Fedora 42 Update: retroarch-1.22.0-1.fc42
Fedora 42 Update: roundcubemail-1.6.12-1.fc42
Fedora 42 Update: httpd-2.4.66-1.fc42
Fedora 43 Update: roundcubemail-1.6.12-1.fc43
Fedora 43 Update: retroarch-1.22.0-1.fc43
[SECURITY] Fedora 42 Update: retroarch-1.22.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-dda924d757
2025-12-25 01:07:31.597205+00:00
--------------------------------------------------------------------------------
Name : retroarch
Product : Fedora 42
Version : 1.22.0
Release : 1.fc42
URL : https://www.libretro.com/
Summary : Cross-platform, sophisticated frontend for the libretro API.
Description :
libretro is an API that exposes generic audio/video/input callbacks. A frontend
for libretro (such as RetroArch) handles video output, audio output, input and
application lifecycle. A libretro core written in portable C or C++ can run
seamlessly on many platforms with very little to no porting effort.
While RetroArch is the reference frontend for libretro, several other projects
have used the libretro interface to include support for emulators and/or game
engines. libretro is completely open and free for anyone to use.
For how to download and install more libretro cores please read included
README.fedora.md file.
--------------------------------------------------------------------------------
Update Information:
Update to 1.22.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 18 2025 Artem Polishchuk [ego.cordatus@gmail.com] - 1.22.0-1
- Update to 1.22.0
* Thu Nov 6 2025 Dominik 'Rathann' Mierzejewski [dominik@greysector.net] - 1.19.0-15
- Fixed build with FFmpeg 8
* Wed Oct 15 2025 Dominik 'Rathann' Mierzejewski [dominik@greysector.net] - 1.19.0-14
- Rebuilt for FFmpeg 8
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.19.0-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue May 27 2025 Jitka Plesnikova [jplesnik@redhat.com] - 1.19.0-12
- Rebuilt for flac 1.5.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2290413 - retroarch-1.22.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2290413
[ 2 ] Bug #2381834 - CVE-2025-53817 retroarch: 7-Zip Null pointer array write [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2381834
[ 3 ] Bug #2381837 - CVE-2025-53816 retroarch: 7-Zip heap buffer overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2381837
[ 4 ] Bug #2387650 - CVE-2025-55188 retroarch: 7-Zip Symbolic Link Extraction Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2387650
[ 5 ] Bug #2389431 - CVE-2025-9136 retroarch: libretro RetroArch file_stream.c filestream_vscanf out-of-bounds [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2389431
[ 6 ] Bug #2415383 - Broken AppStream metadata
https://bugzilla.redhat.com/show_bug.cgi?id=2415383
[ 7 ] Bug #2418241 - CVE-2025-11001 retroarch: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2418241
[ 8 ] Bug #2418245 - CVE-2025-11001 retroarch: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2418245
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-dda924d757' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: roundcubemail-1.6.12-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-fec36f9eaf
2025-12-25 01:07:31.597155+00:00
--------------------------------------------------------------------------------
Name : roundcubemail
Product : Fedora 42
Version : 1.6.12
Release : 1.fc42
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.
--------------------------------------------------------------------------------
Update Information:
Release 1.6.12
Support IPv6 in database DSN (#9937)
Don't force specific error_reporting setting
Fix compatibility with PHP 8.5 regarding array_first()
Remove X-XSS-Protection example from .htaccess file (#9875)
Fix "Assign to group" action state after creation of a first group (#9889)
Fix bug where contacts search would fail if contactlist_fields contained vcard
fields (#9850)
Fix bug where an mbox export file could include inconsistent message delimiters
(#9879)
Fix parsing of inline styles that aren't well-formatted (#9948)
Fix Cross-Site-Scripting vulnerability via SVG's animate tag
Fix Information Disclosure vulnerability in the HTML style sanitizer
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 15 2025 Remi Collet [remi@remirepo.net] - 1.6.12-1
- update to 1.6.12
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2423518 - CVE-2025-68461 roundcubemail: Roundcube Webmail: Cross-Site Scripting (XSS) vulnerability via crafted SVG animate tag [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2423518
[ 2 ] Bug #2423530 - CVE-2025-68460 roundcubemail: Roundcube Webmail: Information Disclosure via HTML Style Sanitizer [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2423530
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-fec36f9eaf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: httpd-2.4.66-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f7c75ffee2
2025-12-25 01:07:31.597147+00:00
--------------------------------------------------------------------------------
Name : httpd
Product : Fedora 42
Version : 2.4.66
Release : 1.fc42
URL : https://httpd.apache.org/
Summary : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
--------------------------------------------------------------------------------
Update Information:
version update
security update
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 9 2025 Lubo?? Uhliarik [luhliari@redhat.com] - 2.4.66-1
- new version 2.4.66
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2419768 - httpd-2.4.66 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2419768
[ 2 ] Bug #2420206 - CVE-2025-58098 httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2420206
[ 3 ] Bug #2420207 - CVE-2025-58098 httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2420207
[ 4 ] Bug #2420208 - CVE-2025-66200 httpd: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2420208
[ 5 ] Bug #2420209 - CVE-2025-66200 httpd: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2420209
[ 6 ] Bug #2420214 - CVE-2025-65082 httpd: Apache HTTP Server: CGI environment variable override [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2420214
[ 7 ] Bug #2420215 - CVE-2025-65082 httpd: Apache HTTP Server: CGI environment variable override [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2420215
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f7c75ffee2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: roundcubemail-1.6.12-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-58eb59741f
2025-12-25 00:52:05.391338+00:00
--------------------------------------------------------------------------------
Name : roundcubemail
Product : Fedora 43
Version : 1.6.12
Release : 1.fc43
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.
