Fedora 43 Update: mingw-libpng-1.6.53-1.fc43
Fedora 42 Update: php-8.4.16-1.fc42
Fedora 42 Update: checkpointctl-1.4.1-1.fc42
Fedora 42 Update: NetworkManager-1.52.2-1.fc42
Fedora 42 Update: python3-docs-3.13.11-1.fc42
Fedora 42 Update: containernetworking-plugins-1.9.0-1.fc42
Fedora 42 Update: python3.13-3.13.11-1.fc42
Fedora 43 Update: php-8.4.16-1.fc43
Fedora 43 Update: webkitgtk-2.50.4-1.fc43
Fedora 43 Update: checkpointctl-1.4.1-1.fc43
Fedora 43 Update: containernetworking-plugins-1.9.0-1.fc43
[SECURITY] Fedora 43 Update: mingw-libpng-1.6.53-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-da6d092209
2025-12-19 04:19:43.952397+00:00
--------------------------------------------------------------------------------
Name : mingw-libpng
Product : Fedora 43
Version : 1.6.53
Release : 1.fc43
URL : http://www.libpng.org/pub/png/
Summary : MinGW Windows Libpng library
Description :
MinGW Windows Libpng library.
--------------------------------------------------------------------------------
Update Information:
Update to libpng-1.6.53, fixes CVE-2025-66293 and CVE-2025-64505.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 13 2025 Sandro Mani [manisandro@gmail.com] - 1.6.53-1
- Update to 1.6.53
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2418425 - CVE-2025-64505 mingw-libpng: LIBPNG heap buffer overflow via malformed palette index [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2418425
[ 2 ] Bug #2418739 - CVE-2025-66293 mingw-libpng: LIBPNG out-of-bounds read in png_image_read_composite [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2418739
[ 3 ] Bug #2418750 - CVE-2025-66293 mingw-libpng: LIBPNG out-of-bounds read in png_image_read_composite [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2418750
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-da6d092209' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: php-8.4.16-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ce8a4096e7
2025-12-19 04:14:19.799982+00:00
--------------------------------------------------------------------------------
Name : php
Product : Fedora 42
Version : 8.4.16
Release : 1.fc42
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
--------------------------------------------------------------------------------
Update Information:
PHP version 8.4.16 (18 Dec 2025)
Core:
Sync all boost.context files with release 1.86.0. (mvorisek)
Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument passing
to variadic parameter). (ndossche)
Fixed bug GH-20286 (use-after-destroy during userland stream_close()).
(ndossche, David Carlier)
Bz2:
Fix assertion failures resulting in crashes with stream filter object
parameters. (ndossche)
Date:
Fix crashes when trying to instantiate uninstantiable classes via date static
constructors. (ndossche)
DOM:
Fix memory leak when edge case is hit when registering xpath callback.
(ndossche)
Fixed bug GH-20395 (querySelector and querySelectorAll requires elements in
$selectors to be lowercase). (ndossche)
Fix missing NUL byte check on C14NFile(). (ndossche)
Fibers:
Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI small value).
(David Carlier)
FTP:
Fixed bug GH-20601 (ftp_connect overflow on timeout). (David Carlier)
GD:
Fixed bug GH-20511 (imagegammacorrect out of range input/output values). (David
Carlier)
Fixed bug GH-20602 (imagescale overflow with large height values). (David
Carlier)
Intl:
Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message suggests
missing constants). (DanielEScherzer)
LibXML:
Fix some deprecations on newer libxml versions regarding input buffer/parser
handling. (ndossche)
MbString:
Fixed bug GH-20491 (SLES15 compile error with mbstring oniguruma). (ndossche)
Fixed bug GH-20492 (mbstring compile warning due to non-strings). (ndossche)
MySQLnd:
Fixed bug GH-20528 (Regression breaks mysql connexion using an IPv6 address
enclosed in square brackets). (Remi)
Opcache:
Fixed bug GH-20329 (opcache.file_cache broken with full interned string buffer).
(Arnaud)
PDO:
Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180)
(Jakub Zelenka)
Phar:
Fixed bug GH-20442 (Phar does not respect case-insensitiveness of
__halt_compiler() when reading stub). (ndossche, TimWolla)
Fix broken return value of fflush() for phar file entries. (ndossche)
Fix assertion failure when fseeking a phar file out of bounds. (ndossche)
PHPDBG:
Fixed ZPP type violation in phpdbg_get_executable() and phpdbg_end_oplog().
(Girgias)
SPL:
Fixed bug GH-20614 (SplFixedArray incorrectly handles references in
deserialization). (ndossche)
Standard:
Fix memory leak in array_diff() with custom type checks. (ndossche)
Fixed bug GH-20583 (Stack overflow in http_build_query via deep structures).
