Openbao, Restic, Nextcloud, and more updates for Fedora

Fedora Linux 9192 Published by

Security updates have been released for several versions of Fedora Linux, including Fedora 41 and Fedora 42, and a new update has also been made available for Fedora 43. The updated packages include openbao, restic, and nextcloud, among others. Additionally, other applications like rclone, forgejo, and tigervnc have received updates across the different Fedora versions.

Fedora 41 Update: openbao-2.4.4-1.fc41
Fedora 41 Update: restic-0.18.1-1.fc41
Fedora 41 Update: nextcloud-32.0.2-1.fc41
Fedora 42 Update: openbao-2.4.4-1.fc42
Fedora 42 Update: rclone-1.72.0-1.fc42
Fedora 42 Update: restic-0.18.1-1.fc42
Fedora 42 Update: tigervnc-1.15.0-10.fc42
Fedora 42 Update: nextcloud-32.0.2-1.fc42
Fedora 43 Update: openbao-2.4.4-1.fc43
Fedora 43 Update: rclone-1.72.0-1.fc43
Fedora 43 Update: restic-0.18.1-1.fc43
Fedora 43 Update: forgejo-13.0.3-1.fc43
Fedora 43 Update: tigervnc-1.15.0-10.fc43
Fedora 43 Update: nextcloud-32.0.2-1.fc43



[SECURITY] Fedora 41 Update: openbao-2.4.4-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-45a7dd8f10
2025-12-03 01:35:38.231702+00:00
--------------------------------------------------------------------------------

Name : openbao
Product : Fedora 41
Version : 2.4.4
Release : 1.fc41
URL : https://openbao.org
Summary : A tool for securely accessing secrets
Description :
Openbao secures, stores, and tightly controls access to tokens, passwords,
certificates, API keys, and other secrets in modern computing. Openbao handles
leasing, key revocation, key rolling, and auditing. Through a unified API, users
can access an encrypted Key/Value store and network encryption-as-a-service, or
generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH
credentials, and more.

--------------------------------------------------------------------------------
Update Information:

update to upstream 2.4.4, which fixed CVE-2025-64761
Adds hsm tag.
The fedora-41 build was done with golang-1.24.10 which fixed CVE-2025-58189,
CVE-2025-61725, CVE-2025-61723, CVE-2025-58185, and CVE-2025-58183.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 24 2025 Dave Dykstra - 2.4.4-1
- update to 2.4.4
* Tue Nov 18 2025 Dave Dykstra - 2.4.3-2
- add hsm build tag
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2407806 - CVE-2025-58189 openbao: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2407806
[ 2 ] Bug #2408617 - CVE-2025-61725 openbao: Excessive CPU consumption in ParseAddress in net/mail [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2408617
[ 3 ] Bug #2409256 - CVE-2025-61723 openbao: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2409256
[ 4 ] Bug #2410221 - CVE-2025-58185 openbao: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2410221
[ 5 ] Bug #2412574 - CVE-2025-58183 openbao: Unbounded allocation when parsing GNU sparse map [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2412574
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-45a7dd8f10' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: restic-0.18.1-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f618726d01
2025-12-03 01:35:38.231695+00:00
--------------------------------------------------------------------------------

Name : restic
Product : Fedora 41
Version : 0.18.1
Release : 1.fc41
URL : https://github.com/restic/restic
Summary : Fast, secure, efficient backup program
Description :
Fast, secure, efficient backup program.

restic supports the following backends for storing backups natively:

* Local directory
* sftp server (via SSH)
* HTTP REST server (protocol, rest-server)
* Amazon S3 (either from Amazon or using the Minio server)
* OpenStack Swift
* BackBlaze B2
* Microsoft Azure Blob Storage
* Google Cloud Storage
* And many other services via the rclone Backend

--------------------------------------------------------------------------------
Update Information:

