LunaSVG, Imhex, Python, Libwebsockets updates for Fedora

Fedora Linux 9180 Published 2025-12-10 08:21 by Philipp Esselbach

News

Fedora 43 has received an update for lunasvg, version 3.5.0-1.fc43, and a new version of python3 and its documentation, version 3.14.2-1.fc43. Additionally, imhex has also been updated to version 1.37.4-3.fc43 in Fedora 43. Meanwhile, Fedora 42 has received updates for lunasvg, libwebsockets, and imhex, all with the latest versions.

Fedora 43 Update: lunasvg-3.5.0-1.fc43
Fedora 43 Update: imhex-1.37.4-3.fc43
Fedora 43 Update: python3.14-3.14.2-1.fc43
Fedora 43 Update: python3-docs-3.14.2-1.fc43
Fedora 42 Update: lunasvg-3.5.0-1.fc42
Fedora 42 Update: libwebsockets-4.3.7-2.fc42
Fedora 42 Update: imhex-1.37.4-3.fc42

[SECURITY] Fedora 43 Update: lunasvg-3.5.0-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-58c0baba42
2025-12-10 01:33:03.601991+00:00
--------------------------------------------------------------------------------

Name : lunasvg
Product : Fedora 43
Version : 3.5.0
Release : 1.fc43
URL : https://github.com/sammycage/lunasvg
Summary : Standalone SVG rendering library in C++
Description :
LunaSVG is a standalone SVG rendering library in C++.

--------------------------------------------------------------------------------
Update Information:

Unbundle plutovg from lunasvg, this avoids shipping a duplicate library with
conflicting files.
Update lunasvg to consume the plutovg version already available in the
repositories and to fix various CVEs.
Rebuild imhex for the updated lunasvg.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 1 2025 Simone Caronni [negativo17@gmail.com] - 3.5.0-1
- Update to 3.5.0, remove bundled plutovg (#2400407)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2295891 - lunasvg-3.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2295891
[ 2 ] Bug #2341675 - CVE-2024-57719 CVE-2024-57720 CVE-2024-57721 CVE-2024-57722 CVE-2024-57723 CVE-2024-57724 lunasvg: various flaws [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2341675
[ 3 ] Bug #2343567 - CVE-2024-55456 lunasvg: From CVEorg collector [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2343567
[ 4 ] Bug #2400407 - file conflict between plutovg-devel and lunasvg-devel
https://bugzilla.redhat.com/show_bug.cgi?id=2400407
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-58c0baba42' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: imhex-1.37.4-3.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-58c0baba42
2025-12-10 01:33:03.601991+00:00
--------------------------------------------------------------------------------

Name : imhex
Product : Fedora 43
Version : 1.37.4
Release : 3.fc43
URL : https://imhex.werwolv.net/
Summary : A hex editor for reverse engineers and programmers
Description :
ImHex is a Hex Editor, a tool to display, decode and analyze binary data to
reverse engineer their format, extract informations or patch values in them.

What makes ImHex special is that it has many advanced features that can often
only be found in paid applications. Such features are a completely custom binary
template and pattern language to decode and highlight structures in the data, a
graphical node-based data processor to pre-process values before they're
displayed, a disassembler, diffing support, bookmarks and much much more. At the
same time ImHex is completely free and open source under the GPLv2 language.

--------------------------------------------------------------------------------
Update Information:

Unbundle plutovg from lunasvg, this avoids shipping a duplicate library with
conflicting files.
Update lunasvg to consume the plutovg version already available in the
repositories and to fix various CVEs.
Rebuild imhex for the updated lunasvg.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 1 2025 Simone Caronni [negativo17@gmail.com] - 1.37.4-3
- Rebuild for updated build requirements.
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2295891 - lunasvg-3.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2295891
[ 2 ] Bug #2341675 - CVE-2024-57719 CVE-2024-57720 CVE-2024-57721 CVE-2024-57722 CVE-2024-57723 CVE-2024-57724 lunasvg: various flaws [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2341675
[ 3 ] Bug #2343567 - CVE-2024-55456 lunasvg: From CVEorg collector [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2343567
[ 4 ] Bug #2400407 - file conflict between plutovg-devel and lunasvg-devel
https://bugzilla.redhat.com/show_bug.cgi?id=2400407
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-58c0baba42' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: python3.14-3.14.2-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e235793f10
2025-12-10 01:33:03.602028+00:00
--------------------------------------------------------------------------------

Name : python3.14
Product : Fedora 43
Version : 3.14.2
Release : 1.fc43
URL : https://www.python.org/
Summary : Version 3.14 of the Python interpreter
Description :
Python 3.14 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

