Fedora 42 Update: webkitgtk-2.48.2-1.fc42
Fedora 42 Update: xen-4.19.2-4.fc42
Fedora 42 Update: syslog-ng-4.8.2-1.fc42
Fedora 41 Update: syslog-ng-4.8.2-1.fc41
[SECURITY] Fedora 42 Update: webkitgtk-2.48.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-40aeebe6d2
2025-05-17 02:01:28.575448+00:00
--------------------------------------------------------------------------------
Name : webkitgtk
Product : Fedora 42
Version : 2.48.2
Release : 1.fc42
URL : https://www.webkitgtk.org/
Summary : GTK web content engine library
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform.
--------------------------------------------------------------------------------
Update Information:
Enable CSS Overscroll Behavior by default.
Change threaded rendering implementation to use Skia API instead of WebCore
display list that is not thread safe.
Fix rendering when device scale factor change comes before the web view geometry
update.
Fix network process crash on exit.
Fix several crashes and rendering issues.
Fix CVE-2025-24223, CVE-2025-31204, CVE-2025-31205, CVE-2025-31206,
CVE-2025-31215, CVE-2025-31257
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 14 2025 Michael Catanzaro [mcatanzaro@redhat.com] - 2.48.2-1
- Update to 2.48.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2366612 - CVE-2025-24223 webkitgtk: Processing maliciously crafted web content may lead to memory corruption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2366612
[ 2 ] Bug #2366614 - CVE-2025-31204 webkitgtk: Processing maliciously crafted web content may lead to memory corruption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2366614
[ 3 ] Bug #2366616 - CVE-2025-31205 webkitgtk: A malicious website may exfiltrate data cross-origin [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2366616
[ 4 ] Bug #2366618 - CVE-2025-31206 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2366618
[ 5 ] Bug #2366620 - CVE-2025-31215 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2366620
[ 6 ] Bug #2366622 - CVE-2025-31257 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2366622
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-40aeebe6d2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: xen-4.19.2-4.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b3d59fca78
2025-05-17 02:01:28.575418+00:00
--------------------------------------------------------------------------------
Name : xen
Product : Fedora 42
Version : 4.19.2
Release : 4.fc42
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor
--------------------------------------------------------------------------------
Update Information:
x86: Indirect Target Selection [XSA-469, CVE-2024-28956]
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2025 Michael Young [m.a.young@durham.ac.uk] - 4.19.2-4
- x86: Indirect Target Selection [XSA-469, CVE-2024-28956]
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b3d59fca78' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: syslog-ng-4.8.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7f48333f3e
2025-05-17 02:01:28.575331+00:00
--------------------------------------------------------------------------------
Name : syslog-ng
Product : Fedora 42
Version : 4.8.2
Release : 1.fc42
URL : https://www.syslog-ng.com/products/open-source-log-management/
Summary : Next-generation syslog server
Description :
syslog-ng is an enhanced log daemon, supporting a wide range of input and
output methods: syslog, unstructured text, message queues, databases (SQL
and NoSQL alike) and more.
Key features:
* receive and send RFC3164 and RFC5424 style syslog messages
* work with any kind of unstructured data
* receive and send JSON formatted messages
* classify and structure logs with builtin parsers (csv-parser(),
db-parser(), ...)
* normalize, crunch and process logs as they flow through the system
* hand on messages for further processing using message queues (like
AMQP), files or databases (like PostgreSQL or MongoDB).
--------------------------------------------------------------------------------
Update Information:
update to 4.8.2 fixing CVE-2024-47619
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 8 2025 Peter Czanik [peter@czanik.hu] - 4.8.2-1
- update to 4.8.2, a bug fix release
- fixes an inproper certificate validation problem (CVE-2024-47619)
- fixes elasticsearch-http() and other drivers after a backwards
incompatible fix in format-json
- reliability and performance improvements in the S3 destination
* Tue Feb 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 4.8.1-3
- Rebuilt for abseil-cpp-20250127.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2364863 - CVE-2024-47619 syslog-ng: tranport: TLS host name wildcard matching too lax [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2364863
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7f48333f3e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: syslog-ng-4.8.2-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-0fc3d8b7bf
2025-05-17 01:43:23.319364+00:00
--------------------------------------------------------------------------------
Name : syslog-ng
Product : Fedora 41
Version : 4.8.2
Release : 1.fc41
URL : https://www.syslog-ng.com/products/open-source-log-management/
Summary : Next-generation syslog server
Description :
syslog-ng is an enhanced log daemon, supporting a wide range of input and
output methods: syslog, unstructured text, message queues, databases (SQL
and NoSQL alike) and more.
Key features:
* receive and send RFC3164 and RFC5424 style syslog messages
* work with any kind of unstructured data
* receive and send JSON formatted messages
* classify and structure logs with builtin parsers (csv-parser(),
db-parser(), ...)
* normalize, crunch and process logs as they flow through the system
* hand on messages for further processing using message queues (like
AMQP), files or databases (like PostgreSQL or MongoDB).
--------------------------------------------------------------------------------
Update Information:
update to 4.8.2 to fix CVE-2024-47619
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 8 2025 Peter Czanik [peter@czanik.hu] - 4.8.2-1
- update to 4.8.2, a bug fix release
- fixes an inproper certificate validation problem (CVE-2024-47619)
- fixes elasticsearch-http() and other drivers after a backwards
incompatible fix in format-json
- reliability and performance improvements in the S3 destination
* Tue Feb 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 4.8.1-3
- Rebuilt for abseil-cpp-20250127.0
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 4.8.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2364863 - CVE-2024-47619 syslog-ng: tranport: TLS host name wildcard matching too lax [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2364863
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-0fc3d8b7bf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
