Aggregator

FEDORA-2025-05a723591b Packages in this update:

• docker-buildx-0.29.0-1.fc44

Update description:

Automatic update for docker-buildx-0.29.0-1.fc44.

Changelog * Tue Sep 30 2025 Bradley G Smith <bradley.g.smith@gmail.com> - 0.29.0-1 - Update to release v0.29.0 - Resolves: rhbz#2397747, rhbz#2398425, rhbz#2398679, rhbz#2399082, rhbz#2399355 - Upstream new features and fixes

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - MTD block device drivers; - Network drivers; - Pin controllers subsystem; - x86 platform drivers; - PTP clock framework; - RapidIO drivers; - Voltage and Current Regulator drivers; - Remote Processor subsystem; - S/390 drivers; - SCSI subsystem; - ASPEED SoC drivers; - TCM subsystem; - Thermal drivers; - Thunderbolt and USB4 drivers; - TTY drivers; - UFS subsystem; - USB Gadget drivers; - Renesas USBHS Controller drivers; - USB Type-C support driver; - Virtio Host (VHOST) subsystem; - Backlight driver; - Framebuffer layer; - BTRFS file system; - File systems infrastructure; - Ext4 file system; - F2FS file system; - JFFS2 file system; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NTFS3 file system; - DRM display driver; - Memory Management; - Mellanox drivers; - Memory management; - Netfilter; - Network sockets; - IPC subsystem; - BPF subsystem; - Perf events; - Kernel exit() syscall; - Restartable seuqences system call mechanism; - Timer subsystem; - Tracing infrastructure; - Appletalk network protocol; - Asynchronous Transfer Mode (ATM) subsystem; - Networking core; - IPv6 networking; - MultiProtocol Label Switching driver; - NetLabel subsystem; - Netlink; - NFC subsystem; - Open vSwitch; - Rose network layer; - RxRPC session sockets; - Network traffic control; - TIPC protocol; - VMware vSockets driver; - USB sound devices; (CVE-2025-38212, CVE-2025-38377, CVE-2025-38328, CVE-2025-38167, CVE-2025-38119, CVE-2025-38143, CVE-2025-38513, CVE-2025-38257, CVE-2025-38443, CVE-2025-38420, CVE-2025-38067, CVE-2025-38111, CVE-2025-38448, CVE-2025-38107, CVE-2025-38465, CVE-2025-38237, CVE-2025-38174, CVE-2025-38516, CVE-2025-38100, CVE-2025-38120, CVE-2025-38219, CVE-2025-38194, CVE-2025-38085, CVE-2025-38441, CVE-2025-38227, CVE-2024-57883, CVE-2025-38088, CVE-2025-38352, CVE-2025-38159, CVE-2025-38410, CVE-2025-38406, CVE-2025-38204, CVE-2025-38345, CVE-2025-38393, CVE-2025-38074, CVE-2025-38146, CVE-2025-38160, CVE-2025-38102, CVE-2025-37963, CVE-2025-38466, CVE-2025-38286, CVE-2025-38263, CVE-2025-38415, CVE-2025-38386, CVE-2025-38416, CVE-2025-38375, CVE-2025-38136, CVE-2025-38285, CVE-2025-38108, CVE-2025-38251, CVE-2025-38391, CVE-2025-38161, CVE-2025-38157, CVE-2025-38462, CVE-2025-38319, CVE-2025-38395, CVE-2025-38135, CVE-2025-38326, CVE-2025-38090, CVE-2025-38147, CVE-2025-38461, CVE-2025-38540, CVE-2025-21888, CVE-2025-38515, CVE-2025-38445, CVE-2025-38498, CVE-2025-38249, CVE-2025-38312, CVE-2025-38173, CVE-2025-38153, CVE-2025-38400, CVE-2025-38324, CVE-2025-38245, CVE-2025-38313, CVE-2024-26775, CVE-2025-38163, CVE-2025-38387, CVE-2025-38298, CVE-2025-38112, CVE-2025-38231, CVE-2025-38084, CVE-2025-38439, CVE-2025-38211, CVE-2025-38145, CVE-2025-38273, CVE-2025-38203, CVE-2025-38467, CVE-2025-38320, CVE-2025-38444, CVE-2025-38262, CVE-2025-38293, CVE-2025-37948, CVE-2025-38336, CVE-2025-38419, CVE-2025-38458, CVE-2025-38384, CVE-2025-38460, CVE-2025-38115, CVE-2025-38337, CVE-2025-38305, CVE-2025-38399, CVE-2025-38371, CVE-2025-38542, CVE-2025-38332, CVE-2025-38389, CVE-2025-37958, CVE-2025-38346, CVE-2025-38226, CVE-2025-38218, CVE-2025-38310, CVE-2025-38206, CVE-2025-38412, CVE-2025-38418, CVE-2025-38154, CVE-2025-38181, CVE-2025-38424, CVE-2025-38344, CVE-2025-38430, CVE-2025-38428, CVE-2025-38138, CVE-2025-38086, CVE-2025-38342, CVE-2024-26726, CVE-2025-38457, CVE-2025-38222, CVE-2024-44939, CVE-2025-38363, CVE-2025-38348, CVE-2025-38197, CVE-2025-38403, CVE-2025-38362, CVE-2025-38280, CVE-2025-38464, CVE-2025-38459, CVE-2025-38229, CVE-2025-38401, CVE-2025-38184, CVE-2025-38514, CVE-2025-38103, CVE-2025-38122, CVE-2025-38200, CVE-2022-48703)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Bus devices; - AMD CDX bus driver; - DPLL subsystem; - EFI core; - GPIO subsystem; - GPU drivers; - HID subsystem; - I2C subsystem; - InfiniBand drivers; - Multiple devices driver; - Network drivers; - Mellanox network drivers; - NVME drivers; - Pin controllers subsystem; - RapidIO drivers; - Voltage and Current Regulator drivers; - SCSI subsystem; - SLIMbus drivers; - QCOM SoC drivers; - UFS subsystem; - USB DSL drivers; - Renesas USBHS Controller drivers; - USB Type-C Connector System Software Interface driver; - Framebuffer layer; - ACRN Hypervisor Service Module driver; - Network file system (NFS) client; - Proc file system; - SMB network file system; - Memory Management; - Scheduler infrastructure; - SoC audio core drivers; - Perf events; - Tracing infrastructure; - Memory management; - 802.1Q VLAN protocol; - Asynchronous Transfer Mode (ATM) subsystem; - Bluetooth subsystem; - Devlink API; - IPv4 networking; - IPv6 networking; - Logical Link layer; - Management Component Transport Protocol (MCTP); - Multipath TCP; - Netfilter; - Network traffic control; - Switch device API; - Wireless networking; - eXpress Data Path; (CVE-2025-21944, CVE-2025-21927, CVE-2025-21996, CVE-2025-21928, CVE-2025-21888, CVE-2025-21995, CVE-2025-21929, CVE-2025-21873, CVE-2025-21875, CVE-2025-21894, CVE-2025-21878, CVE-2025-21977, CVE-2024-58090, CVE-2025-21872, CVE-2025-21905, CVE-2025-21963, CVE-2025-21991, CVE-2025-21947, CVE-2025-21924, CVE-2025-21899, CVE-2025-21992, CVE-2025-21909, CVE-2025-21920, CVE-2025-21917, CVE-2025-21972, CVE-2025-21997, CVE-2025-21999, CVE-2025-21895, CVE-2025-22013, CVE-2025-21936, CVE-2025-21881, CVE-2025-21956, CVE-2025-22010, CVE-2025-22015, CVE-2025-21959, CVE-2025-21980, CVE-2025-22017, CVE-2025-22005, CVE-2025-21935, CVE-2025-21911, CVE-2025-21914, CVE-2025-22001, CVE-2025-21913, CVE-2025-22007, CVE-2025-21966, CVE-2025-21962, CVE-2025-21908, CVE-2025-21910, CVE-2025-22014, CVE-2025-22016, CVE-2025-21957, CVE-2025-21968, CVE-2025-21986, CVE-2025-21981, CVE-2025-21880, CVE-2025-21950, CVE-2025-21982, CVE-2025-21976, CVE-2025-21979, CVE-2025-21912, CVE-2025-21951, CVE-2025-21994, CVE-2025-21946, CVE-2025-21955, CVE-2025-21898, CVE-2025-21960, CVE-2025-21883, CVE-2025-21970, CVE-2025-21891, CVE-2025-21919, CVE-2025-21964, CVE-2025-21926, CVE-2025-21877, CVE-2025-21903, CVE-2025-21978, CVE-2025-21885, CVE-2025-21948, CVE-2025-21930, CVE-2025-22009, CVE-2025-21918, CVE-2025-21890, CVE-2025-21925, CVE-2025-22003, CVE-2025-22008, CVE-2025-21934, CVE-2025-21961, CVE-2025-22004, CVE-2025-21941, CVE-2025-21915, CVE-2025-21967, CVE-2025-21904, CVE-2025-21916, CVE-2025-37889, CVE-2025-21922, CVE-2025-21892, CVE-2025-21975, CVE-2025-21945, CVE-2025-21889, CVE-2025-21937, CVE-2025-21969)

