Fedora Linux has released several security updates to ensure the operating system's stability and protection. These updates include webkitgtk for Fedora 42, gh for Fedora 43, direwolf for both Fedora 42 and 43, and usd for Fedora 43. The releases aim to address potential security vulnerabilities and keep users' systems secure.

Fedora 42 Update: webkitgtk-2.50.4-1.fc42
Fedora 43 Update: gh-2.83.2-1.fc43
Fedora 43 Update: direwolf-1.8.1-1.fc43
Fedora 43 Update: usd-25.08-13.fc43
Fedora 42 Update: direwolf-1.8.1-1.fc42

[SECURITY] Fedora 42 Update: webkitgtk-2.50.4-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-3e5ba4315a
2026-01-02 00:56:13.362469+00:00
--------------------------------------------------------------------------------

Name : webkitgtk
Product : Fedora 42
Version : 2.50.4
Release : 1.fc42
URL : https://www.webkitgtk.org/
Summary : GTK web content engine library
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform.

--------------------------------------------------------------------------------
Update Information:

Correctly handle the program name passed to the sleep disabler.
Ensure GStreamer is initialized before using the Quirks.
Fix several crashes and rendering issues.
Fix CVE-2025-14174, CVE-2025-43501, CVE-2025-43529, CVE-2025-43531,
CVE-2025-43535, CVE-2025-43536, CVE-2025-43541
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 16 2025 Tomas Popela [tpopela@redhat.com] - 2.50.4-1
- Update to 2.50.4
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2423171 - CVE-2025-43529 webkitgtk: webkitgtk: Use-after-free due to improper memory management [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2423171
[ 2 ] Bug #2423291 - CVE-2025-43501 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2423291
[ 3 ] Bug #2423295 - CVE-2025-43531 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2423295
[ 4 ] Bug #2423301 - CVE-2025-43535 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2423301
[ 5 ] Bug #2423305 - CVE-2025-43536 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2423305
[ 6 ] Bug #2423309 - CVE-2025-43541 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2423309
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-3e5ba4315a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: gh-2.83.2-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c6b2100f44
2026-01-02 00:38:59.597977+00:00
--------------------------------------------------------------------------------

Name : gh
Product : Fedora 43
Version : 2.83.2
Release : 1.fc43
URL : https://github.com/cli/cli
Summary : GitHub's official command line tool
Description :
A command-line interface to GitHub for use in your terminal or your scripts.

gh is a tool designed to enhance your workflow when working with GitHub. It
provides a seamless way to interact with GitHub repositories and perform various
actions right from the command line, eliminating the need to switch between your
terminal and the GitHub website.

--------------------------------------------------------------------------------
Update Information:

Update to 2.83.2
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 10 2025 Packit [hello@packit.dev] - 2.83.2-1
- Update to 2.83.2 upstream release
- Resolves: rhbz#2414900
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2409639 - CVE-2025-61723 gh: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2409639
[ 2 ] Bug #2410590 - CVE-2025-58185 gh: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2410590
[ 3 ] Bug #2411488 - CVE-2025-58188 gh: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2411488
[ 4 ] Bug #2412688 - CVE-2025-58183 gh: Unbounded allocation when parsing GNU sparse map [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2412688
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c6b2100f44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: direwolf-1.8.1-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-793e1e1341
2026-01-02 00:38:59.597969+00:00
--------------------------------------------------------------------------------

Name : direwolf
Product : Fedora 43
Version : 1.8.1
Release : 1.fc43
URL : https://github.com/wb2osz/direwolf/
Summary : Sound Card-based AX.25 TNC
Description :
Dire Wolf is a modern software replacement for the old 1980's style
TNC built with special hardware. Without any additional software, it
can perform as an APRS GPS Tracker, Digipeater, Internet Gateway
(IGate), APRStt gateway. It can also be used as a virtual TNC for
other applications such as APRSIS32, UI-View32, Xastir, APRS-TW, YAAC,
UISS, Linux AX25, SARTrack, Winlink Express, BPQ32, Outpost PM, and many
others.

--------------------------------------------------------------------------------
Update Information:

https://github.com/wb2osz/direwolf/releases/tag/1.8.1
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 24 2025 Richard Shaw [hobbes1069@gmail.com] - 1.8.1-1
- Update to 1.8.1.
- Build with libgpiod.
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2401397 - direwolf-1.8.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2401397
[ 2 ] Bug #2424537 - CVE-2025-34458 direwolf: wb2osz/direwolf