package-announce December 2025

package-announce@lists.fedoraproject.org

1 participants
3512 discussions

[SECURITY] Fedora 42 Update: golang-github-projectdiscovery-mapcidr-1.1.97-1.fc42
by updates＠fedoraproject.org 30 Dec '25

30 Dec '25

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-73b0006102 2025-12-31 01:09:31.157727+00:00 -------------------------------------------------------------------------------- Name : golang-github-projectdiscovery-mapcidr Product : Fedora 42 Version : 1.1.97 Release : 1.fc42 URL : https://github.com/projectdiscovery/mapcidr Summary : Utility for operations on subnet/CIDR ranges Description : Utility program to perform multiple operations for a given subnet/CIDR ranges. -------------------------------------------------------------------------------- Update Information: Update to 1.1.97 -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 29 2025 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 1.1.97-1 - Update to 1.1.97 - Closes rhbz#2397790 * Fri Oct 10 2025 Alejandro Sáez <asm(a)redhat.com> - 1.1.94-4 - rebuild * Fri Aug 15 2025 Maxwell G <maxwell(a)gtmx.me> - 1.1.94-3 - Rebuild for golang-1.25.0 * Thu Jul 24 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.94-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2391661 - CVE-2025-58058 golang-github-projectdiscovery-mapcidr: github.com/ulikunitz/xz leaks memory [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2391661 [ 2 ] Bug #2398775 - CVE-2025-47910 golang-github-projectdiscovery-mapcidr: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398775 [ 3 ] Bug #2399446 - CVE-2025-47906 golang-github-projectdiscovery-mapcidr: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399446 [ 4 ] Bug #2403155 - CVE-2025-11579 golang-github-projectdiscovery-mapcidr: RarDecode Out Of Memory Crash [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2403155 [ 5 ] Bug #2407976 - CVE-2025-58189 golang-github-projectdiscovery-mapcidr: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2407976 [ 6 ] Bug #2409446 - CVE-2025-61723 golang-github-projectdiscovery-mapcidr: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409446 [ 7 ] Bug #2410397 - CVE-2025-58185 golang-github-projectdiscovery-mapcidr: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2410397 [ 8 ] Bug #2411297 - CVE-2025-58188 golang-github-projectdiscovery-mapcidr: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2411297 [ 9 ] Bug #2412780 - CVE-2025-58183 golang-github-projectdiscovery-mapcidr: Unbounded allocation when parsing GNU sparse map [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2412780 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-73b0006102' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 0

Fedora 42 Update: passt-0^20251223.g2ba9fd5-1.fc42
by updates＠fedoraproject.org 30 Dec '25

30 Dec '25

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-4ef71b2b4c 2025-12-31 01:09:31.157722+00:00 -------------------------------------------------------------------------------- Name : passt Product : Fedora 42 Version : 0^20251223.g2ba9fd5 Release : 1.fc42 URL : https://passt.top/ Summary : User-mode networking daemons for virtual machines and namespaces Description : passt implements a translation layer between a Layer-2 network interface and native Layer-4 sockets (TCP, UDP, ICMP/ICMPv6 echo) on a host. It doesn't require any capabilities or privileges, and it can be used as a simple replacement for Slirp. pasta (same binary as passt, different command) offers equivalent functionality, for network namespaces: traffic is forwarded using a tap interface inside the namespace, without the need to create further interfaces on the host, hence not requiring any capabilities or privileges. -------------------------------------------------------------------------------- Update Information: Keep pasta running if IPv6 support is disabled in kernel, https://bugzilla.redhat.com/show_bug.cgi?id=2424192 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2025 Stefano Brivio <sbrivio(a)redhat.com> - 0^20251223.g2ba9fd5-1 - Upstream changes: https://passt.top/passt/log/?qt=range&q=2025_12_15.b40f5cd..2025_12_23.2ba9… -------------------------------------------------------------------------------- References: [ 1 ] Bug #2424192 - Latest update of passt breaks rootless network when ipv6 is disabled https://bugzilla.redhat.com/show_bug.cgi?id=2424192 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-4ef71b2b4c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 0

