Python-Django, CUPS, Brotli, and more updates for Fedora

Fedora Linux 9188 Published by

Several security updates have been released for Fedora Linux, including improvements to Python and Golang packages. Updates were also made to packages such as cups, brotli, vips, and NetworkManager to enhance security. Additionally, updates were pushed to Fedora 43 for packages like nebula, golang-github-facebook-time, and python-django5. The latest Fedora 42 and 43 update list includes a range of security improvements across various software packages.

Fedora 42 Update: python-django4.2-4.2.27-1.fc42
Fedora 42 Update: python-django5-5.2.9-1.fc42
Fedora 42 Update: golang-github-facebook-time-0^20251216git61f7510-2.fc42
Fedora 42 Update: perl-Alien-Brotli-0.2.2-11.fc42
Fedora 42 Update: cups-2.4.16-4.fc42
Fedora 42 Update: brotli-1.2.0-1.fc42
Fedora 42 Update: vips-8.17.3-1.fc42
Fedora 43 Update: nebula-1.10.0-2.fc43
Fedora 43 Update: golang-github-facebook-time-0^20251216git61f7510-2.fc43
Fedora 43 Update: NetworkManager-1.54.3-2.fc43
Fedora 43 Update: python-django5-5.2.9-1.fc43
Fedora 43 Update: vips-8.17.3-1.fc43




[SECURITY] Fedora 42 Update: python-django4.2-4.2.27-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b1379d950d
2025-12-18 01:10:20.380908+00:00
--------------------------------------------------------------------------------

Name : python-django4.2
Product : Fedora 42
Version : 4.2.27
Release : 1.fc42
URL : https://www.djangoproject.com/
Summary : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.

--------------------------------------------------------------------------------
Update Information:

Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases
on PostgreSQL
Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML
Deserializer
Fixes CVE-2025-64459: Potential SQL injection via _connector keyword
argument (4.2.26)
Fixes CVE-2025-59681: Potential SQL injection in QuerySet.annotate(),
alias(), aggregate(), and extra() on MySQL and MariaDB (4.2.25)
Fixes CVE-2025-59682: Potential partial directory-traversal via
archive.extract() (4.2.25)
Fixes CVE-2025-57833: Potential SQL injection in FilteredRelation column
aliases (4.2.24)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 9 2025 Michel Lind [salimma@fedoraproject.org] - 4.2.27-1
- Update to version 4.2.27
- Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column
aliases on PostgreSQL
- Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML
Deserializer
- Fixes CVE-2025-64459: Potential SQL injection via _connector keyword
argument (4.2.26)
- Fixes CVE-2025-59681: Potential SQL injection in QuerySet.annotate(),
alias(), aggregate(), and extra() on MySQL and MariaDB (4.2.25)
- Fixes CVE-2025-59682: Potential partial directory-traversal via
archive.extract() (4.2.25)
- Fixes CVE-2025-57833: Potential SQL injection in FilteredRelation column
aliases (4.2.24)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2393806 - CVE-2025-57833 python-django4.2: Django SQL injection in FilteredRelation column aliases [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2393806
[ 2 ] Bug #2416117 - CVE-2025-59681 python-django4.2: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB1 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2416117
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b1379d950d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: python-django5-5.2.9-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-45ee190318
2025-12-18 01:10:20.380901+00:00
--------------------------------------------------------------------------------

Name : python-django5
Product : Fedora 42
Version : 5.2.9
Release : 1.fc42
URL : https://www.djangoproject.com/
Summary : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.

--------------------------------------------------------------------------------
Update Information:

Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases
on PostgreSQL
Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML
Deserializer
Fixes CVE-2025-64459: Potential SQL injection via _connector keyword argument
(5.2.8)
Fixes CVE-2025-59681: Potential SQL injection in QuerySet.annotate(),
alias(), aggregate(), and extra() on MySQL and MariaDB (5.2.7)
Fixes CVE-2025-59682: Potential partial directory-traversal via
archive.extract() (5.2.7)
Fixes CVE-2025-57833: Potential SQL injection in FilteredRelation
column aliases (5.2.6)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 8 2025 Michel Lind [salimma@fedoraproject.org] - 5.2.9-1
- Update to version 5.2.9
- Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column
aliases on PostgreSQL
- Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML
Deserializer
- Fixes CVE-2025-64459: Potential SQL injection via _connector keyword
argument (5.2.8)
- Fixes CVE-2025-59681: Potential SQL injection in QuerySet.annotate(),
alias(), aggregate(), and extra() on MySQL and MariaDB (5.2.7)
- Fixes CVE-2025-59682: Potential partial directory-traversal via
archive.extract() (5.2.7)
- Fixes CVE-2025-57833: Potential SQL injection in FilteredRelation column
aliases (5.2.6)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2393807 - CVE-2025-57833 python-django5: Django SQL injection in FilteredRelation column aliases [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2393807
[ 2 ] Bug #2416118 - CVE-2025-59681 python-django5: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB1 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2416118
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-45ee190318' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: golang-github-facebook-time-0^20251216git61f7510-2.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b8d9bd75d2
2025-12-18 01:10:20.380965+00:00
--------------------------------------------------------------------------------

Name : golang-github-facebook-time
Product : Fedora 42
Version : 0^20251216git61f7510
Release : 2.fc42
URL : https://github.com/facebook/time
Summary : Meta's Time libraries
Description :
Meta's Time libraries.

