Fedora 41 Update: chromium-141.0.7390.54-1.fc41
Fedora 41 Update: insight-13.0.50.20220502-27.fc41
Fedora 41 Update: turbo-attack-0.1.0-3.fc41
Fedora 41 Update: yarnpkg-1.22.22-12.fc41
Fedora 41 Update: rust-protobuf-parse-3.7.2-1.fc41
Fedora 41 Update: rust-prometheus-0.14.0-1.fc41
Fedora 41 Update: rust-protobuf-codegen-3.7.2-1.fc41
Fedora 41 Update: rust-protobuf-3.7.2-1.fc41
Fedora 41 Update: rust-maxminddb-0.26.0-1.fc41
Fedora 41 Update: rust-protobuf-support-3.7.2-1.fc41
Fedora 41 Update: rust-prometheus_exporter-0.8.5-5.fc41
Fedora 41 Update: mirrorlist-server-3.0.8-1.fc41
Fedora 41 Update: oci-seccomp-bpf-hook-1.2.10-8.fc41
Fedora 42 Update: insight-13.0.50.20220502-27.fc42
Fedora 42 Update: yarnpkg-1.22.22-12.fc42
Fedora 42 Update: turbo-attack-0.1.0-4.fc42
Fedora 42 Update: oci-seccomp-bpf-hook-1.2.10-9.fc42
[SECURITY] Fedora 41 Update: chromium-141.0.7390.54-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2d4d91b00a
2025-10-09 01:14:09.802863+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 41
Version : 141.0.7390.54
Release : 1.fc41
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 141.0.7390.54
* High CVE-2025-11205: Heap buffer overflow in WebGPU
* High CVE-2025-11206: Heap buffer overflow in Video
* Medium CVE-2025-11207: Side-channel information leakage in Storage
* Medium CVE-2025-11208: Inappropriate implementation in Media
* Medium CVE-2025-11209: Inappropriate implementation in Omnibox
* Medium CVE-2025-11210: Side-channel information leakage in Tab
* Medium CVE-2025-11211: Out of bounds read in Media
* Medium CVE-2025-11212: Inappropriate implementation in Media
* Medium CVE-2025-11213: Inappropriate implementation in Omnibox
* Medium CVE-2025-11215: Off by one error in V8
* Low CVE-2025-11216: Inappropriate implementation in Storage
* Low CVE-2025-11219: Use after free in V8
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2025 Than Ngo [than@redhat.com] - 141.0.7390.54-1
- Update to 141.0.7390.54
* High CVE-2025-11205: Heap buffer overflow in WebGPU
* High CVE-2025-11206: Heap buffer overflow in Video
* Medium CVE-2025-11207: Side-channel information leakage in Storage
* Medium CVE-2025-11208: Inappropriate implementation in Media
* Medium CVE-2025-11209: Inappropriate implementation in Omnibox
* Medium CVE-2025-11210: Side-channel information leakage in Tab
* Medium CVE-2025-11211: Out of bounds read in Media
* Medium CVE-2025-11212: Inappropriate implementation in Media
* Medium CVE-2025-11213: Inappropriate implementation in Omnibox
* Medium CVE-2025-11215: Off by one error in V8
* Low CVE-2025-11216: Inappropriate implementation in Storage
* Low CVE-2025-11219: Use after free in V8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2381730 - DebugInfo packages aren't being produced.
https://bugzilla.redhat.com/show_bug.cgi?id=2381730
[ 2 ] Bug #2400095 - Update chromium-141.0.7390.54 major release [fedora-all, epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2400095
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2d4d91b00a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: insight-13.0.50.20220502-27.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d22287ec14
2025-10-09 01:14:09.802855+00:00
--------------------------------------------------------------------------------
Name : insight
Product : Fedora 41
Version : 13.0.50.20220502
Release : 27.fc41
URL : https://www.sourceware.org/insight/
Summary : Graphical debugger based on GDB
Description :
Insight is a tight graphical user interface to GDB written in Tcl/Tk.
