Fedora 43 Update: apptainer-1.4.3-2.fc43
Fedora 43 Update: civetweb-1.16-10.fc43
Fedora 41 Update: apptainer-1.4.3-1.fc41
Fedora 41 Update: civetweb-1.16-10.fc41
Fedora 41 Update: pandoc-cli-3.1.11.1-34.1.fc41
Fedora 41 Update: pandoc-3.1.11.1-34.fc41
Fedora 42 Update: openssl-3.2.6-2.fc42
Fedora 42 Update: mod_http2-2.0.35-1.fc42
Fedora 42 Update: apptainer-1.4.3-1.fc42
Fedora 42 Update: civetweb-1.16-10.fc42
[SECURITY] Fedora 43 Update: apptainer-1.4.3-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1d2fb742dd
2025-10-07 13:49:28.214096+00:00
--------------------------------------------------------------------------------
Name : apptainer
Product : Fedora 43
Version : 1.4.3
Release : 2.fc43
URL : https://apptainer.org
Summary : Application and environment virtualization formerly known as Singularity
Description :
Apptainer provides functionality to make portable
containers that can be used across host environments.
--------------------------------------------------------------------------------
Update Information:
Update to upstream 1.4.3, fix CVE-2025-58058
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Dave Dykstra [dwd@cern.ch] - 1.4.3-2
- Patch xz to work with 32-bit systems. The patch is from xz v0.5.15.
* Mon Sep 29 2025 Dave Dykstra [dwd@cern.ch] - 1.4.3
- Update to upstream 1.4.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2391600 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks memory [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2391600
[ 2 ] Bug #2391608 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks memory [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2391608
[ 3 ] Bug #2391610 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks memory [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2391610
[ 4 ] Bug #2391617 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks memory [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2391617
[ 5 ] Bug #2391646 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks memory [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391646
[ 6 ] Bug #2398283 - CVE-2025-47910 apptainer: CrossOriginProtection bypass in net/http [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2398283
[ 7 ] Bug #2398318 - CVE-2025-47910 apptainer: CrossOriginProtection bypass in net/http [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2398318
[ 8 ] Bug #2398338 - CVE-2025-47910 apptainer: CrossOriginProtection bypass in net/http [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2398338
[ 9 ] Bug #2400161 - apptainer-1.4.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400161
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1d2fb742dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: civetweb-1.16-10.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-cedb68d233
2025-10-07 13:49:28.214079+00:00
--------------------------------------------------------------------------------
Name : civetweb
Product : Fedora 43
Version : 1.16
Release : 10.fc43
URL : https://github.com/civetweb/civetweb
Summary : Embedded C/C++ web server
Description :
Civetweb is an easy to use, powerful, C (C/C++) embeddable web server
with optional CGI, SSL and Lua support.
CivetWeb can be used by developers as a library, to add web server
functionality to an existing application. It can also be used by end
users as a stand-alone web server running on a Windows or Linux PC.
It is available as single executable, no installation is required.
--------------------------------------------------------------------------------
Update Information:
civetweb-1.16, rhbz 2400162-2400166
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Kaleb S. KEITHLEY - 1.16-10
- civetweb 1.16, rhbz 2400162-2400166
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-cedb68d233' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: apptainer-1.4.3-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-49400d941c
2025-10-08 01:15:30.970830+00:00
--------------------------------------------------------------------------------
Name : apptainer
Product : Fedora 41
Version : 1.4.3
Release : 1.fc41
URL : https://apptainer.org
Summary : Application and environment virtualization formerly known as Singularity
Description :
Apptainer provides functionality to make portable
containers that can be used across host environments.
--------------------------------------------------------------------------------
Update Information:
Update to upstream 1.4.3, fix CVE-2025-58058
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Dave Dykstra [dwd@cern.ch] - 1.4.3
- Update to upstream 1.4.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2391600 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks memory [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2391600
[ 2 ] Bug #2391608 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks memory [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2391608
[ 3 ] Bug #2391610 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks memory [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2391610
[ 4 ] Bug #2391617 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks memory [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2391617
[ 5 ] Bug #2391646 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks memory [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391646
[ 6 ] Bug #2398283 - CVE-2025-47910 apptainer: CrossOriginProtection bypass in net/http [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2398283
[ 7 ] Bug #2398318 - CVE-2025-47910 apptainer: CrossOriginProtection bypass in net/http [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2398318
[ 8 ] Bug #2398338 - CVE-2025-47910 apptainer: CrossOriginProtection bypass in net/http [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2398338
[ 9 ] Bug #2400161 - apptainer-1.4.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400161
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-49400d941c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: civetweb-1.16-10.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-247b5416b4
2025-10-08 01:15:30.970820+00:00
--------------------------------------------------------------------------------
Name : civetweb
Product : Fedora 41
Version : 1.16
Release : 10.fc41
URL : https://github.com/civetweb/civetweb
Summary : Embedded C/C++ web server
Description :
Civetweb is an easy to use, powerful, C (C/C++) embeddable web server
with optional CGI, SSL and Lua support.