Update to 0.18.1
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 24 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 0.18.1-1
- Update to 0.18.1 - Closes rhbz#2397204 rhbz2416773
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 0.18.0-5
- rebuild
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 0.18.0-4
- Rebuild for golang-1.25.0
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.18.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2398617 - CVE-2025-47910 restic: CrossOriginProtection bypass in net/http [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2398617
[ 2 ] Bug #2399283 - CVE-2025-47906 restic: Unexpected paths returned from LookPath in os/exec [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399283
[ 3 ] Bug #2407817 - CVE-2025-58189 restic: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2407817
[ 4 ] Bug #2408622 - CVE-2025-61725 restic: Excessive CPU consumption in ParseAddress in net/mail [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2408622
[ 5 ] Bug #2409283 - CVE-2025-61723 restic: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2409283
[ 6 ] Bug #2410232 - CVE-2025-58185 restic: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2410232
[ 7 ] Bug #2411147 - CVE-2025-58188 restic: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2411147
[ 8 ] Bug #2412580 - CVE-2025-58183 restic: Unbounded allocation when parsing GNU sparse map [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2412580
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f618726d01' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 41 Update: nextcloud-32.0.2-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-bb6c04e3ee
2025-12-03 01:35:38.231688+00:00
--------------------------------------------------------------------------------

Name : nextcloud
Product : Fedora 41
Version : 32.0.2
Release : 1.fc41
URL : http://nextcloud.com
Summary : Private file sync and share server
Description :
NextCloud gives you universal access to your files through a web interface or
WebDAV. It also provides a platform to easily view & sync your contacts,
calendars and bookmarks across all your devices and enables basic editing right
on the web. NextCloud is extendable via a simple but powerful API for
applications and plugins.

--------------------------------------------------------------------------------
Update Information:

32.0.2 release RHBZ#2416087 RHBZ#2415750 RHBZ#2415751 RHBZ#2415752 RHBZ#2415753
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 24 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 32.0.2-1
- 32.0.2 release RHBZ#2416087 RHBZ#2415750 RHBZ#2415751 RHBZ#2415752
RHBZ#2415753
* Sat Oct 25 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 32.0.1-1
- 32.0.1 release RHBZ#2399899
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2415750 - CVE-2025-64500 nextcloud: Symfony HttpFoundation: Limited authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2415750
[ 2 ] Bug #2415751 - CVE-2025-64500 nextcloud: Symfony HttpFoundation: Limited authorization bypass [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2415751
[ 3 ] Bug #2415752 - CVE-2025-64500 nextcloud: Symfony HttpFoundation: Limited authorization bypass [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2415752
[ 4 ] Bug #2415753 - CVE-2025-64500 nextcloud: Symfony HttpFoundation: Limited authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2415753
[ 5 ] Bug #2416087 - nextcloud-32.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2416087
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-bb6c04e3ee' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: openbao-2.4.4-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6b2336ec55
2025-12-03 01:05:22.296819+00:00
--------------------------------------------------------------------------------

Name : openbao
Product : Fedora 42
Version : 2.4.4
Release : 1.fc42
URL : https://openbao.org
Summary : A tool for securely accessing secrets
Description :
Openbao secures, stores, and tightly controls access to tokens, passwords,
certificates, API keys, and other secrets in modern computing. Openbao handles
leasing, key revocation, key rolling, and auditing. Through a unified API, users
can access an encrypted Key/Value store and network encryption-as-a-service, or
generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH
credentials, and more.

--------------------------------------------------------------------------------
Update Information:

update to upstream 2.4.4, which fixed CVE-2025-64761
Adds hsm tag.
The fedora-42 build was done with golang-1.24.10 which fixed CVE-2025-58183.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 24 2025 Dave Dykstra - 2.4.4-1
- update to 2.4.4
* Tue Nov 18 2025 Dave Dykstra - 2.4.3-2
- add hsm build tag
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2412809 - CVE-2025-58183 openbao: Unbounded allocation when parsing GNU sparse map [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2412809
[ 2 ] Bug #2417145 - CVE-2025-64761 openbao: OpenBao Privileged Operator Identity Group Root Escalation [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417145
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6b2336ec55' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: rclone-1.72.0-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5f73919942
2025-12-03 01:05:22.296806+00:00
--------------------------------------------------------------------------------

Name : rclone
Product : Fedora 42
Version : 1.72.0
Release : 1.fc42
URL : https://github.com/rclone/rclone
Summary : Rsync for cloud storage
Description :
"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive,
Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex
Files.

