Fedora 41 Update: crosswords-puzzle-sets-xword-dl-0.4.8-1.fc41
Fedora 41 Update: yarnpkg-1.22.22-7.fc41
Fedora 41 Update: upx-5.0.0-1.fc41
Fedora 41 Update: condor-23.9.6-3.fc41
Fedora 40 Update: upx-5.0.0-1.fc40
Fedora 40 Update: yarnpkg-1.22.22-7.fc40
Fedora 40 Update: condor-23.9.6-3.fc40
[SECURITY] Fedora 41 Update: crosswords-puzzle-sets-xword-dl-0.4.8-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-90f88da466
2025-04-06 01:20:10.028710+00:00
--------------------------------------------------------------------------------
Name : crosswords-puzzle-sets-xword-dl
Product : Fedora 41
Version : 0.4.8
Release : 1.fc41
URL : https://gitlab.gnome.org/jrb/puzzle-sets-xword-dl
Summary : Puzzle Sets from assorted newspapers for GNOME Crosswords
Description :
Download crossword puzzles for GNOME Crosswords from assorted newspapers using
xword-dl.
--------------------------------------------------------------------------------
Update Information:
Update to 0.4.8; Fixes: RHBZ#2237964, RHBZ#2282129
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 28 2025 Davide Cavalca [dcavalca@fedoraproject.org] - 0.4.8-1
- Update to 0.4.8; Fixes: RHBZ#2237964, RHBZ#2282129
* Thu Jan 16 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.4.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2237964 - crosswords-puzzle-sets-xword-dl-2023.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2237964
[ 2 ] Bug #2282129 - CVE-2024-35195 crosswords-puzzle-sets-xword-dl: requests: subsequent requests to the same host ignore cert verification [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2282129
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-90f88da466' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: yarnpkg-1.22.22-7.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8eb387668b
2025-04-06 01:20:10.028692+00:00
--------------------------------------------------------------------------------
Name : yarnpkg
Product : Fedora 41
Version : 1.22.22
Release : 7.fc41
URL : https://github.com/yarnpkg/yarn
Summary : Fast, reliable, and secure dependency management.
Description :
Fast, reliable, and secure dependency management.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2024-12905.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 28 2025 Sandro Mani [manisandro@gmail.com] - 1.22.22-7
- Fix CVE-2024-12905
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.22.22-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2355667 - CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2355667
[ 2 ] Bug #2355668 - CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2355668
[ 3 ] Bug #2355669 - CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2355669
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8eb387668b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: upx-5.0.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c91006eca6
2025-04-06 01:20:10.028704+00:00
--------------------------------------------------------------------------------
Name : upx
Product : Fedora 41
Version : 5.0.0
Release : 1.fc41
URL : https://github.com/upx/upx
Summary : Ultimate Packer for eXecutables
Description :
UPX is a free, portable, extendable, high-performance executable
packer for several different executable formats. It achieves an
excellent compression ratio and offers very fast decompression. Your
executables suffer no memory overhead or other drawbacks.
--------------------------------------------------------------------------------
Update Information:
5.0.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 20 2025 Gwyn Ciesla [gwync@protonmail.com] - 5.0.0-1
- 5.0.0
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 4.2.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Dec 18 2024 Gwyn Ciesla [gwync@protonmail.com] - 4.2.4-3
- Provide bundled lzma-sdk
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2355649 - CVE-2025-2849 upx: UPX p_lx_elf.cpp un_DT_INIT heap-based overflow [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2355649
[ 2 ] Bug #2355650 - CVE-2025-2849 upx: UPX p_lx_elf.cpp un_DT_INIT heap-based overflow [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2355650
[ 3 ] Bug #2355651 - CVE-2025-2849 upx: UPX p_lx_elf.cpp un_DT_INIT heap-based overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2355651
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c91006eca6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: condor-23.9.6-3.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-70af67b2fa
2025-04-06 01:20:10.028669+00:00
--------------------------------------------------------------------------------
Name : condor
Product : Fedora 41
Version : 23.9.6
Release : 3.fc41
URL : http://htcondor.org
Summary : HTCondor: High Throughput Computing
Description :
HTCondor is a workload management system for high-throughput and
high-performance jobs. Like other full-featured batch systems, HTCondor
provides a job queuing mechanism, scheduling policy, priority scheme,
resource monitoring, and resource management. Users submit their
serial or parallel jobs to HTCondor, HTCondor places them into a queue,
chooses when and where to run the jobs based upon a policy, carefully
monitors their progress, and ultimately informs the user upon
completion.
