Fedora 41 Update: firefox-143.0.3-1.fc41
Fedora 41 Update: sqlite-3.46.1-5.fc41
Fedora 41 Update: freeipa-4.12.5-2.1.fc41
Fedora 41 Update: ffmpeg-7.1.2-1.fc41
Fedora 41 Update: uv-0.8.11-4.fc41
Fedora 41 Update: rust-astral-tokio-tar-0.5.5-1.fc41
Fedora 42 Update: freeipa-4.12.5-2.fc42
Fedora 42 Update: rust-astral-tokio-tar-0.5.5-1.fc42
Fedora 42 Update: uv-0.8.11-4.fc42
Fedora 43 Update: uv-0.8.11-4.fc43
Fedora 43 Update: rust-astral-tokio-tar-0.5.5-1.fc43
Fedora 43 Update: freeipa-4.12.5-2.fc43
Fedora 43 Update: xen-4.20.1-6.fc43
Fedora 43 Update: webkitgtk-2.50.0-2.fc43
Fedora 43 Update: python-pip-25.1.1-18.fc43
[SECURITY] Fedora 41 Update: firefox-143.0.3-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b18c05fecd
2025-10-03 01:16:27.010949+00:00
--------------------------------------------------------------------------------
Name : firefox
Product : Fedora 41
Version : 143.0.3
Release : 1.fc41
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
--------------------------------------------------------------------------------
Update Information:
New upstream release (143.0.3)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Martin Stransky [stransky@redhat.com] - 143.0.3-1
- Updated to 143.0.3
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b18c05fecd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: sqlite-3.46.1-5.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-39461417a6
2025-10-03 01:16:27.010931+00:00
--------------------------------------------------------------------------------
Name : sqlite
Product : Fedora 41
Version : 3.46.1
Release : 5.fc41
URL : http://www.sqlite.org/
Summary : Library that implements an embeddable SQL database engine
Description :
SQLite is a C library that implements an SQL database engine. A large
subset of SQL92 is supported. A complete database is stored in a
single disk file. The API is designed for convenience and ease of use.
Applications that link against SQLite can enjoy the power and
flexibility of an SQL database without the administrative hassles of
supporting a separate database server. Version 2 and version 3 binaries
are named to permit each to be installed on a single host
SQLite is built with some non-default settings:
- Additional APIs for table's and query's metadata are enabled
(SQLITE_ENABLE_COLUMN_METADATA)
- Directory syncs are disabled (SQLITE_DISABLE_DIRSYNC)
- `secure_delete` defaults to 'on', so deleted content is overwritten
with zeros (SQLITE_SECURE_DELETE)
- `sqlite3_unlock_notify()` is enabled - this feature allows to register a
callback that's invoked when lock is removed (SQLITE_ENABLE_UNLOCK_NOTIFY)
- `dbstat` virtual table with disk space usage is enabled
- `dbpage` virtual table providing direct access to underlying database file
is enabled (SQLITE_ENABLE_DBPAGE_VTAB)
- Threadsafe mode is set to 1 - Serialized, so it is safe to use in a
multithreaded environment (SQLITE_THREADSAFE=1)
- FTS3, FTS4 and FTS5 are enabled so versions 3 to 5 of the full-text search
engine are available (SQLITE_ENABLE_FTS3, SQLITE_ENABLE_FTS4,
SQLITE_ENABLE_FTS5)
- Pattern parser in FTS3 extension supports nested parenthesis and operators
`AND`, `OR` (SQLITE_ENABLE_FTS3_PARENTHESIS)
- R*Tree index extension is enabled (SQLITE_ENABLE_RTREE)
- Extension loading is enabled
- Sessions (sqlite-session feature) is enabled
- Preupdate hook is enabled
It is also important to note that shell has some extensions as its dependencies,
so some extensions are enabled by default in SQLite shell, but not in the system
libraries. Only the aforementioned extensions are available in the libraries:
FTS3, FTS4, FTS5, R*Tree
--------------------------------------------------------------------------------
Update Information:
cve fixes
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 26 2025 Ales Nezbeda [anezbeda@redhat.com] - 3.45.1-5
- Rebuild
* Fri Sep 26 2025 Ales Nezbeda [anezbeda@redhat.com] - 3.45.1-4
- Fix for CVE-2025-6965
- Resolves: BZ#2380236
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2359648 - CVE-2025-3277 sqlite: integer overflow in SQLite [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2359648
[ 2 ] Bug #2380236 - CVE-2025-6965 sqlite: Integer Truncation in SQLite [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2380236
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-39461417a6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: freeipa-4.12.5-2.1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1a3968c333
2025-10-03 01:16:27.010944+00:00