--------------------------------------------------------------------------------
Update Information:

Update to 1.72.0
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 24 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.72.0-1
- Update to 1.72.0 - Closes rhbz#2397899
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 1.71.0-2
- rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2384131 - rclone: Host Header Injection in github.com/go-chi/chi [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2384131
[ 2 ] Bug #2398879 - CVE-2025-47910 rclone: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398879
[ 3 ] Bug #2399558 - CVE-2025-47906 rclone: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399558
[ 4 ] Bug #2408087 - CVE-2025-58189 rclone: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2408087
[ 5 ] Bug #2409557 - CVE-2025-61723 rclone: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2409557
[ 6 ] Bug #2410508 - CVE-2025-58185 rclone: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2410508
[ 7 ] Bug #2411406 - CVE-2025-58188 rclone: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2411406
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5f73919942' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 42 Update: restic-0.18.1-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-65fc438cba
2025-12-03 01:05:22.296763+00:00
--------------------------------------------------------------------------------

Name : restic
Product : Fedora 42
Version : 0.18.1
Release : 1.fc42
URL : https://github.com/restic/restic
Summary : Fast, secure, efficient backup program
Description :
Fast, secure, efficient backup program.

restic supports the following backends for storing backups natively:

* Local directory
* sftp server (via SSH)
* HTTP REST server (protocol, rest-server)
* Amazon S3 (either from Amazon or using the Minio server)
* OpenStack Swift
* BackBlaze B2
* Microsoft Azure Blob Storage
* Google Cloud Storage
* And many other services via the rclone Backend

--------------------------------------------------------------------------------
Update Information:

Update to 0.18.1
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 24 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 0.18.1-1
- Update to 0.18.1 - Closes rhbz#2397204 rhbz2416773
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 0.18.0-5
- rebuild
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 0.18.0-4
- Rebuild for golang-1.25.0
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.18.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2398882 - CVE-2025-47910 restic: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398882
[ 2 ] Bug #2399561 - CVE-2025-47906 restic: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399561
[ 3 ] Bug #2408090 - CVE-2025-58189 restic: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2408090
[ 4 ] Bug #2408687 - CVE-2025-61725 restic: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2408687
[ 5 ] Bug #2409560 - CVE-2025-61723 restic: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2409560
[ 6 ] Bug #2410511 - CVE-2025-58185 restic: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2410511
[ 7 ] Bug #2411409 - CVE-2025-58188 restic: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2411409
[ 8 ] Bug #2412816 - CVE-2025-58183 restic: Unbounded allocation when parsing GNU sparse map [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2412816
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-65fc438cba' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 42 Update: tigervnc-1.15.0-10.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f59b250c31
2025-12-03 01:05:22.296747+00:00
--------------------------------------------------------------------------------

Name : tigervnc
Product : Fedora 42
Version : 1.15.0
Release : 10.fc42
URL : http://www.tigervnc.com
Summary : A TigerVNC remote display system
Description :
Virtual Network Computing (VNC) is a remote display system which
allows you to view a computing 'desktop' environment not only on the
machine where it is running, but from anywhere on the Internet and
from a wide variety of machine architectures. This package contains a
client which will allow you to connect to other desktops running a VNC
server.

--------------------------------------------------------------------------------
Update Information:

Fix recent xorg-x11-server CVEs:
Fixes: CVE-2025-62229 CVE-2025-62230 CVE-2025-62231
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 24 2025 Jan Grulich [jgrulich@redhat.com] - 1.15.0-10
- Rebuild (xorg-x11-server)
Fixes: CVE-2025-62229 CVE-2025-62230 CVE-2025-62231
* Tue Nov 11 2025 Cristian Le [git@lecris.dev] - 1.15.0-9
- Allow to build with CMake 4.0 (rhbz#2381485)
* Wed Oct 15 2025 Dominik Mierzejewski [dominik@greysector.net] - 1.15.0-8
- Rebuilt for FFmpeg 8
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.15.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2375539 - CVE-2025-49180 tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2375539
[ 2 ] Bug #2375544 - CVE-2025-49179 tigervnc: Integer overflow in X Record extension [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2375544
[ 3 ] Bug #2375554 - CVE-2025-49176 tigervnc: Integer Overflow in Big Requests Extension [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2375554
[ 4 ] Bug #2375557 - CVE-2025-49175 tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2375557
[ 5 ] Bug #2375561 - CVE-2025-49177 tigervnc: Data Leak in XFIXES Extension's XFixesSetClientDisconnectMode [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2375561
[ 6 ] Bug #2375564 - CVE-2025-49178 tigervnc: Unprocessed Client Request Due to Bytes to Ignore [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2375564
[ 7 ] Bug #2407297 - CVE-2025-62231 tigervnc: Value overflow in XkbSetCompatMap() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2407297
[ 8 ] Bug #2407299 - CVE-2025-62230 tigervnc: Use-after-free in Xkb client resource removal [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2407299
[ 9 ] Bug #2407304 - CVE-2025-62229 tigervnc: Use-after-free in XPresentNotify structure creation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2407304
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f59b250c31' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: nextcloud-32.0.2-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f62aee4fe6
2025-12-03 01:05:22.296742+00:00
--------------------------------------------------------------------------------

Name : nextcloud
Product : Fedora 42
Version : 32.0.2
Release : 1.fc42
URL : http://nextcloud.com
Summary : Private file sync and share server
Description :
NextCloud gives you universal access to your files through a web interface or
WebDAV. It also provides a platform to easily view & sync your contacts,
calendars and bookmarks across all your devices and enables basic editing right
on the web. NextCloud is extendable via a simple but powerful API for
applications and plugins.

--------------------------------------------------------------------------------
Update Information:

32.0.2 release RHBZ#2416087 RHBZ#2415750 RHBZ#2415751 RHBZ#2415752 RHBZ#2415753
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 24 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 32.0.2-1
- 32.0.2 release RHBZ#2416087 RHBZ#2415750 RHBZ#2415751 RHBZ#2415752
RHBZ#2415753
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2415750 - CVE-2025-64500 nextcloud: Symfony HttpFoundation: Limited authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2415750
[ 2 ] Bug #2415751 - CVE-2025-64500 nextcloud: Symfony HttpFoundation: Limited authorization bypass [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2415751
[ 3 ] Bug #2415752 - CVE-2025-64500 nextcloud: Symfony HttpFoundation: Limited authorization bypass [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2415752
[ 4 ] Bug #2415753 - CVE-2025-64500 nextcloud: Symfony HttpFoundation: Limited authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2415753
[ 5 ] Bug #2416087 - nextcloud-32.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2416087
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f62aee4fe6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: openbao-2.4.4-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c7f4367479
2025-12-03 00:52:00.122620+00:00
--------------------------------------------------------------------------------

Name : openbao
Product : Fedora 43
Version : 2.4.4
Release : 1.fc43
URL : https://openbao.org
Summary : A tool for securely accessing secrets
Description :
Openbao secures, stores, and tightly controls access to tokens, passwords,
certificates, API keys, and other secrets in modern computing. Openbao handles
leasing, key revocation, key rolling, and auditing. Through a unified API, users
can access an encrypted Key/Value store and network encryption-as-a-service, or
generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH
credentials, and more.