It provides a comprehensive interface that enables users to harness
most of GDB's power. It's also probably the only up-to-date UI for
the latest GDB version.
--------------------------------------------------------------------------------
Update Information:
Fix CVS 2025-11082 and 2025-11083.
conditional for explicit BR tcl/tk 8
dummy rpm check section.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Patrick Monnerat [patrick@monnerat.net] 13.0.50.20220502-27
- Patch "cve-2025-11082" fixes CVS 2025-11082.
https://bugzilla.redhat.com/show_bug.cgi?id=2400356
- Patch "cve-2025-11083" fixes CVS 2025-11083.
https://bugzilla.redhat.com/show_bug.cgi?id=2400349
- Conditional explicit BR tcl/tk 8.
- Dummy rpm check section.
* Thu May 15 2025 Patrick Monnerat [patrick@monnerat.net] 13.0.50.20220502-22
- Use Tcl/Tk version 8.
BZ #2337719 & 2366460.
* Tue Jan 21 2025 Patrick Monnerat [patrick@monnerat.net] 13.0.50.20220502-21
- Patch "bool" to rename a variable conflicting with a reserved word.
* Mon Sep 2 2024 Miroslav Such?? [msuchy@redhat.com] - 13.0.50.20220502-19
- convert license to SPDX
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2400317 - CVE-2025-11083 insight: GNU Binutils Linker heap-based overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2400317
[ 2 ] Bug #2400323 - CVE-2025-11082 insight: GNU Binutils Linker heap-based overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2400323
[ 3 ] Bug #2400349 - CVE-2025-11083 insight: GNU Binutils Linker heap-based overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2400349
[ 4 ] Bug #2400356 - CVE-2025-11082 insight: GNU Binutils Linker heap-based overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2400356
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d22287ec14' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: turbo-attack-0.1.0-3.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-cc7ca60219
2025-10-09 01:14:09.802849+00:00
--------------------------------------------------------------------------------
Name : turbo-attack
Product : Fedora 41
Version : 0.1.0
Release : 3.fc41
URL : https://github.com/mytechnotalent/turbo-attack
Summary : A turbo traffic generator pentesting tool
Description :
A turbo traffic generator pentesting tool to generate random traffic with
random mac and ip addresses in addition to random sequence numbers to a
particular ip and port.
--------------------------------------------------------------------------------
Update Information:
Rebuild for fixing rhbz#2399298
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Tim Semeijn [fedora@semops.nl] - 0.1.0-3
- Rebuild for fixing rhbz#2399298
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2399298 - CVE-2025-47906 turbo-attack: Unexpected paths returned from LookPath in os/exec [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399298
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-cc7ca60219' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: yarnpkg-1.22.22-12.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-4dd58248ff
2025-10-09 01:14:09.802852+00:00
--------------------------------------------------------------------------------
Name : yarnpkg
Product : Fedora 41
Version : 1.22.22
Release : 12.fc41
URL : https://github.com/yarnpkg/yarn
Summary : Fast, reliable, and secure dependency management.
Description :
Fast, reliable, and secure dependency management.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2025-59343.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Sandro Mani [manisandro@gmail.com] - 1.22.22-12
- Regenerate bundle, fixes CVE-2025-59343
- Patch out eslint and commitizen devDependencies to reduce dependencies
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2397971 - CVE-2025-59343 yarnpkg: tar-fs symlink validation bypass [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2397971
[ 2 ] Bug #2397973 - CVE-2025-59343 yarnpkg: tar-fs symlink validation bypass [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2397973
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-4dd58248ff' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-protobuf-parse-3.7.2-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2503abb88f
2025-10-09 01:14:09.802842+00:00
--------------------------------------------------------------------------------
Name : rust-protobuf-parse
Product : Fedora 41
Version : 3.7.2
Release : 1.fc41
URL : https://crates.io/crates/protobuf-parse
Summary : Parse .proto files
Description :
Parse `.proto` files. Files are parsed into a
`protobuf::descriptor::FileDescriptorSet` object using either: * pure
rust parser (no dependencies) * `protoc` binary (more reliable and
compatible with Google's implementation).