--------------------------------------------------------------------------------
Name : freeipa
Product : Fedora 41
Version : 4.12.5
Release : 2.1.fc41
URL : http://www.freeipa.org/
Summary : The Identity, Policy and Audit system
Description :
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
--------------------------------------------------------------------------------
Update Information:
CVE-2025-7493: host to admin escalation prevention:
https://www.freeipa.org/release-notes/4-12-5.html
Update FreeIPA to latest fixes from ipa-4-12 branch
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Alexander Bokovoy [abokovoy@redhat.com] - 4.12.5-3
- Do not provide encrypted DNS features in Fedora 41, it is not supported
* Tue Sep 30 2025 Alexander Bokovoy [abokovoy@redhat.com] - 4.12.5-2
- Update minor version metadata to alow IPA data upgrade
* Tue Sep 30 2025 Alexander Bokovoy [abokovoy@redhat.com] - 4.12.5-1
- CVE-2025-7493: host to admin escalation prevention
* Tue Sep 23 2025 Alexander Bokovoy [abokovoy@redhat.com] - 4.12.2-15
- Update fixes from ipa-4-12 branch
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1a3968c333' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: ffmpeg-7.1.2-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-48dc56cf48
2025-10-03 01:16:27.010936+00:00
--------------------------------------------------------------------------------
Name : ffmpeg
Product : Fedora 41
Version : 7.1.2
Release : 1.fc41
URL : https://ffmpeg.org/
Summary : A complete solution to record, convert and stream audio and video
Description :
FFmpeg is a leading multimedia framework, able to decode, encode, transcode,
mux, demux, stream, filter and play pretty much anything that humans and
machines have created. It supports the most obscure ancient formats up to the
cutting edge. No matter if they were designed by some standards committee, the
community or a corporation.
This build of ffmpeg is limited in the number of codecs supported.
--------------------------------------------------------------------------------
Update Information:
Update to 7.1.2.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 24 2025 Simone Caronni [negativo17@gmail.com] - 7.1.2-1
- Update to 7.1.2.
- Enable VANC processing for SDI.
- Explicitly list all implicitly enabled/disabled options.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2346103 - CVE-2025-1373 ffmpeg: FFmpeg MOV Parser mov.c mov_read_trak null pointer dereference [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2346103
[ 2 ] Bug #2346574 - CVE-2025-22919 ffmpeg: FFmpeg AAC File Denial of Service [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2346574
[ 3 ] Bug #2346583 - CVE-2025-25473 ffmpeg: NULL Pointer Dereference in FFmpeg [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2346583
[ 4 ] Bug #2346591 - CVE-2025-25469 ffmpeg: Memory Leak in libavutil/iamf.c in FFmpeg [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2346591
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-48dc56cf48' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: uv-0.8.11-4.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-414364f69d
2025-10-03 01:16:27.010906+00:00
--------------------------------------------------------------------------------
Name : uv
Product : Fedora 41
Version : 0.8.11
Release : 4.fc41
URL : https://github.com/astral-sh/uv
Summary : An extremely fast Python package installer and resolver, written in Rust
Description :
An extremely fast Python package installer and resolver, written in Rust.
Designed as a drop-in replacement for common pip and pip-tools workflows.
Highlights:
??? ?????? Drop-in replacement for common pip, pip-tools, and virtualenv commands.
??? ?????? 10-100x faster than pip and pip-tools (pip-compile and pip-sync).
??? ???? Disk-space efficient, with a global cache for dependency deduplication.
??? ???? Installable via curl, pip, pipx, etc. uv is a static binary that can be
installed without Rust or Python.
??? ???? Tested at-scale against the top 10,000 PyPI packages.
??? ??????? Support for macOS, Linux, and Windows.
??? ???? Advanced features such as dependency version overrides and alternative
resolution strategies.
??? ?????? Best-in-class error messages with a conflict-tracking resolver.
??? ???? Support for a wide range of advanced pip features, including editable
installs, Git dependencies, direct URL dependencies, local dependencies,
constraints, source distributions, HTML and JSON indexes, and more.
