Fedora 41 Update: clamav-1.0.9-1.fc41
Fedora 41 Update: glow-2.1.1-1.fc41
Fedora 41 Update: perl-Crypt-OpenSSL-RSA-0.35-1.fc41
Fedora 41 Update: perl-CryptX-0.087-2.fc41
Fedora 41 Update: trafficserver-9.2.11-1.fc41
Fedora 42 Update: podman-5.5.2-1.fc42
Fedora 42 Update: libssh-0.11.2-1.fc42
Fedora 42 Update: xorg-x11-server-21.1.18-1.fc42
Fedora 42 Update: glow-2.1.1-1.fc42
Fedora 42 Update: perl-Crypt-OpenSSL-RSA-0.35-1.fc42
Fedora 42 Update: perl-CryptX-0.087-2.fc42
Fedora 42 Update: trafficserver-10.0.6-1.fc42
[SECURITY] Fedora 41 Update: clamav-1.0.9-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-88b0ad0c1f
2025-06-27 01:57:49.068486+00:00
--------------------------------------------------------------------------------
Name : clamav
Product : Fedora 41
Version : 1.0.9
Release : 1.fc41
URL : https://www.clamav.net/
Summary : End-user tools for the Clam Antivirus scanner
Description :
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this
software is the integration with mail servers (attachment scanning). The
package provides a flexible and scalable multi-threaded daemon, a command
line scanner, and a tool for automatic updating via Internet. The programs
are based on a shared library distributed with the Clam AntiVirus package,
which you can use with your own software. The virus database is based on
the virus database from OpenAntiVirus, but contains additional signatures
(including signatures for popular polymorphic viruses, too) and is KEPT UP
TO DATE.
--------------------------------------------------------------------------------
Update Information:
Latest release.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 18 2025 Gwyn Ciesla [gwync@protonmail.com] - 1.0.9-1
- Update to 1.0.9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2373736 - CVE-2025-20234 clamav: ClamAV Information Disclosure Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2373736
[ 2 ] Bug #2373750 - CVE-2025-20260 clamav: ClamAV PDF Scanning Buffer Overflow Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2373750
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-88b0ad0c1f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: glow-2.1.1-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-0f0b3d191c
2025-06-27 01:57:49.068480+00:00
--------------------------------------------------------------------------------
Name : glow
Product : Fedora 41
Version : 2.1.1
Release : 1.fc41
URL : https://github.com/charmbracelet/glow
Summary : Terminal based markdown reader
Description :
Glow is a terminal based markdown reader designed from the ground up to bring
out the beauty???and power???of the CLI. Use it to discover markdown files, read
documentation directly on the command line. Glow will find local markdown
files in subdirectories or a local Git repository.
--------------------------------------------------------------------------------
Update Information:
Update to version 2.1.1 for various bugfixes. This also fixes CVE-2025-22872 in
the bundled golang.org/x/net/html.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 18 2025 Carl George [carlwgeorge@fedoraproject.org] - 2.1.1-1
- Update to version 2.1.1 rhbz#2369460
* Fri Apr 18 2025 Carl George [carlwgeorge@fedoraproject.org] - 2.1.0-1
- Update to version 2.1.0 rhbz#2348672
* Thu Jan 16 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360594 - CVE-2025-22872 glow: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2360594
[ 2 ] Bug #2369460 - glow-2.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2369460
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-0f0b3d191c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: perl-Crypt-OpenSSL-RSA-0.35-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-043b7fdbaf
2025-06-27 01:57:49.068403+00:00
--------------------------------------------------------------------------------
Name : perl-Crypt-OpenSSL-RSA
Product : Fedora 41
Version : 0.35
Release : 1.fc41
URL : https://metacpan.org/release/Crypt-OpenSSL-RSA
Summary : Perl interface to OpenSSL for RSA
Description :
Crypt::OpenSSL::RSA - RSA encoding and decoding, using the openSSL libraries
--------------------------------------------------------------------------------
Update Information:
Update to 0.35, fixes CVE-2024-2467
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 7 2025 Xavier Bachelot [xavier@bachelot.org] - 0.35-1
- Update to 0.35 (RHBZ#2364877)
- Fixes CVE-2024-2467 (RHBZ#2269568)
* Mon May 5 2025 Xavier Bachelot [xavier@bachelot.org] - 0.34-1
- Update to 0.34 (RHBZ#2364100)
* Sat Jan 18 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.33-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2269568 - CVE-2024-2467 perl-Crypt-OpenSSL-RSA: side-channel attack in PKCS#1 v1.5 padding mode (Marvin Attack) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2269568
[ 2 ] Bug #2364877 - perl-Crypt-OpenSSL-RSA-0.35 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2364877
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-043b7fdbaf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: perl-CryptX-0.087-2.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-aff64b1f48
2025-06-27 01:57:49.068393+00:00
--------------------------------------------------------------------------------
Name : perl-CryptX
Product : Fedora 41
Version : 0.087
Release : 2.fc41
URL : https://metacpan.org/release/CryptX
Summary : Cryptographic toolkit
Description :
This Perl library provides a cryptography based on LibTomCrypt library.