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Fabio Valentini [decathorpe@gmail.com] - 3.7.2-1
- Initial import (#2397168)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376749 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2376749
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2503abb88f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-prometheus-0.14.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2503abb88f
2025-10-09 01:14:09.802842+00:00
--------------------------------------------------------------------------------
Name : rust-prometheus
Product : Fedora 41
Version : 0.14.0
Release : 1.fc41
URL : https://crates.io/crates/prometheus
Summary : Instrumentation library for Rust applications
Description :
Prometheus instrumentation library for Rust applications.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Fabio Valentini [decathorpe@gmail.com] - 0.14.0-1
- Update to version 0.14.0; Fixes RHBZ#2279084
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.13.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.13.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376749 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2376749
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2503abb88f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-protobuf-codegen-3.7.2-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2503abb88f
2025-10-09 01:14:09.802842+00:00
--------------------------------------------------------------------------------
Name : rust-protobuf-codegen
Product : Fedora 41
Version : 3.7.2
Release : 1.fc41
URL : https://crates.io/crates/protobuf-codegen
Summary : Code generator for rust-protobuf
Description :
Code generator for rust-protobuf. Includes a library to invoke
programmatically (e. g. from `build.rs`) and `protoc-gen-rs` binary.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 21 2025 Fabio Valentini [decathorpe@gmail.com] - 3.7.2-1
- Update to version 3.7.2; Fixes RHBZ#2080867
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.28.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.28.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376749 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2376749
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2503abb88f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-protobuf-3.7.2-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2503abb88f
2025-10-09 01:14:09.802842+00:00
--------------------------------------------------------------------------------
Name : rust-protobuf
Product : Fedora 41
Version : 3.7.2
Release : 1.fc41
URL : https://crates.io/crates/protobuf
Summary : Rust implementation of Google protocol buffers
Description :
Rust implementation of Google protocol buffers.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 21 2025 Fabio Valentini [decathorpe@gmail.com] - 3.7.2-1
- Update to version 3.7.2; Fixes RHBZ#2080866
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.28.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.28.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376749 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2376749
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2503abb88f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-maxminddb-0.26.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2503abb88f
2025-10-09 01:14:09.802842+00:00
--------------------------------------------------------------------------------
Name : rust-maxminddb
Product : Fedora 41
Version : 0.26.0
Release : 1.fc41
URL : https://crates.io/crates/maxminddb
Summary : Library for reading MaxMind DB format used by GeoIP2 and GeoLite2
Description :
Library for reading MaxMind DB format used by GeoIP2 and GeoLite2.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Fabio Valentini [decathorpe@gmail.com] - 0.26.0-1
- Update to version 0.26.0; Fixes RHBZ#2257537
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.23.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.23.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376749 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2376749
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2503abb88f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-protobuf-support-3.7.2-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2503abb88f
2025-10-09 01:14:09.802842+00:00
--------------------------------------------------------------------------------
Name : rust-protobuf-support
Product : Fedora 41
Version : 3.7.2
Release : 1.fc41
URL : https://crates.io/crates/protobuf-support
Summary : Code supporting protobuf implementation
Description :
Code supporting protobuf implementation. None of code in this crate is
public API.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Fabio Valentini [decathorpe@gmail.com] - 3.7.2-1
- Initial import (#2397167)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376749 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2376749
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2503abb88f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-prometheus_exporter-0.8.5-5.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2503abb88f
2025-10-09 01:14:09.802842+00:00
--------------------------------------------------------------------------------
Name : rust-prometheus_exporter
Product : Fedora 41
Version : 0.8.5
Release : 5.fc41
URL : https://crates.io/crates/prometheus_exporter
Summary : Helper libary to export prometheus metrics using tiny-http
Description :
Helper libary to export prometheus metrics using tiny-http.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Fabio Valentini [decathorpe@gmail.com] - 0.8.5-5
- Bump prometheus dependency to 0.14
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.8.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.8.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376749 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2376749
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2503abb88f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: mirrorlist-server-3.0.8-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2503abb88f
2025-10-09 01:14:09.802842+00:00
--------------------------------------------------------------------------------
Name : mirrorlist-server
Product : Fedora 41
Version : 3.0.8
Release : 1.fc41
URL : https://github.com/adrianreber/mirrorlist-server
Summary : Mirrorlist Server
Description :
The mirrorlist-server uses the data created by MirrorManager2
( https://github.com/fedora-infra/mirrormanager2) to answer client request for
the "best" mirror.
