The following Fedora EPEL 8 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-0de05270a6
bird-3.1.4-1.el8
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-e760d7b053
dnsdist-1.9.11-2.el8
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-b68bd8369e
firebird-4.0.6.3221-1.1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
apptainer-1.4.3-1.el8
civetweb-1.16-10.el8
clifm-1.26.3-1.el8
ganglia-3.7.2-62.el8
Details about builds:
================================================================================
apptainer-1.4.3-1.el8 (FEDORA-EPEL-2025-c991443c0c)
Application and environment virtualization formerly known as Singularity
--------------------------------------------------------------------------------
Update Information:
Update to upstream 1.4.3, fix CVE-2025-58058
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Dave Dykstra <[email protected]> - 1.4.3
- Update to upstream 1.4.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2391600 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks
memory [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2391600
[ 2 ] Bug #2391608 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks
memory [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2391608
[ 3 ] Bug #2391610 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks
memory [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2391610
[ 4 ] Bug #2391617 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks
memory [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2391617
[ 5 ] Bug #2391646 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks
memory [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391646
[ 6 ] Bug #2398283 - CVE-2025-47910 apptainer: CrossOriginProtection bypass
in net/http [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2398283
[ 7 ] Bug #2398318 - CVE-2025-47910 apptainer: CrossOriginProtection bypass
in net/http [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2398318
[ 8 ] Bug #2398338 - CVE-2025-47910 apptainer: CrossOriginProtection bypass
in net/http [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2398338
[ 9 ] Bug #2400161 - apptainer-1.4.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400161
--------------------------------------------------------------------------------
================================================================================
civetweb-1.16-10.el8 (FEDORA-EPEL-2025-25f4776e14)
Embedded C/C++ web server
--------------------------------------------------------------------------------
Update Information:
civetweb-1.16, rhbz#2400162
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Kaleb S. KEITHLEY <kkeithle at redhat.com> - 1.16-10
- civetweb 1.16, rhbz#2400163
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2400163 - CVE-2025-9648 civetweb: Denial of Service in CivetWeb
[epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2400163
--------------------------------------------------------------------------------
================================================================================
clifm-1.26.3-1.el8 (FEDORA-EPEL-2025-2751e44261)
Shell-like, command line terminal file manager
--------------------------------------------------------------------------------
Update Information:
update to 1.26.3
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Jonathan Wright <[email protected]> - 1.26.3-1
- update to 1.26.3 rhbz#2400032
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> - 1.26-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
ganglia-3.7.2-62.el8 (FEDORA-EPEL-2025-2c2048367f)
Distributed Monitoring System
--------------------------------------------------------------------------------
Update Information:
Fix TZ issue in web subpackage and add epel10 support.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Terje Rosten <[email protected]> - 3.7.2-62
- Some refactoring
* Sun Sep 28 2025 Terje Rosten <[email protected]> - 3.7.2-61
- Port to epel10
- Add TZ patches
- Remove legacy libart_lgpl-devel buildreq
- Fix URL
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> -
3.7.2-60
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jun 2 2025 Python Maint <[email protected]> - 3.7.2-59
- Rebuilt for Python 3.14
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2370959 - Request to build ganglia for EPEL10.0
https://bugzilla.redhat.com/show_bug.cgi?id=2370959
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