--------------------------------------------------------------------------------
Update Information:
Security update for path traversal CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.11-4
- Rebuilt with astral-tokio-tar version 0.5.5
- Security fix for path traversal CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv
* Fri Sep 19 2025 Python Maint - 0.8.11-3
- Rebuilt for Python 3.14.0rc3 bytecode
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2397717 - CVE-2025-59825 uv: astral-tokio-tar path traversal [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2397717
[ 2 ] Bug #2397721 - CVE-2025-59825 rust-astral-tokio-tar: astral-tokio-tar path traversal [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2397721
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-414364f69d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: rust-astral-tokio-tar-0.5.5-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-414364f69d
2025-10-03 01:16:27.010906+00:00
--------------------------------------------------------------------------------
Name : rust-astral-tokio-tar
Product : Fedora 41
Version : 0.5.5
Release : 1.fc41
URL : https://crates.io/crates/astral-tokio-tar
Summary : Rust implementation of an async TAR file reader and writer
Description :
A Rust implementation of an async TAR file reader and writer. This
library does not currently handle compression, but it is abstract over
all I/O readers and writers. Additionally, great lengths are taken to
ensure that the entire contents are never required to be entirely
resident in memory all at once.
--------------------------------------------------------------------------------
Update Information:
Security update for path traversal CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.5.5-1
- Update to version 0.5.5; fixes RHBZ#2397644
- Security fix for CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2397717 - CVE-2025-59825 uv: astral-tokio-tar path traversal [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2397717
[ 2 ] Bug #2397721 - CVE-2025-59825 rust-astral-tokio-tar: astral-tokio-tar path traversal [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2397721
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-414364f69d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: freeipa-4.12.5-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e41ba62ff1
2025-10-03 00:52:22.552541+00:00
--------------------------------------------------------------------------------
Name : freeipa
Product : Fedora 42
Version : 4.12.5
Release : 2.fc42
URL : http://www.freeipa.org/
Summary : The Identity, Policy and Audit system
Description :
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
--------------------------------------------------------------------------------
Update Information:
CVE-2025-7493: host to admin escalation prevention:
https://www.freeipa.org/release-notes/4-12-5.html
Update FreeIPA to latest fixes from ipa-4-12 branch
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Alexander Bokovoy [abokovoy@redhat.com] - 4.12.5-2
- Update minor version metadata to alow IPA data upgrade
* Tue Sep 30 2025 Alexander Bokovoy [abokovoy@redhat.com] - 4.12.5-1
- CVE-2025-7493: host to admin escalation prevention
* Tue Sep 23 2025 Alexander Bokovoy [abokovoy@redhat.com] - 4.12.2-15
- Update fixes from ipa-4-12 branch
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e41ba62ff1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-astral-tokio-tar-0.5.5-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5e50082948
2025-10-03 00:52:22.552498+00:00
--------------------------------------------------------------------------------
Name : rust-astral-tokio-tar
Product : Fedora 42
Version : 0.5.5
Release : 1.fc42
URL : https://crates.io/crates/astral-tokio-tar
Summary : Rust implementation of an async TAR file reader and writer
Description :
A Rust implementation of an async TAR file reader and writer. This
library does not currently handle compression, but it is abstract over
all I/O readers and writers. Additionally, great lengths are taken to
ensure that the entire contents are never required to be entirely
resident in memory all at once.
--------------------------------------------------------------------------------
Update Information:
Security update for path traversal CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.5.5-1
- Update to version 0.5.5; fixes RHBZ#2397644
- Security fix for CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2397719 - CVE-2025-59825 rust-astral-tokio-tar: astral-tokio-tar path traversal [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2397719
[ 2 ] Bug #2397720 - CVE-2025-59825 uv: astral-tokio-tar path traversal [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2397720
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5e50082948' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: uv-0.8.11-4.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5e50082948
2025-10-03 00:52:22.552498+00:00
--------------------------------------------------------------------------------
Name : uv
Product : Fedora 42
Version : 0.8.11
Release : 4.fc42
URL : https://github.com/astral-sh/uv
Summary : An extremely fast Python package installer and resolver, written in Rust
Description :
An extremely fast Python package installer and resolver, written in Rust.
Designed as a drop-in replacement for common pip and pip-tools workflows.
Highlights:
??? ?????? Drop-in replacement for common pip, pip-tools, and virtualenv commands.
??? ?????? 10-100x faster than pip and pip-tools (pip-compile and pip-sync).
??? ???? Disk-space efficient, with a global cache for dependency deduplication.