This implementation of the mirrorlist-server is written in Rust. The original
version of the mirrorlist-server was part of the MirrorManager2 repository and
it is implemented using Python. While moving from Python2 to Python3 one of
the problems was that the data exchange format (Python Pickle) did not support
running the MirrorManager2 backend with Python2 and the mirrorlist frontend
with Python3. To have a Pickle independent data exchange format protobuf was
introduced. The first try to use protobuf in the python mirrorlist
implementation required a lot more memory than the Pickle based implementation
(3.5GB instead of 1.1GB). That is one of the reasons a new mirrorlist-server
implementation was needed.
Another reason to rewrite the mirrorlist-server is its architecture. The
Python based version requires the Apache HTTP server or something that can
run the included wsgi. The wsgi talks over a socket to the actual
mirrorlist-server. In Fedora's MirrorManager2 instance this runs in a container
which runs behind HAProxy. This implementation in Rust directly uses a HTTP
library to reduce the number of involved components.
In addition to being simpler this implementation also requires less memory
than the Python version.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Fabio Valentini [decathorpe@gmail.com] - 3.0.8-1
- Update to version 3.0.8; Fixes RHBZ#2379121
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376749 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2376749
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2503abb88f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: oci-seccomp-bpf-hook-1.2.10-8.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5e448ba17a
2025-10-09 01:14:09.802837+00:00
--------------------------------------------------------------------------------
Name : oci-seccomp-bpf-hook
Product : Fedora 41
Version : 1.2.10
Release : 8.fc41
URL : https://github.com/containers/oci-seccomp-bpf-hook
Summary : OCI Hook to generate seccomp json files based on EBF syscalls used by container
Description :
OCI Hook to generate seccomp json files based on EBF syscalls used by container
oci-seccomp-bpf-hook provides a library for applications looking to use
the Container Pod concept popularized by Kubernetes.
--------------------------------------------------------------------------------
Update Information:
security fix for CVE-2025-47906
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Lokesh Mandvekar [lsm5@redhat.com] - 1.2.10-8
- simplify gating.yaml
* Tue Sep 30 2025 Lokesh Mandvekar [lsm5@redhat.com] - 1.2.10-7
- Switch to TMT for tests
* Tue Sep 30 2025 Lokesh Mandvekar [lsm5@redhat.com] - 1.2.10-6
- Remove unnecessary stuff from spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2399267 - CVE-2025-47906 oci-seccomp-bpf-hook: Unexpected paths returned from LookPath in os/exec [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399267
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5e448ba17a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: insight-13.0.50.20220502-27.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5abaff3fcb
2025-10-09 00:49:10.842776+00:00
--------------------------------------------------------------------------------
Name : insight
Product : Fedora 42
Version : 13.0.50.20220502
Release : 27.fc42
URL : https://www.sourceware.org/insight/
Summary : Graphical debugger based on GDB
Description :
Insight is a tight graphical user interface to GDB written in Tcl/Tk.
It provides a comprehensive interface that enables users to harness
most of GDB's power. It's also probably the only up-to-date UI for
the latest GDB version.