--------------------------------------------------------------------------------
Update Information:
Update to 0.087, fixes CVE-2025-40914
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 12 2025 Xavier Bachelot [xavier@bachelot.org] - 0.087-2
- Use any version of Math::BigInt and Math::BigFloat
- Fix bundled Provides:
* Wed Jun 11 2025 Xavier Bachelot [xavier@bachelot.org] - 0.087-1
- Update to 0.087 (RHBZ#2372355,RHBZ#2372356,RHBZ#2372357,RHBZ#2372358)
- Fix CVE-2025-40914
* Sat May 3 2025 Xavier Bachelot [xavier@bachelot.org] - 0.086-1
- Update to 0.086 (RHBZ#2363852, RHBZ#2354493)
* Tue Feb 11 2025 Xavier Bachelot [xavier@bachelot.org] - 0.085-1
- Update to 0.085 (RHBZ#2344451)
* Sat Jan 18 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.084-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Oct 16 2024 Xavier Bachelot [xavier@bachelot.org] - 0.084-1
- Update to 0.084 (RHBZ#2319152)
* Tue Oct 15 2024 Xavier Bachelot [xavier@bachelot.org] - 0.083-1
- Update to 0.083 (RHBZ#2310725)
- Drop EL7 support
- Fix Math::BigInt/BigFloat versions and conditionals
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2372355 - CVE-2025-40914 perl-CryptX: Perl CryptX code execution via integer overflow [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2372355
[ 2 ] Bug #2372356 - CVE-2025-40914 perl-CryptX: Perl CryptX code execution via integer overflow [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2372356
[ 3 ] Bug #2372357 - CVE-2025-40914 perl-CryptX: Perl CryptX code execution via integer overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2372357
[ 4 ] Bug #2372358 - CVE-2025-40914 perl-CryptX: Perl CryptX code execution via integer overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2372358
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-aff64b1f48' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: trafficserver-9.2.11-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ed452354bb
2025-06-27 01:57:49.068350+00:00
--------------------------------------------------------------------------------
Name : trafficserver
Product : Fedora 41
Version : 9.2.11
Release : 1.fc41
URL : https://trafficserver.apache.org/
Summary : Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
Description :
Traffic Server is a high-performance building block for cloud services.
It's more than just a caching proxy server; it also has support for
plugins to build large scale web applications. Key features:
Caching - Improve your response time, while reducing server load and
bandwidth needs by caching and reusing frequently-requested web pages,
images, and web service calls.
Proxying - Easily add keep-alive, filter or anonymize content
requests, or add load balancing by adding a proxy layer.
Fast - Scales well on modern SMP hardware, handling 10s of thousands
of requests per second.
Extensible - APIs to write your own plug-ins to do anything from
modifying HTTP headers to handling ESI requests to writing your own
cache algorithm.
Proven - Handling over 400TB a day at Yahoo! both as forward and
reverse proxies, Apache Traffic Server is battle hardened.
--------------------------------------------------------------------------------
Update Information:
Changes with Apache Traffic Server 9.2.11
#12169 - 9.2.x: fix libyaml for gcc 15, and cherry-pick fedora:42 updates
#12294 - Add a setting to choose the data source of IP address for ACL
#12296 - Add max inclusion support to esi plugin for 9.2.x
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 17 2025 Jered Floyd [jered@redhat.com] 9.2.11-1
- Update to upstream 9.2.11
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2373879 - CVE-2025-31698 trafficserver: Apache Traffic Server PROXY Protocol ACL Bypass [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2373879
[ 2 ] Bug #2373883 - CVE-2025-49763 trafficserver: Traffic Server ESI Inclusion Depth Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2373883
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ed452354bb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: podman-5.5.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d6689393a3
2025-06-27 01:19:29.251112+00:00
--------------------------------------------------------------------------------
Name : podman
Product : Fedora 42
Version : 5.5.2
Release : 1.fc42
URL : https://podman.io/
Summary : Manage Pods, Containers and Container Images
Description :
podman (Pod Manager) is a fully featured container engine that is a simple
daemonless tool. podman provides a Docker-CLI comparable command line that
eases the transition from other container engines and allows the management of
pods, containers and images. Simply put: alias docker=podman.
