Libcoap, Timg, Fcgi, and more updates for Fedora

Fedora Linux 9174 Published by

Security updates have been released for various Fedora Linux versions, including Fedora 42 and Fedora 43. The updates affect several packages, such as libcoap, timg, fcgi, alexvsbus, CuraEngine, python-kdcproxy, xpdf, and texlive-base. These security patches aim to fix vulnerabilities or improve the overall functionality of these packages.

Fedora 42 Update: libcoap-4.3.5a-1.fc42
Fedora 42 Update: timg-1.6.3-5.fc42
Fedora 42 Update: fcgi-2.4.7-1.fc42
Fedora 42 Update: alexvsbus-2025.06.16.0-3.fc42
Fedora 42 Update: CuraEngine-5.4.0-10.fc42
Fedora 42 Update: python-kdcproxy-1.1.0-1.fc42
Fedora 42 Update: xpdf-4.06-1.fc42
Fedora 42 Update: texlive-base-20230311-94.fc42
Fedora 41 Update: fcgi-2.4.7-1.fc41
Fedora 41 Update: python-kdcproxy-1.1.0-1.fc41
Fedora 43 Update: libcoap-4.3.5a-1.fc43
Fedora 43 Update: timg-1.6.3-5.fc43
Fedora 43 Update: fcgi-2.4.7-1.fc43
Fedora 43 Update: alexvsbus-2025.06.16.0-3.fc43
Fedora 43 Update: CuraEngine-5.4.0-10.fc43
Fedora 43 Update: python-kdcproxy-1.1.0-1.fc43
Fedora 43 Update: xpdf-4.06-1.fc43
Fedora 43 Update: texlive-base-20230311-94.fc43




[SECURITY] Fedora 42 Update: libcoap-4.3.5a-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6a43695048
2025-12-05 02:40:12.306048+00:00
--------------------------------------------------------------------------------

Name : libcoap
Product : Fedora 42
Version : 4.3.5a
Release : 1.fc42
URL : https://libcoap.net/
Summary : C library implementation of CoAP
Description :
The Constrained Application Protocol (CoAP) is a specialized web transfer
protocol for use with constrained nodes and constrained networks in the Internet
of Things. The protocol is designed for machine-to-machine (M2M) applications
such as smart energy and building automation.

libcoap implements a lightweight application-protocol for devices with
constrained resources such as computing power, RF range, memory, bandwidth,
or network packet sizes. This protocol, CoAP, was standardized in the IETF
working group "CoRE" as RFC 7252.

--------------------------------------------------------------------------------
Update Information:

Update to security release 4.3.5a
--------------------------------------------------------------------------------
ChangeLog:

* Sat Nov 29 2025 Peter Robinson [pbrobinson@gmail.com] - 4.3.5a-1
- Update to 4.3.5a
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 4.3.5-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2388738 - CVE-2025-50518 libcoap: Libcoap Use-After-Free Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2388738
[ 2 ] Bug #2388740 - CVE-2025-50518 libcoap: Libcoap Use-After-Free Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2388740
[ 3 ] Bug #2416889 - CVE-2025-65493 libcoap: libcoap denial of service [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2416889
[ 4 ] Bug #2416890 - CVE-2025-65494 libcoap: libcoap denial of service [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2416890
[ 5 ] Bug #2416891 - CVE-2025-65493 libcoap: libcoap denial of service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2416891
[ 6 ] Bug #2416892 - CVE-2025-65495 libcoap: libcoap denial of service [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2416892
[ 7 ] Bug #2416893 - CVE-2025-65493 libcoap: libcoap denial of service [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2416893
[ 8 ] Bug #2416894 - CVE-2025-65494 libcoap: libcoap denial of service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2416894
[ 9 ] Bug #2416895 - CVE-2025-65495 libcoap: libcoap denial of service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2416895
[ 10 ] Bug #2416896 - CVE-2025-65494 libcoap: libcoap denial of service [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2416896
[ 11 ] Bug #2416897 - CVE-2025-65495 libcoap: libcoap denial of service [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2416897
[ 12 ] Bug #2417721 - CVE-2025-65496 libcoap: NULL pointer dereference during DTLS operations [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417721
[ 13 ] Bug #2417722 - CVE-2025-65496 libcoap: NULL pointer dereference during DTLS operations [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417722
[ 14 ] Bug #2417723 - CVE-2025-65497 libcoap: NULL pointer dereference during DTLS operations [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417723
[ 15 ] Bug #2417724 - CVE-2025-65497 libcoap: NULL pointer dereference during DTLS operations [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417724
[ 16 ] Bug #2417725 - CVE-2025-65498 libcoap: NULL pointer dereference during DTLS operations [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417725
[ 17 ] Bug #2417726 - CVE-2025-65498 libcoap: NULL pointer dereference during DTLS operations [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417726
[ 18 ] Bug #2417727 - CVE-2025-65499 libcoap: NULL pointer dereference during DTLS operations [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417727
[ 19 ] Bug #2417728 - CVE-2025-65499 libcoap: NULL pointer dereference during DTLS operations [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417728
[ 20 ] Bug #2417729 - CVE-2025-65500 libcoap: NULL pointer dereference during DTLS operations [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417729
[ 21 ] Bug #2417731 - CVE-2025-65501 libcoap: NULL pointer dereference during DTLS operations [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417731
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6a43695048' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: timg-1.6.3-5.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f0df882417
2025-12-05 02:40:12.306036+00:00
--------------------------------------------------------------------------------

