==========================================================================
Ubuntu Security Notice USN-7584-1
June 19, 2025
roundcube vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Roundcube Webmail could allow remote code execution.
Software Description:
- roundcube: skinnable AJAX based webmail solution for IMAP servers
Details:
It was discovered that Roundcube Webmail did not properly sanitize the
_from parameter in a URL, leading to PHP Object Deserialization. A remote
attacker could possibly use this issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
roundcube 1.6.10+dfsg-1ubuntu0.1
roundcube-core 1.6.10+dfsg-1ubuntu0.1
Ubuntu 24.10
roundcube 1.6.8+dfsg-2ubuntu0.1
roundcube-core 1.6.8+dfsg-2ubuntu0.1
Ubuntu 24.04 LTS
roundcube 1.6.6+dfsg-2ubuntu0.1
roundcube-core 1.6.6+dfsg-2ubuntu0.1
Ubuntu 22.04 LTS
roundcube 1.5.0+dfsg.1-2ubuntu0.1~esm4
Available with Ubuntu Pro
roundcube-core 1.5.0+dfsg.1-2ubuntu0.1~esm4
Available with Ubuntu Pro
roundcube-plugins 1.5.0+dfsg.1-2ubuntu0.1~esm4
Available with Ubuntu Pro
Ubuntu 20.04 LTS
roundcube 1.4.3+dfsg.1-1ubuntu0.1~esm5
Available with Ubuntu Pro
roundcube-core 1.4.3+dfsg.1-1ubuntu0.1~esm5
Available with Ubuntu Pro
roundcube-plugins 1.4.3+dfsg.1-1ubuntu0.1~esm5
Available with Ubuntu Pro
Ubuntu 18.04 LTS
roundcube 1.3.6+dfsg.1-1ubuntu0.1~esm5
Available with Ubuntu Pro
roundcube-core 1.3.6+dfsg.1-1ubuntu0.1~esm5
Available with Ubuntu Pro
roundcube-plugins 1.3.6+dfsg.1-1ubuntu0.1~esm5
Available with Ubuntu Pro
Ubuntu 16.04 LTS
roundcube 1.2~beta+dfsg.1-0ubuntu1+esm6
Available with Ubuntu Pro
roundcube-core 1.2~beta+dfsg.1-0ubuntu1+esm6
Available with Ubuntu Pro
roundcube-plugins 1.2~beta+dfsg.1-0ubuntu1+esm6
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7584-1
CVE-2025-49113
Package Information:
https://launchpad.net/ubuntu/+source/roundcube/1.6.10+dfsg-1ubuntu0.1
https://launchpad.net/ubuntu/+source/roundcube/1.6.8+dfsg-2ubuntu0.1
https://launchpad.net/ubuntu/+source/roundcube/1.6.6+dfsg-2ubuntu0.1
Friday, June 20, 2025
[arch-announce] Plasma 6.4.0 will need manual intervention if you are on X11
On Plasma 6.4 the wayland session will be the only one installed when the users does not manually specify kwin-x11.
With the recent split of kwin into kwin-wayland and kwin-x11, users running the old X11 session needs to manually install plasma-x11-session, or they will not be able to login. Currently pacman is not able to figure out your personal setup, and it wouldn't be ok to install plasma-x11-session and kwin-x11 for every
one using Plasma.
### tldr: Install plasma-x11-session if you are still using x11
URL: https://archlinux.org/news/plasma-640-will-need-manual-intervention-if-you-are-on-x11/
With the recent split of kwin into kwin-wayland and kwin-x11, users running the old X11 session needs to manually install plasma-x11-session, or they will not be able to login. Currently pacman is not able to figure out your personal setup, and it wouldn't be ok to install plasma-x11-session and kwin-x11 for every
one using Plasma.