--------------------------------------------------------------------------------
Update Information:
Address CVE-2025-30093 - rhbz#2355671
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 28 2025 Tim Theisen [ttheisen@fedoraproject.org] - 23.9.6-3
- Address CVE-2025-30093 - rhbz#HTCONDOR-2025-0001
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2355671 - CVE-2025-30093 condor: authenticated attackers can potentially bypass authorization restrictions [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2355671
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-70af67b2fa' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: upx-5.0.0-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-3f77ed652b
2025-04-06 01:15:25.866233+00:00
--------------------------------------------------------------------------------
Name : upx
Product : Fedora 40
Version : 5.0.0
Release : 1.fc40
URL : https://github.com/upx/upx
Summary : Ultimate Packer for eXecutables
Description :
UPX is a free, portable, extendable, high-performance executable
packer for several different executable formats. It achieves an
excellent compression ratio and offers very fast decompression. Your
executables suffer no memory overhead or other drawbacks.
--------------------------------------------------------------------------------
Update Information:
5.0.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 20 2025 Gwyn Ciesla [gwync@protonmail.com] - 5.0.0-1
- 5.0.0
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 4.2.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Dec 18 2024 Gwyn Ciesla [gwync@protonmail.com] - 4.2.4-3
- Provide bundled lzma-sdk
* Sat Jul 20 2024 Fedora Release Engineering [releng@fedoraproject.org] - 4.2.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2355649 - CVE-2025-2849 upx: UPX p_lx_elf.cpp un_DT_INIT heap-based overflow [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2355649
[ 2 ] Bug #2355650 - CVE-2025-2849 upx: UPX p_lx_elf.cpp un_DT_INIT heap-based overflow [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2355650
[ 3 ] Bug #2355651 - CVE-2025-2849 upx: UPX p_lx_elf.cpp un_DT_INIT heap-based overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2355651
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-3f77ed652b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: yarnpkg-1.22.22-7.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f7671643c4
2025-04-06 01:15:25.866213+00:00
--------------------------------------------------------------------------------
Name : yarnpkg
Product : Fedora 40
Version : 1.22.22
Release : 7.fc40
URL : https://github.com/yarnpkg/yarn
Summary : Fast, reliable, and secure dependency management.
Description :
Fast, reliable, and secure dependency management.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2024-12905.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 28 2025 Sandro Mani [manisandro@gmail.com] - 1.22.22-7
- Fix CVE-2024-12905
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.22.22-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2355667 - CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2355667
[ 2 ] Bug #2355668 - CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2355668
[ 3 ] Bug #2355669 - CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2355669
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f7671643c4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: condor-23.9.6-3.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a4d8b30f59
2025-04-06 01:15:25.866197+00:00
--------------------------------------------------------------------------------
Name : condor
Product : Fedora 40
Version : 23.9.6
Release : 3.fc40
URL : http://htcondor.org
Summary : HTCondor: High Throughput Computing
Description :
HTCondor is a workload management system for high-throughput and
high-performance jobs. Like other full-featured batch systems, HTCondor
provides a job queuing mechanism, scheduling policy, priority scheme,
resource monitoring, and resource management. Users submit their
serial or parallel jobs to HTCondor, HTCondor places them into a queue,
chooses when and where to run the jobs based upon a policy, carefully
monitors their progress, and ultimately informs the user upon
completion.
--------------------------------------------------------------------------------
Update Information:
Address CVE-2025-30093 - rhbz#2355671
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 28 2025 Tim Theisen [ttheisen@fedoraproject.org] - 23.9.6-3
- Address CVE-2025-30093 - rhbz#HTCONDOR-2025-0001
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2355671 - CVE-2025-30093 condor: authenticated attackers can potentially bypass authorization restrictions [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2355671
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a4d8b30f59' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
