Fedora 43 Update: httpd-2.4.66-1.fc43
Fedora 43 Update: perl-CGI-Simple-1.282-1.fc43
Fedora 42 Update: yarnpkg-1.22.22-14.fc42
Fedora 42 Update: wireshark-4.6.1-1.fc42
Fedora 42 Update: singularity-ce-4.3.5-1.fc42
Fedora 43 Update: brotli-1.2.0-1.fc43
Fedora 43 Update: dr_libs-0^20251201.877b096-1.fc43
Fedora 43 Update: perl-Alien-Brotli-0.2.2-11.fc43
Fedora 43 Update: python-urllib3-2.6.1-1.fc43
Fedora 43 Update: wireshark-4.6.1-1.fc43
Fedora 43 Update: yarnpkg-1.22.22-14.fc43
Fedora 43 Update: singularity-ce-4.3.5-1.fc43
[SECURITY] Fedora 43 Update: httpd-2.4.66-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9621c19da8
2025-12-11 10:08:40.514069+00:00
--------------------------------------------------------------------------------
Name : httpd
Product : Fedora 43
Version : 2.4.66
Release : 1.fc43
URL : https://httpd.apache.org/
Summary : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
--------------------------------------------------------------------------------
Update Information:
version update
security update
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 9 2025 Lubo?? Uhliarik [luhliari@redhat.com] - 2.4.66-1
- new version 2.4.66
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2419768 - httpd-2.4.66 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2419768
[ 2 ] Bug #2420206 - CVE-2025-58098 httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2420206
[ 3 ] Bug #2420207 - CVE-2025-58098 httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2420207
[ 4 ] Bug #2420208 - CVE-2025-66200 httpd: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2420208
[ 5 ] Bug #2420209 - CVE-2025-66200 httpd: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2420209
[ 6 ] Bug #2420214 - CVE-2025-65082 httpd: Apache HTTP Server: CGI environment variable override [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2420214
[ 7 ] Bug #2420215 - CVE-2025-65082 httpd: Apache HTTP Server: CGI environment variable override [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2420215
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9621c19da8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: perl-CGI-Simple-1.282-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-3dd97ed203
2025-12-11 10:08:40.514023+00:00
--------------------------------------------------------------------------------
Name : perl-CGI-Simple
Product : Fedora 43
Version : 1.282
Release : 1.fc43
URL : https://metacpan.org/release/CGI-Simple
Summary : Simple totally OO CGI interface that is CGI.pm compliant
Description :
Simple totally OO CGI interface that is CGI.pm compliant.
--------------------------------------------------------------------------------
Update Information:
1.282 - Sanitize all user-supplied values before inserting into HTTP headers;
Fixed CVE-2025-40927.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2025 Jitka Plesnikova [jplesnik@redhat.com] - 1.282-1
- 1.282 bump (rhbz#2392359)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2391834 - CVE-2025-40927 perl-CGI-Simple: CGI::Simple versions 1.281 and earlier for Perl has a HTTP response splitting flaw [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391834
[ 2 ] Bug #2392359 - Upgrade perl-CGI-Simple to 1.282
https://bugzilla.redhat.com/show_bug.cgi?id=2392359
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-3dd97ed203' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: yarnpkg-1.22.22-14.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-4be1cd8390
2025-12-12 01:45:35.303647+00:00
--------------------------------------------------------------------------------
Name : yarnpkg
Product : Fedora 42
Version : 1.22.22
Release : 14.fc42
URL : https://github.com/yarnpkg/yarn
Summary : Fast, reliable, and secure dependency management.
Description :
Fast, reliable, and secure dependency management.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2205-64756.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 3 2025 Sandro Mani [manisandro@gmail.com] - 1.22.22-14
- Bump release
* Wed Dec 3 2025 Sandro Mani [manisandro@gmail.com] - 1.22.22-13
- Refresh bundle, fixes CVE-2025-64756
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2418529 - CVE-2025-64756 yarnpkg: glob CLI: Command injection via -c/--cmd executes matches with shell:true [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2418529
[ 2 ] Bug #2418532 - CVE-2025-64756 yarnpkg: glob CLI: Command injection via -c/--cmd executes matches with shell:true [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2418532
[ 3 ] Bug #2418538 - CVE-2025-64756 yarnpkg: glob CLI: Command injection via -c/--cmd executes matches with shell:true [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2418538
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-4be1cd8390' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: wireshark-4.6.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f810869906
2025-12-12 01:45:35.303650+00:00
--------------------------------------------------------------------------------
Name : wireshark
Product : Fedora 42
Version : 4.6.1
Release : 1.fc42
URL : http://www.wireshark.org/
Summary : Network traffic analyzer
Description :
Wireshark allows you to examine protocol data stored in files or as it is
captured from wired or wireless (WiFi or Bluetooth) networks, USB devices,
and many other sources. It supports dozens of protocol capture file formats
and understands more than a thousand protocols.
