Fedora Linux has been updated with several security enhancements, including updates to nodejs-nodemon, libssh2, webkitgtk, containerd, libxml2, and augeas:

Fedora 40 Update: nodejs-nodemon-3.1.9-3.fc40
Fedora 40 Update: libssh2-1.11.1-1.fc40
Fedora 41 Update: webkitgtk-2.48.0-1.fc41
Fedora 41 Update: containerd-1.7.27-1.fc41
Fedora 41 Update: nodejs-nodemon-3.1.9-3.fc41
Fedora 40 Update: libxml2-2.12.10-1.fc40
Fedora 41 Update: augeas-1.14.2-0.4.20250324git4dffa3d.fc41

[SECURITY] Fedora 40 Update: nodejs-nodemon-3.1.9-3.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9a278a7768
2025-03-28 14:47:45.304595+00:00
--------------------------------------------------------------------------------

Name : nodejs-nodemon
Product : Fedora 40
Version : 3.1.9
Release : 3.fc40
URL : https://github.com/remy/nodemon
Summary : Simple monitor script for use during development of a node.js app
Description :
Simple monitor script for use during development of a node.js app.

For use during development of a node.js based application.

nodemon will watch the files in the directory in which nodemon
was started, and if any files change, nodemon will automatically
restart your node application.

nodemon does not require any changes to your code or method of
development. nodemon simply wraps your node application and keeps
an eye on any files that have changed. Remember that nodemon is a
replacement wrapper for node, think of it as replacing the word "node"
on the command line when you run your script.

--------------------------------------------------------------------------------
Update Information:

Added patch for CVE-2024-4068 (rhbz#2280624)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 18 2025 Tomas Juhasz [tjuhasz@redhat.com] - 3.1.9-3
- Added patch for CVE-2024-4068
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2280624 - CVE-2024-4068 nodejs-nodemon: braces: fails to limit the number of characters it can handle [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280624
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9a278a7768' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 40 Update: libssh2-1.11.1-1.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-aaa849ae74
2025-03-28 14:47:45.304529+00:00
--------------------------------------------------------------------------------

Name : libssh2
Product : Fedora 40
Version : 1.11.1
Release : 1.fc40
URL : https://www.libssh2.org/
Summary : A library implementing the SSH2 protocol
Description :
libssh2 is a library implementing the SSH2 protocol as defined by
Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25),
SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*,
SECSH-DHGEX(04), and SECSH-NUMBERS(10).

--------------------------------------------------------------------------------
Update Information:

This update, to the current upstream libssh2 release, addresses a couple of
security issues:
CVE-2023-6918 (missing checks for return values for digests)
CVE-2023-48795 (prefix truncation attack on Binary Packet Protocol (BPP) -
"Terrapin")
It also removes support for a number of legacy algorithms that were disabled by
default or removed from OpenSSH in the 2015-2018 time period. See the
RELEASE_NOTES file for full details.
In addition, there are a large number of bug fixes and enhancements, which again
are described in the RELEASE_NOTES file.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 16 2024 Paul Howarth - 1.11.1-1
- Update to 1.11.1 (rhbz#2319104)
- This is an enhancement and bugfix release - see RELEASE_NOTES for details
- Note also that various algorithms are now deprecated and not built by
default, which affects this package
* Sat Jul 27 2024 Paul Howarth - 1.11.0-8
- Fix test suite failures with OpenSSH 9.8p1
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.11.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed Jul 10 2024 Paul Howarth - 1.11.0-6
- Build without OpenSSL ENGINE support from Fedora 41 onwards
* Tue Apr 2 2024 Zhao Jiasheng [JasenChao@gmail.com] - 1.11.0-5
- Fix rpath on riscv64
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
[ 2 ] Bug #2254997 - CVE-2023-6918 libssh: Missing checks for return values for digests
https://bugzilla.redhat.com/show_bug.cgi?id=2254997
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-aaa849ae74' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 41 Update: webkitgtk-2.48.0-1.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b92313b6f2
2025-03-28 15:03:43.496959+00:00
--------------------------------------------------------------------------------

Name : webkitgtk
Product : Fedora 41
Version : 2.48.0
Release : 1.fc41
URL : https://www.webkitgtk.org/
Summary : GTK web content engine library
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform.

--------------------------------------------------------------------------------
Update Information:

Upgrade to 2.48.0:
Move tile rendering to worker threads when rendering with the GPU.
Fix preserve-3D intersection rendering.
Added new function for creating Promise objects to the JavaScriptCore GLib API.
The MediaRecorder backend gained WebM support (requires at least GStreamer
1.24.9) and audio bitrate configuration support.
Fix invalid DPI-aware font size conversion.
Bring back support for OpenType-SVG fonts using Skia SVG module.
Add metadata (title and creation/modification date) to the PDF document
generated for printing.
Propagate the font???s computed locale to HarfBuzz.
The GPU process build is now enabled for WebGL, but the web process is still
used by default. The runtime flag UseGPUProcessForWebGL can be used to use the
GPU process for WebGL.
Fix CVE-2025-24201, CVE-2024-44192, CVE-2024-54467
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 18 2025 Michael Catanzaro [mcatanzaro@redhat.com] - 2.48.0-1
- Update to WebKitGTK 2.48.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2352356 - CVE-2025-24201 webkitgtk: out-of-bounds write vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2352356
[ 2 ] Bug #2353875 - CVE-2024-44192 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2353875
[ 3 ] Bug #2353950 - CVE-2024-54467 webkitgtk: A malicious website may exfiltrate data cross-origin [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2353950
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b92313b6f2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 41 Update: containerd-1.7.27-1.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-92362585e0
2025-03-28 15:03:43.496801+00:00
--------------------------------------------------------------------------------

