Fedora has released security updates for various packages, including perl-JSON-XS, Firefox, and Kea. The Perl-JSON-XS update fixes a heap overflow vulnerability (CVE-2025-40928) that could cause crashes or information disclosure and also addresses an issue where invalid JSON texts were accepted as valid. The Firefox update is a new upstream release (143.0). The Kea update fixes a bug (CVE-2025-40779) that caused the Kea DHCP server to crash in certain situations.

Fedora 41 Update: perl-JSON-XS-4.04-1.fc41
Fedora 42 Update: firefox-143.0-1.fc42
Fedora 42 Update: perl-JSON-XS-4.04-1.fc42
Fedora 43 Update: perl-JSON-XS-4.04-1.fc43
Fedora 43 Update: kea-3.0.1-1.fc43

[SECURITY] Fedora 41 Update: perl-JSON-XS-4.04-1.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-86573bd5d5
2025-09-17 01:24:26.942291+00:00
--------------------------------------------------------------------------------

Name : perl-JSON-XS
Product : Fedora 41
Version : 4.04
Release : 1.fc41
URL : https://metacpan.org/release/JSON-XS
Summary : JSON serializing/de-serializing, done correctly and fast
Description :
This module converts Perl data structures to JSON and vice versa. Its
primary goal is to be correct and its secondary goal is to be fast. To
reach the latter goal it was written in C.

--------------------------------------------------------------------------------
Update Information:

This update updates perl-JSON-XS 4.04. This version fixes heap overflow causing
crashes, possibly information disclosure or worse (CVE-2025-40928) and causes
JSON::XS to accept invalid JSON texts as valid in some cases.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Sep 8 2025 Emmanuel Seyman [emmanuel@seyman.fr] - 1:4.04-1
- Update to 4.04
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2393913 - CVE-2025-40928 perl-JSON-XS: integer buffer overflow causing a segfault when parsing crafted JSON [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2393913
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-86573bd5d5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: firefox-143.0-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-4dca10ca2c
2025-09-17 00:56:08.077719+00:00
--------------------------------------------------------------------------------

Name : firefox
Product : Fedora 42
Version : 143.0
Release : 1.fc42
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

New upstream release (143.0)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 10 2025 Martin Stransky [stransky@redhat.com] - 143.0-1
- Updated to 143.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-4dca10ca2c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: perl-JSON-XS-4.04-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-53273e282c
2025-09-17 00:56:08.077711+00:00
--------------------------------------------------------------------------------

Name : perl-JSON-XS
Product : Fedora 42
Version : 4.04
Release : 1.fc42
URL : https://metacpan.org/release/JSON-XS
Summary : JSON serializing/de-serializing, done correctly and fast
Description :
This module converts Perl data structures to JSON and vice versa. Its
primary goal is to be correct and its secondary goal is to be fast. To
reach the latter goal it was written in C.

--------------------------------------------------------------------------------
Update Information:

This update updates perl-JSON-XS 4.04. This version fixes heap overflow causing
crashes, possibly information disclosure or worse (CVE-2025-40928) and causes
JSON::XS to accept invalid JSON texts as valid in some cases.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Sep 8 2025 Emmanuel Seyman [emmanuel@seyman.fr] - 1:4.04-1
- Update to 4.04
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2393914 - CVE-2025-40928 perl-JSON-XS: integer buffer overflow causing a segfault when parsing crafted JSON [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2393914
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-53273e282c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: perl-JSON-XS-4.04-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8b24ea25bb
2025-09-17 00:15:09.617289+00:00
--------------------------------------------------------------------------------

Name : perl-JSON-XS
Product : Fedora 43
Version : 4.04
Release : 1.fc43
URL : https://metacpan.org/release/JSON-XS
Summary : JSON serializing/de-serializing, done correctly and fast
Description :
This module converts Perl data structures to JSON and vice versa. Its
primary goal is to be correct and its secondary goal is to be fast. To
reach the latter goal it was written in C.

--------------------------------------------------------------------------------
Update Information:

This update updates perl-JSON-XS 4.04. This version fixes heap overflow causing
crashes, possibly information disclosure or worse (CVE-2025-40928) and causes
JSON::XS to accept invalid JSON texts as valid in some cases.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Sep 8 2025 Emmanuel Seyman [emmanuel@seyman.fr] - 1:4.04-1
- Update to 4.04
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8b24ea25bb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: kea-3.0.1-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9ead6bf29b
2025-09-17 00:15:09.617128+00:00
--------------------------------------------------------------------------------

Name : kea
Product : Fedora 43
Version : 3.0.1
Release : 1.fc43
URL : http://kea.isc.org
Summary : DHCPv4, DHCPv6 and DDNS server from ISC
Description :
DHCP implementation from Internet Systems Consortium, Inc. that features fully
functional DHCPv4, DHCPv6 and Dynamic DNS servers.
Both DHCP servers fully support server discovery, address assignment, renewal,
rebinding and release. The DHCPv6 server supports prefix delegation. Both
servers support DNS Update mechanism, using stand-alone DDNS daemon.

--------------------------------------------------------------------------------
Update Information:

New version 3.0.1 (rhbz#2391289)
Fixes CVE-2025-40779 (rhbz#2391373)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 29 2025 Martin Osvald [mosvald@redhat.com] - 3.0.1-1
- New version 3.0.1 (rhbz#2391289)
- Fixes CVE-2025-40779 (rhbz#2391373)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2391373 - CVE-2025-40779 kea: Kea crash upon interaction between specific client options and subnet selection
https://bugzilla.redhat.com/show_bug.cgi?id=2391373
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9ead6bf29b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--