??? ???? Installable via curl, pip, pipx, etc. uv is a static binary that can be
installed without Rust or Python.
??? ???? Tested at-scale against the top 10,000 PyPI packages.
??? ??????? Support for macOS, Linux, and Windows.
??? ???? Advanced features such as dependency version overrides and alternative
resolution strategies.
??? ?????? Best-in-class error messages with a conflict-tracking resolver.
??? ???? Support for a wide range of advanced pip features, including editable
installs, Git dependencies, direct URL dependencies, local dependencies,
constraints, source distributions, HTML and JSON indexes, and more.
--------------------------------------------------------------------------------
Update Information:
Security update for path traversal CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.11-4
- Rebuilt with astral-tokio-tar version 0.5.5
- Security fix for path traversal CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv
* Fri Sep 19 2025 Python Maint - 0.8.11-3
- Rebuilt for Python 3.14.0rc3 bytecode
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2397719 - CVE-2025-59825 rust-astral-tokio-tar: astral-tokio-tar path traversal [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2397719
[ 2 ] Bug #2397720 - CVE-2025-59825 uv: astral-tokio-tar path traversal [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2397720
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5e50082948' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: uv-0.8.11-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b3cc3be834
2025-10-03 00:14:50.085827+00:00
--------------------------------------------------------------------------------
Name : uv
Product : Fedora 43
Version : 0.8.11
Release : 4.fc43
URL : https://github.com/astral-sh/uv
Summary : An extremely fast Python package installer and resolver, written in Rust
Description :
An extremely fast Python package installer and resolver, written in Rust.
Designed as a drop-in replacement for common pip and pip-tools workflows.
Highlights:
??? ?????? Drop-in replacement for common pip, pip-tools, and virtualenv commands.
??? ?????? 10-100x faster than pip and pip-tools (pip-compile and pip-sync).
??? ???? Disk-space efficient, with a global cache for dependency deduplication.
??? ???? Installable via curl, pip, pipx, etc. uv is a static binary that can be
installed without Rust or Python.
??? ???? Tested at-scale against the top 10,000 PyPI packages.
??? ??????? Support for macOS, Linux, and Windows.
??? ???? Advanced features such as dependency version overrides and alternative
resolution strategies.
??? ?????? Best-in-class error messages with a conflict-tracking resolver.
??? ???? Support for a wide range of advanced pip features, including editable
installs, Git dependencies, direct URL dependencies, local dependencies,
constraints, source distributions, HTML and JSON indexes, and more.
--------------------------------------------------------------------------------
Update Information:
Security update for path traversal CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv.
Rebuilt for Python 3.14.0rc3 bytecode change
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.11-4
- Rebuilt with astral-tokio-tar version 0.5.5
- Security fix for path traversal CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv
* Fri Sep 19 2025 Python Maint - 0.8.11-3
- Rebuilt for Python 3.14.0rc3 bytecode
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b3cc3be834' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: rust-astral-tokio-tar-0.5.5-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b3cc3be834
2025-10-03 00:14:50.085827+00:00
--------------------------------------------------------------------------------
Name : rust-astral-tokio-tar
Product : Fedora 43
Version : 0.5.5
Release : 1.fc43
URL : https://crates.io/crates/astral-tokio-tar
Summary : Rust implementation of an async TAR file reader and writer
Description :
A Rust implementation of an async TAR file reader and writer. This
library does not currently handle compression, but it is abstract over
all I/O readers and writers. Additionally, great lengths are taken to
ensure that the entire contents are never required to be entirely
resident in memory all at once.
--------------------------------------------------------------------------------
Update Information:
Security update for path traversal CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv.