Name : timg
Product : Fedora 42
Version : 1.6.3
Release : 5.fc42
URL : https://github.com/hzeller/timg
Summary : A terminal image and video viewer
Description :
A user-friendly terminal image viewer that uses graphic capabilities of
terminals (Sixel, Kitty or iTerm2), or 24-bit color capabilities and Unicode
character blocks if these are not available. On terminals that implement the
Sixel protocol, the Kitty Graphics Protocol, or the iTerm2 Graphics Protocol,
this displays images in full resolution.

--------------------------------------------------------------------------------
Update Information:

Rebuilt with latest patched stb_image: memory-safety fixes
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.6.3-4
- Add dependencies on -static virtual Provides for header-only libs
* Tue Nov 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.6.3-3
- Rebuilt with latest patched stb_image: memory-safety fixes
* Wed Oct 15 2025 Dominik 'Rathann' Mierzejewski [dominik@greysector.net] - 1.6.3-2
- Rebuilt for FFmpeg 8
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f0df882417' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: fcgi-2.4.7-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d7c1457e7e
2025-12-05 02:40:12.306012+00:00
--------------------------------------------------------------------------------

Name : fcgi
Product : Fedora 42
Version : 2.4.7
Release : 1.fc42
URL : https://github.com/FastCGI-Archives/fcgi2
Summary : FastCGI development kit
Description :
FastCGI is a language independent, scalable, open extension to CGI that
provides high performance without the limitations of server specific APIs.

--------------------------------------------------------------------------------
Update Information:

2.4.7 release, fixes CVE-2025-23016
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 26 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 2.4.7-1
- 2.4.7 release, fixes CVE-2025-23016
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.4.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sat May 31 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 2.4.6-1
- 2.4.6 release
- Upstream project moved to github with new author
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2417257 - fcgi-2.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2417257
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d7c1457e7e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: alexvsbus-2025.06.16.0-3.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9831accfe9
2025-12-05 02:40:12.305993+00:00
--------------------------------------------------------------------------------

Name : alexvsbus
Product : Fedora 42
Version : 2025.06.16.0
Release : 3.fc42
URL : https://github.com/M374LX/alexvsbus
Summary : Help Alex catch the bus on time!
Description :
Alex vs Bus: The Race is a free and open source platform runner game in which
a man who depends on public transportation in a developing country needs
to run in order to catch the bus, or else he will have to wait an eternity
for the next bus to come.

--------------------------------------------------------------------------------
Update Information:

Rebuilt against patched stb_image
Initial build for F42
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 26 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2025.06.16.0-3
- Rebuilt with latest patched stb_image: memory-safety fixes
* Fri Aug 22 2025 Artur Frenszek-Iwicki [fedora@svgames.pl] - 2025.06.16.0-2
- Move documentation to -doc subpackage
- Remove pre-built .pdf manual from docs
* Tue Jun 17 2025 Artur Frenszek-Iwicki [fedora@svgames.pl] - 2025.06.16.0-1
- Update to v2025.06.16.0
* Mon Jun 16 2025 Artur Frenszek-Iwicki [fedora@svgames.pl] - 2025.06.15.0-1
- Update to v2025.06.15.0
* Sat Mar 29 2025 Artur Frenszek-Iwicki [fedora@svgames.pl] - 2024.11.21.0-2
- Add an AppStream metainfo file
- Include full license text in the packages
- Include documentation in the package
* Wed Feb 5 2025 Artur Frenszek-Iwicki [fedora@svgames.pl] - 2024.11.21.0-1
- Initial packaging
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2347551 - Review Request: alexvsbus - Platform runner game where you help Alex catch the bus on time
https://bugzilla.redhat.com/show_bug.cgi?id=2347551
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9831accfe9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: CuraEngine-5.4.0-10.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-fc872e9426
2025-12-05 02:40:12.305988+00:00
--------------------------------------------------------------------------------

Name : CuraEngine
Product : Fedora 42
Version : 5.4.0
Release : 10.fc42
URL : https://github.com/Ultimaker/CuraEngine
Summary : Engine for processing 3D models into G-code instructions for 3D printers
Description :
CuraEngine is a C++ console application for 3D printing G-code generation. It
has been made as a better and faster alternative to the old Skeinforge engine.