CivetWeb can be used by developers as a library, to add web server
functionality to an existing application. It can also be used by end
users as a stand-alone web server running on a Windows or Linux PC.
It is available as single executable, no installation is required.
--------------------------------------------------------------------------------
Update Information:
civetweb-1.16, rhbz#2400165
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Kaleb S. KEITHLEY - 1.16-10
- civetweb 1.16, rhbz#2400165
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2400165 - CVE-2025-9648 civetweb: Denial of Service in CivetWeb [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2400165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-247b5416b4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: pandoc-cli-3.1.11.1-34.1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ef1d49c67b
2025-10-08 01:15:30.970785+00:00
--------------------------------------------------------------------------------
Name : pandoc-cli
Product : Fedora 41
Version : 3.1.11.1
Release : 34.1.fc41
URL : https://hackage.haskell.org/package/pandoc-cli
Summary : Conversion between documentation formats
Description :
Pandoc-cli provides a command-line executable that uses the pandoc library to
convert between markup formats.
--------------------------------------------------------------------------------
Update Information:
pandoc-cli:
enable pandoc server (semantically safe) with pandoc-server-0.1.0.5
pandoc:
apply upstream patch to avoid error with ConTeXt (#2365309)
https://github.com/jgm/pandoc/issues/9820
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 2 2025 Jens Petersen [petersen@redhat.com] - 3.1.11.1-34.1
- enable pandoc server (semantically safe) with pandoc-server-0.1.0.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2379955 - CVE-2025-51591 pandoc: Server-Side Request Forgery in Pandoc [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2379955
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ef1d49c67b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: pandoc-3.1.11.1-34.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ef1d49c67b
2025-10-08 01:15:30.970785+00:00
--------------------------------------------------------------------------------
Name : pandoc
Product : Fedora 41
Version : 3.1.11.1
Release : 34.fc41
URL : https://hackage.haskell.org/package/pandoc
Summary : Conversion between markup formats
Description :
Pandoc is a Haskell library for converting from one markup format to another.
The formats it can handle include
- light markup formats (many variants of Markdown, reStructuredText, AsciiDoc,
Org-mode, Muse, Textile, txt2tags) - HTML formats (HTML 4 and 5) - Ebook
formats (EPUB v2 and v3, FB2) - Documentation formats (GNU TexInfo, Haddock) -
Roff formats (man, ms) - TeX formats (LaTeX, ConTeXt) - Typst - XML formats
(DocBook 4 and 5, JATS, TEI Simple, OpenDocument) - Outline formats (OPML) -
Bibliography formats (BibTeX, BibLaTeX, CSL JSON, CSL YAML, RIS) - Word
processor formats (Docx, RTF, ODT) - Interactive notebook formats (Jupyter
notebook ipynb) - Page layout formats (InDesign ICML) - Wiki markup formats
(MediaWiki, DokuWiki, TikiWiki, TWiki, Vimwiki, XWiki, ZimWiki, Jira wiki,
Creole) - Slide show formats (LaTeX Beamer, PowerPoint, Slidy, reveal.js,
Slideous, S5, DZSlides) - Data formats (CSV and TSV tables) - PDF (via external
programs such as pdflatex or wkhtmltopdf)
Pandoc can convert mathematical content in documents between TeX, MathML, Word
equations, roff eqn, typst, and plain text. It includes a powerful system for
automatic citations and bibliographies, and it can be customized extensively
using templates, filters, and custom readers and writers written in Lua.
For the pandoc command-line program, see the 'pandoc-cli' package.