(ndossche)
Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()).
(ndossche)
Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()).
(CVE-2025-14178) (ndossche)
Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize).
(CVE-2025-14177) (ndossche)
Tidy:
Fixed bug GH-20374 (PHP with tidy and custom-tags). (ndossche)
XML:
Fixed bug GH-20439 (xml_set_default_handler() does not properly handle special
characters in attributes when passing data to callback). (ndossche)
Zlib:
Fix assertion failures resulting in crashes with stream filter object
parameters. (ndossche)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 17 2025 Remi Collet [remi@remirepo.net] - 8.4.16-1
- Update to 8.4.16 - http://www.php.net/releases/8_4_16.php
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ce8a4096e7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: checkpointctl-1.4.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-909f303a85
2025-12-19 04:14:19.799968+00:00
--------------------------------------------------------------------------------
Name : checkpointctl
Product : Fedora 42
Version : 1.4.1
Release : 1.fc42
URL : https://github.com/checkpoint-restore/checkpointctl
Summary : A command-line tool for in-depth analysis of container checkpoints
Description :
The checkpointctl command can be used for in-depth analysis of
container checkpoints created with Podman and Kubernetes.
--------------------------------------------------------------------------------
Update Information:
Update checkpointctl to 1.4.1 (CVE-2025-47906)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 10 2025 Adrian Reber [adrian@lisas.de] - 1:1.4.1-1
- Update checkpointctl to 1.4.1
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 1:1.4.0-4
- rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2399324 - CVE-2025-47906 checkpointctl: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399324
[ 2 ] Bug #2412747 - CVE-2025-58183 checkpointctl: Unbounded allocation when parsing GNU sparse map [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2412747
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-909f303a85' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: NetworkManager-1.52.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-27f16898ba
2025-12-19 04:14:19.799977+00:00
--------------------------------------------------------------------------------
Name : NetworkManager
Product : Fedora 42
Version : 1.52.2
Release : 1.fc42
URL : https://networkmanager.dev/
Summary : Network connection manager and user applications
Description :
NetworkManager is a system service that manages network interfaces and
connections based on user or automatic configuration. It supports
Ethernet, Bridge, Bond, VLAN, Team, InfiniBand, Wi-Fi, mobile broadband
(WWAN), PPPoE and other devices, and supports a variety of different VPN
services.
--------------------------------------------------------------------------------
Update Information:
Update to 1.52.2
Partially fixes CVE-2025-9615. To protect totally from it, see:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-
/merge_requests/2325.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 15 2025 ????igo Huguet [ihuguet@riseup.net] - 1:1.52.2-1
- Update to 1.52.2
- Partially fixes CVE-2025-9615. To protect totally from it, see:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2325.
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-27f16898ba' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: python3-docs-3.13.11-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7ec743931c
2025-12-19 04:14:19.799902+00:00
--------------------------------------------------------------------------------
Name : python3-docs
Product : Fedora 42
Version : 3.13.11
Release : 1.fc42
URL : https://www.python.org/
Summary : Documentation for the Python 3 programming language
Description :
The python3-docs package contains documentation on the Python 3
programming language and interpreter.
--------------------------------------------------------------------------------
Update Information:
This is the eleventh maintenance release of Python 3.13
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 5 2025 Miro Hron??ok [miro@hroncok.cz] - 3.13.11-1
- Update to 3.13.11
* Wed Dec 3 2025 Tom???? Hrn??iar [thrnciar@redhat.com] - 3.13.10-1
- Update to 3.13.10
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2402874 - CVE-2025-8291 python3.13: Python zipfile End of Central Directory (EOCD) Locator record offset not checked [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2402874
[ 2 ] Bug #2413057 - CVE-2025-6075 python3.13: Quadratic complexity in os.path.expandvars() with user-controlled template [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2413057
[ 3 ] Bug #2421614 - CVE-2025-12084 python3.13: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2421614
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7ec743931c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: containernetworking-plugins-1.9.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-bab8cb971e
2025-12-19 04:14:19.799961+00:00
--------------------------------------------------------------------------------
Name : containernetworking-plugins
Product : Fedora 42
Version : 1.9.0
Release : 1.fc42
URL : https://github.com/containernetworking/plugins
Summary : Reference and example networking plugins, maintained by the CNI team
Description :
Reference and example networking plugins, maintained by the CNI team.
The CNI (Container Network Interface) project consists of a specification
and libraries for writing plugins to configure network interfaces in Linux
containers, along with a number of supported plugins. CNI concerns itself
only with network connectivity of containers and removing allocated resources
when the container is deleted.