FEDORA-2025-3c80b660e0 Packages in this update:

• pgadmin4-9.8-2.fc42

Update description:

Update to pgadmin-9.8. Fixes CVE-2025-9636.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Android drivers; - Bluetooth drivers; - Bus devices; - Clock framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - Arm Firmware Framework for ARMv8-A(FFA); - FPGA Framework; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - HW tracing; - InfiniBand drivers; - IOMMU subsystem; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MTD block device drivers; - Network drivers; - Mellanox network drivers; - STMicroelectronics network drivers; - NVDIMM (Non-Volatile Memory Device) drivers; - NVME drivers; - NVMEM (Non Volatile Memory) drivers; - PCI subsystem; - Amlogic Meson DDR PMU; - NI-700 PMU driver; - PHY drivers; - Pin controllers subsystem; - x86 platform drivers; - PTP clock framework; - SCSI subsystem; - ASPEED SoC drivers; - SPI subsystem; - TCM subsystem; - Thunderbolt and USB4 drivers; - TTY drivers; - UFS subsystem; - USB core drivers; - USB Gadget drivers; - Renesas USBHS Controller drivers; - USB Type-C Port Controller Manager driver; - VFIO drivers; - Virtio Host (VHOST) subsystem; - Backlight driver; - Framebuffer layer; - Virtio drivers; - BTRFS file system; - EROFS file system; - F2FS file system; - File systems infrastructure; - Network file systems library; - NTFS3 file system; - SMB network file system; - Codetag library; - BPF subsystem; - LZO compression library; - Mellanox drivers; - IPv4 networking; - Bluetooth subsystem; - Network sockets; - XFRM subsystem; - Digital Audio (PCM) driver; - Tracing infrastructure; - io_uring subsystem; - Padata parallel execution mechanism; - DVFS energy model driver; - Restartable seuqences system call mechanism; - Timer subsystem; - Memory management; - KASAN memory debugging framework; - CAN network layer; - Networking core; - IPv6 networking; - Netfilter; - NetLabel subsystem; - Open vSwitch; - Network traffic control; - TIPC protocol; - TLS protocol; - ALSA framework; - sma1307 audio codecs; - Intel ASoC drivers; - MediaTek ASoC drivers; - USB sound devices; (CVE-2025-38137, CVE-2025-38141, CVE-2025-38035, CVE-2025-38298, CVE-2025-38042, CVE-2025-38140, CVE-2025-38138, CVE-2025-38316, CVE-2025-38304, CVE-2025-38165, CVE-2025-38306, CVE-2025-38082, CVE-2025-38132, CVE-2025-38498, CVE-2025-38158, CVE-2025-38154, CVE-2025-38064, CVE-2025-38129, CVE-2025-38096, CVE-2025-38352, CVE-2025-38303, CVE-2025-38122, CVE-2025-38048, CVE-2025-38296, CVE-2025-38149, CVE-2025-38319, CVE-2025-38078, CVE-2025-38066, CVE-2025-38099, CVE-2025-38291, CVE-2025-38267, CVE-2025-38268, CVE-2025-38126, CVE-2025-38076, CVE-2025-38077, CVE-2025-38101, CVE-2025-38071, CVE-2025-38163, CVE-2025-38285, CVE-2025-38265, CVE-2025-38125, CVE-2025-38302, CVE-2025-38172, CVE-2025-38292, CVE-2025-38279, CVE-2025-38170, CVE-2025-38062, CVE-2025-38074, CVE-2025-38050, CVE-2025-38116, CVE-2025-38414, CVE-2025-38173, CVE-2025-38033, CVE-2025-38112, CVE-2025-38091, CVE-2025-38290, CVE-2025-39890, CVE-2025-38156, CVE-2025-38289, CVE-2025-38275, CVE-2025-38295, CVE-2025-38123, CVE-2025-38300, CVE-2025-38067, CVE-2025-38131, CVE-2025-38294, CVE-2025-38105, CVE-2025-38107, CVE-2025-38106, CVE-2025-38069, CVE-2025-38041, CVE-2025-38111, CVE-2025-38312, CVE-2025-38092, CVE-2025-38054, CVE-2025-38166, CVE-2025-38044, CVE-2025-38159, CVE-2025-38061, CVE-2025-38115, CVE-2025-38058, CVE-2025-38036, CVE-2025-38100, CVE-2025-38075, CVE-2025-38160, CVE-2025-38102, CVE-2025-38269, CVE-2025-38108, CVE-2025-38119, CVE-2025-38052, CVE-2025-38175, CVE-2025-38103, CVE-2025-38286, CVE-2025-38051, CVE-2025-38004, CVE-2025-38283, CVE-2025-38118, CVE-2025-38139, CVE-2025-38079, CVE-2025-38315, CVE-2025-38145, CVE-2025-38072, CVE-2025-38045, CVE-2025-38117, CVE-2025-38143, CVE-2025-38068, CVE-2025-38053, CVE-2025-38081, CVE-2025-38032, CVE-2025-38134, CVE-2025-38063, CVE-2025-38128, CVE-2025-38278, CVE-2025-38270, CVE-2025-38060, CVE-2025-38161, CVE-2025-38073, CVE-2025-38065, CVE-2025-38313, CVE-2025-38148, CVE-2025-38124, CVE-2025-38305, CVE-2025-38146, CVE-2025-38047, CVE-2025-38055, CVE-2025-38169, CVE-2025-38120, CVE-2025-38164, CVE-2025-38070, CVE-2025-38176, CVE-2025-38282, CVE-2025-38288, CVE-2025-38274, CVE-2025-38113, CVE-2025-38174, CVE-2025-38301, CVE-2025-38293, CVE-2025-38136, CVE-2025-38311, CVE-2025-38039, CVE-2025-38297, CVE-2025-38155, CVE-2025-38307, CVE-2025-38147, CVE-2025-38043, CVE-2025-38109, CVE-2025-38281, CVE-2025-38280, CVE-2025-38127, CVE-2025-38057, CVE-2025-38029, CVE-2025-38038, CVE-2025-38167, CVE-2025-38151, CVE-2025-38415, CVE-2025-38317, CVE-2025-38031, CVE-2025-38162, CVE-2025-38098, CVE-2025-38130, CVE-2025-38114, CVE-2025-38142, CVE-2025-38135, CVE-2025-38299, CVE-2025-38272, CVE-2025-38277, CVE-2025-38037, CVE-2025-38088, CVE-2025-38287, CVE-2025-38168, CVE-2025-38003, CVE-2025-38284, CVE-2025-38499, CVE-2025-38097, CVE-2025-38318, CVE-2025-38059, CVE-2025-38040, CVE-2025-38314, CVE-2025-38110, CVE-2025-38157, CVE-2025-38153, CVE-2025-38080, CVE-2025-38034, CVE-2025-38310)