--------------------------------------------------------------------------------
Update Information:

This is the second maintenance release of Python 3.14
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec 5 2025 Miro Hron??ok [mhroncok@redhat.com] - 3.14.2-1
- Update to Python 3.14.2
* Wed Dec 3 2025 Karolina Surma [ksurma@redhat.com] - 3.14.1-1
- Update to Python 3.14.1
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2393850 - kicad crashes during python runtime initialization
https://bugzilla.redhat.com/show_bug.cgi?id=2393850
[ 2 ] Bug #2413058 - CVE-2025-6075 python3.14: Quadratic complexity in os.path.expandvars() with user-controlled template [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2413058
[ 3 ] Bug #2414940 - argparse colorize fails if a tty is not available, like in mod_wsgi
https://bugzilla.redhat.com/show_bug.cgi?id=2414940
[ 4 ] Bug #2416523 - Python 3.14 Stack overflow check very very broken
https://bugzilla.redhat.com/show_bug.cgi?id=2416523
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e235793f10' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 43 Update: python3-docs-3.14.2-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e235793f10
2025-12-10 01:33:03.602028+00:00
--------------------------------------------------------------------------------

Name : python3-docs
Product : Fedora 43
Version : 3.14.2
Release : 1.fc43
URL : https://www.python.org/
Summary : Documentation for the Python 3 programming language
Description :
The python3-docs package contains documentation on the Python 3
programming language and interpreter.

--------------------------------------------------------------------------------
Update Information:

This is the second maintenance release of Python 3.14
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec 5 2025 Miro Hron??ok [miro@hroncok.cz] - 3.14.2-1
- Update to Python 3.14.2
* Wed Dec 3 2025 Karolina Surma [ksurma@redhat.com] - 3.14.1-1
- Update to Python 3.14.1
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2393850 - kicad crashes during python runtime initialization
https://bugzilla.redhat.com/show_bug.cgi?id=2393850
[ 2 ] Bug #2413058 - CVE-2025-6075 python3.14: Quadratic complexity in os.path.expandvars() with user-controlled template [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2413058
[ 3 ] Bug #2414940 - argparse colorize fails if a tty is not available, like in mod_wsgi
https://bugzilla.redhat.com/show_bug.cgi?id=2414940
[ 4 ] Bug #2416523 - Python 3.14 Stack overflow check very very broken
https://bugzilla.redhat.com/show_bug.cgi?id=2416523
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e235793f10' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 42 Update: lunasvg-3.5.0-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9b6b49071f
2025-12-10 00:47:19.391492+00:00
--------------------------------------------------------------------------------

Name : lunasvg
Product : Fedora 42
Version : 3.5.0
Release : 1.fc42
URL : https://github.com/sammycage/lunasvg
Summary : Standalone SVG rendering library in C++
Description :
LunaSVG is a standalone SVG rendering library in C++.

--------------------------------------------------------------------------------
Update Information:

Unbundle plutovg from lunasvg, this avoids shipping a duplicate library with
conflicting files.
Update lunasvg to consume the plutovg version already available in the
repositories and to fix various CVEs.
Rebuild imhex for the updated lunasvg.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 1 2025 Simone Caronni [negativo17@gmail.com] - 3.5.0-1
- Update to 3.5.0, remove bundled plutovg (#2400407)
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 3.1.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2295891 - lunasvg-3.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2295891
[ 2 ] Bug #2341675 - CVE-2024-57719 CVE-2024-57720 CVE-2024-57721 CVE-2024-57722 CVE-2024-57723 CVE-2024-57724 lunasvg: various flaws [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2341675
[ 3 ] Bug #2343567 - CVE-2024-55456 lunasvg: From CVEorg collector [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2343567
[ 4 ] Bug #2400407 - file conflict between plutovg-devel and lunasvg-devel
https://bugzilla.redhat.com/show_bug.cgi?id=2400407
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9b6b49071f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: libwebsockets-4.3.7-2.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-0c12fa2541
2025-12-10 00:47:19.391484+00:00
--------------------------------------------------------------------------------

Name : libwebsockets
Product : Fedora 42
Version : 4.3.7
Release : 2.fc42
URL : http://libwebsockets.org
Summary : Lightweight C library for Websockets
Description :
This is the libwebsockets C library for lightweight websocket clients and
servers.

