Guacamole-server, MinGW-GDK-Pixbuf, Darktable, Yarnpkg updates for Fedora

Fedora Linux 9014 Published by

Fedora Linux has been updated with multiple security enhancements, including guacamole-server, mingw-gdk-pixbuf, darktable, yarnpkg, and mingw-gdk-pixbuf:

Fedora 41 Update: guacamole-server-1.6.0-1.fc41
Fedora 41 Update: mingw-gdk-pixbuf-2.42.12-4.fc41
Fedora 42 Update: darktable-5.2.0-1.fc42
Fedora 42 Update: guacamole-server-1.6.0-1.fc42
Fedora 42 Update: mingw-gdk-pixbuf-2.42.12-4.fc42
Fedora 42 Update: yarnpkg-1.22.22-9.fc42




[SECURITY] Fedora 41 Update: guacamole-server-1.6.0-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c597fcda32
2025-07-04 01:07:02.316591+00:00
--------------------------------------------------------------------------------

Name : guacamole-server
Product : Fedora 41
Version : 1.6.0
Release : 1.fc41
URL : https://guacamole.apache.org/
Summary : Server-side native components that form the Guacamole proxy
Description :
Guacamole is an HTML5 remote desktop gateway.

Guacamole provides access to desktop environments using remote desktop protocols
like VNC and RDP. A centralized server acts as a tunnel and proxy, allowing
access to multiple desktops through a web browser.

No browser plugins are needed, and no client software needs to be installed. The
client requires nothing more than a web browser supporting HTML5 and AJAX.

The main web application is provided by the "guacamole-client" package.

--------------------------------------------------------------------------------
Update Information:

Apache Guacamole 1.6.0
User interface / platform
Add the ability to specify separate permissions for ???History??? and ???Active
sessions??? tabs (GUACAMOLE-538)
Support batch import of connections from CSV (GUACAMOLE-926)
Add parameter token for connection name (GUACAMOLE-1177)
Provide audit log for system modifications (GUACAMOLE-1224)
Configurable username case sensitivity (GUACAMOLE-1239)
Provide chunked file upload mechanism (GUACAMOLE-1320)
Display whether user groups are disabled in group list (GUACAMOLE-1479)
Support for true fullscreen mode and keyboard lock (GUACAMOLE-1525)
Allow branding/customization of the section headers on the user home page
(GUACAMOLE-1584)
Add support for specifying VNC ???encodings??? parameter in webapp UI
(GUACAMOLE-1642)
Automatically clear view if session expires in background (GUACAMOLE-1744)
Base64 encoding of image/binary data results in excessive syscalls that can
degrade performance (GUACAMOLE-1776)
Update session recording playback progress during large frame gaps
(GUACAMOLE-1803)
Enable viewing / searching of key events in session recording playback
(GUACAMOLE-1820)
Improvements to the ???Recent connections??? section (GUACAMOLE-1866)
History Recording Player should indicate points of interest (GUACAMOLE-1876)
Enhance client custom field functionality (GUACAMOLE-1904)
Provide notification, jump-to-top of page for a clone operation (GUACAMOLE-1916)
Bug: Logging of request details fails with recent Tomcat (GUACAMOLE-2052)
Authentication, integration, and storage
Ensure GUAC_DATE/GUAC_TIME tokens match connection startDate (GUACAMOLE-61)
Add Proxy Hostname and Port to LDAP Extension (GUACAMOLE-577)
Add webapp support for smart card authentication (GUACAMOLE-839)
Enforce rate limit on authentication attempts (GUACAMOLE-990)
Broadly configurable time limits for user logins and connection usage
(GUACAMOLE-1020)
Randomize generation of TOTP key until enrollment is confirmed (GUACAMOLE-1068)
Allow TOTP to be disabled by group membership (GUACAMOLE-1219)
Update guacamole-auth-duo to ???Duo Web v4 SDK??? (GUACAMOLE-1289)
SAML module should be able to encrypt and sign requests (GUACAMOLE-1372)
Allow LDAP extension to configure TLS level (GUACAMOLE-1488)
Clarify TOTP reset/status logic (GUACAMOLE-1550)
Allow JDBC Auth Extensions to track history for external connections
(GUACAMOLE-1616)
Allow extraction of ???domain??? token from vault extensions (GUACAMOLE-1623)
Enable more granular vault associations (GUACAMOLE-1629)
Allow use of KSM one-time tokens in guacamole-vault-ksm extension
(GUACAMOLE-1643)
Allow per-user KSM Vault configurations (GUACAMOLE-1656)
KSM vault extension should allow searching records by domain (GUACAMOLE-1661)
Allow user to configure Keeper Secrets Manager call frequency (GUACAMOLE-1722)
Enforce user access windows even when already logged in (GUACAMOLE-1723)
Add SSO providers list to UI at most once (GUACAMOLE-1757)
Allow TOTP and SAML auth to be used together (GUACAMOLE-1780)
Bug: KSM Vault extension doesn???t support private key from ???PAM User??? record type
(GUACAMOLE-1795)
Map JWT claims from OpenID Connect as parameter tokens (GUACAMOLE-1844)
Allow MFA to be bypassed or enforced based on client IP (GUACAMOLE-1855)
Add parameter token for domain of LDAP user (GUACAMOLE-1881)
Disable autofill on TOTP verification code field (GUACAMOLE-1946)
Provide a comprehensive error message for input exceeding database column
(GUACAMOLE-1948)
Protocol support / guacd
Allow selection of whole words by double-clicking (GUACAMOLE-192)
Improve efficiency of streaming complex/large changes (Graphics Pipeline
Extension, RemoteFX) (GUACAMOLE-377)
Allow specifying connection timeout (GUACAMOLE-600)
Add support for FreeRDP 3.0.0 (GUACAMOLE-1026)
Bug: Connecting to unpublished RemoteApp results in black screen
(GUACAMOLE-1084)
Bug: Add support for right modifier keys to SSH/Telnet (GUACAMOLE-1113)
Add auto resize to VNC sessions (GUACAMOLE-1196)
RemoteApp windows become inaccessible after being minimized (GUACAMOLE-1231)
Bug: Lines of file gets broken when navigating back and forth using a text
editor (GUACAMOLE-1256)
Add option to the vnc protocol to disable remote input (GUACAMOLE-1267)
Add support for SSH certificates (GUACAMOLE-1290)
Add parameter for specifying known RDP server certificate/fingerprint
(GUACAMOLE-1332)
Bug: ???AltGr??? received as ???Alt??? if remote keyboard layout lacks ???AltGr???
(GUACAMOLE-1473)
Bug: Terminal emulator adds newlines when copying a wrapped line of text
(GUACAMOLE-1586)
Add small margins to SSH sessions (GUACAMOLE-1622)