### tldr: Install plasma-x11-session if you are still using x11
URL: https://archlinux.org/news/plasma-640-will-need-manual-intervention-if-you-are-on-x11/
Thursday, June 19, 2025
[USN-7585-2] Linux kernel (FIPS) vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmhUfm4FAwAAAAAACgkQZ0GeRcM5nt0v
OAgAoDeWWNBr/c0yKfPsnCO9nu2EY3XsbZocjUGQoeMIo0jZ2pNkrNZ4vInxHaEp3rHbEKjLpaMR
w7CQKT4n39De8QYv5dYyoebHCM+LisrmmOMmx7RcLRSKbLAx5JhjHbpvFH3IsZ4xChP3vdBIEcS2
BRH5MfqkOI1TIdVuL2F/QZR8rN0MDXtZ6701TDAliSzy6ZcpEpooP3Mv/4Lnbt7JCoM6YcRODuI+
MEeJbXwlF6Y2uaeEXgOfUByeWsMVbNHy26oiCPiC4VcFU9pE6S3E3IM0aDS41mpzor0ojkZ4H4KA
2qxvR1RcIk1pBtKplgJtKsxcnkrvCu5+nqtkpFzJpw==
=qLjG
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7585-2
June 19, 2025
linux-aws-fips, linux-gcp-fips vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS
- linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with
FIPS
Details:
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- x86 architecture;
- iSCSI Boot Firmware Table Attributes driver;
- GPU drivers;
- HID subsystem;
- InfiniBand drivers;
- Media drivers;
- MemoryStick subsystem;
- Network drivers;
- NTB driver;
- PCI subsystem;
- SCSI subsystem;
- Thermal drivers;
- JFS file system;
- File systems infrastructure;
- Tracing infrastructure;
- 802.1Q VLAN protocol;
- Asynchronous Transfer Mode (ATM) subsystem;
- Bluetooth subsystem;
- IPv6 networking;
- Netfilter;
- Network traffic control;
- Sun RPC protocol;
- USB sound devices;
(CVE-2025-22007, CVE-2025-21959, CVE-2025-22021, CVE-2025-22063,
CVE-2025-22045, CVE-2024-58093, CVE-2022-49636, CVE-2025-22020,
CVE-2024-53168, CVE-2025-22071, CVE-2025-39735, CVE-2025-21991,
CVE-2025-21992, CVE-2025-21996, CVE-2025-22035, CVE-2023-53034,
CVE-2025-22054, CVE-2025-23136, CVE-2025-22073, CVE-2024-56551,
CVE-2025-22005, CVE-2025-37937, CVE-2021-47211, CVE-2025-22086,
CVE-2025-21956, CVE-2025-38637, CVE-2025-22004, CVE-2025-22018,
CVE-2025-22079, CVE-2025-21957, CVE-2025-21993)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.4.0-1147-aws-fips 5.4.0-1147.157+fips1
Available with Ubuntu Pro
linux-image-5.4.0-1150-gcp-fips 5.4.0-1150.159+fips1
Available with Ubuntu Pro
linux-image-aws-fips 5.4.0.1147.94
Available with Ubuntu Pro
linux-image-gcp-fips 5.4.0.1150.92
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7585-2
https://ubuntu.com/security/notices/USN-7585-1
CVE-2021-47211, CVE-2022-49636, CVE-2023-53034, CVE-2024-53168,
CVE-2024-56551, CVE-2024-58093, CVE-2025-21956, CVE-2025-21957,
CVE-2025-21959, CVE-2025-21991, CVE-2025-21992, CVE-2025-21993,
CVE-2025-21996, CVE-2025-22004, CVE-2025-22005, CVE-2025-22007,
CVE-2025-22018, CVE-2025-22020, CVE-2025-22021, CVE-2025-22035,
CVE-2025-22045, CVE-2025-22054, CVE-2025-22063, CVE-2025-22071,
CVE-2025-22073, CVE-2025-22079, CVE-2025-22086, CVE-2025-2312,
CVE-2025-23136, CVE-2025-37937, CVE-2025-38637, CVE-2025-39735
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-fips/5.4.0-1147.157+fips1
https://launchpad.net/ubuntu/+source/linux-gcp-fips/5.4.0-1150.159+fips1
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmhUfm4FAwAAAAAACgkQZ0GeRcM5nt0v
OAgAoDeWWNBr/c0yKfPsnCO9nu2EY3XsbZocjUGQoeMIo0jZ2pNkrNZ4vInxHaEp3rHbEKjLpaMR
w7CQKT4n39De8QYv5dYyoebHCM+LisrmmOMmx7RcLRSKbLAx5JhjHbpvFH3IsZ4xChP3vdBIEcS2
BRH5MfqkOI1TIdVuL2F/QZR8rN0MDXtZ6701TDAliSzy6ZcpEpooP3Mv/4Lnbt7JCoM6YcRODuI+
MEeJbXwlF6Y2uaeEXgOfUByeWsMVbNHy26oiCPiC4VcFU9pE6S3E3IM0aDS41mpzor0ojkZ4H4KA
2qxvR1RcIk1pBtKplgJtKsxcnkrvCu5+nqtkpFzJpw==
=qLjG
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7585-2
June 19, 2025
linux-aws-fips, linux-gcp-fips vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS
- linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with
FIPS
Details:
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- x86 architecture;
- iSCSI Boot Firmware Table Attributes driver;
- GPU drivers;
- HID subsystem;
- InfiniBand drivers;
- Media drivers;
- MemoryStick subsystem;
- Network drivers;
- NTB driver;
- PCI subsystem;
- SCSI subsystem;
- Thermal drivers;
- JFS file system;
- File systems infrastructure;
- Tracing infrastructure;
- 802.1Q VLAN protocol;
