Fedora 41 Update: epiphany-47.7-1.fc41
Fedora 41 Update: xz-5.8.1-2.fc41
Fedora 41 Update: perl-Compress-Raw-Lzma-2.212-6.fc41
Fedora 40 Update: xz-5.8.1-2.fc40
Fedora 40 Update: perl-Compress-Raw-Lzma-2.209-9.fc40
Fedora 42 Update: libxmp-4.6.2-3.fc42
Fedora 42 Update: epiphany-48.3-1.fc42
[SECURITY] Fedora 41 Update: epiphany-47.7-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-164c668d6a
2025-05-10 01:58:21.497415+00:00
--------------------------------------------------------------------------------
Name : epiphany
Product : Fedora 41
Version : 47.7
Release : 1.fc41
URL : https://wiki.gnome.org/Apps/Web
Summary : Web browser for GNOME
Description :
Epiphany is the web browser for the GNOME desktop. Its goal is to be
simple and easy to use. Epiphany ties together many GNOME components
in order to let you focus on the web content, instead of the browser
application.
--------------------------------------------------------------------------------
Update Information:
Update to 47.7 notably fixing CVE-2025-3839
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 24 2025 Michael Catanzaro [mcatanzaro@redhat.com] - 1:47.7-1
- Update to Epiphany 47.7
* Tue Apr 22 2025 Michael Catanzaro [mcatanzaro@redhat.com] - 1:47.6-1
- Update to 47.6
* Mon Apr 21 2025 Michael Catanzaro [mcatanzaro@redhat.com] - 1:47.5-1
- Update to 47.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2361431 - CVE-2025-3839 epiphany: Insecure External Protocol Invocation in Epiphany [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2361431
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-164c668d6a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: xz-5.8.1-2.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-051becf4f2
2025-05-10 01:58:21.497365+00:00
--------------------------------------------------------------------------------
Name : xz
Product : Fedora 41
Version : 5.8.1
Release : 2.fc41
URL : https://tukaani.org/xz/
Summary : LZMA compression utilities
Description :
XZ Utils are an attempt to make LZMA compression easy to use on free (as in
freedom) operating systems. This is achieved by providing tools and libraries
which are similar to use than the equivalents of the most popular existing
compression algorithms.
LZMA is a general purpose compression algorithm designed by Igor Pavlov as
part of 7-Zip. It provides high compression ratio while keeping the
decompression speed fast.
--------------------------------------------------------------------------------
Update Information:
xz 5.8.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 24 2025 Adam Williamson [awilliam@redhat.com] - 1:5.8.1-2
- Rebuild without changes to fix gating problem
* Thu Apr 3 2025 Richard W.M. Jones [rjones@redhat.com] - 1:5.8.1-1
- New upstream version 5.8.1
- Fixes CVE-2025-31115 heap-use-after-free bug in threaded .xz decoder
* Wed Mar 26 2025 Jakub Martisko [jamartis@redhat.com] - 1:5.8.0-1
- New upstream version 5.8.0
Resolves: rhbz#2341818
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1:5.6.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Oct 11 2024 Richard W.M. Jones [rjones@redhat.com] - 1:5.6.3-2
- perl-Compress-Raw-Lzma dep has been removed, rebuild
https://src.fedoraproject.org/rpms/perl-Compress-Raw-Lzma/pull-request/3
* Wed Oct 2 2024 Richard W.M. Jones [rjones@redhat.com] - 1:5.6.3-1
- New upstream version 5.6.3 (RHBZ#2316069)
* Thu Aug 8 2024 Luk???? Zaoral [lzaoral@redhat.com] - 1:5.6.2-3
- fix licenses and finish SPDX license conversion
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2357253 - CVE-2025-31115 xz: XZ has a heap-use-after-free bug in threaded .xz decoder [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2357253
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-051becf4f2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: perl-Compress-Raw-Lzma-2.212-6.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-051becf4f2
2025-05-10 01:58:21.497365+00:00
--------------------------------------------------------------------------------
Name : perl-Compress-Raw-Lzma
Product : Fedora 41
Version : 2.212
Release : 6.fc41
URL : https://metacpan.org/release/Compress-Raw-Lzma
Summary : Low-level interface to lzma compression library
Description :
This module provides a Perl interface to the lzma compression library.
It is used by IO::Compress::Lzma.
--------------------------------------------------------------------------------
Update Information:
xz 5.8.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 3 2025 Richard W.M. Jones [rjones@redhat.com] - 2.212-6
- Rebuild against xz 5.8.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2357253 - CVE-2025-31115 xz: XZ has a heap-use-after-free bug in threaded .xz decoder [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2357253
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-051becf4f2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: xz-5.8.1-2.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-4871b31998
2025-05-10 01:38:46.492145+00:00
--------------------------------------------------------------------------------
Name : xz
Product : Fedora 40
Version : 5.8.1
Release : 2.fc40
URL : https://tukaani.org/xz/
Summary : LZMA compression utilities
Description :
XZ Utils are an attempt to make LZMA compression easy to use on free (as in
freedom) operating systems. This is achieved by providing tools and libraries
which are similar to use than the equivalents of the most popular existing
compression algorithms.