--------------------------------------------------------------------------------
Update Information:
Update to release v1.9.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 9 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 1.9.0-1
- Update to release v1.9.0
- Resolves: rhbz#2420515
- Resolves CVE-2025-58188: rhbz#2411454, rhbz#2411189, rhbz#2410923
- Resolves CVE-2025-58185: rhbz#2410556, rhbz#2410277, rhbz#2409991
- Resolves CVE-2025-61723: rhbz#2409605, rhbz#2409325, rhbz#2409043
- Resolves CVE-2025-58189: rhbz#2408135, rhbz#2407858, rhbz#2407588
- Fixes CVE-2025-67499, a bug in the nftables backend for the portmap
plugin
- Additional changes
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 1.8.0-3
- rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2420515 - containernetworking-plugins-1.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2420515
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-bab8cb971e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: python3.13-3.13.11-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7ec743931c
2025-12-19 04:14:19.799902+00:00
--------------------------------------------------------------------------------
Name : python3.13
Product : Fedora 42
Version : 3.13.11
Release : 1.fc42
URL : https://www.python.org/
Summary : Version 3.13 of the Python interpreter
Description :
Python 3.13 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
--------------------------------------------------------------------------------
Update Information:
This is the eleventh maintenance release of Python 3.13
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 5 2025 Miro Hron??ok [mhroncok@redhat.com] - 3.13.11-1
- Update to 3.13.11
* Wed Dec 3 2025 Tom???? Hrn??iar [thrnciar@redhat.com] - 3.13.10-1
- Update to 3.13.10
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2402874 - CVE-2025-8291 python3.13: Python zipfile End of Central Directory (EOCD) Locator record offset not checked [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2402874
[ 2 ] Bug #2413057 - CVE-2025-6075 python3.13: Quadratic complexity in os.path.expandvars() with user-controlled template [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2413057
[ 3 ] Bug #2421614 - CVE-2025-12084 python3.13: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2421614
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7ec743931c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: php-8.4.16-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7e9290d67f
2025-12-19 04:19:43.952411+00:00
--------------------------------------------------------------------------------
Name : php
Product : Fedora 43
Version : 8.4.16
Release : 1.fc43
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
--------------------------------------------------------------------------------
Update Information:
PHP version 8.4.16 (18 Dec 2025)
Core:
Sync all boost.context files with release 1.86.0. (mvorisek)
Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument passing
to variadic parameter). (ndossche)
Fixed bug GH-20286 (use-after-destroy during userland stream_close()).
(ndossche, David Carlier)
Bz2:
Fix assertion failures resulting in crashes with stream filter object
parameters. (ndossche)
Date:
Fix crashes when trying to instantiate uninstantiable classes via date static
constructors. (ndossche)
DOM:
Fix memory leak when edge case is hit when registering xpath callback.
(ndossche)
Fixed bug GH-20395 (querySelector and querySelectorAll requires elements in
$selectors to be lowercase). (ndossche)
Fix missing NUL byte check on C14NFile(). (ndossche)
Fibers:
Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI small value).
(David Carlier)
FTP:
Fixed bug GH-20601 (ftp_connect overflow on timeout). (David Carlier)
GD:
Fixed bug GH-20511 (imagegammacorrect out of range input/output values). (David
Carlier)
Fixed bug GH-20602 (imagescale overflow with large height values). (David
Carlier)
Intl:
Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message suggests
missing constants). (DanielEScherzer)
LibXML:
Fix some deprecations on newer libxml versions regarding input buffer/parser
handling. (ndossche)
MbString:
Fixed bug GH-20491 (SLES15 compile error with mbstring oniguruma). (ndossche)
Fixed bug GH-20492 (mbstring compile warning due to non-strings). (ndossche)
MySQLnd:
Fixed bug GH-20528 (Regression breaks mysql connexion using an IPv6 address
enclosed in square brackets). (Remi)
Opcache:
Fixed bug GH-20329 (opcache.file_cache broken with full interned string buffer).
(Arnaud)
PDO:
Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180)
(Jakub Zelenka)
Phar:
Fixed bug GH-20442 (Phar does not respect case-insensitiveness of
__halt_compiler() when reading stub). (ndossche, TimWolla)
Fix broken return value of fflush() for phar file entries. (ndossche)
Fix assertion failure when fseeking a phar file out of bounds. (ndossche)
PHPDBG:
Fixed ZPP type violation in phpdbg_get_executable() and phpdbg_end_oplog().