It has many powerful features including a rich display filter language
and the ability to reassemble multiple protocol packets in order to, for
example, view a complete TCP stream, save the contents of a file which was
transferred over HTTP or CIFS, or play back an RTP audio stream.
--------------------------------------------------------------------------------
Update Information:
New version 4.6.1
Beware of the move of files from /usr/lib64/wireshark/extcap/ to
/usr/libexec/wireshark/extcap. Any custom user scripts should be moved too.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 28 2025 Michal Ruprich [mruprich@redhat.com] - 1:4.6.1-1
- New version 4.6.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2416014 - wireshark-4.6.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2416014
[ 2 ] Bug #2416446 - CVE-2025-13499 wireshark: Access of Uninitialized Pointer in Wireshark [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2416446
[ 3 ] Bug #2417510 - CVE-2025-13674 wireshark: Wireshark: BPv7 dissector crash leads to denial of service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417510
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f810869906' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: singularity-ce-4.3.5-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-54d78b9fed
2025-12-12 01:45:35.303645+00:00
--------------------------------------------------------------------------------
Name : singularity-ce
Product : Fedora 42
Version : 4.3.5
Release : 1.fc42
URL : https://www.sylabs.io/singularity/
Summary : Application and environment virtualization
Description :
SingularityCE is the Community Edition of Singularity, an open source
container platform designed to be simple, fast, and secure.
--------------------------------------------------------------------------------
Update Information:
Upgrade to 4.3.5 upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 3 2025 David Trudgian [dtrudg@sylabs.io] - 4.3.5-1
- Upgrade to 4.3.5 upstream version.
- Fixes CVE-2025-64750
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-54d78b9fed' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: brotli-1.2.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d93200cf16
2025-12-12 01:32:22.209029+00:00
--------------------------------------------------------------------------------
Name : brotli
Product : Fedora 43
Version : 1.2.0
Release : 1.fc43
URL : https://github.com/google/brotli
Summary : Lossless compression algorithm
Description :
Brotli is a generic-purpose lossless compression algorithm that compresses data
using a combination of a modern variant of the LZ77 algorithm, Huffman coding
and 2nd order context modeling, with a compression ratio comparable to the best
currently available general-purpose compression methods. It is similar in speed
with deflate but offers more dense compression.
--------------------------------------------------------------------------------
Update Information:
Update brotli to 1.2.0 and python-urllib3 to 2.6.1.
In python-urllib3:
Fixed a security issue where streaming API could improperly handle highly
compressed HTTP content ("decompression bombs") leading to excessive resource
consumption even when a small amount of data was requested. Reading small
chunks of compressed data is safer and much more efficient now.
(CVE-2025-66471 / `GHSA-2xpw-w6gg-jr37)
Fixed a security issue where an attacker could compose an HTTP response with
virtually unlimited links in the Content-Encoding header, potentially
leading to a denial of service (DoS) attack by exhausting system resources
during decoding. The number of allowed chained encodings is now limited to 5.
(CVE-2025-66418 / `GHSA-gm62-xv2j-4w53)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 8 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.2.0-1
- Update to 1.2.0 (close RHBZ#2401888)
- Stop trying to support EPEL7, which is end-of-life
- Port to pyproject-rpm-macros (close RHBZ#2377212)
- Test the Python extension
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2419408 - python-urllib3-2.6.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2419408
[ 2 ] Bug #2419493 - CVE-2025-6176 brotli: Brotli decompression bomb DoS in scrapy/scrapy [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2419493
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d93200cf16' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: dr_libs-0^20251201.877b096-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-894ea1b6a5
2025-12-12 01:32:22.208969+00:00
--------------------------------------------------------------------------------
Name : dr_libs
Product : Fedora 43
Version : 0^20251201.877b096
Release : 1.fc43
URL : https://github.com/mackron/dr_libs
Summary : Single-file audio decoding libraries for C/C++
Description :
Single-file audio decoding libraries for C/C++.