Bug: Text copied from terminal emulator may incorrectly omit indentation
(GUACAMOLE-1632)
Add terminal support for alternate screen buffer (GUACAMOLE-1633)
Bug: SFTP+VNC broken when built with OpenSSL versions >= 1.1.0 (GUACAMOLE-1652)
Clipboard normalization support for SSH connections (GUACAMOLE-1682)
Test machine availability when sending Wake-on-LAN packet (GUACAMOLE-1686)
Bug: Japanese characters display garbled in terminal when using guacd docker
image (GUACAMOLE-1726)
Add parameters for VNC compression and quality levels (GUACAMOLE-1760)
Terminal protocols should support mac-style cmd+v paste shortcut
(GUACAMOLE-1804)
Ignore Ctrl+Shift+C within terminal emulator (GUACAMOLE-1805)
Allow writing recordings to existing files (GUACAMOLE-1931)
Bug: RDP connection fails when microphone input is enabled (GUACAMOLE-1940)
Bug: Selected text in SSH is offset from cursor position (GUACAMOLE-1944)
Bug: Multiple wheel events per mouse wheel tick (GUACAMOLE-1967)
Bug: FreeRDP may invoke EndPaint without BeginPaint as of 3.8.0 (GUACAMOLE-1997)
Internationalization
Bug: Japanese keyboard layout for RDP incorrect (GUACAMOLE-520)
Add support for Canadian french keyboard layout (GUACAMOLE-1312)
Update French translations (GUACAMOLE-1611)
Fix some typos in italian translation and improve it (GUACAMOLE-1612)
Updated czech translation (GUACAMOLE-1664)
Updated german translation (GUACAMOLE-1692)
Add Czech keyboard layout (GUACAMOLE-1708)
Polish translation (GUACAMOLE-1730)
Updated czech translation (GUACAMOLE-1758)
Add Romanian keymap to RDP protocol (GUACAMOLE-1770)
Add Portuguese keymap to RDP protocol (GUACAMOLE-1771)
Update the Simplified Chinese translation (GUACAMOLE-1778)
Update the Simplified Chinese translation for totp auth extension
(GUACAMOLE-1781)
Updated czech translation (GUACAMOLE-1792)
Bug: Mac Firefox repeats composed characters (GUACAMOLE-1810)
Documentation
Add missing WEBAPP_CONTEXT variable in docker setup documentation
(GUACAMOLE-1680)
Document RemoteIPValve to cover IPv4 and IPv6 (GUACAMOLE-1861)
General housekeeping and cleanup
Provide GuacamoleProperty List Implementations (GUACAMOLE-1006)
Expose client state enum values (GUACAMOLE-1402)
Guacamole manual: Makefile: find uses non-POSIX arguments (GUACAMOLE-1501)
Bug: Phantomjs build issues on ubuntu 22.04 (GUACAMOLE-1614)
Remove usage of AccessController (GUACAMOLE-1716)
Bug: Correct autoconf issues that result in odd build results (GUACAMOLE-1719)
Stop storing unnecessary auth response data in local storage (GUACAMOLE-1721)
Bug: Projects outside scope of 1.5.0 fail to build following merge of version
number bump (GUACAMOLE-1731)
Bug: Projects outside scope of 1.5.1 fail to build following merge of version
number bump (GUACAMOLE-1767)
Bug: SQLSERVER_BATCH_SIZE defined twice in SQLServerGuacamoleProperties
(GUACAMOLE-1789)
Bug: Projects outside scope of 1.5.2 fail to build following merge of version
number bump (GUACAMOLE-1790)
Bug: Projects outside scope of 1.5.3 fail to build following merge of version
number bump (GUACAMOLE-1829)
Bug: Merge conflict markers left in guacamole-manual source (GUACAMOLE-1833)
KSM Vault extension should support new PAM Hostname field type (GUACAMOLE-1868)
Align libraries on ???Library status??? output (GUACAMOLE-1869)
Check return values of WebP API functions (GUACAMOLE-1875)
Bug: Projects outside scope of 1.5.4 fail to build following merge of version
number bump (GUACAMOLE-1887)
Bump versions for projects outside the 1.5.5 scope (GUACAMOLE-1915)
Add support for FFmpeg 7.0 (GUACAMOLE-1952)
Update dependencies to latest stable and compatible versions (GUACAMOLE-1956)
Bump versions to 1.6.0 (GUACAMOLE-1980)
Bug: Compile error in src/protocols/rdp/channels/rail.c (GUACAMOLE-1982)
Upgrade KSM SDK to latest (v16.6.5) (GUACAMOLE-1984)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 24 2025 Robert Scheck [robert@fedoraproject.org] - 1.6.0-1
- Update to 1.6.0 (#2363860, thanks to W. Michael Petullo)
- Add upstream patch for src/libguac/wol.c to fix inet_pton being
called with a destination buffer size too small (GUACAMOLE-2087)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2375882 - CVE-2024-35164 guacamole: Apache Guacamole improper input validation
https://bugzilla.redhat.com/show_bug.cgi?id=2375882
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c597fcda32' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 41 Update: mingw-gdk-pixbuf-2.42.12-4.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-be7e8114df
2025-07-04 01:07:02.316569+00:00
--------------------------------------------------------------------------------