LZMA is a general purpose compression algorithm designed by Igor Pavlov as
part of 7-Zip. It provides high compression ratio while keeping the
decompression speed fast.
--------------------------------------------------------------------------------
Update Information:
xz 5.8.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 24 2025 Adam Williamson [awilliam@redhat.com] - 1:5.8.1-2
- Rebuild without changes to fix gating problem
* Thu Apr 3 2025 Richard W.M. Jones [rjones@redhat.com] - 1:5.8.1-1
- New upstream version 5.8.1
- Fixes CVE-2025-31115 heap-use-after-free bug in threaded .xz decoder
* Wed Mar 26 2025 Jakub Martisko [jamartis@redhat.com] - 1:5.8.0-1
- New upstream version 5.8.0
Resolves: rhbz#2341818
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1:5.6.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Oct 11 2024 Richard W.M. Jones [rjones@redhat.com] - 1:5.6.3-2
- perl-Compress-Raw-Lzma dep has been removed, rebuild
https://src.fedoraproject.org/rpms/perl-Compress-Raw-Lzma/pull-request/3
* Wed Oct 2 2024 Richard W.M. Jones [rjones@redhat.com] - 1:5.6.3-1
- New upstream version 5.6.3 (RHBZ#2316069)
* Thu Aug 8 2024 Luk???? Zaoral [lzaoral@redhat.com] - 1:5.6.2-3
- fix licenses and finish SPDX license conversion
* Sat Jul 20 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1:5.6.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jun 20 2024 Richard W.M. Jones [rjones@redhat.com] - 1:5.6.2-1
- New upstream version 5.6.2 (RHBZ#2283854)
- Remove "Jia Tan" pubkey, replace with Lasse Collin's.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2357251 - CVE-2025-31115 xz: XZ has a heap-use-after-free bug in threaded .xz decoder [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2357251
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-4871b31998' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 40 Update: perl-Compress-Raw-Lzma-2.209-9.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-4871b31998
2025-05-10 01:38:46.492145+00:00
--------------------------------------------------------------------------------
Name : perl-Compress-Raw-Lzma
Product : Fedora 40
Version : 2.209
Release : 9.fc40
URL : https://metacpan.org/release/Compress-Raw-Lzma
Summary : Low-level interface to lzma compression library
Description :
This module provides a Perl interface to the lzma compression library.
It is used by IO::Compress::Lzma.
--------------------------------------------------------------------------------
Update Information:
xz 5.8.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 3 2025 Richard W.M. Jones [rjones@redhat.com] - 2.209-9
- Rebuild against xz 5.8.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2357251 - CVE-2025-31115 xz: XZ has a heap-use-after-free bug in threaded .xz decoder [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2357251
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-4871b31998' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: libxmp-4.6.2-3.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-11090ba13f
2025-05-10 01:16:54.200160+00:00
--------------------------------------------------------------------------------
Name : libxmp
Product : Fedora 42
Version : 4.6.2
Release : 3.fc42
URL : http://xmp.sourceforge.net/
Summary : A multi-format module playback library
Description :
Libxmp is a library that renders module files to PCM data. It supports
over 90 mainstream and obscure module formats including Protracker (MOD),
Scream Tracker 3 (S3M), Fast Tracker II (XM), and Impulse Tracker (IT).
Many compressed module formats are supported, including popular Unix, DOS,
and Amiga file packers including gzip, bzip2, SQSH, Powerpack, etc.
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2025-47256 .
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 7 2025 Michael Schwendt [mschwendt@fedoraproject.org] - 4.6.2-3
- Fix array subscript underflow in Pha Packer loader (CVE-2025-47256).
* Wed May 7 2025 Michael Schwendt [mschwendt@fedoraproject.org] - 4.6.2-2
- own cmake libxmp dir
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2364613 - CVE-2025-47256 libxmp: stack-based buffer overflow via a malformed Pha format tracker module [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2364613
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-11090ba13f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: epiphany-48.3-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-efbe201596
2025-05-10 01:16:54.199848+00:00
--------------------------------------------------------------------------------
Name : epiphany
Product : Fedora 42
Version : 48.3
Release : 1.fc42
URL : https://wiki.gnome.org/Apps/Web
Summary : Web browser for GNOME
Description :
Epiphany is the web browser for the GNOME desktop. Its goal is to be
simple and easy to use. Epiphany ties together many GNOME components
in order to let you focus on the web content, instead of the browser
application.
--------------------------------------------------------------------------------
Update Information:
Update to 48.3, notably fixing CVE-2025-3839
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 24 2025 Michael Catanzaro [mcatanzaro@redhat.com] - 1:48.3-1
- Upgrade to 48.3
* Tue Apr 22 2025 Michael Catanzaro [mcatanzaro@redhat.com] - 1:48.2-1
- Update to 48.2
* Mon Apr 21 2025 Michael Catanzaro [mcatanzaro@redhat.com] - 1:48.1-1
- Update to 48.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2354985 - [abrt] epiphany-runtime: g_object_new_valist(): epiphany killed by SIGTRAP
https://bugzilla.redhat.com/show_bug.cgi?id=2354985
[ 2 ] Bug #2361431 - CVE-2025-3839 epiphany: Insecure External Protocol Invocation in Epiphany [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2361431
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-efbe201596' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