Name : containerd
Product : Fedora 41
Version : 1.7.27
Release : 1.fc41
URL : https://github.com/containerd/containerd
Summary : An open and reliable container runtime
Description :
Containerd is an industry-standard container runtime with an emphasis on
simplicity, robustness and portability. It is available as a daemon for Linux
and Windows, which can manage the complete container lifecycle of its host
system: image transfer and storage, container execution and supervision,
low-level storage and network attachments, etc.

--------------------------------------------------------------------------------
Update Information:

Update to v1.7.27 for F41
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 18 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 1.7.27-1
- Update to v1.7.27 for F41
- Resolves rhbz#2353093
- Upstream fixes
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2353093 - CVE-2024-40635 containerd: containerd has an integer overflow in User ID handling [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2353093
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-92362585e0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 41 Update: nodejs-nodemon-3.1.9-3.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-0951177024
2025-03-28 15:03:43.496763+00:00
--------------------------------------------------------------------------------

Name : nodejs-nodemon
Product : Fedora 41
Version : 3.1.9
Release : 3.fc41
URL : https://github.com/remy/nodemon
Summary : Simple monitor script for use during development of a node.js app
Description :
Simple monitor script for use during development of a node.js app.

For use during development of a node.js based application.

nodemon will watch the files in the directory in which nodemon
was started, and if any files change, nodemon will automatically
restart your node application.

nodemon does not require any changes to your code or method of
development. nodemon simply wraps your node application and keeps
an eye on any files that have changed. Remember that nodemon is a
replacement wrapper for node, think of it as replacing the word "node"
on the command line when you run your script.

--------------------------------------------------------------------------------
Update Information:

Added patch for CVE-2024-4068 (rhbz#2280624)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 18 2025 Tomas Juhasz [tjuhasz@redhat.com] - 3.1.9-3
- Added patch for CVE-2024-4068
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2280624 - CVE-2024-4068 nodejs-nodemon: braces: fails to limit the number of characters it can handle [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280624
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-0951177024' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 40 Update: libxml2-2.12.10-1.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-adbb0031f7
2025-03-29 01:50:00.726937+00:00
--------------------------------------------------------------------------------

Name : libxml2
Product : Fedora 40
Version : 2.12.10
Release : 1.fc40
URL : https://gitlab.gnome.org/GNOME/libxml2/-/wikis/home
Summary : Library providing XML and HTML support
Description :
This library allows to manipulate XML files. It includes support
to read, modify and write XML and HTML files. There is DTDs support
this includes parsing and validation even with complex DtDs, either
at parse time or later once the document has been modified. The output
can be a simple SAX stream or and in-memory DOM like representations.
In this case one can use the built-in XPath and XPointer implementation
to select sub nodes or ranges. A flexible Input/Output mechanism is
available, with existing HTTP and FTP modules and combined to an
URI library.

--------------------------------------------------------------------------------
Update Information:

Update to 2.12.10
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 13 2025 David King [amigadave@amigadave.com] - 2.12.10-1
- Update to 2.12.10
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2346509 - CVE-2024-56171 libxml2: Use-After-Free in libxml2 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2346509
[ 2 ] Bug #2346522 - CVE-2025-24928 libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2346522
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-adbb0031f7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 41 Update: augeas-1.14.2-0.4.20250324git4dffa3d.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-117fe4c81f
2025-03-29 01:38:53.901676+00:00
--------------------------------------------------------------------------------

Name : augeas
Product : Fedora 41
Version : 1.14.2
Release : 0.4.20250324git4dffa3d.fc41
URL : https://github.com/rwmjones/augeas
Summary : A library for changing configuration files
Description :
A library for programmatically editing configuration files. Augeas parses
configuration files into a tree structure, which it exposes through its
public API. Changes made through the API are written back to the initially
read files.

The transformation works very hard to preserve comments and formatting
details. It is controlled by ``lens'' definitions that describe the file
format and the transformation into a tree.

--------------------------------------------------------------------------------
Update Information:

CVE-2025-2588
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 24 2025 Alexander Bokovoy [abokovoy@redhat.com] - 1.14.2-0.4
- rhbz#235444: CVE-2025-2588
* Mon Feb 24 2025 Richard W.M. Jones [rjones@redhat.com] - 1.14.2-0.3
- Move to fork of Augeas which contains a small number of PRs:
- lenses/tmpfiles.aug: Permit '$' character in /usr/lib/tmpfiles.d/*.conf
- lenses/multipath.aug: Support all possible values for find_multipaths
- lenses/systemd.aug: Allow "+"(fullprivileges) command flag
* Thu Jan 16 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.14.2-0.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2354446 - CVE-2025-2588 augeas: Hercules Augeas fa.c re_case_expand null pointer dereference [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2354446
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-117fe4c81f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--