This is just a console application for G-code generation. For a full graphical
application look at cura with is the graphical frontend for CuraEngine.

--------------------------------------------------------------------------------
Update Information:

Rebuilt with latest patched stb_image: memory-safety fixes
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 26 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1:5.4.0-10
- Rebuilt with latest patched stb_image: memory-safety fixes
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1:5.4.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-fc872e9426' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: python-kdcproxy-1.1.0-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-068c570cbf
2025-12-05 02:40:12.305955+00:00
--------------------------------------------------------------------------------

Name : python-kdcproxy
Product : Fedora 42
Version : 1.1.0
Release : 1.fc42
URL : https://github.com/latchset/kdcproxy
Summary : MS-KKDCP (kerberos proxy) WSGI module
Description :
This package contains a Python WSGI module for proxying KDC requests over
HTTP by following the MS-KKDCP protocol. It aims to be simple to deploy, with
minimal configuration.

--------------------------------------------------------------------------------
Update Information:

New upstream version (1.1.0)
Use DNS discovery for declared realms only (CVE-2025-59088)
Fix DoS vulnerability based on unbounded TCP buffering (CVE-2025-59089)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 19 2025 Julien Rische [jrische@redhat.com] - 1.1.0-1
- New upstream version (1.1.0)
- Use DNS discovery for declared realms only (CVE-2025-59088)
Resolves: rhbz#2414551
- Fix DoS vulnerability based on unbounded TCP buffering (CVE-2025-59089)
Resolves: rhbz#2414553
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2414551 - CVE-2025-59088 python-kdcproxy: Unauthenticated SSRF via Realm???Controlled DNS SRV [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2414551
[ 2 ] Bug #2414553 - CVE-2025-59089 python-kdcproxy: Remote DoS via unbounded TCP upstream buffering [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2414553
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-068c570cbf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 42 Update: xpdf-4.06-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e72c726192
2025-12-05 02:40:12.305976+00:00
--------------------------------------------------------------------------------

Name : xpdf
Product : Fedora 42
Version : 4.06
Release : 1.fc42
URL : https://www.xpdfreader.com/
Summary : A PDF file viewer for the X Window System
Description :
Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files. Xpdf is a small and efficient program which uses
standard X fonts.

--------------------------------------------------------------------------------
Update Information:

Update to 4.06. Lots of bugfixes, but notably, security fixes for the following
CVEs:
CVE-2024-2971
CVE-2024-3247
CVE-2024-3248
CVE-2024-3900
CVE-2024-4141
CVE-2024-4568
CVE-2024-4976
CVE-2024-7866
CVE-2024-7867
CVE-2024-7868
CVE-2025-2574
CVE-2025-3154
CVE-2025-11896
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2025 Tom Callaway [spot@fedoraproject.org] - 1:4.06-1
- update to 4.06
* Thu Jul 31 2025 Tom Callaway [spot@fedoraproject.org] - 1:4.05-8
- passing -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to fix FTBFS with CMake4 (bz2381643)
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1:4.05-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2271913 - CVE-2024-2971 xpdf: negative object number in an indirect reference in a PDF file can cause an out-of-bounds array write [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2271913
[ 2 ] Bug #2272853 - CVE-2024-3247 xpdf: stack-overflow in pdftotext [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2272853
[ 3 ] Bug #2272856 - CVE-2024-3248 xpdf: stack overflow via pdftpng [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2272856
[ 4 ] Bug #2275829 - CVE-2024-3900 xpdf: out-of-bounds array write [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2275829
[ 5 ] Bug #2277032 - CVE-2024-4141 xpdf: Out-of-bounds array write [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2277032
[ 6 ] Bug #2279473 - CVE-2024-4568 xpdf: loop in the PDF resources leads to infinite recursion [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279473
[ 7 ] Bug #2280762 - CVE-2024-4976 xpdf: Out-of-bounds array write due to missing object type check [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280762
[ 8 ] Bug #2305301 - CVE-2024-7868 xpdf: invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2305301
[ 9 ] Bug #2305302 - CVE-2024-7867 xpdf: integer overflow and divide-by-zero due to very large coordinates in a page box [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2305302
[ 10 ] Bug #2305307 - CVE-2024-7866 xpdf: infinite recursion and a stack overflow due to PDF object loop in a pattern resource [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2305307
[ 11 ] Bug #2354014 - CVE-2025-2574 xpdf: Out-of-bounds array write in Xpdf 4.05 due to incorrect integer overflow checking [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2354014
[ 12 ] Bug #2357056 - CVE-2025-3154 xpdf: Out-of-bounds array write due to invalid VerticesPerRow in Xpdf 4.05 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2357056
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e72c726192' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: texlive-base-20230311-94.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e72c726192
2025-12-05 02:40:12.305976+00:00
--------------------------------------------------------------------------------

