Fedora Security Advisories

FEDORA-2025-d243e027e4 Packages in this update:

• buildah-1.38.1-1.fc40
• containers-common-0.61.1-1.fc40
• podman-5.3.2-1.fc40

Update description:

Security fix for CVE-2024-11218 - fixed in buildah 1.38.1

Automatic update for containers-common-0.61.1-1.fc40, podman-5.3.2-1.fc40, buildah-1.38.1-1.fc40.

Changelog for containers-common * Thu Jan 16 2025 Packit <hello@packit.dev> - 5:0.61.1-1 - Update to 0.61.1 upstream release Changelog for podman * Wed Jan 22 2025 Packit <hello@packit.dev> - 5:5.3.2-1 - Update to 5.3.2 upstream release * Wed Jan 22 2025 Lokesh Mandvekar <lsm5@fedoraproject.org> - 5:5.3.1-4 - remove patch merged in upcoming upstream release * Fri Jan 17 2025 Mikhail Gavrilov <mikhail.v.gavrilov@gmail.com> - 5:5.3.1-3 - apply MR https://github.com/containers/storage/pull/2193 * Wed Nov 27 2024 Lokesh Mandvekar <lsm5@fedoraproject.org> - 5:5.3.1-2 - remove unused patch Changelog for buildah * Tue Jan 21 2025 Packit <hello@packit.dev> - 2:1.38.1-1 - Update to 1.38.1 upstream release

apply MR https://github.com/containers/storage/pull/2193

FEDORA-2025-908dfe95f6 Packages in this update:

• buildah-1.38.1-1.fc41
• containers-common-0.61.1-1.fc41
• podman-5.3.2-1.fc41

Update description:

Security fix for CVE-2024-11218 - fixed in buildah 1.38.1

Automatic update for buildah-1.38.1-1.fc41, containers-common-0.61.1-1.fc41, podman-5.3.2-1.fc41.

Changelog for buildah * Tue Jan 21 2025 Packit <hello@packit.dev> - 2:1.38.1-1 - Update to 1.38.1 upstream release Changelog for containers-common * Thu Jan 16 2025 Packit <hello@packit.dev> - 5:0.61.1-1 - Update to 0.61.1 upstream release Changelog for podman * Wed Jan 22 2025 Packit <hello@packit.dev> - 5:5.3.2-1 - Update to 5.3.2 upstream release * Wed Jan 22 2025 Lokesh Mandvekar <lsm5@fedoraproject.org> - 5:5.3.1-4 - remove patch merged in upcoming upstream release * Fri Jan 17 2025 Mikhail Gavrilov <mikhail.v.gavrilov@gmail.com> - 5:5.3.1-3 - apply MR https://github.com/containers/storage/pull/2193 * Wed Nov 27 2024 Lokesh Mandvekar <lsm5@fedoraproject.org> - 5:5.3.1-2 - remove unused patch

apply MR https://github.com/containers/storage/pull/2193

FEDORA-EPEL-2025-eb0d031bce Packages in this update:

• lemonldap-ng-2.20.2-1.el8

Update description:

• [Security][CVE-2024-52948] CSRF on 2FA registration
• [Security] Open redirect vulnerability in logout

FEDORA-2025-3aa9a75a72 Packages in this update:

• lemonldap-ng-2.20.2-1.fc41

Update description:

• [Security][CVE-2024-52948] CSRF on 2FA registration
• [Security] Open redirect vulnerability in logout

FEDORA-EPEL-2025-dd34d33955 Packages in this update:

• lemonldap-ng-2.20.2-1.el9

Update description:

• [Security][CVE-2024-52948] CSRF on 2FA registration
• [Security] Open redirect vulnerability in logout

FEDORA-2025-07901b1995 Packages in this update:

• lemonldap-ng-2.20.2-1.fc40

Update description:

• [Security][CVE-2024-52948] CSRF on 2FA registration
• [Security] Open redirect vulnerability in logout

FEDORA-EPEL-2025-70d131bc6c Packages in this update:

• phpMyAdmin-5.2.2-1.el9

Update description:

phpMyAdmin 5.2.2 is released

Welcome to the release of phpMyAdmin version 5.2.2, the "I should have released this sooner" release. This is primarily a bugfix release but also contains a few security fixes as noted below.