FEDORA-2025-e3f99bf558 Packages in this update:

• ibus-bamboo-0.8.4~RC6-2.fc41

Update description:

Rebuild with golang-1.24.7-1.fc41

FEDORA-2025-f07b4f8c0c Packages in this update:

• ibus-bamboo-0.8.4~RC6-2.fc42

Update description:

Rebuild with golang-1.24.7-1.fc42

FEDORA-EPEL-2025-c1a3189d11 Packages in this update:

• libssh2-1.11.1-1.el9

Update description:

This update, to the current upstream libssh2 release, addresses a couple of security issues:

• CVE-2023-6918 (missing checks for return values for digests)
• CVE-2023-48795 (prefix truncation attack on Binary Packet Protocol (BPP) - "Terrapin")

It also removes support for a number of legacy algorithms that were disabled by default or removed from OpenSSH in the 2015-2018 time period. See the RELEASE_NOTES file for full details.

In addition, there are a large number of bug fixes and enhancements, which again are described in the RELEASE_NOTES file.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - ATA over ethernet (AOE) driver; - Network block device driver; - Bus devices; - Clock framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - MTD block device drivers; - Network drivers; - Pin controllers subsystem; - x86 platform drivers; - PTP clock framework; - RapidIO drivers; - Voltage and Current Regulator drivers; - Remote Processor subsystem; - S/390 drivers; - SCSI subsystem; - ASPEED SoC drivers; - TCM subsystem; - Thermal drivers; - Thunderbolt and USB4 drivers; - TTY drivers; - UFS subsystem; - USB Gadget drivers; - Renesas USBHS Controller drivers; - USB Type-C support driver; - Virtio Host (VHOST) subsystem; - Backlight driver; - Framebuffer layer; - BTRFS file system; - File systems infrastructure; - Ext4 file system; - F2FS file system; - JFFS2 file system; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NTFS3 file system; - SMB network file system; - DRM display driver; - Memory Management; - Mellanox drivers; - Memory management; - Netfilter; - Network sockets; - IPC subsystem; - BPF subsystem; - Perf events; - Kernel exit() syscall; - Restartable seuqences system call mechanism; - Timer subsystem; - Tracing infrastructure; - Appletalk network protocol; - Asynchronous Transfer Mode (ATM) subsystem; - Networking core; - IPv6 networking; - MultiProtocol Label Switching driver; - NetLabel subsystem; - Netlink; - NFC subsystem; - Open vSwitch; - Rose network layer; - RxRPC session sockets; - Network traffic control; - TIPC protocol; - VMware vSockets driver; - USB sound devices; (CVE-2025-38067, CVE-2025-38371, CVE-2025-38153, CVE-2025-38160, CVE-2024-57883, CVE-2025-38406, CVE-2025-38263, CVE-2025-38352, CVE-2025-38147, CVE-2025-38464, CVE-2025-38362, CVE-2025-38227, CVE-2025-38462, CVE-2025-38332, CVE-2025-38326, CVE-2025-38226, CVE-2025-38167, CVE-2025-38085, CVE-2025-38459, CVE-2025-38345, CVE-2025-38103, CVE-2025-38540, CVE-2025-38161, CVE-2025-38138, CVE-2025-38159, CVE-2024-26775, CVE-2025-38249, CVE-2025-38090, CVE-2025-38319, CVE-2025-38135, CVE-2025-38184, CVE-2025-38465, CVE-2025-38222, CVE-2025-38445, CVE-2025-38328, CVE-2025-38111, CVE-2025-38457, CVE-2025-38466, CVE-2025-38403, CVE-2025-38346, CVE-2025-38441, CVE-2025-38285, CVE-2025-38444, CVE-2025-38377, CVE-2025-38218, CVE-2025-38305, CVE-2025-38211, CVE-2025-38100, CVE-2025-38424, CVE-2025-38336, CVE-2025-38237, CVE-2025-38245, CVE-2025-38348, CVE-2025-38415, CVE-2025-37963, CVE-2025-38163, CVE-2025-38231, CVE-2025-38461, CVE-2025-38084, CVE-2025-38107, CVE-2025-38200, CVE-2025-38393, CVE-2025-38498, CVE-2025-38115, CVE-2025-38399, CVE-2025-38312, CVE-2025-37958, CVE-2025-38286, CVE-2025-38174, CVE-2025-38136, CVE-2025-38086, CVE-2025-38460, CVE-2025-38229, CVE-2025-38108, CVE-2025-38337, CVE-2025-38389, CVE-2025-38513, CVE-2025-38420, CVE-2025-38194, CVE-2025-38273, CVE-2025-38395, CVE-2025-38430, CVE-2025-38375, CVE-2025-38154, CVE-2025-38146, CVE-2025-38298, CVE-2025-38342, CVE-2025-38181, CVE-2024-44939, CVE-2025-38280, CVE-2025-38386, CVE-2025-38320, CVE-2025-38514, CVE-2025-38391, CVE-2025-38400, CVE-2025-38212, CVE-2025-38088, CVE-2025-38204, CVE-2024-26726, CVE-2025-38122, CVE-2025-38203, CVE-2025-38443, CVE-2025-38418, CVE-2025-38363, CVE-2025-38262, CVE-2025-21888, CVE-2025-38416, CVE-2025-38219, CVE-2022-48703, CVE-2025-38313, CVE-2025-38410, CVE-2025-38145, CVE-2025-38515, CVE-2025-38120, CVE-2025-37954, CVE-2025-38251, CVE-2025-38344, CVE-2025-38102, CVE-2025-37948, CVE-2025-38197, CVE-2025-38458, CVE-2025-38324, CVE-2025-38387, CVE-2025-38412, CVE-2025-38119, CVE-2025-38293, CVE-2025-38401, CVE-2025-38206, CVE-2025-38419, CVE-2025-38516, CVE-2025-38448, CVE-2025-38428, CVE-2025-38439, CVE-2025-38143, CVE-2025-38112, CVE-2025-38542, CVE-2025-38074, CVE-2025-38310, CVE-2025-38467, CVE-2025-38173, CVE-2025-38384, CVE-2025-38257, CVE-2025-38157)

