Fedora 41 Update: incus-6.12-1.fc41
Fedora 41 Update: nodejs20-20.19.1-1.fc41
Fedora 42 Update: incus-6.12-1.fc42
[SECURITY] Fedora 41 Update: incus-6.12-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5fce1e4f70
2025-05-07 03:58:50.599123+00:00
--------------------------------------------------------------------------------
Name : incus
Product : Fedora 41
Version : 6.12
Release : 1.fc41
URL : https://linuxcontainers.org/incus
Summary : Powerful system container and virtual machine manager
Description :
Container hypervisor based on LXC
Incus offers a REST API to remotely manage containers over the network,
using an image based work-flow and with support for live migration.
This package contains the Incus daemon.
--------------------------------------------------------------------------------
Update Information:
Rebase to Incus 6.12 to fix a variety of issues
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 5 2025 Reto Gantenbein [reto.gantenbein@linuxmonk.ch] - 6.12-1
- Update to incus-6.12
* Fri Jan 17 2025 Fedora Release Engineering [releng@fedoraproject.org] - 6.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2292123 - incus changes the mode of /run/incus back to 0700
https://bugzilla.redhat.com/show_bug.cgi?id=2292123
[ 2 ] Bug #2340645 - incus: FTBFS in Fedora rawhide/f42
https://bugzilla.redhat.com/show_bug.cgi?id=2340645
[ 3 ] Bug #2341879 - incus-6.12.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2341879
[ 4 ] Bug #2347480 - CVE-2025-27144 incus: Go JOSE's Parsing Vulnerable to Denial of Service [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2347480
[ 5 ] Bug #2350832 - CVE-2025-22869 incus: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2350832
[ 6 ] Bug #2352303 - CVE-2025-22870 incus: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2352303
[ 7 ] Bug #2354445 - CVE-2025-30204 incus: jwt-go allows excessive memory allocation during header parsing [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2354445
[ 8 ] Bug #2360678 - Incus version in Fedora 42 is incompatible with released QEMU version
https://bugzilla.redhat.com/show_bug.cgi?id=2360678
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5fce1e4f70' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: nodejs20-20.19.1-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-88025e98b2
2025-05-07 03:58:50.598846+00:00
--------------------------------------------------------------------------------
Name : nodejs20
Product : Fedora 41
Version : 20.19.1
Release : 1.fc41
URL : http://nodejs.org/
Summary : JavaScript runtime
Description :
Node.js is a platform built on Chrome's JavaScript runtime \
for easily building fast, scalable network applications. \
Node.js uses an event-driven, non-blocking I/O model that \
makes it lightweight and efficient, perfect for data-intensive \
real-time applications that run across distributed devices.}
--------------------------------------------------------------------------------
Update Information:
Update to version 20.19.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 22 2025 tjuhasz [tjuhasz@redhat.com] - 1:20.19.1-1
- Update to version 20.19.1 (rhbz#2361667)
* Mon Apr 14 2025 tjuhasz [tjuhasz@redhat.com] - 1:20.19.0-8
- Added ignore for specific rpminspect tests failing with verify
* Mon Apr 14 2025 Andrei Radchenko [aradchen@redhat.com] - 1:20.19.0-7
- Enable testing in CI
* Fri Apr 11 2025 tjuhasz [tjuhasz@redhat.com] - 1:20.19.0-6
- Improve test run start
* Wed Apr 2 2025 Andrei Radchenko [aradchen@redhat.com] - 1:20.19.0-5
- Remove old scriplets
* Wed Apr 2 2025 tjuhasz [tjuhasz@redhat.com] - 1:20.19.0-4
- Basic unit tests run during build
* Tue Mar 25 2025 Andrei Radchenko [aradchen@redhat.com] - 1:20.19.0-3
- Enable tests
* Fri Mar 21 2025 tjuhasz [tjuhasz@redhat.com] - 1:20.19.0-2
- Add rpminspect config to disable disttag check
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2358570 - CVE-2025-31498 nodejs20: c-ares has a use-after-free in read_answers() [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2358570
[ 2 ] Bug #2361667 - nodejs20-20.19.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2361667
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-88025e98b2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: incus-6.12-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e4d441a4dd
2025-05-07 03:20:30.082416+00:00
--------------------------------------------------------------------------------
Name : incus
Product : Fedora 42
Version : 6.12
Release : 1.fc42
URL : https://linuxcontainers.org/incus
Summary : Powerful system container and virtual machine manager
Description :
Container hypervisor based on LXC
Incus offers a REST API to remotely manage containers over the network,
using an image based work-flow and with support for live migration.
This package contains the Incus daemon.
--------------------------------------------------------------------------------
Update Information:
Rebase to Incus 6.12 to fix a variety of issues
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 5 2025 Reto Gantenbein [reto.gantenbein@linuxmonk.ch] - 6.12-1
- Update to incus-6.12
* Fri Jan 17 2025 Fedora Release Engineering [releng@fedoraproject.org] - 6.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2292123 - incus changes the mode of /run/incus back to 0700
https://bugzilla.redhat.com/show_bug.cgi?id=2292123
[ 2 ] Bug #2340645 - incus: FTBFS in Fedora rawhide/f42
https://bugzilla.redhat.com/show_bug.cgi?id=2340645
[ 3 ] Bug #2341879 - incus-6.12.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2341879
[ 4 ] Bug #2347480 - CVE-2025-27144 incus: Go JOSE's Parsing Vulnerable to Denial of Service [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2347480
[ 5 ] Bug #2350832 - CVE-2025-22869 incus: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2350832
[ 6 ] Bug #2352303 - CVE-2025-22870 incus: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2352303
[ 7 ] Bug #2354445 - CVE-2025-30204 incus: jwt-go allows excessive memory allocation during header parsing [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2354445
[ 8 ] Bug #2360678 - Incus version in Fedora 42 is incompatible with released QEMU version
https://bugzilla.redhat.com/show_bug.cgi?id=2360678
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e4d441a4dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
