Fedora 42 Update: thunderbird-128.10.1-1.fc42
Fedora 42 Update: openssh-9.9p1-11.fc42
Fedora 42 Update: yelp-42.2-9.fc42
Fedora 42 Update: yelp-xsl-42.1-7.fc42
Fedora 41 Update: perl-Mojolicious-9.39-1.fc41
[SECURITY] Fedora 42 Update: thunderbird-128.10.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1dc1cd5a87
2025-05-21 02:16:05.620481+00:00
--------------------------------------------------------------------------------
Name : thunderbird
Product : Fedora 42
Version : 128.10.1
Release : 1.fc42
URL : http://www.mozilla.org/projects/thunderbird/
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
--------------------------------------------------------------------------------
Update Information:
Update to 128.10.1
https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/
https://www.thunderbird.net/en-US/thunderbird/128.10.1esr/releasenotes/
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 19 2025 Eike Rathke [erack@redhat.com] - 128.10.1-1
- Update to 128.10.1
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1dc1cd5a87' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: openssh-9.9p1-11.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ad76584c00
2025-05-21 02:16:05.620453+00:00
--------------------------------------------------------------------------------
Name : openssh
Product : Fedora 42
Version : 9.9p1
Release : 11.fc42
URL : http://www.openssh.com/portable.html
Summary : An open source implementation of SSH protocol version 2
Description :
SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features.
This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2025-32728
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 19 2025 Zoltan Fridrich [zfridric@redhat.com] - 9.9p1-11
- CVE-2025-32728: Fix logic error in DisableForwarding option
Resolves: rhbz#2358778
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2358778 - CVE-2025-32728 openssh: OpenSSH SSHD Agent Forwarding and X11 Forwarding [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2358778
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ad76584c00' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: yelp-42.2-9.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e788608959
2025-05-21 02:16:05.620124+00:00
--------------------------------------------------------------------------------
Name : yelp
Product : Fedora 42
Version : 42.2
Release : 9.fc42
URL : https://wiki.gnome.org/Apps/Yelp
Summary : Help browser for the GNOME desktop
Description :
Yelp is the help browser for the GNOME desktop. It is designed
to help you browse all the documentation on your system in
one central tool, including traditional man pages, info pages and
documentation written in DocBook.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2025-3155 - arbitrary file-read.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 9 2025 Jan Grulich [jgrulich@redhat.com] - 2:42.2-9
- Fix CVE-2025-3155 - arbitrary file-read
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2357092 - CVE-2025-3155 yelp: Arbitrary file read [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2357092
[ 2 ] Bug #2366258 - yelp-42.2-9.fc42 breaks rendering
https://bugzilla.redhat.com/show_bug.cgi?id=2366258
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e788608959' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: yelp-xsl-42.1-7.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e788608959
2025-05-21 02:16:05.620124+00:00
--------------------------------------------------------------------------------
Name : yelp-xsl
Product : Fedora 42
Version : 42.1
Release : 7.fc42
URL : https://download.gnome.org/sources/yelp-xsl
Summary : XSL stylesheets for the yelp help browser
Description :
This package contains XSL stylesheets that are used by the yelp help browser.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2025-3155 - arbitrary file-read.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 15 2025 Jan Grulich [jgrulich@redhat.com] - 42.1-7
- Fix CVE-2025-3155 - arbitrary file-read
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2357092 - CVE-2025-3155 yelp: Arbitrary file read [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2357092
[ 2 ] Bug #2366258 - yelp-42.2-9.fc42 breaks rendering
https://bugzilla.redhat.com/show_bug.cgi?id=2366258
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e788608959' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: perl-Mojolicious-9.39-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c38fd06bec
2025-05-21 02:04:40.357842+00:00
--------------------------------------------------------------------------------
Name : perl-Mojolicious
Product : Fedora 41
Version : 9.39
Release : 1.fc41
URL : https://metacpan.org/release/Mojolicious
Summary : A next generation web framework for Perl
Description :
Back in the early days of the web there was this wonderful Perl library
called CGI, many people only learned Perl because of it. It was simple
enough to get started without knowing much about the language and powerful
enough to keep you going, learning by doing was much fun. While most of the
techniques used are outdated now, the idea behind it is not. Mojolicious is
a new attempt at implementing this idea using state of the art technology.
--------------------------------------------------------------------------------
Update Information:
Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded
string, or the application's class name, as a HMAC session secret by default.
Mojolicious 9.39 added EXPERIMENTAL support for encrypted session cookies. This
feature is much more secure than signed cookies and can be enabled by installing
CryptX and setting the encrypted attribute.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 24 2024 Emmanuel Seyman [emmanuel@seyman.fr] - 9.39-1
- Update to 9.39
* Sun Sep 1 2024 Emmanuel Seyman [emmanuel@seyman.fr] - 9.38-1
- Update to 9.38
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2364057 - CVE-2024-58134 perl-Mojolicious: Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2364057
[ 2 ] Bug #2364058 - CVE-2024-58134 perl-Mojolicious: Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2364058
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c38fd06bec' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