Name : mingw-gdk-pixbuf
Product : Fedora 41
Version : 2.42.12
Release : 4.fc41
URL : http://www.gtk.org
Summary : MinGW Windows GDK Pixbuf library
Description :
MinGW Windows GDK Pixbuf library.

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2025-6199.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 24 2025 Sandro Mani [manisandro@gmail.com] - 2.42.12-4
- Backport fix for CVE-2025-6199
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2373156 - CVE-2025-6199 mingw-gdk-pixbuf: Uninitialized Memory Disclosure in GdkPixbuf GIF LZW Decoder [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2373156
[ 2 ] Bug #2373166 - CVE-2025-6199 mingw-gdk-pixbuf: Uninitialized Memory Disclosure in GdkPixbuf GIF LZW Decoder [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2373166
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-be7e8114df' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: darktable-5.2.0-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a2b4be7d9b
2025-07-04 00:49:39.484091+00:00
--------------------------------------------------------------------------------

Name : darktable
Product : Fedora 42
Version : 5.2.0
Release : 1.fc42
URL : http://www.darktable.org/
Summary : Utility to organize and develop raw images
Description :
darktable manages your camera raw files and images in a database, lets you
view them through lighttable mode and develop/enhance them in darkroom mode.

--------------------------------------------------------------------------------
Update Information:

5.2.0 release
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 22 2025 Germano Massullo [germano.massullo@thetra.eu] - 5.2.0-1
- 5.2.0 release
* Mon Apr 28 2025 Germano Massullo [germano.massullo@gmail.com] - 5.0.1-2
- rebuilt
- Updated description
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2361345 - CVE-2025-43963 darktable: out-of-buffer access [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361345
[ 2 ] Bug #2361363 - CVE-2025-43964 darktable: Improper Validation of Specified Quantity in Input in LibRaw [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361363
[ 3 ] Bug #2361381 - CVE-2025-43962 darktable: Out-of-Bounds Read in LibRaw's phase_one_correct Function [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361381
[ 4 ] Bug #2361408 - CVE-2025-43961 darktable: Out-of-Bounds Read in Fujifilm 0xf00c Tag Parser in LibRaw [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361408
[ 5 ] Bug #2362561 - undefined symbol error in rawdenoise module while running darktable-cltest
https://bugzilla.redhat.com/show_bug.cgi?id=2362561
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a2b4be7d9b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: guacamole-server-1.6.0-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-774aa2765e
2025-07-04 00:01:57.047548+00:00
--------------------------------------------------------------------------------

Name : guacamole-server
Product : Fedora 42
Version : 1.6.0
Release : 1.fc42
URL : https://guacamole.apache.org/
Summary : Server-side native components that form the Guacamole proxy
Description :
Guacamole is an HTML5 remote desktop gateway.

Guacamole provides access to desktop environments using remote desktop protocols
like VNC and RDP. A centralized server acts as a tunnel and proxy, allowing
access to multiple desktops through a web browser.

No browser plugins are needed, and no client software needs to be installed. The
client requires nothing more than a web browser supporting HTML5 and AJAX.

The main web application is provided by the "guacamole-client" package.

--------------------------------------------------------------------------------
Update Information:

Apache Guacamole 1.6.0
User interface / platform
Add the ability to specify separate permissions for ???History??? and ???Active
sessions??? tabs (GUACAMOLE-538)
Support batch import of connections from CSV (GUACAMOLE-926)
Add parameter token for connection name (GUACAMOLE-1177)
Provide audit log for system modifications (GUACAMOLE-1224)
Configurable username case sensitivity (GUACAMOLE-1239)
Provide chunked file upload mechanism (GUACAMOLE-1320)
Display whether user groups are disabled in group list (GUACAMOLE-1479)
Support for true fullscreen mode and keyboard lock (GUACAMOLE-1525)
Allow branding/customization of the section headers on the user home page
(GUACAMOLE-1584)
Add support for specifying VNC ???encodings??? parameter in webapp UI
(GUACAMOLE-1642)
Automatically clear view if session expires in background (GUACAMOLE-1744)
Base64 encoding of image/binary data results in excessive syscalls that can
degrade performance (GUACAMOLE-1776)
Update session recording playback progress during large frame gaps
(GUACAMOLE-1803)
Enable viewing / searching of key events in session recording playback
(GUACAMOLE-1820)
Improvements to the ???Recent connections??? section (GUACAMOLE-1866)
History Recording Player should indicate points of interest (GUACAMOLE-1876)
Enhance client custom field functionality (GUACAMOLE-1904)
Provide notification, jump-to-top of page for a clone operation (GUACAMOLE-1916)
Bug: Logging of request details fails with recent Tomcat (GUACAMOLE-2052)
Authentication, integration, and storage
Ensure GUAC_DATE/GUAC_TIME tokens match connection startDate (GUACAMOLE-61)
Add Proxy Hostname and Port to LDAP Extension (GUACAMOLE-577)
Add webapp support for smart card authentication (GUACAMOLE-839)
Enforce rate limit on authentication attempts (GUACAMOLE-990)
Broadly configurable time limits for user logins and connection usage
(GUACAMOLE-1020)
Randomize generation of TOTP key until enrollment is confirmed (GUACAMOLE-1068)
Allow TOTP to be disabled by group membership (GUACAMOLE-1219)
Update guacamole-auth-duo to ???Duo Web v4 SDK??? (GUACAMOLE-1289)
SAML module should be able to encrypt and sign requests (GUACAMOLE-1372)
Allow LDAP extension to configure TLS level (GUACAMOLE-1488)
Clarify TOTP reset/status logic (GUACAMOLE-1550)
Allow JDBC Auth Extensions to track history for external connections
(GUACAMOLE-1616)
Allow extraction of ???domain??? token from vault extensions (GUACAMOLE-1623)
Enable more granular vault associations (GUACAMOLE-1629)
Allow use of KSM one-time tokens in guacamole-vault-ksm extension
(GUACAMOLE-1643)
Allow per-user KSM Vault configurations (GUACAMOLE-1656)
KSM vault extension should allow searching records by domain (GUACAMOLE-1661)
Allow user to configure Keeper Secrets Manager call frequency (GUACAMOLE-1722)
Enforce user access windows even when already logged in (GUACAMOLE-1723)
Add SSO providers list to UI at most once (GUACAMOLE-1757)
Allow TOTP and SAML auth to be used together (GUACAMOLE-1780)
Bug: KSM Vault extension doesn???t support private key from ???PAM User??? record type
(GUACAMOLE-1795)
Map JWT claims from OpenID Connect as parameter tokens (GUACAMOLE-1844)
Allow MFA to be bypassed or enforced based on client IP (GUACAMOLE-1855)
Add parameter token for domain of LDAP user (GUACAMOLE-1881)
Disable autofill on TOTP verification code field (GUACAMOLE-1946)
Provide a comprehensive error message for input exceeding database column
(GUACAMOLE-1948)
Protocol support / guacd
Allow selection of whole words by double-clicking (GUACAMOLE-192)
Improve efficiency of streaming complex/large changes (Graphics Pipeline
Extension, RemoteFX) (GUACAMOLE-377)
Allow specifying connection timeout (GUACAMOLE-600)
Add support for FreeRDP 3.0.0 (GUACAMOLE-1026)
Bug: Connecting to unpublished RemoteApp results in black screen
(GUACAMOLE-1084)
Bug: Add support for right modifier keys to SSH/Telnet (GUACAMOLE-1113)
Add auto resize to VNC sessions (GUACAMOLE-1196)
RemoteApp windows become inaccessible after being minimized (GUACAMOLE-1231)
Bug: Lines of file gets broken when navigating back and forth using a text
editor (GUACAMOLE-1256)
Add option to the vnc protocol to disable remote input (GUACAMOLE-1267)
Add support for SSH certificates (GUACAMOLE-1290)
Add parameter for specifying known RDP server certificate/fingerprint
(GUACAMOLE-1332)
Bug: ???AltGr??? received as ???Alt??? if remote keyboard layout lacks ???AltGr???
(GUACAMOLE-1473)
Bug: Terminal emulator adds newlines when copying a wrapped line of text
(GUACAMOLE-1586)
Add small margins to SSH sessions (GUACAMOLE-1622)
