Fedora 42 Update: moodle-4.5.4-1.fc42
Fedora 42 Update: openiked-7.4-2.fc42
Fedora 42 Update: trafficserver-10.0.5-1.fc42
[SECURITY] Fedora 42 Update: moodle-4.5.4-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ccb1a36fcb
2025-04-23 01:45:48.555038+00:00
--------------------------------------------------------------------------------
Name : moodle
Product : Fedora 42
Version : 4.5.4
Release : 1.fc42
URL : https://moodle.org/
Summary : A Course Management System
Description :
Moodle is a course management system (CMS) - a free, Open Source software
package designed using sound pedagogical principles, to help educators create
effective online learning communities.
--------------------------------------------------------------------------------
Update Information:
Latest updates.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 14 2025 Gwyn Ciesla [gwync@protonmail.com] - 4.5.4-1
- 4.5.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2361647 - CVE-2025-3647 moodle: IDOR when accessing the cohorts report [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361647
[ 2 ] Bug #2361650 - CVE-2025-3645 moodle: IDOR in messaging web service allows access to some user details [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361650
[ 3 ] Bug #2361653 - CVE-2025-3644 moodle: AJAX section delete does not respect course_can_delete_section() [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361653
[ 4 ] Bug #2361656 - CVE-2025-3643 moodle: Reflected XSS risk in policy tool [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361656
[ 5 ] Bug #2361659 - CVE-2025-3642 moodle: Authenticated remote code execution risk in the Moodle LMS EQUELLA repository [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361659
[ 6 ] Bug #2361662 - CVE-2025-3641 moodle: Authenticated remote code execution risk in the Moodle LMS Dropbox repository [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361662
[ 7 ] Bug #2361665 - CVE-2025-3638 moodle: CSRF risk in Brickfield tool's analysis request action [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361665
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ccb1a36fcb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: openiked-7.4-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f55f140c15
2025-04-23 01:45:48.554903+00:00
--------------------------------------------------------------------------------
Name : openiked
Product : Fedora 42
Version : 7.4
Release : 2.fc42
URL : https://github.com/openiked/openiked-portable
Summary : A free Internet Key Exchange (IKEv2) implementation
Description :
OpenIKED is a free, permissively licensed Internet Key Exchange (IKEv2)
implementation, developed as part of the OpenBSD project. It is intended to be
a lean, secure and inter-operable daemon that allows for easy setup and
management of IPsec VPNs.
--------------------------------------------------------------------------------
Update Information:
Updated to new release 7.4
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 10 2025 Henrik Boeving [hargonix@gmail.com] 7.4-2
- Updated to new release 7.4
* Thu Apr 10 2025 Henrik Boeving [hargonix@gmail.com] 7.4-1
- Updated to new release 7.4
* Tue Feb 11 2025 Zbigniew J??drzejewski-Szmek [zbyszek@in.waw.pl] - 7.3-6
- Drop call to %sysusers_create_compat
* Fri Jan 17 2025 Fedora Release Engineering [releng@fedoraproject.org] - 7.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 7.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f55f140c15' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: trafficserver-10.0.5-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-76d6ce0e17
2025-04-23 01:45:48.554879+00:00
--------------------------------------------------------------------------------
Name : trafficserver
Product : Fedora 42
Version : 10.0.5
Release : 1.fc42
URL : https://trafficserver.apache.org/
Summary : Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
Description :
Traffic Server is a high-performance building block for cloud services.
It's more than just a caching proxy server; it also has support for
plugins to build large scale web applications. Key features:
Caching - Improve your response time, while reducing server load and
bandwidth needs by caching and reusing frequently-requested web pages,
images, and web service calls.
Proxying - Easily add keep-alive, filter or anonymize content
requests, or add load balancing by adding a proxy layer.
Fast - Scales well on modern SMP hardware, handling 10s of thousands
of requests per second.
Extensible - APIs to write your own plug-ins to do anything from
modifying HTTP headers to handling ESI requests to writing your own
cache algorithm.
Proven - Handling over 400TB a day at Yahoo! both as forward and
reverse proxies, Apache Traffic Server is battle hardened.
--------------------------------------------------------------------------------
Update Information:
Resolves CVE-2024-53868
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 13 2025 Jered Floyd [jered@redhat.com] 10.0.5-1
- Update to upstream 10.0.5
- Resolves CVE-2024-53868
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2356761 - trafficserver-10.0.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2356761
[ 2 ] Bug #2357159 - CVE-2024-53868 trafficserver: Apache Traffic Server: Malformed chunked message body allows request smuggling [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2357159
[ 3 ] Bug #2357160 - CVE-2024-53868 trafficserver: Apache Traffic Server: Malformed chunked message body allows request smuggling [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2357160
[ 4 ] Bug #2357161 - CVE-2024-53868 trafficserver: Apache Traffic Server: Malformed chunked message body allows request smuggling [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2357161
[ 5 ] Bug #2357162 - CVE-2024-53868 trafficserver: Apache Traffic Server: Malformed chunked message body allows request smuggling [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2357162
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-76d6ce0e17' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