--------------------------------------------------------------------------------
Update Information:

update to upstream 2.4.4, fixing CVE-2025-64761.
Adds hsm tag.
The fedora-43 build was done with golang-1.25.4 which fixed CVE-2025-58189,
CVE-2025-58188, CVE-2025-61725, CVE-2025-61723, CVE-2025-58185, and
CVE-2025-58183.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 24 2025 Dave Dykstra - 2.4.4-1
- update to 2.4.4
* Tue Nov 18 2025 Dave Dykstra - 2.4.3-2
- add hsm build tag
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2408334 - CVE-2025-58189 openbao: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408334
[ 2 ] Bug #2408737 - CVE-2025-61725 openbao: Excessive CPU consumption in ParseAddress in net/mail [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408737
[ 3 ] Bug #2409807 - CVE-2025-61723 openbao: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2409807
[ 4 ] Bug #2410757 - CVE-2025-58185 openbao: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2410757
[ 5 ] Bug #2411653 - CVE-2025-58188 openbao: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2411653
[ 6 ] Bug #2417146 - CVE-2025-64761 openbao: OpenBao Privileged Operator Identity Group Root Escalation [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417146
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c7f4367479' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: rclone-1.72.0-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5e299f890a
2025-12-03 00:52:00.122599+00:00
--------------------------------------------------------------------------------

Name : rclone
Product : Fedora 43
Version : 1.72.0
Release : 1.fc43
URL : https://github.com/rclone/rclone
Summary : Rsync for cloud storage
Description :
"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive,
Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex
Files.

--------------------------------------------------------------------------------
Update Information:

Update to 1.72.0
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 24 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.72.0-1
- Update to 1.72.0 - Closes rhbz#2397899
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 1.71.0-2
- rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2408342 - CVE-2025-58189 rclone: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408342
[ 2 ] Bug #2408741 - CVE-2025-61725 rclone: Excessive CPU consumption in ParseAddress in net/mail [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408741
[ 3 ] Bug #2409815 - CVE-2025-61723 rclone: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2409815
[ 4 ] Bug #2410765 - CVE-2025-58185 rclone: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2410765
[ 5 ] Bug #2411661 - CVE-2025-58188 rclone: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2411661
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5e299f890a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: restic-0.18.1-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-416c3b48b3
2025-12-03 00:52:00.122550+00:00
--------------------------------------------------------------------------------

Name : restic
Product : Fedora 43
Version : 0.18.1
Release : 1.fc43
URL : https://github.com/restic/restic
Summary : Fast, secure, efficient backup program
Description :
Fast, secure, efficient backup program.

restic supports the following backends for storing backups natively:

* Local directory
* sftp server (via SSH)
* HTTP REST server (protocol, rest-server)
* Amazon S3 (either from Amazon or using the Minio server)
* OpenStack Swift
* BackBlaze B2
* Microsoft Azure Blob Storage
* Google Cloud Storage
* And many other services via the rclone Backend

--------------------------------------------------------------------------------
Update Information:

Update to 0.18.1
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 24 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 0.18.1-1
- Update to 0.18.1 - Closes rhbz#2397204 rhbz2416773
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 0.18.0-5
- rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2408344 - CVE-2025-58189 restic: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408344
[ 2 ] Bug #2408743 - CVE-2025-61725 restic: Excessive CPU consumption in ParseAddress in net/mail [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408743
[ 3 ] Bug #2409817 - CVE-2025-61723 restic: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2409817
[ 4 ] Bug #2410767 - CVE-2025-58185 restic: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2410767
[ 5 ] Bug #2411663 - CVE-2025-58188 restic: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2411663
[ 6 ] Bug #2412599 - CVE-2025-58183 restic: Unbounded allocation when parsing GNU sparse map [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2412599
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-416c3b48b3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: forgejo-13.0.3-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-35fe65f08c
2025-12-03 00:52:00.122545+00:00
--------------------------------------------------------------------------------

Name : forgejo
Product : Fedora 43
Version : 13.0.3
Release : 1.fc43
URL : https://forgejo.org
Summary : A lightweight software forge
Description :
Forgejo (pronounced /for??d????e.jo/) is a lightweight software forge. Use it to
host git repositories, track their issues and allow people to contribute to
them!

