Fedora 40 Update: perl-Data-Entropy-0.008-1.fc40
Fedora 41 Update: webkitgtk-2.48.1-2.fc41
Fedora 41 Update: openvpn-2.6.14-1.fc41
Fedora 41 Update: perl-Data-Entropy-0.008-1.fc41
[SECURITY] Fedora 40 Update: perl-Data-Entropy-0.008-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-52d7857536
2025-04-08 01:32:13.702365+00:00
--------------------------------------------------------------------------------
Name : perl-Data-Entropy
Product : Fedora 40
Version : 0.008
Release : 1.fc40
URL : https://metacpan.org/release/Data-Entropy
Summary : Entropy (randomness) management
Description :
This module maintains a concept of a current selection of entropy source.
Algorithms that require entropy, such as those in
Data::Entropy::Algorithms, can use the source nominated by this module,
avoiding the need for entropy source objects to be explicitly passed
around. This is convenient because usually one entropy source will be used
for an entire program run and so an explicit entropy source parameter would
rarely vary. There is also a default entropy source, avoiding the need to
explicitly configure a source at all.
--------------------------------------------------------------------------------
Update Information:
Prior to version 0.008, the Perl module Data::Entropy relied on Perl's builtin
rand function to choose an entropy source. Version 0.008 does away with this
need.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 30 2025 Emmanuel Seyman [emmanuel@seyman.fr] - 0.008-1
- Update to 0.008, with new maintainer (#2355612)
* Sat Jan 18 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.007-27
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Mon Aug 5 2024 Miroslav Such?? [msuchy@redhat.com] - 0.007-26
- convert license to SPDX
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.007-25
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2355612 - perl-Data-Entropy-0.008 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2355612
[ 2 ] Bug #2355706 - CVE-2025-1860 perl-Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2355706
[ 3 ] Bug #2355707 - CVE-2025-1860 perl-Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2355707
[ 4 ] Bug #2355708 - CVE-2025-1860 perl-Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2355708
[ 5 ] Bug #2355709 - CVE-2025-1860 perl-Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2355709
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-52d7857536' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: webkitgtk-2.48.1-2.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-059585d039
2025-04-08 01:26:30.498631+00:00
--------------------------------------------------------------------------------
Name : webkitgtk
Product : Fedora 41
Version : 2.48.1
Release : 2.fc41
URL : https://www.webkitgtk.org/
Summary : GTK web content engine library
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform.
--------------------------------------------------------------------------------
Update Information:
Limit the data stored in session state.
Remove the empty area below the title bar in Web Inspector when not docked.
Fix various crashes and rendering issues
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 2 2025 Michael Catanzaro [mcatanzaro@redhat.com] - 2.48.1-2
- Add patch to fix non-x86, non-ARM build
* Wed Apr 2 2025 Michael Catanzaro [mcatanzaro@redhat.com] - 2.48.1-1
- Update to WebKitGTK 2.48.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2357987 - CVE-2024-54551 webkitgtk: Processing web content may lead to a denial-of-service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2357987
[ 2 ] Bug #2357990 - CVE-2025-24208 webkitgtk: Loading a malicious iframe may lead to a cross-site scripting attack [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2357990
[ 3 ] Bug #2357993 - CVE-2025-24209 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2357993
[ 4 ] Bug #2357998 - CVE-2025-24216 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2357998
[ 5 ] Bug #2358000 - CVE-2025-24264 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2358000
[ 6 ] Bug #2358002 - CVE-2025-30427 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2358002
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-059585d039' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: openvpn-2.6.14-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-277b5e1d96
2025-04-08 01:26:30.498607+00:00
--------------------------------------------------------------------------------
Name : openvpn
Product : Fedora 41
Version : 2.6.14
Release : 1.fc41
URL : https://community.openvpn.net/
Summary : A full-featured TLS VPN solution
Description :
OpenVPN is a robust and highly flexible tunneling application that uses all
of the encryption, authentication, and certification features of the
OpenSSL library to securely tunnel IP networks over a single UDP or TCP
port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library
for compression.
--------------------------------------------------------------------------------
Update Information:
Update to upstream OpenVPN 2.6.14
Fixes CVE-2025-2704
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 2 2025 Frank Lichtenheld [frank@lichtenheld.com] - 2.6.14-1
- Update to upstream OpenVPN 2.6.14
- Fixes CVE-2025-2704
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2357053 - CVE-2025-2704 openvpn: OpenVPN in a server role with tls-crypt-v2 enabled can reach an assertion failed state when receiving specially crafted packets [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2357053
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-277b5e1d96' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: perl-Data-Entropy-0.008-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8a7bd987fe
2025-04-08 01:26:30.498540+00:00
--------------------------------------------------------------------------------
Name : perl-Data-Entropy
Product : Fedora 41
Version : 0.008
Release : 1.fc41
URL : https://metacpan.org/release/Data-Entropy
Summary : Entropy (randomness) management
Description :
This module maintains a concept of a current selection of entropy source.
Algorithms that require entropy, such as those in
Data::Entropy::Algorithms, can use the source nominated by this module,
avoiding the need for entropy source objects to be explicitly passed
around. This is convenient because usually one entropy source will be used
for an entire program run and so an explicit entropy source parameter would
rarely vary. There is also a default entropy source, avoiding the need to
explicitly configure a source at all.
--------------------------------------------------------------------------------
Update Information:
Prior to version 0.008, the Perl module Data::Entropy relied on Perl's builtin
rand function to choose an entropy source. Version 0.008 does away with this
need.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 30 2025 Emmanuel Seyman [emmanuel@seyman.fr] - 0.008-1
- Update to 0.008, with new maintainer (#2355612)
* Sat Jan 18 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.007-27
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Mon Aug 5 2024 Miroslav Such?? [msuchy@redhat.com] - 0.007-26
- convert license to SPDX
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2355612 - perl-Data-Entropy-0.008 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2355612
[ 2 ] Bug #2355706 - CVE-2025-1860 perl-Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2355706
[ 3 ] Bug #2355707 - CVE-2025-1860 perl-Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2355707
[ 4 ] Bug #2355708 - CVE-2025-1860 perl-Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2355708
[ 5 ] Bug #2355709 - CVE-2025-1860 perl-Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2355709
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8a7bd987fe' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