Name : texlive-base
Product : Fedora 42
Version : 20230311
Release : 94.fc42
URL : http://tug.org/texlive/
Summary : TeX formatting system
Description :
The TeX Live software distribution offers a complete TeX system for a
variety of Unix, Macintosh, Windows and other platforms. It
encompasses programs for editing, typesetting, previewing and printing
of TeX documents in many different languages, and a large collection
of TeX macros and font libraries.

The distribution includes extensive general documentation about TeX,
as well as the documentation for the included software packages.

--------------------------------------------------------------------------------
Update Information:

Update to 4.06. Lots of bugfixes, but notably, security fixes for the following
CVEs:
CVE-2024-2971
CVE-2024-3247
CVE-2024-3248
CVE-2024-3900
CVE-2024-4141
CVE-2024-4568
CVE-2024-4976
CVE-2024-7866
CVE-2024-7867
CVE-2024-7868
CVE-2025-2574
CVE-2025-3154
CVE-2025-11896
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 26 2025 Bj??rn Esser [besser82@fedoraproject.org] - 11:20230311-94
- Rebuild(xpdf)
* Wed Aug 6 2025 Franti??ek Zatloukal [fzatlouk@redhat.com] - 11:20230311-93
- Rebuilt for icu 77.1
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 11:20230311-92
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sat Jul 19 2025 Than Ngo [than@redhat.com] - 11:20230311-91
- Fix rhbz#2379729 - texlive-pythontex is not compatible with python3.13
* Fri Jul 18 2025 Than Ngo [than@redhat.com] - 11:20230311-90
- Fix rhbz#2354991 - bundling option for perl-5.40.x
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2271913 - CVE-2024-2971 xpdf: negative object number in an indirect reference in a PDF file can cause an out-of-bounds array write [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2271913
[ 2 ] Bug #2272853 - CVE-2024-3247 xpdf: stack-overflow in pdftotext [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2272853
[ 3 ] Bug #2272856 - CVE-2024-3248 xpdf: stack overflow via pdftpng [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2272856
[ 4 ] Bug #2275829 - CVE-2024-3900 xpdf: out-of-bounds array write [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2275829
[ 5 ] Bug #2277032 - CVE-2024-4141 xpdf: Out-of-bounds array write [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2277032
[ 6 ] Bug #2279473 - CVE-2024-4568 xpdf: loop in the PDF resources leads to infinite recursion [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279473
[ 7 ] Bug #2280762 - CVE-2024-4976 xpdf: Out-of-bounds array write due to missing object type check [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280762
[ 8 ] Bug #2305301 - CVE-2024-7868 xpdf: invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2305301
[ 9 ] Bug #2305302 - CVE-2024-7867 xpdf: integer overflow and divide-by-zero due to very large coordinates in a page box [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2305302
[ 10 ] Bug #2305307 - CVE-2024-7866 xpdf: infinite recursion and a stack overflow due to PDF object loop in a pattern resource [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2305307
[ 11 ] Bug #2354014 - CVE-2025-2574 xpdf: Out-of-bounds array write in Xpdf 4.05 due to incorrect integer overflow checking [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2354014
[ 12 ] Bug #2357056 - CVE-2025-3154 xpdf: Out-of-bounds array write due to invalid VerticesPerRow in Xpdf 4.05 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2357056
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e72c726192' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 41 Update: fcgi-2.4.7-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-67511a59e3
2025-12-05 02:22:16.764247+00:00
--------------------------------------------------------------------------------

Name : fcgi
Product : Fedora 41
Version : 2.4.7
Release : 1.fc41
URL : https://github.com/FastCGI-Archives/fcgi2
Summary : FastCGI development kit
Description :
FastCGI is a language independent, scalable, open extension to CGI that
provides high performance without the limitations of server specific APIs.

