Aggregator

Version:6.6.118 (longterm) Released:2025-12-01 Source:linux-6.6.118.tar.xz PGP Signature:linux-6.6.118.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.118

FEDORA-2025-9b6b49071f Packages in this update:

• imhex-1.37.4-3.fc42
• lunasvg-3.5.0-1.fc42

Update description:

• Unbundle plutovg from lunasvg, this avoids shipping a duplicate library with conflicting files.
• Update lunasvg to consume the plutovg version already available in the repositories and to fix various CVEs.
• Rebuild imhex for the updated lunasvg.

FEDORA-2025-58c0baba42 Packages in this update:

• imhex-1.37.4-3.fc43
• lunasvg-3.5.0-1.fc43

Update description:

• Unbundle plutovg from lunasvg, this avoids shipping a duplicate library with conflicting files.
• Update lunasvg to consume the plutovg version already available in the repositories and to fix various CVEs.
• Rebuild imhex for the updated lunasvg.

FEDORA-2025-49d2ea998c Packages in this update:

• imhex-1.37.4-3.fc44
• lunasvg-3.5.0-1.fc44

Update description:

• Unbundle plutovg from lunasvg, this avoids shipping a duplicate library with conflicting files.
• Update lunasvg to consume the plutovg version already available in the repositories and to fix various CVEs.
• Rebuild imhex for the updated lunasvg.

Version:next-20251201 (linux-next) Released:2025-12-01

FEDORA-EPEL-2025-f1e00653f9 Packages in this update:

• suricata-7.0.13-1.el8

Update description:

Upstream security and bugfix release

FEDORA-EPEL-2025-fbab8bc83a Packages in this update:

• suricata-7.0.13-1.el9

Update description:

Upstream security/bugfix release.

Version:6.18 (mainline) Released:2025-11-30 Source:linux-6.18.tar.xz PGP Signature:linux-6.18.tar.sign Patch:full

FEDORA-EPEL-2025-02dd502cb2 Packages in this update:

• libwebsockets-4.3.7-2.el9

Update description:

Update to 4.3.7, enable glib event loop

FEDORA-2025-0c12fa2541 Packages in this update:

• libwebsockets-4.3.7-2.fc42

Update description:

Update to 4.3.7, enable glib event loop

FEDORA-EPEL-2025-384a4defc5 Packages in this update:

• libwebsockets-4.3.7-2.el10_2

Update description:

Update to 4.3.7, enable glib event loop

FEDORA-EPEL-2025-66b4d6f6bf Packages in this update:

• libwebsockets-4.3.7-2.el10_1

Update description:

Update to 4.3.7, enable glib event loop

FEDORA-2025-6af3ed0ae3 Packages in this update:

• libpng-1.6.51-1.fc43

Update description:

• several security fixes

FEDORA-2025-9d0f04f316 Packages in this update:

• mingw-libpng-1.6.51-1.fc42

Update description:

Update to libpng-1.6.51.

FEDORA-2025-f54c75f2f9 Packages in this update:

• mingw-libpng-1.6.51-1.fc43

Update description:

Update to libpng-1.6.51.

FEDORA-2025-bab973d0b9 Packages in this update:

• glib2-2.86.2-1.fc43

Update description:

• Update to 2.86.2
• Fix CVE-2025-13601 or #YWH-PGM9867-134

FEDORA-2025-6a43695048 Packages in this update:

• libcoap-4.3.5a-1.fc42

Update description:

Update to security release 4.3.5a

FEDORA-2025-d408d76c4a Packages in this update:

• libcoap-4.3.5a-1.fc43

Update description:

Update to security release 4.3.5a

USN-7894-1 fixed vulnerabilities in EDK II. The update introduced a regression in the UEFI network boot. This update reverts the corresponding fixes for CVE-2023-45236 and CVE-2023-45237 pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that EDK II was susceptible to a predictable TCP Initial Sequence Number. An attacker could possibly use this issue to gain unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2023-45236, CVE-2023-45237) It was discovered that EDK II incorrectly handled S3 sleep. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-1298) It was discovered that the EDK II PE/COFF loader incorrectly handled certain memory operations. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-38796) It was discovered that the EDK II PE image hashing function incorrectly handled certain memory operations. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-38797) It was discovered that the EDK II BIOS incorrectly handled certain memory operations. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-38805, CVE-2025-2295) It was discovered that EDK II incorrectly handled the enabling of MCE. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2025-3770) It was discovered that the OpenSSL library embedded in EDK II contained multiple vulnerabilties. An attacker could possibly use these issues to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2021-3712, CVE-2022-0778, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6237, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511, CVE-2024-41996, CVE-2024-4741, CVE-2024-5535, CVE-2024-6119, CVE-2024-9143, CVE-2025-9232)