--------------------------------------------------------------------------------
Update Information:

This is an upstream bug and security fix release. Please view the upstream
release notes for more details.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 24 2025 Nils Philippsen [nils@redhat.com] - 13.0.3-1
- Update to 13.0.3
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-35fe65f08c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: tigervnc-1.15.0-10.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e0c935675d
2025-12-03 00:52:00.122524+00:00
--------------------------------------------------------------------------------

Name : tigervnc
Product : Fedora 43
Version : 1.15.0
Release : 10.fc43
URL : http://www.tigervnc.com
Summary : A TigerVNC remote display system
Description :
Virtual Network Computing (VNC) is a remote display system which
allows you to view a computing 'desktop' environment not only on the
machine where it is running, but from anywhere on the Internet and
from a wide variety of machine architectures. This package contains a
client which will allow you to connect to other desktops running a VNC
server.

--------------------------------------------------------------------------------
Update Information:

Fix recent xorg-x11-server CVEs:
Fixes: CVE-2025-62229 CVE-2025-62230 CVE-2025-62231
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 24 2025 Jan Grulich [jgrulich@redhat.com] - 1.15.0-10
- Rebuild (xorg-x11-server)
Fixes: CVE-2025-62229 CVE-2025-62230 CVE-2025-62231
* Tue Nov 11 2025 Cristian Le [git@lecris.dev] - 1.15.0-9
- Allow to build with CMake 4.0 (rhbz#2381485)
* Wed Oct 15 2025 Dominik Mierzejewski [dominik@greysector.net] - 1.15.0-8
- Rebuilt for FFmpeg 8
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2375539 - CVE-2025-49180 tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2375539
[ 2 ] Bug #2375544 - CVE-2025-49179 tigervnc: Integer overflow in X Record extension [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2375544
[ 3 ] Bug #2375554 - CVE-2025-49176 tigervnc: Integer Overflow in Big Requests Extension [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2375554
[ 4 ] Bug #2375557 - CVE-2025-49175 tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2375557
[ 5 ] Bug #2375561 - CVE-2025-49177 tigervnc: Data Leak in XFIXES Extension's XFixesSetClientDisconnectMode [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2375561
[ 6 ] Bug #2375564 - CVE-2025-49178 tigervnc: Unprocessed Client Request Due to Bytes to Ignore [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2375564
[ 7 ] Bug #2407297 - CVE-2025-62231 tigervnc: Value overflow in XkbSetCompatMap() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2407297
[ 8 ] Bug #2407299 - CVE-2025-62230 tigervnc: Use-after-free in Xkb client resource removal [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2407299
[ 9 ] Bug #2407304 - CVE-2025-62229 tigervnc: Use-after-free in XPresentNotify structure creation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2407304
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e0c935675d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: nextcloud-32.0.2-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-84af4b9872
2025-12-03 00:52:00.122518+00:00
--------------------------------------------------------------------------------

Name : nextcloud
Product : Fedora 43
Version : 32.0.2
Release : 1.fc43
URL : http://nextcloud.com
Summary : Private file sync and share server
Description :
NextCloud gives you universal access to your files through a web interface or
WebDAV. It also provides a platform to easily view & sync your contacts,
calendars and bookmarks across all your devices and enables basic editing right
on the web. NextCloud is extendable via a simple but powerful API for
applications and plugins.

--------------------------------------------------------------------------------
Update Information:

32.0.2 release RHBZ#2416087 RHBZ#2415750 RHBZ#2415751 RHBZ#2415752 RHBZ#2415753
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 24 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 32.0.2-1
- 32.0.2 release RHBZ#2416087 RHBZ#2415750 RHBZ#2415751 RHBZ#2415752
RHBZ#2415753
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2415750 - CVE-2025-64500 nextcloud: Symfony HttpFoundation: Limited authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2415750
[ 2 ] Bug #2415751 - CVE-2025-64500 nextcloud: Symfony HttpFoundation: Limited authorization bypass [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2415751
[ 3 ] Bug #2415752 - CVE-2025-64500 nextcloud: Symfony HttpFoundation: Limited authorization bypass [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2415752
[ 4 ] Bug #2415753 - CVE-2025-64500 nextcloud: Symfony HttpFoundation: Limited authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2415753
[ 5 ] Bug #2416087 - nextcloud-32.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2416087
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-84af4b9872' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--


PHP 8.3.29 RC1 released

Expat, Kernel, Qt5-Q3d, OpenShift updates for RHEL

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...