--------------------------------------------------------------------------------
Update Information:

2.4.7 release, fixes CVE-2025-23016
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 26 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 2.4.7-1
- 2.4.7 release, fixes CVE-2025-23016
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.4.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sat May 31 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 2.4.6-1
- 2.4.6 release
- Upstream project moved to github with new author
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2417257 - fcgi-2.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2417257
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-67511a59e3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: python-kdcproxy-1.1.0-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-3075610004
2025-12-05 02:22:16.764219+00:00
--------------------------------------------------------------------------------

Name : python-kdcproxy
Product : Fedora 41
Version : 1.1.0
Release : 1.fc41
URL : https://github.com/latchset/kdcproxy
Summary : MS-KKDCP (kerberos proxy) WSGI module
Description :
This package contains a Python WSGI module for proxying KDC requests over
HTTP by following the MS-KKDCP protocol. It aims to be simple to deploy, with
minimal configuration.

--------------------------------------------------------------------------------
Update Information:

New upstream version (1.1.0)
Use DNS discovery for declared realms only (CVE-2025-59088)
Fix DoS vulnerability based on unbounded TCP buffering (CVE-2025-59089)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 19 2025 Julien Rische [jrische@redhat.com] - 1.1.0-1
- New upstream version (1.1.0)
- Use DNS discovery for declared realms only (CVE-2025-59088)
Resolves: rhbz#2414550
- Fix DoS vulnerability based on unbounded TCP buffering (CVE-2025-59089)
Resolves: rhbz#2414552
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2414550 - CVE-2025-59088 python-kdcproxy: Unauthenticated SSRF via Realm???Controlled DNS SRV [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2414550
[ 2 ] Bug #2414552 - CVE-2025-59089 python-kdcproxy: Remote DoS via unbounded TCP upstream buffering [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2414552
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-3075610004' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: libcoap-4.3.5a-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d408d76c4a
2025-12-05 02:08:09.994420+00:00
--------------------------------------------------------------------------------

Name : libcoap
Product : Fedora 43
Version : 4.3.5a
Release : 1.fc43
URL : https://libcoap.net/
Summary : C library implementation of CoAP
Description :
The Constrained Application Protocol (CoAP) is a specialized web transfer
protocol for use with constrained nodes and constrained networks in the Internet
of Things. The protocol is designed for machine-to-machine (M2M) applications
such as smart energy and building automation.

libcoap implements a lightweight application-protocol for devices with
constrained resources such as computing power, RF range, memory, bandwidth,
or network packet sizes. This protocol, CoAP, was standardized in the IETF
working group "CoRE" as RFC 7252.

--------------------------------------------------------------------------------
Update Information:

Update to security release 4.3.5a
--------------------------------------------------------------------------------
ChangeLog:

* Sat Nov 29 2025 Peter Robinson [pbrobinson@gmail.com] - 4.3.5a-1
- Update to 4.3.5a
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2388738 - CVE-2025-50518 libcoap: Libcoap Use-After-Free Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2388738
[ 2 ] Bug #2388740 - CVE-2025-50518 libcoap: Libcoap Use-After-Free Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2388740
[ 3 ] Bug #2416889 - CVE-2025-65493 libcoap: libcoap denial of service [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2416889
[ 4 ] Bug #2416890 - CVE-2025-65494 libcoap: libcoap denial of service [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2416890
[ 5 ] Bug #2416891 - CVE-2025-65493 libcoap: libcoap denial of service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2416891
[ 6 ] Bug #2416892 - CVE-2025-65495 libcoap: libcoap denial of service [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2416892
[ 7 ] Bug #2416893 - CVE-2025-65493 libcoap: libcoap denial of service [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2416893
[ 8 ] Bug #2416894 - CVE-2025-65494 libcoap: libcoap denial of service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2416894
[ 9 ] Bug #2416895 - CVE-2025-65495 libcoap: libcoap denial of service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2416895
[ 10 ] Bug #2416896 - CVE-2025-65494 libcoap: libcoap denial of service [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2416896
[ 11 ] Bug #2416897 - CVE-2025-65495 libcoap: libcoap denial of service [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2416897
[ 12 ] Bug #2417721 - CVE-2025-65496 libcoap: NULL pointer dereference during DTLS operations [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417721
[ 13 ] Bug #2417722 - CVE-2025-65496 libcoap: NULL pointer dereference during DTLS operations [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417722
[ 14 ] Bug #2417723 - CVE-2025-65497 libcoap: NULL pointer dereference during DTLS operations [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417723
[ 15 ] Bug #2417724 - CVE-2025-65497 libcoap: NULL pointer dereference during DTLS operations [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417724
[ 16 ] Bug #2417725 - CVE-2025-65498 libcoap: NULL pointer dereference during DTLS operations [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417725
[ 17 ] Bug #2417726 - CVE-2025-65498 libcoap: NULL pointer dereference during DTLS operations [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417726
[ 18 ] Bug #2417727 - CVE-2025-65499 libcoap: NULL pointer dereference during DTLS operations [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417727
[ 19 ] Bug #2417728 - CVE-2025-65499 libcoap: NULL pointer dereference during DTLS operations [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417728
[ 20 ] Bug #2417729 - CVE-2025-65500 libcoap: NULL pointer dereference during DTLS operations [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417729
[ 21 ] Bug #2417730 - CVE-2025-65500 libcoap: NULL pointer dereference during DTLS operations [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417730
[ 22 ] Bug #2417732 - CVE-2025-65501 libcoap: NULL pointer dereference during DTLS operations [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417732
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d408d76c4a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: timg-1.6.3-5.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d2b7d94014
2025-12-05 02:08:09.994409+00:00
--------------------------------------------------------------------------------

