Fedora Linux 42 (Beta) has been updated with security enhancements, including Augeas, MinGW-LibXSLT, and NodeJS-Nodemon:

Fedora 42 Update: augeas-1.14.2-0.4.20250324git4dffa3d.fc42
Fedora 42 Update: mingw-libxslt-1.1.43-1.fc42
Fedora 42 Update: nodejs-nodemon-3.1.9-4.fc42

[SECURITY] Fedora 42 Update: augeas-1.14.2-0.4.20250324git4dffa3d.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6b5c54bd05
2025-03-28 00:15:35.878868+00:00
--------------------------------------------------------------------------------

Name : augeas
Product : Fedora 42
Version : 1.14.2
Release : 0.4.20250324git4dffa3d.fc42
URL : https://github.com/rwmjones/augeas
Summary : A library for changing configuration files
Description :
A library for programmatically editing configuration files. Augeas parses
configuration files into a tree structure, which it exposes through its
public API. Changes made through the API are written back to the initially
read files.

The transformation works very hard to preserve comments and formatting
details. It is controlled by ``lens'' definitions that describe the file
format and the transformation into a tree.

--------------------------------------------------------------------------------
Update Information:

CVE-2025-2588
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 24 2025 Alexander Bokovoy [abokovoy@redhat.com] - 1.14.2-0.4
- rhbz#235444: CVE-2025-2588
* Mon Feb 24 2025 Richard W.M. Jones [rjones@redhat.com] - 1.14.2-0.3
- Move to fork of Augeas which contains a small number of PRs:
- lenses/tmpfiles.aug: Permit '$' character in /usr/lib/tmpfiles.d/*.conf
- lenses/multipath.aug: Support all possible values for find_multipaths
- lenses/systemd.aug: Allow "+"(fullprivileges) command flag
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2354446 - CVE-2025-2588 augeas: Hercules Augeas fa.c re_case_expand null pointer dereference [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2354446
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6b5c54bd05' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: mingw-libxslt-1.1.43-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8603e39722
2025-03-28 00:15:35.878845+00:00
--------------------------------------------------------------------------------

Name : mingw-libxslt
Product : Fedora 42
Version : 1.1.43
Release : 1.fc42
URL : https://gitlab.gnome.org/GNOME/libxslt
Summary : MinGW Windows Library providing the Gnome XSLT engine
Description :
This C library allows to transform XML files into other XML files
(or HTML, text, ...) using the standard XSLT stylesheet transformation
mechanism. To use it you need to have a version of libxml2 >= 2.6.27
installed. The xsltproc command is a command line interface to the XSLT engine

--------------------------------------------------------------------------------
Update Information:

Update to 1.1.43, fixes CVE-2024-55549 and CVE-2025-24855.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 17 2025 Sandro Mani [manisandro@gmail.com] - 1.1.43-1
- Update to 1.1.43
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2352508 - CVE-2025-24855 mingw-libxslt: Use-After-Free in libxslt numbers.c [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2352508
[ 2 ] Bug #2352511 - CVE-2025-24855 mingw-libxslt: Use-After-Free in libxslt numbers.c [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2352511
[ 3 ] Bug #2352518 - CVE-2024-55549 mingw-libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList) [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2352518
[ 4 ] Bug #2352521 - CVE-2024-55549 mingw-libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList) [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2352521
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8603e39722' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: nodejs-nodemon-3.1.9-4.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7d7b644265
2025-03-28 00:15:35.878455+00:00
--------------------------------------------------------------------------------

Name : nodejs-nodemon
Product : Fedora 42
Version : 3.1.9
Release : 4.fc42
URL : https://github.com/remy/nodemon
Summary : Simple monitor script for use during development of a node.js app
Description :
Simple monitor script for use during development of a node.js app.

For use during development of a node.js based application.

nodemon will watch the files in the directory in which nodemon
was started, and if any files change, nodemon will automatically
restart your node application.

nodemon does not require any changes to your code or method of
development. nodemon simply wraps your node application and keeps
an eye on any files that have changed. Remember that nodemon is a
replacement wrapper for node, think of it as replacing the word "node"
on the command line when you run your script.

--------------------------------------------------------------------------------
Update Information:

Added patch for CVE-2024-4068 (rhbz#2280624)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 18 2025 Tomas Juhasz [tjuhasz@redhat.com] - 3.1.9-4
- Added patch for CVE-2024-4068
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2280624 - CVE-2024-4068 nodejs-nodemon: braces: fails to limit the number of characters it can handle [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280624
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7d7b644265' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--