Bug: Text copied from terminal emulator may incorrectly omit indentation
(GUACAMOLE-1632)
Add terminal support for alternate screen buffer (GUACAMOLE-1633)
Bug: SFTP+VNC broken when built with OpenSSL versions >= 1.1.0 (GUACAMOLE-1652)
Clipboard normalization support for SSH connections (GUACAMOLE-1682)
Test machine availability when sending Wake-on-LAN packet (GUACAMOLE-1686)
Bug: Japanese characters display garbled in terminal when using guacd docker
image (GUACAMOLE-1726)
Add parameters for VNC compression and quality levels (GUACAMOLE-1760)
Terminal protocols should support mac-style cmd+v paste shortcut
(GUACAMOLE-1804)
Ignore Ctrl+Shift+C within terminal emulator (GUACAMOLE-1805)
Allow writing recordings to existing files (GUACAMOLE-1931)
Bug: RDP connection fails when microphone input is enabled (GUACAMOLE-1940)
Bug: Selected text in SSH is offset from cursor position (GUACAMOLE-1944)
Bug: Multiple wheel events per mouse wheel tick (GUACAMOLE-1967)
Bug: FreeRDP may invoke EndPaint without BeginPaint as of 3.8.0 (GUACAMOLE-1997)
Internationalization
Bug: Japanese keyboard layout for RDP incorrect (GUACAMOLE-520)
Add support for Canadian french keyboard layout (GUACAMOLE-1312)
Update French translations (GUACAMOLE-1611)
Fix some typos in italian translation and improve it (GUACAMOLE-1612)
Updated czech translation (GUACAMOLE-1664)
Updated german translation (GUACAMOLE-1692)
Add Czech keyboard layout (GUACAMOLE-1708)
Polish translation (GUACAMOLE-1730)
Updated czech translation (GUACAMOLE-1758)
Add Romanian keymap to RDP protocol (GUACAMOLE-1770)
Add Portuguese keymap to RDP protocol (GUACAMOLE-1771)
Update the Simplified Chinese translation (GUACAMOLE-1778)
Update the Simplified Chinese translation for totp auth extension
(GUACAMOLE-1781)
Updated czech translation (GUACAMOLE-1792)
Bug: Mac Firefox repeats composed characters (GUACAMOLE-1810)
Documentation
Add missing WEBAPP_CONTEXT variable in docker setup documentation
(GUACAMOLE-1680)
Document RemoteIPValve to cover IPv4 and IPv6 (GUACAMOLE-1861)
General housekeeping and cleanup
Provide GuacamoleProperty List Implementations (GUACAMOLE-1006)
Expose client state enum values (GUACAMOLE-1402)
Guacamole manual: Makefile: find uses non-POSIX arguments (GUACAMOLE-1501)
Bug: Phantomjs build issues on ubuntu 22.04 (GUACAMOLE-1614)
Remove usage of AccessController (GUACAMOLE-1716)
Bug: Correct autoconf issues that result in odd build results (GUACAMOLE-1719)
Stop storing unnecessary auth response data in local storage (GUACAMOLE-1721)
Bug: Projects outside scope of 1.5.0 fail to build following merge of version
number bump (GUACAMOLE-1731)
Bug: Projects outside scope of 1.5.1 fail to build following merge of version
number bump (GUACAMOLE-1767)
Bug: SQLSERVER_BATCH_SIZE defined twice in SQLServerGuacamoleProperties
(GUACAMOLE-1789)
Bug: Projects outside scope of 1.5.2 fail to build following merge of version
number bump (GUACAMOLE-1790)
Bug: Projects outside scope of 1.5.3 fail to build following merge of version
number bump (GUACAMOLE-1829)
Bug: Merge conflict markers left in guacamole-manual source (GUACAMOLE-1833)
KSM Vault extension should support new PAM Hostname field type (GUACAMOLE-1868)
Align libraries on ???Library status??? output (GUACAMOLE-1869)
Check return values of WebP API functions (GUACAMOLE-1875)
Bug: Projects outside scope of 1.5.4 fail to build following merge of version
number bump (GUACAMOLE-1887)
Bump versions for projects outside the 1.5.5 scope (GUACAMOLE-1915)
Add support for FFmpeg 7.0 (GUACAMOLE-1952)
Update dependencies to latest stable and compatible versions (GUACAMOLE-1956)
Bump versions to 1.6.0 (GUACAMOLE-1980)
Bug: Compile error in src/protocols/rdp/channels/rail.c (GUACAMOLE-1982)
Upgrade KSM SDK to latest (v16.6.5) (GUACAMOLE-1984)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 24 2025 Robert Scheck [robert@fedoraproject.org] - 1.6.0-1
- Update to 1.6.0 (#2363860, thanks to W. Michael Petullo)
- Add upstream patch for src/libguac/wol.c to fix inet_pton being
called with a destination buffer size too small (GUACAMOLE-2087)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2375882 - CVE-2024-35164 guacamole: Apache Guacamole improper input validation
https://bugzilla.redhat.com/show_bug.cgi?id=2375882
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-774aa2765e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 42 Update: mingw-gdk-pixbuf-2.42.12-4.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f759399b58
2025-07-04 00:01:57.047518+00:00
--------------------------------------------------------------------------------