--------------------------------------------------------------------------------
Update Information:
Release 1.6.12
Support IPv6 in database DSN (#9937)
Don't force specific error_reporting setting
Fix compatibility with PHP 8.5 regarding array_first()
Remove X-XSS-Protection example from .htaccess file (#9875)
Fix "Assign to group" action state after creation of a first group (#9889)
Fix bug where contacts search would fail if contactlist_fields contained vcard
fields (#9850)
Fix bug where an mbox export file could include inconsistent message delimiters
(#9879)
Fix parsing of inline styles that aren't well-formatted (#9948)
Fix Cross-Site-Scripting vulnerability via SVG's animate tag
Fix Information Disclosure vulnerability in the HTML style sanitizer
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 15 2025 Remi Collet [remi@remirepo.net] - 1.6.12-1
- update to 1.6.12
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2423517 - CVE-2025-68461 roundcubemail: Roundcube Webmail: Cross-Site Scripting (XSS) vulnerability via crafted SVG animate tag [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2423517
[ 2 ] Bug #2423531 - CVE-2025-68460 roundcubemail: Roundcube Webmail: Information Disclosure via HTML Style Sanitizer [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2423531
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-58eb59741f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: retroarch-1.22.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6e0627440a
2025-12-25 00:52:05.391393+00:00
--------------------------------------------------------------------------------
Name : retroarch
Product : Fedora 43
Version : 1.22.0
Release : 1.fc43
URL : https://www.libretro.com/
Summary : Cross-platform, sophisticated frontend for the libretro API.
Description :
libretro is an API that exposes generic audio/video/input callbacks. A frontend
for libretro (such as RetroArch) handles video output, audio output, input and
application lifecycle. A libretro core written in portable C or C++ can run
seamlessly on many platforms with very little to no porting effort.
While RetroArch is the reference frontend for libretro, several other projects
have used the libretro interface to include support for emulators and/or game
engines. libretro is completely open and free for anyone to use.
For how to download and install more libretro cores please read included
README.fedora.md file.
--------------------------------------------------------------------------------
Update Information:
Update to 1.22.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 18 2025 Artem Polishchuk [ego.cordatus@gmail.com] - 1.22.0-1
- Update to 1.22.0
* Thu Nov 6 2025 Dominik 'Rathann' Mierzejewski [dominik@greysector.net] - 1.19.0-15
- Fixed build with FFmpeg 8
* Wed Oct 15 2025 Dominik 'Rathann' Mierzejewski [dominik@greysector.net] - 1.19.0-14
- Rebuilt for FFmpeg 8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2290413 - retroarch-1.22.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2290413
[ 2 ] Bug #2381834 - CVE-2025-53817 retroarch: 7-Zip Null pointer array write [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2381834
[ 3 ] Bug #2381837 - CVE-2025-53816 retroarch: 7-Zip heap buffer overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2381837
[ 4 ] Bug #2387650 - CVE-2025-55188 retroarch: 7-Zip Symbolic Link Extraction Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2387650
[ 5 ] Bug #2389431 - CVE-2025-9136 retroarch: libretro RetroArch file_stream.c filestream_vscanf out-of-bounds [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2389431
[ 6 ] Bug #2415383 - Broken AppStream metadata
https://bugzilla.redhat.com/show_bug.cgi?id=2415383
[ 7 ] Bug #2418241 - CVE-2025-11001 retroarch: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2418241
[ 8 ] Bug #2418245 - CVE-2025-11001 retroarch: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2418245
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6e0627440a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