Name : timg
Product : Fedora 43
Version : 1.6.3
Release : 5.fc43
URL : https://github.com/hzeller/timg
Summary : A terminal image and video viewer
Description :
A user-friendly terminal image viewer that uses graphic capabilities of
terminals (Sixel, Kitty or iTerm2), or 24-bit color capabilities and Unicode
character blocks if these are not available. On terminals that implement the
Sixel protocol, the Kitty Graphics Protocol, or the iTerm2 Graphics Protocol,
this displays images in full resolution.

--------------------------------------------------------------------------------
Update Information:

Rebuilt with latest patched stb_image: memory-safety fixes
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.6.3-4
- Add dependencies on -static virtual Provides for header-only libs
* Tue Nov 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.6.3-3
- Rebuilt with latest patched stb_image: memory-safety fixes
* Wed Oct 15 2025 Dominik 'Rathann' Mierzejewski [dominik@greysector.net] - 1.6.3-2
- Rebuilt for FFmpeg 8
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d2b7d94014' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: fcgi-2.4.7-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-93042e260c
2025-12-05 02:08:09.994364+00:00
--------------------------------------------------------------------------------

Name : fcgi
Product : Fedora 43
Version : 2.4.7
Release : 1.fc43
URL : https://github.com/FastCGI-Archives/fcgi2
Summary : FastCGI development kit
Description :
FastCGI is a language independent, scalable, open extension to CGI that
provides high performance without the limitations of server specific APIs.

--------------------------------------------------------------------------------
Update Information:

2.4.7 release, fixes CVE-2025-23016
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 26 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 2.4.7-1
- 2.4.7 release, fixes CVE-2025-23016
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2417257 - fcgi-2.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2417257
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-93042e260c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: alexvsbus-2025.06.16.0-3.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-673ec8d684
2025-12-05 02:08:09.994328+00:00
--------------------------------------------------------------------------------

Name : alexvsbus
Product : Fedora 43
Version : 2025.06.16.0
Release : 3.fc43
URL : https://github.com/M374LX/alexvsbus
Summary : Help Alex catch the bus on time!
Description :
Alex vs Bus: The Race is a free and open source platform runner game in which
a man who depends on public transportation in a developing country needs
to run in order to catch the bus, or else he will have to wait an eternity
for the next bus to come.

--------------------------------------------------------------------------------
Update Information:

Rebuilt against patched stb_image
Initial build for F43
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 26 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2025.06.16.0-3
- Rebuilt with latest patched stb_image: memory-safety fixes
* Fri Aug 22 2025 Artur Frenszek-Iwicki [fedora@svgames.pl] - 2025.06.16.0-2
- Move documentation to -doc subpackage
- Remove pre-built .pdf manual from docs
* Tue Jun 17 2025 Artur Frenszek-Iwicki [fedora@svgames.pl] - 2025.06.16.0-1
- Update to v2025.06.16.0
* Mon Jun 16 2025 Artur Frenszek-Iwicki [fedora@svgames.pl] - 2025.06.15.0-1
- Update to v2025.06.15.0
* Sat Mar 29 2025 Artur Frenszek-Iwicki [fedora@svgames.pl] - 2024.11.21.0-2
- Add an AppStream metainfo file
- Include full license text in the packages
- Include documentation in the package
* Wed Feb 5 2025 Artur Frenszek-Iwicki [fedora@svgames.pl] - 2024.11.21.0-1
- Initial packaging
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2347551 - Review Request: alexvsbus - Platform runner game where you help Alex catch the bus on time
https://bugzilla.redhat.com/show_bug.cgi?id=2347551
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-673ec8d684' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: CuraEngine-5.4.0-10.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-19c65f1d15
2025-12-05 02:08:09.994316+00:00
--------------------------------------------------------------------------------

Name : CuraEngine
Product : Fedora 43
Version : 5.4.0
Release : 10.fc43
URL : https://github.com/Ultimaker/CuraEngine
Summary : Engine for processing 3D models into G-code instructions for 3D printers
Description :
CuraEngine is a C++ console application for 3D printing G-code generation. It
has been made as a better and faster alternative to the old Skeinforge engine.