--------------------------------------------------------------------------------
Update Information:

Update logrus for https://access.redhat.com/security/cve/cve-2025-65637
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 16 2025 Michel Lind [salimma@fedoraproject.org] - 0^20251216git61f7510-2
- Generate and upload new vendor tarball
* Tue Dec 16 2025 Oleg Obleukhov [leoleovich@fedoraproject.org] - 0^20251216git61f7510-1
- Build latest
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b8d9bd75d2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: perl-Alien-Brotli-0.2.2-11.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9e233a4e22
2025-12-18 01:10:20.380939+00:00
--------------------------------------------------------------------------------

Name : perl-Alien-Brotli
Product : Fedora 42
Version : 0.2.2
Release : 11.fc42
URL : http://metacpan.org/dist/Alien-Brotli
Summary : Find and install the Brotli compressor
Description :
This distribution installs the brotli compressor, so that it can be used by
other distributions, and provides a way to find the executable.

--------------------------------------------------------------------------------
Update Information:

Update brotli to 1.2.0.
This update provides the necessary Python APIs in python3-brotli to fix denial-
of-service security issues related to ???decompression bombs,??? such as
CVE-2025-66471 or CVE-2025-6176, but actually fixing them would require separate
updates in affected packages.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 10 2025 Miro Hron??ok [mhroncok@redhat.com] - 0.2.2-11
- Rebuilt for brotli 1.2.0
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.2.2-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2419491 - CVE-2025-6176 brotli: Brotli decompression bomb DoS in scrapy/scrapy [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2419491
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9e233a4e22' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 42 Update: cups-2.4.16-4.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c09b980696
2025-12-18 01:10:20.380944+00:00
--------------------------------------------------------------------------------

Name : cups
Product : Fedora 42
Version : 2.4.16
Release : 4.fc42
URL : https://openprinting.github.io/cups/
Summary : CUPS printing system
Description :
CUPS printing system provides a portable printing layer for
UNIX?? operating systems. It has been developed by Apple Inc.
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

--------------------------------------------------------------------------------
Update Information:

fix possible issue reported by OSH
2.4.16 (fedora#2417970)
rebuild due binutils bug (fedora#2418285)
fix division by zero crash in pstops (fedora#2415396)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec 12 2025 Zdenek Dohnal [zdohnal@redhat.com] - 1:2.4.16-4
- fix possible issue reported by OSH
* Fri Dec 5 2025 Zdenek Dohnal [zdohnal@redhat.com] - 1:2.4.16-3
- rebuilt without reverted commit (upgrade script for PeerCred is not needed)
* Thu Dec 4 2025 Zdenek Dohnal [zdohnal@redhat.com] - 1:2.4.16-1
- 2.4.16 (fedora#2417970)
- rebuild due binutils bug (fedora#2418285)
- fix division by zero crash in pstops (fedora#2415396)
* Fri Nov 28 2025 Zdenek Dohnal [zdohnal@redhat.com] - 1:2.4.15-1
- 2.4.15 - fixes for CVE-2025-61915 and CVE-2025-58436
* Fri Nov 28 2025 Than Ngo [than@redhat.com] - 1:2.4.14-4
- Rebuilt with new binutils in rawhide due to rhbz#2415824
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2420911 - CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2420911
[ 2 ] Bug #2420913 - CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2420913
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c09b980696' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 42 Update: brotli-1.2.0-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9e233a4e22
2025-12-18 01:10:20.380939+00:00
--------------------------------------------------------------------------------

Name : brotli
Product : Fedora 42
Version : 1.2.0
Release : 1.fc42
URL : https://github.com/google/brotli
Summary : Lossless compression algorithm
Description :
Brotli is a generic-purpose lossless compression algorithm that compresses data
using a combination of a modern variant of the LZ77 algorithm, Huffman coding
and 2nd order context modeling, with a compression ratio comparable to the best
currently available general-purpose compression methods. It is similar in speed
with deflate but offers more dense compression.

