intervention
• kea.conf: Restrict directory permissions
• Sync service files with upstream
• Fix leases ownership when switching from root to kea user (rhbz#2324168)

Release Notes:

The new default configuration file, kea-ctrl-agent.conf, introduces an authentication setting, "password-file", which restricts access to the REST API. On Fedora, the kea-api-password file is automatically populated with a pseudo-random password to secure new installations.

For system upgrades, it is strongly recommended to update any custom configurations to restrict access to the REST API.

For more details, including information on CVE fixes and incompatible changes, refer to the upstream release notes:

https://downloads.isc.org/isc/kea/2.6.3/Kea-2.6.3-ReleaseNotes.txt

FEDORA-2025-dc6ec0a8e2 Packages in this update:

• kea-2.6.3-1.fc42

Update description:

• New version 2.6.3 (rhbz#2368989)
• Fix for: CVE-2025-32801, CVE-2025-32802, CVE-2025-32803
• kea.conf: Remove /tmp/ from socket-name for existing configurations
• kea.conf: Set pseudo-random password for default config to secure fresh install and allow CA startup without user intervention
• kea.conf: Restrict directory permissions
• Sync service files with upstream
• Fix leases ownership when switching from root to kea user (rhbz#2324168)

Release Notes:

The new default configuration file, kea-ctrl-agent.conf, introduces an authentication setting, "password-file", which restricts access to the REST API. On Fedora, the kea-api-password file is automatically populated with a pseudo-random password to secure new installations.

For system upgrades, it is strongly recommended to update any custom configurations to restrict access to the REST API.

For more details, including information on CVE fixes and incompatible changes, refer to the upstream release notes:

https://downloads.isc.org/isc/kea/2.6.3/Kea-2.6.3-ReleaseNotes.txt

FEDORA-2025-c546fd3f09 Packages in this update:

• dtk6core-6.0.27-5.fc42
• dtk6gui-6.0.27-6.fc42
• dtk6log-0.0.2-7.fc42
• dtk6widget-6.0.27-5.fc42
• fcitx5-qt-5.1.9-7.fc42
• gammaray-3.1.0-11.fc42
• kddockwidgets-1.7.0-23.fc42
• kwin-6.3.5-3.fc42
• LabPlot-2.12.0-3.fc42
• libqtxdg-4.1.0-6.fc42
• nheko-0.12.0-15.fc42
• plasma-integration-6.3.5-3.fc42
• python-pyqt6-6.9.0-3.fc42
• python-pyside6-6.9.1-1.fc42
• qt6-6.9.1-1.fc42
• qt6-doc-6.9.1-1.fc42
• qt6-qt3d-6.9.1-1.fc42
• qt6-qt5compat-6.9.1-1.fc42
• qt6-qtbase-6.9.1-1.fc42
• qt6-qtcharts-6.9.1-1.fc42
• qt6-qtcoap-6.9.1-1.fc42
• qt6-qtconnectivity-6.9.1-1.fc42
• qt6-qtdatavis3d-6.9.1-1.fc42
• qt6-qtdeclarative-6.9.1-1.fc42
• qt6-qtgraphs-6.9.1-1.fc42
• qt6-qtgrpc-6.9.1-1.fc42
• qt6-qthttpserver-6.9.1-1.fc42
• qt6-qtimageformats-6.9.1-1.fc42
• qt6-qtlanguageserver-6.9.1-1.fc42
• qt6-qtlocation-6.9.1-1.fc42
• qt6-qtlottie-6.9.1-1.fc42
• qt6-qtmqtt-6.9.1-1.fc42
• qt6-qtmultimedia-6.9.1-1.fc42
• qt6-qtnetworkauth-6.9.1-1.fc42
• qt6-qtopcua-6.9.1-1.fc42
• qt6-qtpositioning-6.9.1-1.fc42
• qt6-qtquick3d-6.9.1-1.fc42
• qt6-qtquick3dphysics-6.9.1-1.fc42
• qt6-qtquicktimeline-6.9.1-1.fc42
• qt6-qtremoteobjects-6.9.1-1.fc42
• qt6-qtscxml-6.9.1-1.fc42
• qt6-qtsensors-6.9.1-1.fc42
• qt6-qtserialbus-6.9.1-1.fc42
• qt6-qtserialport-6.9.1-1.fc42
• qt6-qtshadertools-6.9.1-1.fc42
• qt6-qtspeech-6.9.1-1.fc42
• qt6-qtsvg-6.9.1-1.fc42
• qt6-qttools-6.9.1-1.fc42
• qt6-qttranslations-6.9.1-1.fc42
• qt6-qtvirtualkeyboard-6.9.1-1.fc42
• qt6-qtwayland-6.9.1-1.fc42
• qt6-qtwebchannel-6.9.1-1.fc42
• qt6-qtwebengine-6.9.1-1.fc42
• qt6-qtwebsockets-6.9.1-1.fc42
• qt6-qtwebview-6.9.1-1.fc42
• qt-creator-16.0.1-2.fc42
• zeal-0.7.2-9.fc42

Update description:

Qt 6.9.1 bugfix release.

FEDORA-2025-2dff80a8a3 Packages in this update:

• python-django5-5.1.10-1.fc41

Update description:

• Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags()
• Fixes CVE-2025-48432: Potential log injection via unescaped request path

FEDORA-2025-ad58eb378b Packages in this update:

• python-django5-5.2.2-1.fc42

Update description:

• Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags()
• Fixes CVE-2025-48432: Potential log injection via unescaped request path

Version:6.16-rc1 (mainline) Released:2025-06-08 Source:linux-6.16-rc1.tar.gz Patch:full

FEDORA-EPEL-2025-ead5908650 Packages in this update:

• python-django4.2-4.2.22-1.el9

Update description:

• Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags()
• Fixes CVE-2025-48432: Potential log injection via unescaped request path

FEDORA-2025-6de2ab1d25 Packages in this update:

• python-django4.2-4.2.22-1.fc42

Update description:

• Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags()
• Fixes CVE-2025-48432: Potential log injection via unescaped request path

FEDORA-2025-d4849e6cf3 Packages in this update:

• python-django4.2-4.2.22-1.fc41

Update description:

• Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags()
• Fixes CVE-2025-48432: Potential log injection via unescaped request path

FEDORA-2025-e375586840 Packages in this update:

• fido-device-onboard-0.5.1-3.fc41

Update description:

Rebuild against idna 1.0+ for CVE-2024-12224

FEDORA-2025-da9b58be96 Packages in this update:

• rust-git-interactive-rebase-tool-2.4.1-9.fc42

Update description:

Rebuild for CVE-2024-12224, CVE-2025-4574

FEDORA-2025-26640e9e35 Packages in this update:

• rust-git-interactive-rebase-tool-2.4.1-9.fc41

Update description:

Rebuild for CVE-2024-12224, CVE-2025-4574

FEDORA-2025-3b4c75f23c Packages in this update:

• rust-git-interactive-rebase-tool-2.4.1-9.fc43

Update description:

Automatic update for rust-git-interactive-rebase-tool-2.4.1-9.fc43.

Changelog * Sun Jun 8 2025 Benjamin Gilbert <bgilbert@backtick.net> - 2.4.1-9 - Rebuild for CVE-2024-12224, CVE-2025-4574 (rhbz#2370599, rhbz#2366573)

FEDORA-2025-129268f8e4 Packages in this update:

• valkey-8.0.3-3.fc42

Update description:

Fix CVE-2025-49112

Fix CVE-2025-49112