Most podman commands can be run as a regular user, without requiring
additional privileges.
podman uses Buildah(1) internally to create container images.
Both tools share image (not container) storage, hence each can use or
manipulate images (but not containers) created by the other.
--------------------------------------------------------------------------------
Update Information:
Automatic update for podman-5.5.2-1.fc42.
security fix for CVE-2025-6032
Changelog for podman
* Tue Jun 24 2025 Packit [hello@packit.dev] - 5:5.5.2-1
- Update to 5.5.2 upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 24 2025 Packit [hello@packit.dev] - 5:5.5.2-1
- Update to 5.5.2 upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2374581 - CVE-2025-6032 podman: podman missing TLS verification [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2374581
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d6689393a3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: libssh-0.11.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-69acb71145
2025-06-27 01:19:29.251100+00:00
--------------------------------------------------------------------------------
Name : libssh
Product : Fedora 42
Version : 0.11.2
Release : 1.fc42
URL : http://www.libssh.org
Summary : A library implementing the SSH protocol
Description :
The ssh library was designed to be used by programmers needing a working SSH
implementation by the mean of a library. The complete control of the client is
made by the programmer. With libssh, you can remotely execute programs, transfer
files, use a secure and transparent tunnel for your remote programs. With its
Secure FTP implementation, you can play with remote files easily, without
third-party programs others than libcrypto (from openssl).
--------------------------------------------------------------------------------
Update Information:
New upstream release fixing various security issues and bugs
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 24 2025 Jakub Jelen [jjelen@redhat.com] - 0.11.2-1
- New upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2374587 - CVE-2025-5318 libssh: out-of-bounds read in sftp_handle() [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2374587
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-69acb71145' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: xorg-x11-server-21.1.18-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e65a55c3d0
2025-06-27 01:19:29.251074+00:00
--------------------------------------------------------------------------------
Name : xorg-x11-server
Product : Fedora 42
Version : 21.1.18
Release : 1.fc42
URL : http://www.x.org
Summary : X.Org X11 X server
Description :
X.Org X11 X server.
--------------------------------------------------------------------------------
Update Information:
Update to xserver 21.1.18, contains an additional fix for CVE-2025-49176
Update to xserver 21.1.17,
CVE fix for CVE-2025-49175, CVE-2025-49176, CVE-2025-49177,
CVE-2025-49178, CVE-2025-49179, CVE-2025-49180
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 18 2025 Olivier Fourdan [ofourdan@redhat.com] - 21.1.18-1
- Update to xserver 21.1.18
- Contains an additional fix for CVE-2025-49176
* Tue Jun 17 2025 Olivier Fourdan [ofourdan@redhat.com] - 21.1.17-1
- Update to xserver 21.1.17
- CVE fix for: CVE-2025-49175, CVE-2025-49176, CVE-2025-49177
CVE-2025-49178, CVE-2025-49179, CVE-2025-49180
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e65a55c3d0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: glow-2.1.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e023994b32
2025-06-27 01:19:29.251079+00:00
--------------------------------------------------------------------------------
Name : glow
Product : Fedora 42
Version : 2.1.1
Release : 1.fc42
URL : https://github.com/charmbracelet/glow
Summary : Terminal based markdown reader
Description :
Glow is a terminal based markdown reader designed from the ground up to bring
out the beauty???and power???of the CLI. Use it to discover markdown files, read
documentation directly on the command line. Glow will find local markdown
files in subdirectories or a local Git repository.
