Fedora 43 and Fedora 41 have received security updates. For Fedora 43, the update addresses CVE-2025-5455 in the qt5-qtbase package, which could cause a denial-of-service attack due to an assertion failure in QtCore. For Fedora 41, the update upgrades Ruby from version 3.3.9 to 3.3.10 and fixes CVE-2025-58767, a denial-of-service vulnerability in REXML.

Fedora 43 Update: qt5-qtbase-5.15.17-6.fc43
Fedora 41 Update: ruby-3.3.10-21.fc41

[SECURITY] Fedora 43 Update: qt5-qtbase-5.15.17-6.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9a46af550f
2025-11-01 17:09:09.314012+00:00
--------------------------------------------------------------------------------

Name : qt5-qtbase
Product : Fedora 43
Version : 5.15.17
Release : 6.fc43
URL : http://qt-project.org/
Summary : Qt5 - QtBase components
Description :
Qt is a software toolkit for developing applications.

This package contains base tools, like string, xml, and network
handling.

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2025-5455 - QtCore Assertion Failure Denial of Service
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 22 2025 Than Ngo [than@redhat.com] - 5.15.17-6
- Fix CVE-2025-5455, qt5-qtbase: QtCore Assertion Failure Denial of Service
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2369868 - CVE-2025-5455 qt5-qtbase: QtCore Assertion Failure Denial of Service [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2369868
[ 2 ] Bug #2369869 - CVE-2025-5455 qt5-qtbase: QtCore Assertion Failure Denial of Service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2369869
[ 3 ] Bug #2405076 - CVE-2025-5455 qt5-qtbase: QtCore Assertion Failure Denial of Service [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405076
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9a46af550f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 41 Update: ruby-3.3.10-21.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b10099f608
2025-11-02 00:57:26.934201+00:00
--------------------------------------------------------------------------------

Name : ruby
Product : Fedora 41
Version : 3.3.10
Release : 21.fc41
URL : https://www.ruby-lang.org/
Summary : An interpreter of object-oriented scripting language
Description :
Ruby is the interpreted scripting language for quick and easy
object-oriented programming. It has many features to process text
files and to do system management tasks (as in Perl). It is simple,
straight-forward, and extensible.

--------------------------------------------------------------------------------
Update Information:

Upgrade to Ruby 3.3.10.
CVE-2025-58767 ruby: REXML denial of service (rhbz#2396203)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 23 2025 V??t Ondruch [vondruch@redhat.com] - 3.3.9-21
- Upgrade to Ruby 3.3.10.
- CVE-2025-58767 ruby: REXML denial of service.
Resovles: rhbz#2396203
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2396186 - CVE-2025-58767 rexml: REXML denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=2396186
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b10099f608' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------