(Girgias)
SPL:
Fixed bug GH-20614 (SplFixedArray incorrectly handles references in
deserialization). (ndossche)
Standard:
Fix memory leak in array_diff() with custom type checks. (ndossche)
Fixed bug GH-20583 (Stack overflow in http_build_query via deep structures).
(ndossche)
Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()).
(ndossche)
Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()).
(CVE-2025-14178) (ndossche)
Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize).
(CVE-2025-14177) (ndossche)
Tidy:
Fixed bug GH-20374 (PHP with tidy and custom-tags). (ndossche)
XML:
Fixed bug GH-20439 (xml_set_default_handler() does not properly handle special
characters in attributes when passing data to callback). (ndossche)
Zlib:
Fix assertion failures resulting in crashes with stream filter object
parameters. (ndossche)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 17 2025 Remi Collet [remi@remirepo.net] - 8.4.16-1
- Update to 8.4.16 - http://www.php.net/releases/8_4_16.php
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7e9290d67f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: webkitgtk-2.50.4-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-96a708ea95
2025-12-19 04:19:43.952409+00:00
--------------------------------------------------------------------------------
Name : webkitgtk
Product : Fedora 43
Version : 2.50.4
Release : 1.fc43
URL : https://www.webkitgtk.org/
Summary : GTK web content engine library
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform.
--------------------------------------------------------------------------------
Update Information:
Correctly handle the program name passed to the sleep disabler.
Ensure GStreamer is initialized before using the Quirks.
Fix several crashes and rendering issues.
Fix CVE-2025-14174, CVE-2025-43501, CVE-2025-43529, CVE-2025-43531,
CVE-2025-43535, CVE-2025-43536, CVE-2025-43541
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 16 2025 Tomas Popela [tpopela@redhat.com] - 2.50.4-1
- Update to 2.50.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2423173 - CVE-2025-43529 webkitgtk: webkitgtk: Use-after-free due to improper memory management [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2423173
[ 2 ] Bug #2423292 - CVE-2025-43501 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2423292
[ 3 ] Bug #2423296 - CVE-2025-43531 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2423296
[ 4 ] Bug #2423302 - CVE-2025-43535 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2423302
[ 5 ] Bug #2423306 - CVE-2025-43536 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2423306
[ 6 ] Bug #2423310 - CVE-2025-43541 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2423310
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-96a708ea95' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: checkpointctl-1.4.1-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ebfdef0115
2025-12-19 04:19:43.952390+00:00
--------------------------------------------------------------------------------
Name : checkpointctl
Product : Fedora 43
Version : 1.4.1
Release : 1.fc43
URL : https://github.com/checkpoint-restore/checkpointctl
Summary : A command-line tool for in-depth analysis of container checkpoints
Description :
The checkpointctl command can be used for in-depth analysis of
container checkpoints created with Podman and Kubernetes.
--------------------------------------------------------------------------------
Update Information:
Update checkpointctl to 1.4.1
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 10 2025 Adrian Reber [adrian@lisas.de] - 1:1.4.1-1
- Update checkpointctl to 1.4.1
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 1:1.4.0-4
- rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2412668 - CVE-2025-58183 checkpointctl: Unbounded allocation when parsing GNU sparse map [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2412668
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ebfdef0115' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: containernetworking-plugins-1.9.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-294d534170
2025-12-19 04:19:43.952381+00:00
--------------------------------------------------------------------------------
Name : containernetworking-plugins
Product : Fedora 43
Version : 1.9.0
Release : 1.fc43
URL : https://github.com/containernetworking/plugins
Summary : Reference and example networking plugins, maintained by the CNI team
Description :
Reference and example networking plugins, maintained by the CNI team.
The CNI (Container Network Interface) project consists of a specification
and libraries for writing plugins to configure network interfaces in Linux
containers, along with a number of supported plugins. CNI concerns itself
only with network connectivity of containers and removing allocated resources
when the container is deleted.
--------------------------------------------------------------------------------
Update Information:
Update to release v1.9.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 9 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 1.9.0-1
- Update to release v1.9.0
- Resolves: rhbz#2420515
- Resolves CVE-2025-58188: rhbz#2411454, rhbz#2411189, rhbz#2410923
- Resolves CVE-2025-58185: rhbz#2410556, rhbz#2410277, rhbz#2409991
- Resolves CVE-2025-61723: rhbz#2409605, rhbz#2409325, rhbz#2409043
- Resolves CVE-2025-58189: rhbz#2408135, rhbz#2407858, rhbz#2407588
- Fixes CVE-2025-67499, a bug in the nftables backend for the portmap
plugin
- Additional changes
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 1.8.0-3
- rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2420515 - containernetworking-plugins-1.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2420515
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-294d534170' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
