Fedora 41 Update: valkey-8.0.3-3.fc41
Fedora 41 Update: python3.9-3.9.23-1.fc41
Fedora 41 Update: python3.10-3.10.18-1.fc41
Fedora 41 Update: gh-2.74.0-1.fc41
Fedora 41 Update: mingw-icu-74.2-4.fc41
Fedora 41 Update: yarnpkg-1.22.22-8.fc41
Fedora 42 Update: chromium-137.0.7151.103-1.fc42
Fedora 42 Update: thunderbird-128.11.1-1.fc42
Fedora 42 Update: python3.9-3.9.23-1.fc42
Fedora 42 Update: python3.10-3.10.18-1.fc42
Fedora 42 Update: gh-2.74.0-1.fc42
Fedora 42 Update: mingw-icu-76.1-3.fc42
Fedora 42 Update: yarnpkg-1.22.22-8.fc42
[SECURITY] Fedora 41 Update: valkey-8.0.3-3.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a89cb837a1
2025-06-13 01:33:33.927765+00:00
--------------------------------------------------------------------------------
Name : valkey
Product : Fedora 41
Version : 8.0.3
Release : 3.fc41
URL : https://valkey.io
Summary : A persistent key-value database
Description :
Valkey is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.
You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.
In order to achieve its outstanding performance, Valkey works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.
Valkey also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.
Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Valkey behave like
a cache.
You can use Valkey from most programming languages also.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2025-49112
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 6 2025 Jonathan Wright [jonathan@almalinux.org] - 8.0.3-3
- Apply patch for CVE-2025-49112 properly
* Fri Jun 6 2025 Jonathan Wright [jonathan@almalinux.org] - 8.0.3-2
- Fixes CVE-2025-49112
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2369766 - CVE-2025-49112 valkey: Valkey Integer Underflow Vulnerability [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2369766
[ 2 ] Bug #2369767 - CVE-2025-49112 valkey: Valkey Integer Underflow Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2369767
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a89cb837a1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: python3.9-3.9.23-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-cebde6a6e3
2025-06-13 01:33:33.927741+00:00
--------------------------------------------------------------------------------
Name : python3.9
Product : Fedora 41
Version : 3.9.23
Release : 1.fc41
URL : https://www.python.org/
Summary : Version 3.9 of the Python interpreter
Description :
Python 3.9 package for developers.
This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.9, see other distributions
that support it, such as CentOS or RHEL or older Fedora releases.
--------------------------------------------------------------------------------
Update Information:
Update to 3.9.23.
gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330] [CVE 2025-4435] [CVE
2025-4517] Fixes multiple issues that allowed tarfile extraction filters
(filter="data" and filter="tar") to be bypassed using crafted symlinks and hard
links.
gh-133767: Fix use-after-free in the ???unicode-escape??? decoder with a
non-???strict??? error handler.
gh-128840: Short-circuit the processing of long IPv6 addresses early in
ipaddress to prevent excessive memory consumption and a minor denial-of-service.
gh-80222: Folding of quoted string in display_name violates RFC.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 4 2025 Tom???? Hrn??iar [thrnciar@redhat.com] - 3.9.23-1
- Update to 3.9.23
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-cebde6a6e3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: python3.10-3.10.18-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-76b69d1931
2025-06-13 01:33:33.927724+00:00
--------------------------------------------------------------------------------
Name : python3.10
Product : Fedora 41
Version : 3.10.18
Release : 1.fc41
URL : https://www.python.org/
Summary : Version 3.10 of the Python interpreter
Description :
Python 3.10 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.10 package provides the "python3.10" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.10-libs package,
which should be installed automatically along with python3.10.
The remaining parts of the Python standard library are broken out into the
python3.10-tkinter and python3.10-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.10-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.10-" prefix.
--------------------------------------------------------------------------------
Update Information:
Update to 3.10.18.
Security content in this release
gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330] [CVE 2025-4435] [CVE
2025-4517] Fixes multiple issues that allowed tarfile extraction filters
(filter="data" and filter="tar") to be bypassed using crafted symlinks and hard
links.
gh-133767: Fix use-after-free in the ???unicode-escape??? decoder with a
non-???strict??? error handler.
gh-128840: Short-circuit the processing of long IPv6 addresses early in
ipaddress to prevent excessive memory consumption and a minor denial-of-service.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 4 2025 Tom???? Hrn??iar [thrnciar@redhat.com] - 3.10.18-1
- Update to 3.10.18
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-76b69d1931' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: gh-2.74.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-164ac0d01f
2025-06-13 01:33:33.927695+00:00
--------------------------------------------------------------------------------
Name : gh
Product : Fedora 41
Version : 2.74.0
Release : 1.fc41
URL : https://github.com/cli/cli
Summary : GitHub's official command line tool
Description :
A command-line interface to GitHub for use in your terminal or your scripts.
gh is a tool designed to enhance your workflow when working with GitHub. It
provides a seamless way to interact with GitHub repositories and perform various
actions right from the command line, eliminating the need to switch between your
terminal and the GitHub website.