FEDORA-2025-0fe3b1b7fc Packages in this update:

• wordpress-6.8.3-1.fc42

Update description: WordPress 6.8.3 Release

Security updates included in this release:

• A data exposure issue where authenticated users could access some restricted content. Independently reported by Mike Nelson, Abu Hurayra, Timothy Jacobs, and Peter Wilson.
• A cross-site scripting (XSS) vulnerability requiring an authenticated user role that affects the nav menus. Reported by Phill Savage.

FEDORA-EPEL-2025-9ee0d98ed3 Packages in this update:

• wordpress-6.8.3-1.el10_1

Update description: WordPress 6.8.3 Release

Security updates included in this release:

• A data exposure issue where authenticated users could access some restricted content. Independently reported by Mike Nelson, Abu Hurayra, Timothy Jacobs, and Peter Wilson.
• A cross-site scripting (XSS) vulnerability requiring an authenticated user role that affects the nav menus. Reported by Phill Savage.

FEDORA-2025-8e71abf396 Packages in this update:

• wordpress-6.8.3-1.fc43

Update description: WordPress 6.8.3 Release

Security updates included in this release:

• A data exposure issue where authenticated users could access some restricted content. Independently reported by Mike Nelson, Abu Hurayra, Timothy Jacobs, and Peter Wilson.
• A cross-site scripting (XSS) vulnerability requiring an authenticated user role that affects the nav menus. Reported by Phill Savage.

FEDORA-2025-acd3e11344 Packages in this update:

• wordpress-6.8.3-1.fc41

Update description: WordPress 6.8.3 Release

Security updates included in this release:

• A data exposure issue where authenticated users could access some restricted content. Independently reported by Mike Nelson, Abu Hurayra, Timothy Jacobs, and Peter Wilson.
• A cross-site scripting (XSS) vulnerability requiring an authenticated user role that affects the nav menus. Reported by Phill Savage.

FEDORA-EPEL-2025-959007e212 Packages in this update:

• wordpress-6.8.3-1.el10_2

Update description: WordPress 6.8.3 Release

Security updates included in this release:

• A data exposure issue where authenticated users could access some restricted content. Independently reported by Mike Nelson, Abu Hurayra, Timothy Jacobs, and Peter Wilson.
• A cross-site scripting (XSS) vulnerability requiring an authenticated user role that affects the nav menus. Reported by Phill Savage.

FEDORA-EPEL-2025-da8bc4aeb5 Packages in this update:

• wordpress-6.8.3-1.el9

Update description: WordPress 6.8.3 Release

Security updates included in this release:

• A data exposure issue where authenticated users could access some restricted content. Independently reported by Mike Nelson, Abu Hurayra, Timothy Jacobs, and Peter Wilson.
• A cross-site scripting (XSS) vulnerability requiring an authenticated user role that affects the nav menus. Reported by Phill Savage.

FEDORA-EPEL-2025-6c7fdafc09 Packages in this update:

• wordpress-6.8.3-1.el10_0

Update description: WordPress 6.8.3 Release

Security updates included in this release:

• A data exposure issue where authenticated users could access some restricted content. Independently reported by Mike Nelson, Abu Hurayra, Timothy Jacobs, and Peter Wilson.
• A cross-site scripting (XSS) vulnerability requiring an authenticated user role that affects the nav menus. Reported by Phill Savage.

Jakub Wilk discovered that libmspack did not correctly handle certain integer operations and bounds checking. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-4467, CVE-2015-4468, CVE-2015-4469, CVE-2015-4472) It was discovered that libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. (CVE-2017-11423) It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-6419) Hanno Böck discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14679, CVE-2018-14680) Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-14681) Dmitry Glavatskikh discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-14682) It was discovered libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. (CVE-2018-18585) It was discovered that libmspack incorrectly handled certain CHM files. A remote attacker could possibly use this issue to access sensitive information. (CVE-2019-1010305)

Ivan Fratric discovered that Libxslt did not correctly handle certain memory operations. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service.

FEDORA-2025-5abaff3fcb Packages in this update:

• insight-13.0.50.20220502-27.fc42

Update description:

Fix CVS 2025-11082 and 2025-11083.

• conditional for explicit BR tcl/tk 8
• dummy rpm check section.