--------------------------------------------------------------------------------
Update Information:
Update to version 2.1.1 for various bugfixes. This also fixes CVE-2025-22872 in
the bundled golang.org/x/net/html.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 18 2025 Carl George [carlwgeorge@fedoraproject.org] - 2.1.1-1
- Update to version 2.1.1 rhbz#2369460
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360634 - CVE-2025-22872 glow: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2360634
[ 2 ] Bug #2369460 - glow-2.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2369460
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e023994b32' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: perl-Crypt-OpenSSL-RSA-0.35-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-52b352c9cd
2025-06-27 01:19:29.251011+00:00
--------------------------------------------------------------------------------
Name : perl-Crypt-OpenSSL-RSA
Product : Fedora 42
Version : 0.35
Release : 1.fc42
URL : https://metacpan.org/release/Crypt-OpenSSL-RSA
Summary : Perl interface to OpenSSL for RSA
Description :
Crypt::OpenSSL::RSA - RSA encoding and decoding, using the openSSL libraries
--------------------------------------------------------------------------------
Update Information:
Update to 0.35, fixes CVE-2024-2467
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 7 2025 Xavier Bachelot [xavier@bachelot.org] - 0.35-1
- Update to 0.35 (RHBZ#2364877)
- Fixes CVE-2024-2467 (RHBZ#2269568)
* Mon May 5 2025 Xavier Bachelot [xavier@bachelot.org] - 0.34-1
- Update to 0.34 (RHBZ#2364100)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2269568 - CVE-2024-2467 perl-Crypt-OpenSSL-RSA: side-channel attack in PKCS#1 v1.5 padding mode (Marvin Attack) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2269568
[ 2 ] Bug #2364877 - perl-Crypt-OpenSSL-RSA-0.35 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2364877
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-52b352c9cd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: perl-CryptX-0.087-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-34b9058968
2025-06-27 01:19:29.251005+00:00
--------------------------------------------------------------------------------
Name : perl-CryptX
Product : Fedora 42
Version : 0.087
Release : 2.fc42
URL : https://metacpan.org/release/CryptX
Summary : Cryptographic toolkit
Description :
This Perl library provides a cryptography based on LibTomCrypt library.
--------------------------------------------------------------------------------
Update Information:
Update to 0.087, fixes CVE-2025-40914
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 12 2025 Xavier Bachelot [xavier@bachelot.org] - 0.087-2
- Use any version of Math::BigInt and Math::BigFloat
- Fix bundled Provides:
* Wed Jun 11 2025 Xavier Bachelot [xavier@bachelot.org] - 0.087-1
- Update to 0.087 (RHBZ#2372355,RHBZ#2372356,RHBZ#2372357,RHBZ#2372358)
- Fix CVE-2025-40914
* Sat May 3 2025 Xavier Bachelot [xavier@bachelot.org] - 0.086-1
- Update to 0.086 (RHBZ#2363852, RHBZ#2354493)
* Tue Feb 11 2025 Xavier Bachelot [xavier@bachelot.org] - 0.085-1
- Update to 0.085 (RHBZ#2344451)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2372355 - CVE-2025-40914 perl-CryptX: Perl CryptX code execution via integer overflow [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2372355
[ 2 ] Bug #2372356 - CVE-2025-40914 perl-CryptX: Perl CryptX code execution via integer overflow [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2372356
[ 3 ] Bug #2372357 - CVE-2025-40914 perl-CryptX: Perl CryptX code execution via integer overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2372357
[ 4 ] Bug #2372358 - CVE-2025-40914 perl-CryptX: Perl CryptX code execution via integer overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2372358
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-34b9058968' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: trafficserver-10.0.6-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-512daf16b9
2025-06-27 01:19:29.250963+00:00
--------------------------------------------------------------------------------
Name : trafficserver
Product : Fedora 42
Version : 10.0.6
Release : 1.fc42
URL : https://trafficserver.apache.org/
Summary : Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
Description :
Traffic Server is a high-performance building block for cloud services.
It's more than just a caching proxy server; it also has support for
plugins to build large scale web applications. Key features:
Caching - Improve your response time, while reducing server load and
bandwidth needs by caching and reusing frequently-requested web pages,
images, and web service calls.
Proxying - Easily add keep-alive, filter or anonymize content
requests, or add load balancing by adding a proxy layer.
Fast - Scales well on modern SMP hardware, handling 10s of thousands
of requests per second.
Extensible - APIs to write your own plug-ins to do anything from
modifying HTTP headers to handling ESI requests to writing your own
cache algorithm.
Proven - Handling over 400TB a day at Yahoo! both as forward and
reverse proxies, Apache Traffic Server is battle hardened.
--------------------------------------------------------------------------------
Update Information:
Changes with Apache Traffic Server 10.0.6
#12298 - Add a setting to choose the data source of IP address for ACL
#12299 - Add max inclusion depth support for esi plugin 10.0.x
#12300 - otel build update for GCC 15
#12301 - autest updates for recent curl and nghttp2 versions (#12165)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 17 2025 Jered Floyd [jered@redhat.com] 10.0.6-1
- Update to upstream 10.0.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2373880 - CVE-2025-31698 trafficserver: Apache Traffic Server PROXY Protocol ACL Bypass [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2373880
[ 2 ] Bug #2373884 - CVE-2025-49763 trafficserver: Traffic Server ESI Inclusion Depth Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2373884
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-512daf16b9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