--------------------------------------------------------------------------------
Update Information:

Update brotli to 1.2.0.
This update provides the necessary Python APIs in python3-brotli to fix denial-
of-service security issues related to ???decompression bombs,??? such as
CVE-2025-66471 or CVE-2025-6176, but actually fixing them would require separate
updates in affected packages.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 8 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.2.0-1
- Update to 1.2.0 (close RHBZ#2401888)
- Stop trying to support EPEL7, which is end-of-life
- Port to pyproject-rpm-macros (close RHBZ#2377212)
- Test the Python extension
* Fri Sep 19 2025 Python Maint - 1.1.0-10
- Rebuilt for Python 3.14.0rc3 bytecode
* Fri Aug 15 2025 Python Maint - 1.1.0-9
- Rebuilt for Python 3.14.0rc2 bytecode
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.1.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jun 2 2025 Python Maint - 1.1.0-7
- Rebuilt for Python 3.14
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2419491 - CVE-2025-6176 brotli: Brotli decompression bomb DoS in scrapy/scrapy [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2419491
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9e233a4e22' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 42 Update: vips-8.17.3-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-107641b428
2025-12-18 01:10:20.380850+00:00
--------------------------------------------------------------------------------

Name : vips
Product : Fedora 42
Version : 8.17.3
Release : 1.fc42
URL : https://www.libvips.org/
Summary : C/C++ library for processing large images
Description :
VIPS is an image processing library. It is good for very large images
(even larger than the amount of RAM in your machine), and for working
with color.

This package should be installed if you want to use a program compiled
against VIPS.

--------------------------------------------------------------------------------
Update Information:

New version of vips.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 9 2025 Adam Goode [adam@spicenitz.org] - 8.17.3-1
- Include missing changes for latest release
* Tue Dec 9 2025 Adam Goode [adam@spicenitz.org] - 8.17.2-2
- Update to vips 8.17.3
* Fri Sep 19 2025 Kleis Auke Wolthuizen [fedora@kleisauke.nl] - 8.17.2-1
- Update to 8.17.2
* Tue Sep 9 2025 Sandro Mani [manisandro@gmail.com] - 8.17.1-3
- Rebuild (libimagequant)
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 8.17.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jul 7 2025 Kleis Auke Wolthuizen [fedora@kleisauke.nl] - 8.17.1-1
- Update to 8.17.1
- Resolves: rhbz#2351373
- Migrate API documentation to gi-docgen
- Drop dependency on python3-cairo (due to vipsprofile removal)
* Sat May 24 2025 Kleis Auke Wolthuizen [fedora@kleisauke.nl] - 8.16.1-2
- Build vips-doc package as noarch
* Tue Apr 8 2025 Kleis Auke Wolthuizen [fedora@kleisauke.nl] - 8.16.1-1
- Update to 8.16.1
- Drop patch merged upstream
- Refresh descriptions for vips-devel and vips-doc
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2401081 - CVE-2025-59933 vips: libvips Buffer Over-Read [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2401081
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-107641b428' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: nebula-1.10.0-2.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-bf07d21f3e
2025-12-18 00:56:48.059022+00:00
--------------------------------------------------------------------------------

Name : nebula
Product : Fedora 43
Version : 1.10.0
Release : 2.fc43
URL : https://github.com/slackhq/nebula
Summary : A scalable overlay networking tool with a focus on performance, simplicity and security
Description :
A scalable overlay networking tool with a focus on performance, simplicity and
security.

--------------------------------------------------------------------------------
Update Information:

Upstream update
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 9 2025 Fabio Alessandro Locati [mail@fale.io] - 1.10.0-2
- Fix s390x tests
* Tue Dec 9 2025 Fabio Alessandro Locati [mail@fale.io] - 1.10.0-1
- Update to 1.10.0
* Sun Oct 12 2025 Maxwell G [maxwell@gtmx.me] - 1.9.7-2
- Rebuild for golang 1.25.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2408329 - CVE-2025-58189 nebula: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408329
[ 2 ] Bug #2409802 - CVE-2025-61723 nebula: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2409802
[ 3 ] Bug #2410752 - CVE-2025-58185 nebula: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2410752
[ 4 ] Bug #2411648 - CVE-2025-58188 nebula: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2411648
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-bf07d21f3e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: golang-github-facebook-time-0^20251216git61f7510-2.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6e8c819299
2025-12-18 00:56:48.059139+00:00
--------------------------------------------------------------------------------

Name : golang-github-facebook-time
Product : Fedora 43
Version : 0^20251216git61f7510
Release : 2.fc43
URL : https://github.com/facebook/time
Summary : Meta's Time libraries
Description :
Meta's Time libraries.