--------------------------------------------------------------------------------
Update Information:
Update to 2.74.0 - Fixes CVE-2025-48938
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 4 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 2.74.0-1
- Update to 2.74.0 - Fixes CVE-2025-48938
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2369482 - CVE-2025-48938 gh: GitHub CLI may execute arbitrary commands from compromised GitHub Enterprise Server [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2369482
[ 2 ] Bug #2369484 - CVE-2025-48938 gh: GitHub CLI may execute arbitrary commands from compromised GitHub Enterprise Server [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2369484
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-164ac0d01f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: mingw-icu-74.2-4.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-49ae47f4ef
2025-06-13 01:33:33.927674+00:00
--------------------------------------------------------------------------------
Name : mingw-icu
Product : Fedora 41
Version : 74.2
Release : 4.fc41
URL : http://icu-project.org
Summary : MinGW compilation of International Components for Unicode Tools
Description :
ICU is a set of C and C++ libraries that provides robust and
full-featured Unicode and locale support. The library provides calendar
support, conversions for many character sets, language sensitive
collation, date and time formatting, support for many locales, message
catalogs and resources, message formatting, normalization, number and
currency formatting, time zone support, transliteration, and word,
line, and sentence breaking, etc.
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2025-5222.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 4 2025 Sandro Mani [manisandro@gmail.com] - 74.2-4
- Backport patch for CVE-2025-5222
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2368602 - CVE-2025-5222 mingw-icu: Stack buffer overflow in the SRBRoot::addTag function [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2368602
[ 2 ] Bug #2368604 - CVE-2025-5222 mingw-icu: Stack buffer overflow in the SRBRoot::addTag function [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2368604
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-49ae47f4ef' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: yarnpkg-1.22.22-8.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ad2565414f
2025-06-13 01:33:33.927658+00:00
--------------------------------------------------------------------------------
Name : yarnpkg
Product : Fedora 41
Version : 1.22.22
Release : 8.fc41
URL : https://github.com/yarnpkg/yarn
Summary : Fast, reliable, and secure dependency management.
Description :
Fast, reliable, and secure dependency management.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2025-48387.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 4 2025 Sandro Mani [manisandro@gmail.com] - 1.22.22-8
- Refresh bundle tarball for CVE-2025-48387
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2369950 - CVE-2025-48387 yarnpkg: tar-fs has issue where extract can write outside the specified dir with a specific tarball [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2369950
[ 2 ] Bug #2369951 - CVE-2025-48387 yarnpkg: tar-fs has issue where extract can write outside the specified dir with a specific tarball [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2369951
[ 3 ] Bug #2369953 - CVE-2025-48387 yarnpkg: tar-fs has issue where extract can write outside the specified dir with a specific tarball [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2369953
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ad2565414f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: chromium-137.0.7151.103-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-41bc291ca0
2025-06-13 01:02:12.682948+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 42
Version : 137.0.7151.103
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 137.0.7151.103
CVE-2025-5958: Use after free in Media
CVE-2025-5959: Type Confusion in V8
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 11 2025 Than Ngo [than@redhat.com] - 137.0.7151.103-1
- Update to 137.0.7151.103
* CVE-2025-5958: Use after free in Media
* CVE-2025-5959: Type Confusion in V8
- Provide correct version for bundle librarires
- Fix rhbz#2368923, Chromium crash
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2368923 - Chromium crashes with "SIGILL" when using the "ENTITIES HTML MathML Set" doctype in an XSLT stylesheet
https://bugzilla.redhat.com/show_bug.cgi?id=2368923
[ 2 ] Bug #2371648 - CVE-2025-5958 chromium: Chrome Media Use-After-Free Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2371648
[ 3 ] Bug #2371653 - CVE-2025-5959 chromium: Chrome Type Confusion Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2371653
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-41bc291ca0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: thunderbird-128.11.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1ac9269cc4
2025-06-13 01:02:12.682942+00:00
--------------------------------------------------------------------------------
Name : thunderbird
Product : Fedora 42
Version : 128.11.1
Release : 1.fc42
URL : http://www.mozilla.org/projects/thunderbird/
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
--------------------------------------------------------------------------------
Update Information:
Update to 128.11.1
https://www.mozilla.org/en-US/security/advisories/mfsa2025-49/
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 11 2025 Eike Rathke [erack@redhat.com] - 128.11.1-1
- Update to 128.11.1
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1ac9269cc4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: python3.9-3.9.23-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6efe030226
2025-06-13 01:02:12.682908+00:00
--------------------------------------------------------------------------------
Name : python3.9
Product : Fedora 42
Version : 3.9.23
Release : 1.fc42
URL : https://www.python.org/
Summary : Version 3.9 of the Python interpreter
Description :
Python 3.9 package for developers.
This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.9, see other distributions
that support it, such as CentOS or RHEL or older Fedora releases.