[SECURITY] Fedora 42 Update: kustomize-5.8.0-1.fc42
by updates＠fedoraproject.org 30 Dec '25

30 Dec '25

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-a887e86abc 2025-12-31 01:09:31.157724+00:00 -------------------------------------------------------------------------------- Name : kustomize Product : Fedora 42 Version : 5.8.0 Release : 1.fc42 URL : https://github.com/kubernetes-sigs/kustomize Summary : Customization of kubernetes YAML configurations Description : Customization of kubernetes YAML configurations. -------------------------------------------------------------------------------- Update Information: Update to 5.8.0 -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 29 2025 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 5.8.0-1 - Update to 5.8.0 - Closes rhbz#2413654 * Fri Oct 10 2025 Maxwell G <maxwell(a)gtmx.me> - 5.7.1-3 - Rebuild for golang 1.25.2 * Fri Aug 15 2025 Maxwell G <maxwell(a)gtmx.me> - 5.7.1-2 - Rebuild for golang-1.25.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2390876 - kustomize: go-viper's mapstructure May Leak Sensitive Information in Logs [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2390876 [ 2 ] Bug #2398851 - CVE-2025-47910 kustomize: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398851 [ 3 ] Bug #2399525 - CVE-2025-47906 kustomize: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399525 [ 4 ] Bug #2399724 - CVE-2025-11065 kustomize: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399724 [ 5 ] Bug #2408061 - CVE-2025-58189 kustomize: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408061 [ 6 ] Bug #2408675 - CVE-2025-61725 kustomize: Excessive CPU consumption in ParseAddress in net/mail [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408675 [ 7 ] Bug #2409530 - CVE-2025-61723 kustomize: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409530 [ 8 ] Bug #2410481 - CVE-2025-58185 kustomize: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2410481 [ 9 ] Bug #2411379 - CVE-2025-58188 kustomize: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2411379 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-a887e86abc' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 0

Fedora 42 Update: fcitx5-table-extra-5.1.10-1.fc42
by updates＠fedoraproject.org 30 Dec '25

30 Dec '25

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-791f275187 2025-12-31 01:09:31.157716+00:00 -------------------------------------------------------------------------------- Name : fcitx5-table-extra Product : Fedora 42 Version : 5.1.10 Release : 1.fc42 URL : https://github.com/fcitx/fcitx5-table-extra Summary : Extra tables for Fcitx5 Description : Extra tables for Fcitx5. fcitx5-table-extra provides extra table for Fcitx5, including Boshiamy, Zhengma, Cangjie, and Quick. -------------------------------------------------------------------------------- Update Information: fcitx5-5.1.17 update -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 22 2025 Qiyu Yan <yanqiyu(a)fedoraproject.org> - 5.1.10-1 - update to upstream release 5.1.10 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-791f275187' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 0

Fedora 42 Update: fcitx5-unikey-5.1.9-1.fc42
by updates＠fedoraproject.org 30 Dec '25

30 Dec '25

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-791f275187 2025-12-31 01:09:31.157716+00:00 -------------------------------------------------------------------------------- Name : fcitx5-unikey Product : Fedora 42 Version : 5.1.9 Release : 1.fc42 URL : https://github.com/fcitx/fcitx5-unikey Summary : Unikey support for Fcitx5 Description : Unikey (Vietnamese Input Method) engine support for Fcitx5. -------------------------------------------------------------------------------- Update Information: fcitx5-5.1.17 update -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 22 2025 Qiyu Yan <yanqiyu(a)fedoraproject.org> - 5.1.9-1 - update to upstream release 5.1.9 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-791f275187' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 0

Fedora 42 Update: xdg-user-dirs-gtk-0.16-1.fc42
by updates＠fedoraproject.org 30 Dec '25

