Aggregator

Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores. A local attacker could possibly use this issue to expose sensitive information. This update provides the updated microcode mitigations required for the corresponding Linux kernel update.

FEDORA-2025-2406078e57 Packages in this update:

• mupen64plus-2.6.0-8.fc41

Update description:

Patch CVE-2025-29366 and CVE-2025-29366

There should be no change in behaviour.

FEDORA-2025-123e2abe71 Packages in this update:

• mupen64plus-2.6.0-8.fc43

Update description:

Patch CVE-2025-29366 and CVE-2025-29366 There should be no change in behaviour.

FEDORA-2025-7a40e176ed Packages in this update:

• mupen64plus-2.6.0-8.fc42

Update description:

Patch CVE-2025-29366 and CVE-2025-29366 There should be no change in behaviour.

FEDORA-2025-16df491a66 Packages in this update:

• unbound-1.24.1-1.fc43

Update description: Update to 1.24.1

• Enables DNS over QUIC server in unbound
• Fix CVE-2025-11411, (possible domain hijacking attack), reported by Yuxiao Wu, Yunyi Zhang, Baojun Liu and Haixin Duan from Tsinghua University.

It was discovered that GNU binutils incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. The attack is restricted to local execution. (CVE-2025-11082) It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2025-11083, CVE-2025-5244, CVE-2025-5245, CVE-2025-7554) It was discovered that GNU binutils incorrectly handled certain files. An attacker could possibly use this issue to cause crash, execute arbitrary code or expose sensitive information. (CVE-2025-1147) It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-1148, CVE-2025-3198, CVE-2025-8225 It was discovered that GNU binutils incorrectly handled certain files. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 25.04. (CVE-2025-1182) It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbritrary code. This issue only affected Ubuntu 25.04 and Ubuntu 24.04 LTS. (CVE-2025-7546)

Version:6.17.6 (stable) Released:2025-10-29 Source:linux-6.17.6.tar.xz PGP Signature:linux-6.17.6.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.17.6

Version:6.12.56 (longterm) Released:2025-10-29 Source:linux-6.12.56.tar.xz PGP Signature:linux-6.12.56.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.56

Version:6.6.115 (longterm) Released:2025-10-29 Source:linux-6.6.115.tar.xz PGP Signature:linux-6.6.115.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.115

Version:6.1.158 (longterm) Released:2025-10-29 Source:linux-6.1.158.tar.xz PGP Signature:linux-6.1.158.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.1.158

Version:5.15.196 (longterm) Released:2025-10-29 Source:linux-5.15.196.tar.xz PGP Signature:linux-5.15.196.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.15.196

Version:5.10.246 (longterm) Released:2025-10-29 Source:linux-5.10.246.tar.xz PGP Signature:linux-5.10.246.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.10.246

Version:5.4.301 (longterm) Released:2025-10-29 Source:linux-5.4.301.tar.xz PGP Signature:linux-5.4.301.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.4.301

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could use these issues to cause the X Server to crash, leading to a denial of service, obtain sensitive information, or possibly execute arbitrary code.

FEDORA-2025-591ef9306a Packages in this update:

• mingw-poppler-24.08.0-7.fc42

Update description:

Backport fix for CVE-2025.52885.

FEDORA-2025-8b329c399b Packages in this update:

• mingw-poppler-25.07.0-2.fc43

Update description:

Backport fix for CVE-2025.52885.

FEDORA-2025-10d2e6260b Packages in this update:

• python-starlette-0.42.0-3.fc41

Update description:

Backport security fix for CVE-2025-62727, GHSA-7f5h-v6xp-fcq8

FEDORA-2025-65e3f233bf Packages in this update:

• GeographicLib-2.5.2-1.fc42

Update description:

Update to GeographicLib-2.5.2, fixes CVE-2025-60751.