--------------------------------------------------------------------------------
Update Information:
dr_flac
v0.13.2 - 2025-12-02
Improve robustness of the parsing of picture metadata to improve support for
memory constrained embedded devices.
Fix a warning about an assigned by unused variable.
Improvements to drflac_open_and_read_pcm_frames_*() and family to avoid
excessively large memory allocations from malformed files.
v0.13.1 - 2025-09-10
Fix an error with the NXDK build.
dr_mp3
v0.7.2 - 2025-12-02
Reduce stack space to improve robustness on embedded systems.
Fix a compilation error with MSVC Clang toolset relating to cpuid.
Fix an error with APE tag parsing.
The APE tag parsing defect may have security implications,
github.com/mackron/dr_libs/issues/291.
v0.7.1 - 2025-09-10
Silence a warning with GCC.
Fix an error with the NXDK build.
Fix a decoding inconsistency when seeking. Prior to this change, reading to the
end of the stream immediately after initializing will result in a different
number of samples read than if the stream is seeked to the start and read to the
end.
dr_wav
v0.14.2 - 2025-12-02
Fix a compilation warning.
v0.14.1 - 2025-09-10
Fix an error with the NXDK build.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 3 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20251201.877b096-1
- Update to 0^20251201.80bc891
- dr_flac 0.13.2
- dr_mp3 0.7.2
- dr_wav 0.14.2
- Change snapshot information field format in Release
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-894ea1b6a5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: perl-Alien-Brotli-0.2.2-11.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d93200cf16
2025-12-12 01:32:22.209029+00:00
--------------------------------------------------------------------------------
Name : perl-Alien-Brotli
Product : Fedora 43
Version : 0.2.2
Release : 11.fc43
URL : http://metacpan.org/dist/Alien-Brotli
Summary : Find and install the Brotli compressor
Description :
This distribution installs the brotli compressor, so that it can be used by
other distributions, and provides a way to find the executable.
--------------------------------------------------------------------------------
Update Information:
Update brotli to 1.2.0 and python-urllib3 to 2.6.1.
In python-urllib3:
Fixed a security issue where streaming API could improperly handle highly
compressed HTTP content ("decompression bombs") leading to excessive resource
consumption even when a small amount of data was requested. Reading small
chunks of compressed data is safer and much more efficient now.
(CVE-2025-66471 / `GHSA-2xpw-w6gg-jr37)
Fixed a security issue where an attacker could compose an HTTP response with
virtually unlimited links in the Content-Encoding header, potentially
leading to a denial of service (DoS) attack by exhausting system resources
during decoding. The number of allowed chained encodings is now limited to 5.
(CVE-2025-66418 / `GHSA-gm62-xv2j-4w53)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 10 2025 Miro Hron??ok [mhroncok@redhat.com] - 0.2.2-11
- Rebuilt for brotli 1.2.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2419408 - python-urllib3-2.6.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2419408
[ 2 ] Bug #2419493 - CVE-2025-6176 brotli: Brotli decompression bomb DoS in scrapy/scrapy [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2419493
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d93200cf16' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: python-urllib3-2.6.1-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d93200cf16
2025-12-12 01:32:22.209029+00:00
--------------------------------------------------------------------------------
Name : python-urllib3
Product : Fedora 43
Version : 2.6.1
Release : 1.fc43
URL : https://github.com/urllib3/urllib3
Summary : HTTP library with thread-safe connection pooling, file post, and more
Description :
urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings
many critical features that are missing from the Python standard libraries:
??? Thread safety.
??? Connection pooling.
??? Client-side SSL/TLS verification.
??? File uploads with multipart encoding.
??? Helpers for retrying requests and dealing with HTTP redirects.
??? Support for gzip, deflate, brotli, and zstd encoding.
??? Proxy support for HTTP and SOCKS.
??? 100% test coverage.
--------------------------------------------------------------------------------
Update Information:
Update brotli to 1.2.0 and python-urllib3 to 2.6.1.
In python-urllib3:
Fixed a security issue where streaming API could improperly handle highly
compressed HTTP content ("decompression bombs") leading to excessive resource
consumption even when a small amount of data was requested. Reading small
chunks of compressed data is safer and much more efficient now.
