Fedora 42 Update: expat-2.7.2-1.fc42
Fedora 42 Update: xen-4.19.3-4.fc42
Fedora 42 Update: gh-2.79.0-1.fc42
Fedora 41 Update: gh-2.79.0-1.fc41
[SECURITY] Fedora 42 Update: expat-2.7.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-639f53ea67
2025-09-19 01:37:20.892577+00:00
--------------------------------------------------------------------------------
Name : expat
Product : Fedora 42
Version : 2.7.2
Release : 1.fc42
URL : https://libexpat.github.io/
Summary : An XML parser library
Description :
This is expat, the C library for parsing XML, written by James Clark. Expat
is a stream oriented XML parser. This means that you register handlers with
the parser prior to starting the parse. These handlers are called when the
parser discovers the associated structures in the document being parsed. A
start tag is an example of the kind of structures for which you may
register handlers.
--------------------------------------------------------------------------------
Update Information:
Rebase to 2.7.2
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 17 2025 Tomas Korbar [tkorbar@redhat.com] - 2.7.2-1
- Rebase to 2.7.2
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.7.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jun 9 2025 psklenar@redhat.com [psklenar@redhat.com] - 2.7.1-2
- fedora CI plans move to gitlab for centos-stream test space
https://issues.redhat.com/browse/RHELMISC-13073
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2395122 - CVE-2025-59375 expat: From CVEorg collector [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2395122
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-639f53ea67' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: xen-4.19.3-4.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7a1f93f58a
2025-09-19 01:37:20.892560+00:00
--------------------------------------------------------------------------------
Name : xen
Product : Fedora 42
Version : 4.19.3
Release : 4.fc42
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor
--------------------------------------------------------------------------------
Update Information:
Mutiple vulnerabilities in the Viridian interface [XSA-472,
CVE-2025-27466, CVE-2025-58142, CVE-2025-58143]
Arm issues with page refcounting [XSA-473, CVE-2025-58144,
CVE-2025-58145]
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 15 2025 Michael Young [m.a.young@durham.ac.uk] - 4.19.3-4
- Mutiple vulnerabilities in the Viridian interface [XSA-472,
CVE-2025-27466, CVE-2025-58142, CVE-2025-58143]
- Arm issues with page refcounting [XSA-473, CVE-2025-58144,
CVE-2025-58145]
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2395132 - CVE-2025-58145 xen: Arm issues with page refcounting [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2395132
[ 2 ] Bug #2395134 - CVE-2025-58144 xen: Arm issues with page refcounting [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2395134
[ 3 ] Bug #2395158 - CVE-2025-58142 xen: NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2395158
[ 4 ] Bug #2395160 - CVE-2025-58143 xen: race condition when the mapping of the reference TSC page [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2395160
[ 5 ] Bug #2395162 - CVE-2025-27466 xen: A NULL pointer dereference in the updating of the reference TSC area [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2395162
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7a1f93f58a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: gh-2.79.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d4c9910925
2025-09-19 01:37:20.892456+00:00
--------------------------------------------------------------------------------
Name : gh
Product : Fedora 42
Version : 2.79.0
Release : 1.fc42
URL : https://github.com/cli/cli
Summary : GitHub's official command line tool
Description :
A command-line interface to GitHub for use in your terminal or your scripts.
gh is a tool designed to enhance your workflow when working with GitHub. It
provides a seamless way to interact with GitHub repositories and perform various
actions right from the command line, eliminating the need to switch between your
terminal and the GitHub website.
--------------------------------------------------------------------------------
Update Information:
Update to 2.79.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 9 2025 Packit [hello@packit.dev] - 2.79.0-1
- Update to 2.79.0 upstream release
- Resolves: rhbz#2385309
* Tue Sep 9 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 2.76.1-5
- Integrate Packit with Go Vendor Tools
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 2.76.1-4
- Rebuild for golang-1.25.0
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 2.76.1-3
- Revert "Rebuild for golang-1.25.0"
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 2.76.1-2
- Rebuild for golang-1.25.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2390863 - gh: go-viper's mapstructure May Leak Sensitive Information in Logs [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2390863
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d4c9910925' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: gh-2.79.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-24e111e6f1
2025-09-19 01:15:50.104017+00:00
--------------------------------------------------------------------------------
Name : gh
Product : Fedora 41
Version : 2.79.0
Release : 1.fc41
URL : https://github.com/cli/cli
Summary : GitHub's official command line tool
Description :
A command-line interface to GitHub for use in your terminal or your scripts.
gh is a tool designed to enhance your workflow when working with GitHub. It
provides a seamless way to interact with GitHub repositories and perform various
actions right from the command line, eliminating the need to switch between your
terminal and the GitHub website.
--------------------------------------------------------------------------------
Update Information:
Update to 2.79.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 9 2025 Packit [hello@packit.dev] - 2.79.0-1
- Update to 2.79.0 upstream release
- Resolves: rhbz#2385309
* Tue Sep 9 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 2.76.1-5
- Integrate Packit with Go Vendor Tools
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 2.76.1-4
- Rebuild for golang-1.25.0
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 2.76.1-3
- Revert "Rebuild for golang-1.25.0"
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 2.76.1-2
- Rebuild for golang-1.25.0
* Tue Jul 29 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 2.76.1-1
- Update to 2.76.1 - Closes rhbz#2380061
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.75.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Wed Jul 9 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 2.75.0-1
- Update to 2.75.0 - Closes rhbz#2371496 rhbz#2375605 rhbz#2375620
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2384115 - gh: Host Header Injection in github.com/go-chi/chi [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2384115
[ 2 ] Bug #2384138 - gh: go-viper information leak [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2384138
[ 3 ] Bug #2390842 - gh: go-viper's mapstructure May Leak Sensitive Information in Logs [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2390842
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-24e111e6f1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