--------------------------------------------------------------------------------
Update Information:
pandoc-cli:
enable pandoc server (semantically safe) with pandoc-server-0.1.0.5
pandoc:
apply upstream patch to avoid error with ConTeXt (#2365309)
https://github.com/jgm/pandoc/issues/9820
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 1 2025 Jens Petersen [petersen@redhat.com] - 3.1.11.1-34
- apply upstream patch to avoid error with ConTeXt (#2365309)
https://github.com/jgm/pandoc/issues/9820
* Mon Aug 4 2025 Jens Petersen [petersen@redhat.com] - 3.1.11.1-33
- update MANUAL to cover threat related to HTML iframe
https://github.com/jgm/pandoc/issues/10682
* Fri Jan 17 2025 Fedora Release Engineering [releng@fedoraproject.org] - 3.1.11.1-32
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2379955 - CVE-2025-51591 pandoc: Server-Side Request Forgery in Pandoc [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2379955
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ef1d49c67b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: openssl-3.2.6-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c355a1291c
2025-10-08 01:01:00.828971+00:00
--------------------------------------------------------------------------------
Name : openssl
Product : Fedora 42
Version : 3.2.6
Release : 2.fc42
URL : http://www.openssl.org/
Summary : Utilities from the general purpose cryptography library with TLS implementation
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.
--------------------------------------------------------------------------------
Update Information:
Resolves: CVE-2025-9230, CVE-2025-9231, CVE-2025-9232
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 3 2025 Dmitry Belyavskiy [dbelyavs@redhat.com] - 1:3.2.6-2
- rebuilt
* Thu Oct 2 2025 Dmitry Belyavskiy [dbelyavs@redhat.com] - 1:3.2.6-1
- Rebase to 3.2.6
Resolves: CVE-2025-9230, CVE-2025-9231, CVE-2025-9232
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c355a1291c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: mod_http2-2.0.35-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-40b7d151db
2025-10-08 01:01:00.828963+00:00
--------------------------------------------------------------------------------
Name : mod_http2
Product : Fedora 42
Version : 2.0.35
Release : 1.fc42
URL : https://icing.github.io/mod_h2/
Summary : module implementing HTTP/2 for Apache 2
Description :
The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on
top of libnghttp2 for httpd 2.4 servers.
--------------------------------------------------------------------------------
Update Information:
version update
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 6 2025 Lubo?? Uhliarik [luhliari@redhat.com] - 2.0.35-1
- new version 2.0.35
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.0.32-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jun 3 2025 Lubo?? Uhliarik [luhliari@redhat.com] - 2.0.32-1
- new version 2.0.32
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2384235 - CVE-2025-49630 mod_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2384235
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-40b7d151db' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: apptainer-1.4.3-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-402b80a0de
2025-10-08 01:01:00.828929+00:00
--------------------------------------------------------------------------------
Name : apptainer
Product : Fedora 42
Version : 1.4.3
Release : 1.fc42
URL : https://apptainer.org
Summary : Application and environment virtualization formerly known as Singularity
Description :
Apptainer provides functionality to make portable
containers that can be used across host environments.
--------------------------------------------------------------------------------
Update Information:
Update to upstream 1.4.3, fix CVE-2025-58058
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Dave Dykstra [dwd@cern.ch] - 1.4.3
- Update to upstream 1.4.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2391600 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks memory [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2391600
[ 2 ] Bug #2391608 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks memory [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2391608
[ 3 ] Bug #2391610 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks memory [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2391610
[ 4 ] Bug #2391617 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks memory [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2391617
[ 5 ] Bug #2391646 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks memory [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391646
[ 6 ] Bug #2398283 - CVE-2025-47910 apptainer: CrossOriginProtection bypass in net/http [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2398283
[ 7 ] Bug #2398318 - CVE-2025-47910 apptainer: CrossOriginProtection bypass in net/http [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2398318
[ 8 ] Bug #2398338 - CVE-2025-47910 apptainer: CrossOriginProtection bypass in net/http [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2398338
[ 9 ] Bug #2400161 - apptainer-1.4.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400161
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-402b80a0de' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: civetweb-1.16-10.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1056ea31ed
2025-10-08 01:01:00.828912+00:00
--------------------------------------------------------------------------------
Name : civetweb
Product : Fedora 42
Version : 1.16
Release : 10.fc42
URL : https://github.com/civetweb/civetweb
Summary : Embedded C/C++ web server
Description :
Civetweb is an easy to use, powerful, C (C/C++) embeddable web server
with optional CGI, SSL and Lua support.
CivetWeb can be used by developers as a library, to add web server
functionality to an existing application. It can also be used by end
users as a stand-alone web server running on a Windows or Linux PC.
It is available as single executable, no installation is required.
--------------------------------------------------------------------------------
Update Information:
civetweb-1.16, rhbz#240016
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Kaleb S. KEITHLEY - 1.16-10
- civetweb 1.16, rhbz#2400166
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2400166 - CVE-2025-9648 civetweb: Denial of Service in CivetWeb [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2400166
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1056ea31ed' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