• fix possible security issue in sql-parser which could cause long execution times that could create a DOS attack (thanks to Maximilian Krög)
• fix an XSS vulnerability in the check tables feature (PMASA-2025-1, thanks to bluebird)
• fix an XSS vulnerability in the Insert tab (PMASA-2025-2, thanks to frequent contributor Kamil Tekiela)
• fix possible security issue with library code slim/psr7 (CVE-2023-30536)
• fix possible security issue relating to iconv (CVE-2024-2961, PMASA-2025-3)
• fix a full path disclosure in the Monitoring tab
• issue #18268 Fix UI issue the theme manager is disabled
• issue Allow opening server breadcrumb links in new tab with Ctrl/Meta key
• issue #19141 Add cookie prefix '-__Secure-' to cookies to help prevent cookie smuggling
• issue #18106 Fix renaming database with a view
• issue #18120 Fix bug with numerical tables during renaming database
• issue #16851 Fix ($cfg['Order']) default column order doesn't have have any effect since phpMyAdmin 4.2.0
• issue #18258 Speed improvements when exporting a database
• issue #18769 Improved collations support for MariaDB 10.10

There are many, many more fixes that you can see in the ChangeLog file included with this release or online

FEDORA-2025-c17ef0f176 Packages in this update:

• phpMyAdmin-5.2.2-1.fc40

Update description:

phpMyAdmin 5.2.2 is released

Welcome to the release of phpMyAdmin version 5.2.2, the "I should have released this sooner" release. This is primarily a bugfix release but also contains a few security fixes as noted below.

• fix possible security issue in sql-parser which could cause long execution times that could create a DOS attack (thanks to Maximilian Krög)
• fix an XSS vulnerability in the check tables feature (PMASA-2025-1, thanks to bluebird)
• fix an XSS vulnerability in the Insert tab (PMASA-2025-2, thanks to frequent contributor Kamil Tekiela)
• fix possible security issue with library code slim/psr7 (CVE-2023-30536)
• fix possible security issue relating to iconv (CVE-2024-2961, PMASA-2025-3)
• fix a full path disclosure in the Monitoring tab
• issue #18268 Fix UI issue the theme manager is disabled
• issue Allow opening server breadcrumb links in new tab with Ctrl/Meta key
• issue #19141 Add cookie prefix '-__Secure-' to cookies to help prevent cookie smuggling
• issue #18106 Fix renaming database with a view
• issue #18120 Fix bug with numerical tables during renaming database
• issue #16851 Fix ($cfg['Order']) default column order doesn't have have any effect since phpMyAdmin 4.2.0
• issue #18258 Speed improvements when exporting a database
• issue #18769 Improved collations support for MariaDB 10.10

There are many, many more fixes that you can see in the ChangeLog file included with this release or online

FEDORA-EPEL-2025-8683822bf7 Packages in this update:

• phpMyAdmin-5.2.2-1.el10_0

Update description:

phpMyAdmin 5.2.2 is released

Welcome to the release of phpMyAdmin version 5.2.2, the "I should have released this sooner" release. This is primarily a bugfix release but also contains a few security fixes as noted below.

• fix possible security issue in sql-parser which could cause long execution times that could create a DOS attack (thanks to Maximilian Krög)
• fix an XSS vulnerability in the check tables feature (PMASA-2025-1, thanks to bluebird)
• fix an XSS vulnerability in the Insert tab (PMASA-2025-2, thanks to frequent contributor Kamil Tekiela)
• fix possible security issue with library code slim/psr7 (CVE-2023-30536)
• fix possible security issue relating to iconv (CVE-2024-2961, PMASA-2025-3)
• fix a full path disclosure in the Monitoring tab
• issue #18268 Fix UI issue the theme manager is disabled
• issue Allow opening server breadcrumb links in new tab with Ctrl/Meta key
• issue #19141 Add cookie prefix '-__Secure-' to cookies to help prevent cookie smuggling
• issue #18106 Fix renaming database with a view
• issue #18120 Fix bug with numerical tables during renaming database
• issue #16851 Fix ($cfg['Order']) default column order doesn't have have any effect since phpMyAdmin 4.2.0
• issue #18258 Speed improvements when exporting a database
• issue #18769 Improved collations support for MariaDB 10.10

There are many, many more fixes that you can see in the ChangeLog file included with this release or online

FEDORA-2025-4b8ab3834c Packages in this update:

• phpMyAdmin-5.2.2-1.fc41

Update description:

phpMyAdmin 5.2.2 is released

Welcome to the release of phpMyAdmin version 5.2.2, the "I should have released this sooner" release. This is primarily a bugfix release but also contains a few security fixes as noted below.