--------------------------------------------------------------------------------
Update Information:

Update logrus for https://access.redhat.com/security/cve/cve-2025-65637
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 16 2025 Michel Lind [salimma@fedoraproject.org] - 0^20251216git61f7510-2
- Generate and upload new vendor tarball
* Tue Dec 16 2025 Oleg Obleukhov [leoleovich@fedoraproject.org] - 0^20251216git61f7510-1
- Build latest
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6e8c819299' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: NetworkManager-1.54.3-2.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ceeda3c40d
2025-12-18 00:56:48.059114+00:00
--------------------------------------------------------------------------------

Name : NetworkManager
Product : Fedora 43
Version : 1.54.3
Release : 2.fc43
URL : https://networkmanager.dev/
Summary : Network connection manager and user applications
Description :
NetworkManager is a system service that manages network interfaces and
connections based on user or automatic configuration. It supports
Ethernet, Bridge, Bond, VLAN, Team, InfiniBand, Wi-Fi, mobile broadband
(WWAN), PPPoE and other devices, and supports a variety of different VPN
services.

--------------------------------------------------------------------------------
Update Information:

Update to 1.54.3 Partially fixes CVE-2025-9615. To protect totally from it, see:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-
/merge_requests/2325.
Update to 1.54.3
Partially fixes CVE-2025-9615. To protect totally from it, see:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-
/merge_requests/2325.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 16 2025 Cristian Le [git@lecris.dev] - 1:1.54.3-2
- Convert STI tests to TMT (rhbz#2382851)
* Mon Dec 15 2025 ????igo Huguet [ihuguet@redhat.com] - 1:1.54.3-1
- Update to 1.54.3
- Partially fixes CVE-2025-9615. To protect totally from it, see:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2325.
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ceeda3c40d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: python-django5-5.2.9-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-24dfd3b072
2025-12-18 00:56:48.059069+00:00
--------------------------------------------------------------------------------

Name : python-django5
Product : Fedora 43
Version : 5.2.9
Release : 1.fc43
URL : https://www.djangoproject.com/
Summary : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.

--------------------------------------------------------------------------------
Update Information:

Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases
on PostgreSQL
Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML
Deserializer
Fixes CVE-2025-64459: Potential SQL injection via _connector keyword argument
(5.2.8)
Fixes CVE-2025-59681: Potential SQL injection in QuerySet.annotate(),
alias(), aggregate(), and extra() on MySQL and MariaDB (5.2.7)
Fixes CVE-2025-59682: Potential partial directory-traversal via
archive.extract() (5.2.7)
Fixes CVE-2025-57833: Potential SQL injection in FilteredRelation
column aliases (5.2.6)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 8 2025 Michel Lind [salimma@fedoraproject.org] - 5.2.9-1
- Update to version 5.2.9
- Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column
aliases on PostgreSQL
- Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML
Deserializer
- Fixes CVE-2025-64459: Potential SQL injection via _connector keyword
argument (5.2.8)
- Fixes CVE-2025-59681: Potential SQL injection in QuerySet.annotate(),
alias(), aggregate(), and extra() on MySQL and MariaDB (5.2.7)
- Fixes CVE-2025-59682: Potential partial directory-traversal via
archive.extract() (5.2.7)
- Fixes CVE-2025-57833: Potential SQL injection in FilteredRelation column
aliases (5.2.6)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-24dfd3b072' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: vips-8.17.3-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d9707059b7
2025-12-18 00:56:48.059006+00:00
--------------------------------------------------------------------------------

Name : vips
Product : Fedora 43
Version : 8.17.3
Release : 1.fc43
URL : https://www.libvips.org/
Summary : C/C++ library for processing large images
Description :
VIPS is an image processing library. It is good for very large images
(even larger than the amount of RAM in your machine), and for working
with color.

This package should be installed if you want to use a program compiled
against VIPS.

--------------------------------------------------------------------------------
Update Information:

New version of vips.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 9 2025 Adam Goode [adam@spicenitz.org] - 8.17.3-1
- Include missing changes for latest release
* Tue Dec 9 2025 Adam Goode [adam@spicenitz.org] - 8.17.2-2
- Update to vips 8.17.3
* Fri Sep 19 2025 Kleis Auke Wolthuizen [fedora@kleisauke.nl] - 8.17.2-1
- Update to 8.17.2
* Tue Sep 9 2025 Sandro Mani [manisandro@gmail.com] - 8.17.1-3
- Rebuild (libimagequant)
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 8.17.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jul 7 2025 Kleis Auke Wolthuizen [fedora@kleisauke.nl] - 8.17.1-1
- Update to 8.17.1
- Resolves: rhbz#2351373
- Migrate API documentation to gi-docgen
- Drop dependency on python3-cairo (due to vipsprofile removal)
* Sat May 24 2025 Kleis Auke Wolthuizen [fedora@kleisauke.nl] - 8.16.1-2
- Build vips-doc package as noarch
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2401081 - CVE-2025-59933 vips: libvips Buffer Over-Read [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2401081
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d9707059b7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--


Exim 4.99.1 released

Webkit2GTK, Kernel, OpenSSH, and more updates for RHEL

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...