--------------------------------------------------------------------------------
Update Information:
Fix CVS 2025-11082 and 2025-11083.
conditional for explicit BR tcl/tk 8
dummy rpm check section.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Patrick Monnerat [patrick@monnerat.net] 13.0.50.20220502-27
- Patch "cve-2025-11082" fixes CVS 2025-11082.
https://bugzilla.redhat.com/show_bug.cgi?id=2400356
- Patch "cve-2025-11083" fixes CVS 2025-11083.
https://bugzilla.redhat.com/show_bug.cgi?id=2400349
- Conditional explicit BR tcl/tk 8.
- Dummy rpm check section.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2400317 - CVE-2025-11083 insight: GNU Binutils Linker heap-based overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2400317
[ 2 ] Bug #2400323 - CVE-2025-11082 insight: GNU Binutils Linker heap-based overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2400323
[ 3 ] Bug #2400349 - CVE-2025-11083 insight: GNU Binutils Linker heap-based overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2400349
[ 4 ] Bug #2400356 - CVE-2025-11082 insight: GNU Binutils Linker heap-based overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2400356
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5abaff3fcb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: yarnpkg-1.22.22-12.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-418da1e0e6
2025-10-09 00:49:10.842770+00:00
--------------------------------------------------------------------------------
Name : yarnpkg
Product : Fedora 42
Version : 1.22.22
Release : 12.fc42
URL : https://github.com/yarnpkg/yarn
Summary : Fast, reliable, and secure dependency management.
Description :
Fast, reliable, and secure dependency management.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2025-59343.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Sandro Mani [manisandro@gmail.com] - 1.22.22-12
- Regenerate bundle, fixes CVE-2025-59343
- Patch out eslint and commitizen devDependencies to reduce dependencies
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2397971 - CVE-2025-59343 yarnpkg: tar-fs symlink validation bypass [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2397971
[ 2 ] Bug #2397973 - CVE-2025-59343 yarnpkg: tar-fs symlink validation bypass [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2397973
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-418da1e0e6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: turbo-attack-0.1.0-4.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1910d6ec68
2025-10-09 00:49:10.842768+00:00
--------------------------------------------------------------------------------
Name : turbo-attack
Product : Fedora 42
Version : 0.1.0
Release : 4.fc42
URL : https://github.com/mytechnotalent/turbo-attack
Summary : A turbo traffic generator pentesting tool
Description :
A turbo traffic generator pentesting tool to generate random traffic with
random mac and ip addresses in addition to random sequence numbers to a
particular ip and port.
--------------------------------------------------------------------------------
Update Information:
Rebuild for fixing rhbz#2399577
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Tim Semeijn [fedora@semops.nl] - 0.1.0-4
- Rebuild for fixing rhbz#2399577
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2399577 - CVE-2025-47906 turbo-attack: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399577
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1910d6ec68' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: oci-seccomp-bpf-hook-1.2.10-9.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-39dd3e6f91
2025-10-09 00:49:10.842763+00:00
--------------------------------------------------------------------------------
Name : oci-seccomp-bpf-hook
Product : Fedora 42
Version : 1.2.10
Release : 9.fc42
URL : https://github.com/containers/oci-seccomp-bpf-hook
Summary : OCI Hook to generate seccomp json files based on EBF syscalls used by container
Description :
OCI Hook to generate seccomp json files based on EBF syscalls used by container
oci-seccomp-bpf-hook provides a library for applications looking to use
the Container Pod concept popularized by Kubernetes.
--------------------------------------------------------------------------------
Update Information:
security fix for CVE-2025-47906
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Lokesh Mandvekar [lsm5@redhat.com] - 1.2.10-9
- simplify gating.yaml
* Tue Sep 30 2025 Lokesh Mandvekar [lsm5@redhat.com] - 1.2.10-8
- Switch to TMT for tests
* Tue Sep 30 2025 Lokesh Mandvekar [lsm5@redhat.com] - 1.2.10-7
- Remove unnecessary stuff from spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2399543 - CVE-2025-47906 oci-seccomp-bpf-hook: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399543
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-39dd3e6f91' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
