Fedora 42 Update: firefox-137.0-2.fc42
Fedora 42 Update: perl-Data-Entropy-0.008-1.fc42
Fedora 42 Update: matrix-synapse-1.127.1-1.fc42
Fedora 42 Update: cri-tools1.29-1.29.0-11.fc42
Fedora 42 Update: upx-5.0.0-1.fc42
Fedora 42 Update: yarnpkg-1.22.22-7.fc42
Fedora 42 Update: condor-23.9.6-6.fc42
Fedora 42 Update: corosync-3.1.9-3.fc42
Fedora 42 Update: nextcloud-31.0.2-1.fc42
Fedora 42 Update: suricata-7.0.10-1.fc42
Fedora 42 Update: varnish-7.6.1-5.fc42
[SECURITY] Fedora 42 Update: firefox-137.0-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-4e7468921a
2025-04-11 18:19:12.062239+00:00
--------------------------------------------------------------------------------
Name : firefox
Product : Fedora 42
Version : 137.0
Release : 2.fc42
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
--------------------------------------------------------------------------------
Update Information:
Updated to latest upstream (137.0)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 31 2025 Martin Stransky [stransky@redhat.com] - 137.0-2
- Update 137.0 build 2
* Wed Mar 26 2025 Martin Stransky [stransky@redhat.com] - 137.0-1
- Update to latest upstream (137.0)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-4e7468921a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: perl-Data-Entropy-0.008-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-76dbde76fe
2025-04-11 18:19:12.061898+00:00
--------------------------------------------------------------------------------
Name : perl-Data-Entropy
Product : Fedora 42
Version : 0.008
Release : 1.fc42
URL : https://metacpan.org/release/Data-Entropy
Summary : Entropy (randomness) management
Description :
This module maintains a concept of a current selection of entropy source.
Algorithms that require entropy, such as those in
Data::Entropy::Algorithms, can use the source nominated by this module,
avoiding the need for entropy source objects to be explicitly passed
around. This is convenient because usually one entropy source will be used
for an entire program run and so an explicit entropy source parameter would
rarely vary. There is also a default entropy source, avoiding the need to
explicitly configure a source at all.
--------------------------------------------------------------------------------
Update Information:
Prior to version 0.008, the Perl module Data::Entropy relied on Perl's builtin
rand function to choose an entropy source. Version 0.008 does away with this
need.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 30 2025 Emmanuel Seyman [emmanuel@seyman.fr] - 0.008-1
- Update to 0.008, with new maintainer (#2355612)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2355612 - perl-Data-Entropy-0.008 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2355612
[ 2 ] Bug #2355706 - CVE-2025-1860 perl-Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2355706
[ 3 ] Bug #2355707 - CVE-2025-1860 perl-Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2355707
[ 4 ] Bug #2355708 - CVE-2025-1860 perl-Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2355708
[ 5 ] Bug #2355709 - CVE-2025-1860 perl-Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2355709
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-76dbde76fe' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: matrix-synapse-1.127.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-63751ef564
2025-04-11 18:19:12.061808+00:00
--------------------------------------------------------------------------------
Name : matrix-synapse
Product : Fedora 42
Version : 1.127.1
Release : 1.fc42
URL : https://github.com/element-hq/synapse
Summary : A Matrix reference homeserver written in Python using Twisted
Description :
Matrix is an ambitious new ecosystem for open federated Instant Messaging and
VoIP. Synapse is a reference "homeserver" implementation of Matrix from the
core development team at matrix.org, written in Python/Twisted. It is intended
to showcase the concept of Matrix and let folks see the spec in the context of
a coded base and let you run your own homeserver and generally help bootstrap
the ecosystem.
--------------------------------------------------------------------------------
Update Information:
Update to v1.127.1 (CVE-2025-30355)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 29 2025 Kai A. Hiller [V02460@gmail.com] - 1.127.1-1
- Update to v1.127.1 (CVE-2025-30355)
* Fri Jan 17 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.121.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-63751ef564' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: cri-tools1.29-1.29.0-11.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-adae8279e3
2025-04-11 18:19:12.061792+00:00
--------------------------------------------------------------------------------
Name : cri-tools1.29
Product : Fedora 42
Version : 1.29.0
Release : 11.fc42
URL : https://github.com/kubernetes-sigs/cri-tools
Summary : CLI and validation tools for Kubelet Container Runtime Interface (CRI)
Description :
CLI and validation tools for Kubelet Container Runtime Interface (CRI) .