--------------------------------------------------------------------------------
Update Information:
Update to 3.9.23.
gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330] [CVE 2025-4435] [CVE
2025-4517] Fixes multiple issues that allowed tarfile extraction filters
(filter="data" and filter="tar") to be bypassed using crafted symlinks and hard
links.
gh-133767: Fix use-after-free in the ???unicode-escape??? decoder with a
non-???strict??? error handler.
gh-128840: Short-circuit the processing of long IPv6 addresses early in
ipaddress to prevent excessive memory consumption and a minor denial-of-service.
gh-80222: Folding of quoted string in display_name violates RFC.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 4 2025 Tom???? Hrn??iar [thrnciar@redhat.com] - 3.9.23-1
- Update to 3.9.23
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6efe030226' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: python3.10-3.10.18-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f41fafb942
2025-06-13 01:02:12.682878+00:00
--------------------------------------------------------------------------------
Name : python3.10
Product : Fedora 42
Version : 3.10.18
Release : 1.fc42
URL : https://www.python.org/
Summary : Version 3.10 of the Python interpreter
Description :
Python 3.10 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.10 package provides the "python3.10" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.10-libs package,
which should be installed automatically along with python3.10.
The remaining parts of the Python standard library are broken out into the
python3.10-tkinter and python3.10-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.10-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.10-" prefix.
--------------------------------------------------------------------------------
Update Information:
Update to 3.10.18.
Security content in this release
gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330] [CVE 2025-4435] [CVE
2025-4517] Fixes multiple issues that allowed tarfile extraction filters
(filter="data" and filter="tar") to be bypassed using crafted symlinks and hard
links.
gh-133767: Fix use-after-free in the ???unicode-escape??? decoder with a
non-???strict??? error handler.
gh-128840: Short-circuit the processing of long IPv6 addresses early in
ipaddress to prevent excessive memory consumption and a minor denial-of-service.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 4 2025 Tom???? Hrn??iar [thrnciar@redhat.com] - 3.10.18-1
- Update to 3.10.18
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f41fafb942' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: gh-2.74.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-82ac5e4065
2025-06-13 01:02:12.682837+00:00
--------------------------------------------------------------------------------
Name : gh
Product : Fedora 42
Version : 2.74.0
Release : 1.fc42
URL : https://github.com/cli/cli
Summary : GitHub's official command line tool
Description :
A command-line interface to GitHub for use in your terminal or your scripts.
gh is a tool designed to enhance your workflow when working with GitHub. It
provides a seamless way to interact with GitHub repositories and perform various
actions right from the command line, eliminating the need to switch between your
terminal and the GitHub website.
--------------------------------------------------------------------------------
Update Information:
Update to 2.74.0 - Fixes CVE-2025-48938
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 4 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 2.74.0-1
- Update to 2.74.0 - Fixes CVE-2025-48938
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2369482 - CVE-2025-48938 gh: GitHub CLI may execute arbitrary commands from compromised GitHub Enterprise Server [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2369482
[ 2 ] Bug #2369484 - CVE-2025-48938 gh: GitHub CLI may execute arbitrary commands from compromised GitHub Enterprise Server [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2369484
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-82ac5e4065' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: mingw-icu-76.1-3.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-879f3d7695
2025-06-13 01:02:12.682816+00:00
--------------------------------------------------------------------------------
Name : mingw-icu
Product : Fedora 42
Version : 76.1
Release : 3.fc42
URL : http://icu-project.org
Summary : MinGW compilation of International Components for Unicode Tools
Description :
ICU is a set of C and C++ libraries that provides robust and
full-featured Unicode and locale support. The library provides calendar
support, conversions for many character sets, language sensitive
collation, date and time formatting, support for many locales, message
catalogs and resources, message formatting, normalization, number and
currency formatting, time zone support, transliteration, and word,
line, and sentence breaking, etc.
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2025-5222.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 4 2025 Sandro Mani [manisandro@gmail.com] - 76.1-3
- Backport patch for CVE-2025-5222
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2368602 - CVE-2025-5222 mingw-icu: Stack buffer overflow in the SRBRoot::addTag function [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2368602
[ 2 ] Bug #2368604 - CVE-2025-5222 mingw-icu: Stack buffer overflow in the SRBRoot::addTag function [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2368604
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-879f3d7695' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: yarnpkg-1.22.22-8.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-732290e75c
2025-06-13 01:02:12.682800+00:00
--------------------------------------------------------------------------------
Name : yarnpkg
Product : Fedora 42
Version : 1.22.22
Release : 8.fc42
URL : https://github.com/yarnpkg/yarn
Summary : Fast, reliable, and secure dependency management.
Description :
Fast, reliable, and secure dependency management.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2025-48387.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 4 2025 Sandro Mani [manisandro@gmail.com] - 1.22.22-8
- Refresh bundle tarball for CVE-2025-48387
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2369950 - CVE-2025-48387 yarnpkg: tar-fs has issue where extract can write outside the specified dir with a specific tarball [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2369950
[ 2 ] Bug #2369951 - CVE-2025-48387 yarnpkg: tar-fs has issue where extract can write outside the specified dir with a specific tarball [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2369951
[ 3 ] Bug #2369953 - CVE-2025-48387 yarnpkg: tar-fs has issue where extract can write outside the specified dir with a specific tarball [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2369953
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-732290e75c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