Name : mingw-gdk-pixbuf
Product : Fedora 42
Version : 2.42.12
Release : 4.fc42
URL : http://www.gtk.org
Summary : MinGW Windows GDK Pixbuf library
Description :
MinGW Windows GDK Pixbuf library.

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2025-6199.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 24 2025 Sandro Mani [manisandro@gmail.com] - 2.42.12-4
- Backport fix for CVE-2025-6199
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2373156 - CVE-2025-6199 mingw-gdk-pixbuf: Uninitialized Memory Disclosure in GdkPixbuf GIF LZW Decoder [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2373156
[ 2 ] Bug #2373166 - CVE-2025-6199 mingw-gdk-pixbuf: Uninitialized Memory Disclosure in GdkPixbuf GIF LZW Decoder [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2373166
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f759399b58' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: yarnpkg-1.22.22-9.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-96ff8c2897
2025-07-04 00:01:57.047516+00:00
--------------------------------------------------------------------------------

Name : yarnpkg
Product : Fedora 42
Version : 1.22.22
Release : 9.fc42
URL : https://github.com/yarnpkg/yarn
Summary : Fast, reliable, and secure dependency management.
Description :
Fast, reliable, and secure dependency management.

--------------------------------------------------------------------------------
Update Information:

Update bundled pbkdf2 library.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 24 2025 Sandro Mani [manisandro@gmail.com] - 1.22.22-9
- Add CVE-2025-6545_6547.prebundle.patch and regenerate bundle. Fixes CVE-2025-6545 and CVE-2025-6547.
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2374429 - CVE-2025-6547 yarnpkg: pbkdf2 silently returns static keys [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2374429
[ 2 ] Bug #2374433 - CVE-2025-6545 yarnpkg: pbkdf2 silently returns predictable key material [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2374433
[ 3 ] Bug #2374438 - CVE-2025-6547 yarnpkg: pbkdf2 silently returns static keys [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2374438
[ 4 ] Bug #2374443 - CVE-2025-6545 yarnpkg: pbkdf2 silently returns predictable key material [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2374443
[ 5 ] Bug #2374450 - CVE-2025-6547 yarnpkg: pbkdf2 silently returns static keys [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2374450
[ 6 ] Bug #2374455 - CVE-2025-6545 yarnpkg: pbkdf2 silently returns predictable key material [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2374455
[ 7 ] Bug #2374462 - CVE-2025-6547 yarnpkg: pbkdf2 silently returns static keys [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2374462
[ 8 ] Bug #2374465 - CVE-2025-6545 yarnpkg: pbkdf2 silently returns predictable key material [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2374465
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-96ff8c2897' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--


PowerColor ALPHYN AM10 Review and more

Cryostat security update for RHEL 9

Windows

Linux

macOS

Community

  • Artsyl
    ONTARIO, CANADA – April 23, 2025 – Artsyl Technologies, ...
  • Artsyl
    π˜–π˜―π˜΅π˜’π˜³π˜ͺ𝘰, 𝘊𝘒𝘯𝘒π˜₯𝘒 β€” π˜‘π˜Άπ˜―π˜¦ 18, 2025 β€” π—”π—Ώπ˜π˜€π˜†π—Ή π—§π—²π—°π—΅π—»π—Όπ—Ήπ—Όπ—΄π—Άπ—²π˜€, I ...
  • Artsyl
    May 28, 2025 – Ontario, Canada β€” Artsyl Technologies, a ...