(CVE-2025-66471 / `GHSA-2xpw-w6gg-jr37)
Fixed a security issue where an attacker could compose an HTTP response with
virtually unlimited links in the Content-Encoding header, potentially
leading to a denial of service (DoS) attack by exhausting system resources
during decoding. The number of allowed chained encodings is now limited to 5.
(CVE-2025-66418 / `GHSA-gm62-xv2j-4w53)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 8 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.6.1-1
- Update to 2.6.1 (close RHBZ#2419408)
- Fixes CVE-2025-66471 / GHSA-2xpw-w6gg-jr37
- Fixes CVE-2025-66418 / GHSA-gm62-xv2j-4w53
* Mon Dec 8 2025 Miro Hron??ok [miro@hroncok.cz] - 2.5.0-4
- Allow building with setuptools_scm 9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2419408 - python-urllib3-2.6.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2419408
[ 2 ] Bug #2419493 - CVE-2025-6176 brotli: Brotli decompression bomb DoS in scrapy/scrapy [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2419493
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d93200cf16' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: wireshark-4.6.1-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-0e41e63705
2025-12-12 01:32:22.208976+00:00
--------------------------------------------------------------------------------
Name : wireshark
Product : Fedora 43
Version : 4.6.1
Release : 1.fc43
URL : http://www.wireshark.org/
Summary : Network traffic analyzer
Description :
Wireshark allows you to examine protocol data stored in files or as it is
captured from wired or wireless (WiFi or Bluetooth) networks, USB devices,
and many other sources. It supports dozens of protocol capture file formats
and understands more than a thousand protocols.
It has many powerful features including a rich display filter language
and the ability to reassemble multiple protocol packets in order to, for
example, view a complete TCP stream, save the contents of a file which was
transferred over HTTP or CIFS, or play back an RTP audio stream.
--------------------------------------------------------------------------------
Update Information:
New version 4.6.1. Beware of the move of files from /usr/lib64/wireshark/extcap/
to /usr/libexec/wireshark/extcap. Any custom user scripts should be moved too.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 28 2025 Michal Ruprich [mruprich@redhat.com] - 1:4.6.1-1
- New version 4.6.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2416014 - wireshark-4.6.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2416014
[ 2 ] Bug #2416447 - CVE-2025-13499 wireshark: Access of Uninitialized Pointer in Wireshark [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2416447
[ 3 ] Bug #2417511 - CVE-2025-13674 wireshark: Wireshark: BPv7 dissector crash leads to denial of service [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417511
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-0e41e63705' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: yarnpkg-1.22.22-14.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-de6cf573f0
2025-12-12 01:32:22.208971+00:00
--------------------------------------------------------------------------------
Name : yarnpkg
Product : Fedora 43
Version : 1.22.22
Release : 14.fc43
URL : https://github.com/yarnpkg/yarn
Summary : Fast, reliable, and secure dependency management.
Description :
Fast, reliable, and secure dependency management.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2205-64756.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 3 2025 Sandro Mani [manisandro@gmail.com] - 1.22.22-14
- Refresh bundle, fixes CVE-2025-64756
* Tue Nov 11 2025 Tomas Juhasz [tjuhasz@redhat.com] - 1.22.22-13
- Rebuilt for nodejs-packaging
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2418529 - CVE-2025-64756 yarnpkg: glob CLI: Command injection via -c/--cmd executes matches with shell:true [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2418529
[ 2 ] Bug #2418532 - CVE-2025-64756 yarnpkg: glob CLI: Command injection via -c/--cmd executes matches with shell:true [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2418532
[ 3 ] Bug #2418538 - CVE-2025-64756 yarnpkg: glob CLI: Command injection via -c/--cmd executes matches with shell:true [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2418538
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-de6cf573f0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: singularity-ce-4.3.5-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5ad0214a85
2025-12-12 01:32:22.208964+00:00
--------------------------------------------------------------------------------
Name : singularity-ce
Product : Fedora 43
Version : 4.3.5
Release : 1.fc43
URL : https://www.sylabs.io/singularity/
Summary : Application and environment virtualization
Description :
SingularityCE is the Community Edition of Singularity, an open source
container platform designed to be simple, fast, and secure.
--------------------------------------------------------------------------------
Update Information:
Upgrade to 4.3.5 upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 3 2025 David Trudgian [dtrudg@sylabs.io] - 4.3.5-1
- Upgrade to 4.3.5 upstream version.
- Fixes CVE-2025-64750
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5ad0214a85' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