30 Dec '25

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-29015cd7b2 2025-12-31 01:09:31.157719+00:00 -------------------------------------------------------------------------------- Name : xdg-user-dirs-gtk Product : Fedora 42 Version : 0.16 Release : 1.fc42 URL : https://gitlab.gnome.org/GNOME/xdg-user-dirs-gtk Summary : Gnome integration of special directories Description : Contains some integration of xdg-user-dirs with the gnome desktop, including creating default bookmarks and detecting locale changes. -------------------------------------------------------------------------------- Update Information: Update to 0.16 Include systemd units -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 16 2025 David King <amigadave(a)amigadave.com> - 0.16-1 - Update to 0.16 (#2422022) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2422022 - The xdg-user-dirs-gtk package is outdated, contains no systemd service https://bugzilla.redhat.com/show_bug.cgi?id=2422022 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-29015cd7b2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 0

Fedora 42 Update: fcitx5-zhuyin-5.1.6-2.fc42
by updates＠fedoraproject.org 30 Dec '25

30 Dec '25

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-791f275187 2025-12-31 01:09:31.157716+00:00 -------------------------------------------------------------------------------- Name : fcitx5-zhuyin Product : Fedora 42 Version : 5.1.6 Release : 2.fc42 URL : https://github.com/fcitx/fcitx5-zhuyin Summary : Libzhuyin Wrapper for Fcitx Description : Libzhuyin Wrapper for Fcitx. -------------------------------------------------------------------------------- Update Information: fcitx5-5.1.17 update -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 22 2025 Qiyu Yan <yanqiyu(a)fedoraproject.org> - 5.1.6-2 - update tarball * Mon Dec 22 2025 Qiyu Yan <yanqiyu(a)fedoraproject.org> - 5.1.6-1 - update to upstream release 5.1.6 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-791f275187' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 0

Fedora 42 Update: fcitx5-skk-5.1.9-1.fc42
by updates＠fedoraproject.org 30 Dec '25

30 Dec '25

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-791f275187 2025-12-31 01:09:31.157716+00:00 -------------------------------------------------------------------------------- Name : fcitx5-skk Product : Fedora 42 Version : 5.1.9 Release : 1.fc42 URL : https://github.com/fcitx/fcitx5-skk Summary : Japanese SKK (Simple Kana Kanji) Engine for Fcitx5 Description : Fcitx5-skk is an SKK (Simple Kana Kanji) engine for Fcitx. It provides Japanese input method using libskk. -------------------------------------------------------------------------------- Update Information: fcitx5-5.1.17 update -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 22 2025 Qiyu Yan <yanqiyu(a)fedoraproject.org> - 5.1.9-1 - update to upstream release 5.1.9 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-791f275187' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 0

Fedora 42 Update: libime-1.1.13-1.fc42
by updates＠fedoraproject.org 30 Dec '25

30 Dec '25

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-791f275187 2025-12-31 01:09:31.157716+00:00 -------------------------------------------------------------------------------- Name : libime Product : Fedora 42 Version : 1.1.13 Release : 1.fc42 URL : https://github.com/fcitx/libime Summary : This is a library to support generic input method implementation Description : This is a library to support generic input method implementation. -------------------------------------------------------------------------------- Update Information: fcitx5-5.1.17 update -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 22 2025 Qiyu Yan <yanqiyu(a)fedoraproject.org> - 1.1.13-1 - update to upstream release 1.1.13 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-791f275187' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 0

Fedora 42 Update: fcitx5-anthy-5.1.9-1.fc42
by updates＠fedoraproject.org 30 Dec '25

30 Dec '25

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-791f275187 2025-12-31 01:09:31.157716+00:00 -------------------------------------------------------------------------------- Name : fcitx5-anthy Product : Fedora 42 Version : 5.1.9 Release : 1.fc42 URL : https://github.com/fcitx/fcitx5-anthy Summary : Anthy Wrapper for Fcitx5 Description : Anthy Wrapper for Fcitx5 Ported from scim-anthy. Released under GPL2+. -------------------------------------------------------------------------------- Update Information: fcitx5-5.1.17 update -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 22 2025 Qiyu Yan <yanqiyu(a)fedoraproject.org> - 5.1.9-1 - update to upstream release 5.1.9 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-791f275187' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 0

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

package-announce December 2025