This is just a console application for G-code generation. For a full graphical
application look at cura with is the graphical frontend for CuraEngine.

--------------------------------------------------------------------------------
Update Information:

Rebuilt with latest patched stb_image: memory-safety fixes
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 26 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1:5.4.0-10
- Rebuilt with latest patched stb_image: memory-safety fixes
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-19c65f1d15' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: python-kdcproxy-1.1.0-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-3f9b87b0e7
2025-12-05 02:08:09.994277+00:00
--------------------------------------------------------------------------------

Name : python-kdcproxy
Product : Fedora 43
Version : 1.1.0
Release : 1.fc43
URL : https://github.com/latchset/kdcproxy
Summary : MS-KKDCP (kerberos proxy) WSGI module
Description :
This package contains a Python WSGI module for proxying KDC requests over
HTTP by following the MS-KKDCP protocol. It aims to be simple to deploy, with
minimal configuration.

--------------------------------------------------------------------------------
Update Information:

New upstream version (1.1.0)
Use DNS discovery for declared realms only (CVE-2025-59088)
Fix DoS vulnerability based on unbounded TCP buffering (CVE-2025-59089)
Stop using deprecated %py3_build/%py3_install macros
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 19 2025 Julien Rische [jrische@redhat.com] - 1.1.0-1
- New upstream version (1.1.0)
- Use DNS discovery for declared realms only (CVE-2025-59088)
Resolves: rhbz#2415861
- Fix DoS vulnerability based on unbounded TCP buffering (CVE-2025-59089)
Resolves: rhbz#2415860
- Stop using deprecated \
CFLAGS="${CFLAGS:-${RPM_OPT_FLAGS}}" LDFLAGS="${LDFLAGS:-${RPM_LD_FLAGS}}"\
/usr/bin/python3 setup.py build --executable="/usr/bin/python3 -sP"
/\
CFLAGS="${CFLAGS:-${RPM_OPT_FLAGS}}" LDFLAGS="${LDFLAGS:-${RPM_LD_FLAGS}}"\
/usr/bin/python3 setup.py install -O1 --skip-build --root /builddir/build/BUILD/python-kdcproxy-1.1.0-build/BUILDROOT --prefix /usr macros
rm -rfv /builddir/build/BUILD/python-kdcproxy-1.1.0-build/BUILDROOT/usr/bin/__pycache__

Resolves: rhbz#2377837
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2377837 - python-kdcproxy: Stop using deprecated %py3_build/%py3_install macros
https://bugzilla.redhat.com/show_bug.cgi?id=2377837
[ 2 ] Bug #2415860 - CVE-2025-59089 python-kdcproxy: Remote DoS via unbounded TCP upstream buffering [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2415860
[ 3 ] Bug #2415861 - CVE-2025-59088 python-kdcproxy: Unauthenticated SSRF via Realm???Controlled DNS SRV [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2415861
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-3f9b87b0e7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: xpdf-4.06-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7c5b6a3bcb
2025-12-05 02:08:09.994302+00:00
--------------------------------------------------------------------------------

Name : xpdf
Product : Fedora 43
Version : 4.06
Release : 1.fc43
URL : https://www.xpdfreader.com/
Summary : A PDF file viewer for the X Window System
Description :
Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files. Xpdf is a small and efficient program which uses
standard X fonts.

--------------------------------------------------------------------------------
Update Information:

Update to 4.06. Lots of bugfixes, but notably, security fixes for the following
CVEs:
CVE-2024-2971
CVE-2024-3247
CVE-2024-3248
CVE-2024-3900
CVE-2024-4141
CVE-2024-4568
CVE-2024-4976
CVE-2024-7866
CVE-2024-7867
CVE-2024-7868
CVE-2025-2574
CVE-2025-3154
CVE-2025-11896
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2025 Tom Callaway [spot@fedoraproject.org] - 1:4.06-1
- update to 4.06
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2271913 - CVE-2024-2971 xpdf: negative object number in an indirect reference in a PDF file can cause an out-of-bounds array write [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2271913
[ 2 ] Bug #2272853 - CVE-2024-3247 xpdf: stack-overflow in pdftotext [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2272853
[ 3 ] Bug #2272856 - CVE-2024-3248 xpdf: stack overflow via pdftpng [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2272856
[ 4 ] Bug #2275829 - CVE-2024-3900 xpdf: out-of-bounds array write [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2275829
[ 5 ] Bug #2277032 - CVE-2024-4141 xpdf: Out-of-bounds array write [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2277032
[ 6 ] Bug #2279473 - CVE-2024-4568 xpdf: loop in the PDF resources leads to infinite recursion [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279473
[ 7 ] Bug #2280762 - CVE-2024-4976 xpdf: Out-of-bounds array write due to missing object type check [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280762
[ 8 ] Bug #2305301 - CVE-2024-7868 xpdf: invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2305301
[ 9 ] Bug #2305302 - CVE-2024-7867 xpdf: integer overflow and divide-by-zero due to very large coordinates in a page box [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2305302
[ 10 ] Bug #2305307 - CVE-2024-7866 xpdf: infinite recursion and a stack overflow due to PDF object loop in a pattern resource [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2305307
[ 11 ] Bug #2354014 - CVE-2025-2574 xpdf: Out-of-bounds array write in Xpdf 4.05 due to incorrect integer overflow checking [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2354014
[ 12 ] Bug #2357056 - CVE-2025-3154 xpdf: Out-of-bounds array write due to invalid VerticesPerRow in Xpdf 4.05 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2357056
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7c5b6a3bcb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: texlive-base-20230311-94.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7c5b6a3bcb
2025-12-05 02:08:09.994302+00:00
--------------------------------------------------------------------------------

Name : texlive-base
Product : Fedora 43
Version : 20230311
Release : 94.fc43
URL : http://tug.org/texlive/
Summary : TeX formatting system
Description :
The TeX Live software distribution offers a complete TeX system for a
variety of Unix, Macintosh, Windows and other platforms. It
encompasses programs for editing, typesetting, previewing and printing
of TeX documents in many different languages, and a large collection
of TeX macros and font libraries.

The distribution includes extensive general documentation about TeX,
as well as the documentation for the included software packages.

--------------------------------------------------------------------------------
Update Information:

Update to 4.06. Lots of bugfixes, but notably, security fixes for the following
CVEs:
CVE-2024-2971
CVE-2024-3247
CVE-2024-3248
CVE-2024-3900
CVE-2024-4141
CVE-2024-4568
CVE-2024-4976
CVE-2024-7866
CVE-2024-7867
CVE-2024-7868
CVE-2025-2574
CVE-2025-3154
CVE-2025-11896
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 26 2025 Bj??rn Esser [besser82@fedoraproject.org] - 11:20230311-94
- Rebuild(xpdf)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2271913 - CVE-2024-2971 xpdf: negative object number in an indirect reference in a PDF file can cause an out-of-bounds array write [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2271913
[ 2 ] Bug #2272853 - CVE-2024-3247 xpdf: stack-overflow in pdftotext [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2272853
[ 3 ] Bug #2272856 - CVE-2024-3248 xpdf: stack overflow via pdftpng [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2272856
[ 4 ] Bug #2275829 - CVE-2024-3900 xpdf: out-of-bounds array write [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2275829
[ 5 ] Bug #2277032 - CVE-2024-4141 xpdf: Out-of-bounds array write [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2277032
[ 6 ] Bug #2279473 - CVE-2024-4568 xpdf: loop in the PDF resources leads to infinite recursion [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279473
[ 7 ] Bug #2280762 - CVE-2024-4976 xpdf: Out-of-bounds array write due to missing object type check [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280762
[ 8 ] Bug #2305301 - CVE-2024-7868 xpdf: invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2305301
[ 9 ] Bug #2305302 - CVE-2024-7867 xpdf: integer overflow and divide-by-zero due to very large coordinates in a page box [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2305302
[ 10 ] Bug #2305307 - CVE-2024-7866 xpdf: infinite recursion and a stack overflow due to PDF object loop in a pattern resource [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2305307
[ 11 ] Bug #2354014 - CVE-2025-2574 xpdf: Out-of-bounds array write in Xpdf 4.05 due to incorrect integer overflow checking [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2354014
[ 12 ] Bug #2357056 - CVE-2025-3154 xpdf: Out-of-bounds array write due to invalid VerticesPerRow in Xpdf 4.05 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2357056
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7c5b6a3bcb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Proxmox Datacenter Manager 1.0 released

Xorg-X11-Server, PostgreSQL, HawtIO, and more updates for RHEL

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...