Aggregator

It was discovered that Bootstrap did not correctly sanitize certain input in the carousel component. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. (CVE-2024-6484, CVE-2024-6531) It was discovered that Bootstrap did not correctly sanitize certain input in the button plugin. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. (CVE-2024-6485)

FEDORA-2025-cebde6a6e3 Packages in this update:

• python3.9-3.9.23-1.fc41

Update description:

Update to 3.9.23.

• gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330] [CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links.
• gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler.
• gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service.
• gh-80222: Folding of quoted string in display_name violates RFC.

FEDORA-2025-6efe030226 Packages in this update:

• python3.9-3.9.23-1.fc42

Update description:

Update to 3.9.23.

• gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330] [CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links.
• gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler.
• gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service.
• gh-80222: Folding of quoted string in display_name violates RFC.

FEDORA-2025-f41fafb942 Packages in this update:

• python3.10-3.10.18-1.fc42

Update description:

Update to 3.10.18.

Security content in this release

• gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330] [CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links.
• gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler.
• gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service.

FEDORA-2025-76b69d1931 Packages in this update:

• python3.10-3.10.18-1.fc41

Update description:

Update to 3.10.18.

Security content in this release

• gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330] [CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links.
• gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler.
• gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service.

It was discovered that Django incorrectly handled certain unescaped request paths. An attacker could possibly use this issue to perform a log injection.

FEDORA-2025-82ac5e4065 Packages in this update:

• gh-2.74.0-1.fc42

Update description:

Update to 2.74.0 - Fixes CVE-2025-48938

FEDORA-2025-164ac0d01f Packages in this update:

• gh-2.74.0-1.fc41

Update description:

Update to 2.74.0 - Fixes CVE-2025-48938

Version:6.15.1 (stable) Released:2025-06-04 Source:linux-6.15.1.tar.xz PGP Signature:linux-6.15.1.tar.sign Patch:full ChangeLog:ChangeLog-6.15.1

Version:6.14.10 (stable) Released:2025-06-04 Source:linux-6.14.10.tar.xz PGP Signature:linux-6.14.10.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.14.10

Version:6.12.32 (longterm) Released:2025-06-04 Source:linux-6.12.32.tar.xz PGP Signature:linux-6.12.32.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.32

Version:6.6.93 (longterm) Released:2025-06-04 Source:linux-6.6.93.tar.xz PGP Signature:linux-6.6.93.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.93

Version:6.1.141 (longterm) Released:2025-06-04 Source:linux-6.1.141.tar.xz PGP Signature:linux-6.1.141.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.1.141

Version:5.15.185 (longterm) Released:2025-06-04 Source:linux-5.15.185.tar.xz PGP Signature:linux-5.15.185.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.15.185

Version:5.10.238 (longterm) Released:2025-06-04 Source:linux-5.10.238.tar.xz PGP Signature:linux-5.10.238.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.10.238

Version:5.4.294 (longterm) Released:2025-06-04 Source:linux-5.4.294.tar.xz PGP Signature:linux-5.4.294.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.4.294

FEDORA-2025-879f3d7695 Packages in this update:

• mingw-icu-76.1-3.fc42

Update description:

Backport fix for CVE-2025-5222.

FEDORA-2025-49ae47f4ef Packages in this update:

• mingw-icu-74.2-4.fc41

Update description:

Backport fix for CVE-2025-5222.

FEDORA-EPEL-2025-8219157fe0 Packages in this update:

• yarnpkg-1.22.22-8.el8

Update description:

Backport fix for CVE-2025-48387.