--------------------------------------------------------------------------------
Update Information:
Resolve FTBFS
Resolves: rhbz#2352149
Adopt trivy for license detection to be consistent with cri-
tools[1.29..1.32]
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 29 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 1.29.0-11
- Resolve FTBFS
- Resolves: rhbz#2352149
- Adopt trivy for license detection to be consistent with cri-
tools[1.29..1.32]
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2352149 - CVE-2025-22870 cri-tools1.29: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2352149
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-adae8279e3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: upx-5.0.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f050ec7d1b
2025-04-11 18:19:12.061671+00:00
--------------------------------------------------------------------------------
Name : upx
Product : Fedora 42
Version : 5.0.0
Release : 1.fc42
URL : https://github.com/upx/upx
Summary : Ultimate Packer for eXecutables
Description :
UPX is a free, portable, extendable, high-performance executable
packer for several different executable formats. It achieves an
excellent compression ratio and offers very fast decompression. Your
executables suffer no memory overhead or other drawbacks.
--------------------------------------------------------------------------------
Update Information:
5.0.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 20 2025 Gwyn Ciesla [gwync@protonmail.com] - 5.0.0-1
- 5.0.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2355649 - CVE-2025-2849 upx: UPX p_lx_elf.cpp un_DT_INIT heap-based overflow [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2355649
[ 2 ] Bug #2355650 - CVE-2025-2849 upx: UPX p_lx_elf.cpp un_DT_INIT heap-based overflow [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2355650
[ 3 ] Bug #2355651 - CVE-2025-2849 upx: UPX p_lx_elf.cpp un_DT_INIT heap-based overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2355651
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f050ec7d1b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: yarnpkg-1.22.22-7.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e73ea121f5
2025-04-11 18:19:12.061655+00:00
--------------------------------------------------------------------------------
Name : yarnpkg
Product : Fedora 42
Version : 1.22.22
Release : 7.fc42
URL : https://github.com/yarnpkg/yarn
Summary : Fast, reliable, and secure dependency management.
Description :
Fast, reliable, and secure dependency management.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2024-12905.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 28 2025 Sandro Mani [manisandro@gmail.com] - 1.22.22-7
- Fix CVE-2024-12905
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2355667 - CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2355667
[ 2 ] Bug #2355668 - CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2355668
[ 3 ] Bug #2355669 - CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2355669
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e73ea121f5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: condor-23.9.6-6.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a9c95401c0
2025-04-11 18:19:12.061638+00:00
--------------------------------------------------------------------------------
Name : condor
Product : Fedora 42
Version : 23.9.6
Release : 6.fc42
URL : http://htcondor.org
Summary : HTCondor: High Throughput Computing
Description :
HTCondor is a workload management system for high-throughput and
high-performance jobs. Like other full-featured batch systems, HTCondor
provides a job queuing mechanism, scheduling policy, priority scheme,
resource monitoring, and resource management. Users submit their
serial or parallel jobs to HTCondor, HTCondor places them into a queue,
chooses when and where to run the jobs based upon a policy, carefully
monitors their progress, and ultimately informs the user upon
completion.
--------------------------------------------------------------------------------
Update Information:
Address CVE-2025-30093 - rhbz#2355671
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 28 2025 Tim Theisen [ttheisen@fedoraproject.org] - 23.9.6-6
- Address CVE-2025-30093 - rhbz#2355671
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2355671 - CVE-2025-30093 condor: authenticated attackers can potentially bypass authorization restrictions [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2355671
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a9c95401c0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: corosync-3.1.9-3.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a350309ddb
2025-04-11 18:19:12.061352+00:00
--------------------------------------------------------------------------------
Name : corosync
Product : Fedora 42
Version : 3.1.9
Release : 3.fc42
URL : http://corosync.github.io/corosync/
Summary : The Corosync Cluster Engine and Application Programming Interfaces
Description :
This package contains the Corosync Cluster Engine Executive, several default
APIs and libraries, default configuration files, and an init script.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2025-30472
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 26 2025 Jan Friesse [jfriesse@redhat.com] - 3.1.9-3
- totemsrp: Check size of orf_token msg
(fixes CVE-2025-30472)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a350309ddb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: nextcloud-31.0.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-381c988800
2025-04-11 18:19:12.061301+00:00
--------------------------------------------------------------------------------
Name : nextcloud
Product : Fedora 42
Version : 31.0.2
Release : 1.fc42
URL : http://nextcloud.com
Summary : Private file sync and share server
Description :
NextCloud gives you universal access to your files through a web interface or
WebDAV. It also provides a platform to easily view & sync your contacts,
calendars and bookmarks across all your devices and enables basic editing right
on the web. NextCloud is extendable via a simple but powerful API for
applications and plugins.