Rebuilt for Python 3.14.0rc3 bytecode change
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.5.5-1
- Update to version 0.5.5; fixes RHBZ#2397644
- Security fix for CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b3cc3be834' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: freeipa-4.12.5-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-54a485ee85
2025-10-03 00:14:50.085806+00:00
--------------------------------------------------------------------------------
Name : freeipa
Product : Fedora 43
Version : 4.12.5
Release : 2.fc43
URL : http://www.freeipa.org/
Summary : The Identity, Policy and Audit system
Description :
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
--------------------------------------------------------------------------------
Update Information:
CVE-2025-7493: host to admin escalation prevention:
https://www.freeipa.org/release-notes/4-12-5.html
Rebuild for Python 3.14.0rc3
Update FreeIPA to latest fixes from ipa-4-12 branch
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Alexander Bokovoy [abokovoy@redhat.com] - 4.12.5-2
- Update minor version metadata to alow IPA data upgrade
* Tue Sep 30 2025 Alexander Bokovoy [abokovoy@redhat.com] - 4.12.5-1
- CVE-2025-7493: host to admin escalation prevention
* Tue Sep 23 2025 Alexander Bokovoy [abokovoy@redhat.com] - 4.12.2-19
- Rebuild for Python 3.14.0rc3
- Resolves: rhbz#2396699
- Update fixes from ipa-4-12 branch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2396699 - freeipa: Please rebuild in Fedora 43
https://bugzilla.redhat.com/show_bug.cgi?id=2396699
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-54a485ee85' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: xen-4.20.1-6.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-873ad6df70
2025-10-03 00:14:50.085799+00:00
--------------------------------------------------------------------------------
Name : xen
Product : Fedora 43
Version : 4.20.1
Release : 6.fc43
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor
--------------------------------------------------------------------------------
Update Information:
Rebuilt for Python 3.14.0rc3 bytecode
Mutiple vulnerabilities in the Viridian interface [XSA-472,
CVE-2025-27466, CVE-2025-58142, CVE-2025-58143]
Arm issues with page refcounting [XSA-473, CVE-2025-58144,
CVE-2025-58145]
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 19 2025 Python Maint - 4.20.1-6
- Rebuilt for Python 3.14.0rc3 bytecode
* Wed Sep 10 2025 Michael Young [m.a.young@durham.ac.uk] - 4.20.1-5
- Mutiple vulnerabilities in the Viridian interface [XSA-472,
CVE-2025-27466, CVE-2025-58142, CVE-2025-58143]
- Arm issues with page refcounting [XSA-473, CVE-2025-58144,
CVE-2025-58145]
* Tue Sep 2 2025 Michael Young [m.a.young@durham.ac.uk] - 4.20.1-4
- tools/xl: don't crash on NULL command line
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2397373 - xen: Please build in Fedora 43
https://bugzilla.redhat.com/show_bug.cgi?id=2397373
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-873ad6df70' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: webkitgtk-2.50.0-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-793513dcf7
2025-10-03 00:14:50.085786+00:00
--------------------------------------------------------------------------------
Name : webkitgtk
Product : Fedora 43
Version : 2.50.0
Release : 2.fc43
URL : https://www.webkitgtk.org/
Summary : GTK web content engine library
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform.
--------------------------------------------------------------------------------
Update Information:
Update to 2.50.0:
Improved rendering performance by recording each layer once and replaying every
dirty region in different worker threads.
Enable damage propagation to the UI process by default.
CSS property font-variant-emoji is now enabled by default.
Font synthesis properties (bold/italic) are now properly handled.
Ensure web view is focused on tap gesture.
Added new API to get the theme color of a WebKitWebView.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 18 2025 Michael Catanzaro [mcatanzaro@redhat.com] - 2.50.0-2
- Fix build on i686
* Wed Sep 17 2025 Michael Catanzaro [mcatanzaro@redhat.com] - 2.50.0-1
- Update to 2.50.0
* Tue Sep 2 2025 Michael Catanzaro [mcatanzaro@redhat.com] - 2.49.90-1
- Update to 2.49.90
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-793513dcf7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: python-pip-25.1.1-18.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b108c70b29
2025-10-03 00:14:50.085493+00:00
--------------------------------------------------------------------------------
Name : python-pip
Product : Fedora 43
Version : 25.1.1
Release : 18.fc43
URL : https://pip.pypa.io/
Summary : A tool for installing and managing Python packages
Description :
pip is a package management system used to install and manage software packages
written in Python. Many packages can be found in the Python Package Index
(PyPI). pip is a recursive acronym that can stand for either "Pip Installs
Packages" or "Pip Installs Python".
--------------------------------------------------------------------------------
Update Information:
Security fix for the bundled urllib3 for CVE-2025-50181, rc3 bytecode rebuild.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 19 2025 Python Maint - 25.1.1-18
- Rebuilt for Python 3.14.0rc3 bytecode
* Wed Sep 10 2025 Miro Hron??ok [miro@hroncok.cz] - 25.1.1-17
- Security fix for the bundled urllib3 for CVE-2025-50181
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2396824 - python-pip: Please rebuild in Fedora 43
https://bugzilla.redhat.com/show_bug.cgi?id=2396824
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b108c70b29' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