• fix possible security issue in sql-parser which could cause long execution times that could create a DOS attack (thanks to Maximilian Krög)
• fix an XSS vulnerability in the check tables feature (PMASA-2025-1, thanks to bluebird)
• fix an XSS vulnerability in the Insert tab (PMASA-2025-2, thanks to frequent contributor Kamil Tekiela)
• fix possible security issue with library code slim/psr7 (CVE-2023-30536)
• fix possible security issue relating to iconv (CVE-2024-2961, PMASA-2025-3)
• fix a full path disclosure in the Monitoring tab
• issue #18268 Fix UI issue the theme manager is disabled
• issue Allow opening server breadcrumb links in new tab with Ctrl/Meta key
• issue #19141 Add cookie prefix '-__Secure-' to cookies to help prevent cookie smuggling
• issue #18106 Fix renaming database with a view
• issue #18120 Fix bug with numerical tables during renaming database
• issue #16851 Fix ($cfg['Order']) default column order doesn't have have any effect since phpMyAdmin 4.2.0
• issue #18258 Speed improvements when exporting a database
• issue #18769 Improved collations support for MariaDB 10.10

There are many, many more fixes that you can see in the ChangeLog file included with this release or online

FEDORA-2025-4cb7637c98 Packages in this update:

• vaultwarden-1.32.7-4.fc41

Update description:

fix VW_VERSION in compiled code, patch security issues

update to 1.32.7

FEDORA-2025-3dff292265 Packages in this update:

• vaultwarden-1.32.7-4.fc40

Update description:

fix VW_VERSION in compiled code, patch security issues

FEDORA-EPEL-2025-cd95859e4b Packages in this update:

• vaultwarden-1.32.7-4.el9

Update description:

fix VW_VERSION in compiled code, patch security issues

Update to 1.32.7

Fix CVE-2024-56335 Fix CVE-2024-55226 Fix CVE-2024-55225 Fix CVE-2024-55224

FEDORA-2025-70a32aa438 Packages in this update:

• golang-1.23.5-1.fc41

Update description:

Includes security fixes to the crypto/x509 and net/http packages

FEDORA-2025-e8b9a6b564 Packages in this update:

• golang-1.22.11-1.fc40

Update description:

Includes security fixes to the crypto/x509 and net/http packages

FEDORA-2025-0487787cb9 Packages in this update:

• dotnet9.0-9.0.102-1.fc40

Update description:

This is the January 2025 security and bugfix release for .NET 9.0. It updates the SDK to version 9.0.102 and Runtime to version 9.0.1.

Release Notes: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.1/9.0.1.md

FEDORA-2025-2eb86c0cbf Packages in this update:

• dotnet9.0-9.0.102-1.fc41

Update description:

This is the January 2025 security and bugfix release for .NET 9.0. It updates the SDK to version 9.0.102 and Runtime to version 9.0.1.

Release Notes: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.1/9.0.1.md

FEDORA-2025-16778d3c88 Packages in this update:

• dotnet8.0-8.0.112-1.fc40

Update description:

This is the January 2025 security and bugfix release for .NET 8.0. It updates the SDK to version 8.0.112 and Runtime to version 8.0.12.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.12/8.0.112.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.12/8.0.12.md

FEDORA-2025-bd8f5a599b Packages in this update:

• dotnet8.0-8.0.112-1.fc41

Update description:

This is the January 2025 security and bugfix release for .NET 8.0. It updates the SDK to version 8.0.112 and Runtime to version 8.0.12.

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.12/8.0.112.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.12/8.0.12.md

FEDORA-2025-11277f6779 Packages in this update:

• mediawiki-1.41.5-1.fc40

Update description:

https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/PFTE5RHUERS6KTUGGRZO7XXV5THNJ77E/

https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/5NYC4UZLY3MWQZ6DYJAUQRJG2ZHZFBJ6/