--------------------------------------------------------------------------------
Update Information:

Update to 4.3.7, enable glib event loop
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 1 2025 Peter Robinson [pbrobinson@fedoraproject.org] - 4.3.7-2
- Enable glib event loop support
* Sun Nov 30 2025 Peter Robinson [pbrobinson@fedoraproject.org] - 4.3.7-1
- Update to 4.3.7
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2405213 - CVE-2025-11679 libwebsockets: Out-of-bounds Read in libwebsockets PNG parsing [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405213
[ 2 ] Bug #2405215 - CVE-2025-11679 libwebsockets: Out-of-bounds Read in libwebsockets PNG parsing [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2405215
[ 3 ] Bug #2405217 - CVE-2025-11679 libwebsockets: Out-of-bounds Read in libwebsockets PNG parsing [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405217
[ 4 ] Bug #2405247 - CVE-2025-11677 libwebsockets: Use After Free in libwebsockets WebSocket server [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405247
[ 5 ] Bug #2405249 - CVE-2025-11677 libwebsockets: Use After Free in libwebsockets WebSocket server [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2405249
[ 6 ] Bug #2405251 - CVE-2025-11677 libwebsockets: Use After Free in libwebsockets WebSocket server [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405251
[ 7 ] Bug #2405258 - CVE-2025-11680 libwebsockets: Out-of-bounds Write in libwebsockets PNG parsing [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405258
[ 8 ] Bug #2405260 - CVE-2025-11680 libwebsockets: Out-of-bounds Write in libwebsockets PNG parsing [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2405260
[ 9 ] Bug #2405262 - CVE-2025-11680 libwebsockets: Out-of-bounds Write in libwebsockets PNG parsing [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405262
[ 10 ] Bug #2405566 - CVE-2025-11678 libwebsockets: Stack-based Buffer Overflow in libwebsockets [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405566
[ 11 ] Bug #2405569 - CVE-2025-11678 libwebsockets: Stack-based Buffer Overflow in libwebsockets [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2405569
[ 12 ] Bug #2405571 - CVE-2025-11678 libwebsockets: Stack-based Buffer Overflow in libwebsockets [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405571
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-0c12fa2541' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: imhex-1.37.4-3.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9b6b49071f
2025-12-10 00:47:19.391492+00:00
--------------------------------------------------------------------------------

Name : imhex
Product : Fedora 42
Version : 1.37.4
Release : 3.fc42
URL : https://imhex.werwolv.net/
Summary : A hex editor for reverse engineers and programmers
Description :
ImHex is a Hex Editor, a tool to display, decode and analyze binary data to
reverse engineer their format, extract informations or patch values in them.

What makes ImHex special is that it has many advanced features that can often
only be found in paid applications. Such features are a completely custom binary
template and pattern language to decode and highlight structures in the data, a
graphical node-based data processor to pre-process values before they're
displayed, a disassembler, diffing support, bookmarks and much much more. At the
same time ImHex is completely free and open source under the GPLv2 language.

--------------------------------------------------------------------------------
Update Information:

Unbundle plutovg from lunasvg, this avoids shipping a duplicate library with
conflicting files.
Update lunasvg to consume the plutovg version already available in the
repositories and to fix various CVEs.
Rebuild imhex for the updated lunasvg.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 1 2025 Simone Caronni [negativo17@gmail.com] - 1.37.4-3
- Rebuild for updated build requirements.
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2295891 - lunasvg-3.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2295891
[ 2 ] Bug #2341675 - CVE-2024-57719 CVE-2024-57720 CVE-2024-57721 CVE-2024-57722 CVE-2024-57723 CVE-2024-57724 lunasvg: various flaws [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2341675
[ 3 ] Bug #2343567 - CVE-2024-55456 lunasvg: From CVEorg collector [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2343567
[ 4 ] Bug #2400407 - file conflict between plutovg-devel and lunasvg-devel
https://bugzilla.redhat.com/show_bug.cgi?id=2400407
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9b6b49071f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

Microsoft December 2025 Security Updates

Kernel, GIMP, Ghostscript, and more updates for RHEL

LunaSVG, Imhex, Python, Libwebsockets updates for Fedora

[SECURITY] Fedora 43 Update: lunasvg-3.5.0-1.fc43

[SECURITY] Fedora 43 Update: imhex-1.37.4-3.fc43

[SECURITY] Fedora 43 Update: python3.14-3.14.2-1.fc43

[SECURITY] Fedora 43 Update: python3-docs-3.14.2-1.fc43

[SECURITY] Fedora 42 Update: lunasvg-3.5.0-1.fc42

[SECURITY] Fedora 42 Update: libwebsockets-4.3.7-2.fc42

[SECURITY] Fedora 42 Update: imhex-1.37.4-3.fc42

Windows

Linux

macOS

Community