--------------------------------------------------------------------------------
Update Information:
31.0.2 release RHBZ#2345769 RHBZ#2345775 RHBZ#2350414
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 25 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 31.0.2-1
- 31.0.2 release RHBZ#2345769 RHBZ#2345775 RHBZ#2350414
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2345769 - CVE-2025-26791 nextcloud: Mutation XSS in DOMPurify Due to Improper Template Literal Handling [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2345769
[ 2 ] Bug #2345775 - CVE-2025-26791 nextcloud: Mutation XSS in DOMPurify Due to Improper Template Literal Handling [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2345775
[ 3 ] Bug #2350414 - nextcloud-31.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2350414
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-381c988800' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: suricata-7.0.10-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a9e7d63dc7
2025-04-11 18:19:12.061306+00:00
--------------------------------------------------------------------------------
Name : suricata
Product : Fedora 42
Version : 7.0.10
Release : 1.fc42
URL : https://suricata-ids.org/
Summary : Intrusion Detection System
Description :
The Suricata Engine is an Open Source Next Generation Intrusion
Detection and Prevention Engine. This engine is not intended to
just replace or emulate the existing tools in the industry, but
will bring new ideas and technologies to the field. This new Engine
supports Multi-threading, Automatic Protocol Detection (IP, TCP,
UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP
Matching, and GeoIP identification.
--------------------------------------------------------------------------------
Update Information:
This is an extra release to address a critical issue in 7.0.9 affecting
AF_PACKET users: setting a BPF would cause Suricata to fail to start up. This
has been fixed.
Various security, performance, accuracy, and stability issues have been fixed.
LibHTP has been updated to version 0.5.50 which is bundled with this new
release. This fixes:
CVE-2025-29915: HIGH
CVE-2025-29917: HIGH
CVE-2025-29918: HIGH
CVE-2025-29916: Moderate
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 25 2025 Steve Grubb [sgrubb@redhat.com] 7.0.10-1
- New bugfix release
* Tue Mar 18 2025 Steve Grubb [sgrubb@redhat.com] 7.0.9-1
- New security and bugfix release
* Tue Feb 11 2025 Zbigniew J??drzejewski-Szmek [zbyszek@in.waw.pl] - 7.0.8-3
- Add sysusers.d config file to allow rpm to create users/groups automatically
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a9e7d63dc7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: varnish-7.6.1-5.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b7f0c55e00
2025-04-11 18:19:12.061289+00:00
--------------------------------------------------------------------------------
Name : varnish
Product : Fedora 42
Version : 7.6.1
Release : 5.fc42
URL : https://www.varnish-cache.org/
Summary : High-performance HTTP accelerator
Description :
This is Varnish Cache, a high-performance HTTP accelerator.
Varnish Cache stores web pages in memory so web servers don???t have to
create the same web page over and over again. Varnish Cache serves
pages much faster than any application server; giving the website a
significant speed up.
Documentation wiki and additional information about Varnish Cache is
available on: https://www.varnish-cache.org/
--------------------------------------------------------------------------------
Update Information:
Security: This update includes fix for VSV00015 aka CVE-2025-30346. Upstream
considers this a low risk problem. For details, refer to https://varnish-
cache.org/security/VSV00015.html.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 24 2025 Ingvar Hagelund - 7.6.1-5
- Added fix prohibiting build on s390x
* Mon Mar 24 2025 Ingvar Hagelund - 7.6.1-4
- Added security patch VSV00015 aka CVE-2025-30346, rhbz#2354008
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 7.6.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2354008 - CVE-2025-30346 varnish: Client-Side Desynchronization in Varnish Cache
https://bugzilla.redhat.com/show_bug.cgi?id=2354008
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b7f0c55e00' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