- Asynchronous Transfer Mode (ATM) subsystem;
- Bluetooth subsystem;
- IPv6 networking;
- Netfilter;
- Network traffic control;
- Sun RPC protocol;
- USB sound devices;
(CVE-2025-22007, CVE-2025-21959, CVE-2025-22021, CVE-2025-22063,
CVE-2025-22045, CVE-2024-58093, CVE-2022-49636, CVE-2025-22020,
CVE-2024-53168, CVE-2025-22071, CVE-2025-39735, CVE-2025-21991,
CVE-2025-21992, CVE-2025-21996, CVE-2025-22035, CVE-2023-53034,
CVE-2025-22054, CVE-2025-23136, CVE-2025-22073, CVE-2024-56551,
CVE-2025-22005, CVE-2025-37937, CVE-2021-47211, CVE-2025-22086,
CVE-2025-21956, CVE-2025-38637, CVE-2025-22004, CVE-2025-22018,
CVE-2025-22079, CVE-2025-21957, CVE-2025-21993)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.4.0-1147-aws-fips 5.4.0-1147.157+fips1
Available with Ubuntu Pro
linux-image-5.4.0-1150-gcp-fips 5.4.0-1150.159+fips1
Available with Ubuntu Pro
linux-image-aws-fips 5.4.0.1147.94
Available with Ubuntu Pro
linux-image-gcp-fips 5.4.0.1150.92
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7585-2
https://ubuntu.com/security/notices/USN-7585-1
CVE-2021-47211, CVE-2022-49636, CVE-2023-53034, CVE-2024-53168,
CVE-2024-56551, CVE-2024-58093, CVE-2025-21956, CVE-2025-21957,
CVE-2025-21959, CVE-2025-21991, CVE-2025-21992, CVE-2025-21993,
CVE-2025-21996, CVE-2025-22004, CVE-2025-22005, CVE-2025-22007,
CVE-2025-22018, CVE-2025-22020, CVE-2025-22021, CVE-2025-22035,
CVE-2025-22045, CVE-2025-22054, CVE-2025-22063, CVE-2025-22071,
CVE-2025-22073, CVE-2025-22079, CVE-2025-22086, CVE-2025-2312,
CVE-2025-23136, CVE-2025-37937, CVE-2025-38637, CVE-2025-39735
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-fips/5.4.0-1147.157+fips1
https://launchpad.net/ubuntu/+source/linux-gcp-fips/5.4.0-1150.159+fips1
[USN-7585-1] Linux kernel vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmhUcxMFAwAAAAAACgkQZ0GeRcM5nt3g
vwf9GHS6LEjR2k0jJcHI7BSW5piJpfseWE3ME59VJw0SPdH8DP5ot++Yg5tvU6PHioEOuLSjOhoN
x5pJhBF4u4SydlZ4UyxQdZh8jaOSWeKM48WGnalv6umxqw86SNkBiiev4JhCjbjOyj7qfaq90gCf
Nqs0adoEMLlSp37NaaLzSBYyVv+UCZXJGxS9z3vZMblswxCyBGrFo9SCLWUnB9JBX5AvAByUdzfF
WekjsPYIF+9nOYfcRX9ApHaq76mjNi8TeKFnzIZlL2OwbxshdxKrFVW3xMeMgs4uWsY6EXS2VdwJ
7jj2BSy8w5LnqeQWaw6ITb+hyAhZta2cKDTzUGJnfQ==
=58HH
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7585-1
June 19, 2025
linux, linux-aws, linux-aws-5.4, linux-azure, linux-gcp, linux-gcp-5.4,
linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4,
linux-xilinx-zynqmp vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors
- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems
- linux-ibm-5.4: Linux kernel for IBM cloud systems
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems
Details:
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- x86 architecture;
- iSCSI Boot Firmware Table Attributes driver;
- GPU drivers;
- HID subsystem;
- InfiniBand drivers;
- Media drivers;
- MemoryStick subsystem;
- Network drivers;
- NTB driver;
- PCI subsystem;
- SCSI subsystem;
- Thermal drivers;
- JFS file system;
- File systems infrastructure;
- Tracing infrastructure;
- 802.1Q VLAN protocol;
- Asynchronous Transfer Mode (ATM) subsystem;
- Bluetooth subsystem;
- IPv6 networking;
- Netfilter;
- Network traffic control;
- Sun RPC protocol;
- USB sound devices;
(CVE-2025-22007, CVE-2025-21959, CVE-2025-22021, CVE-2025-22063,
CVE-2025-22045, CVE-2024-58093, CVE-2022-49636, CVE-2025-22020,
CVE-2024-53168, CVE-2025-22071, CVE-2025-39735, CVE-2025-21991,
CVE-2025-21992, CVE-2025-21996, CVE-2025-22035, CVE-2023-53034,
CVE-2025-22054, CVE-2025-23136, CVE-2025-22073, CVE-2024-56551,
CVE-2025-22005, CVE-2025-37937, CVE-2021-47211, CVE-2025-22086,
CVE-2025-21956, CVE-2025-38637, CVE-2025-22004, CVE-2025-22018,
CVE-2025-22079, CVE-2025-21957, CVE-2025-21993)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.4.0-1065-xilinx-zynqmp 5.4.0-1065.69
Available with Ubuntu Pro
linux-image-5.4.0-1093-ibm 5.4.0-1093.98
Available with Ubuntu Pro
linux-image-5.4.0-1134-kvm 5.4.0-1134.143
Available with Ubuntu Pro
linux-image-5.4.0-1145-oracle 5.4.0-1145.155
Available with Ubuntu Pro
linux-image-5.4.0-1147-aws 5.4.0-1147.157
Available with Ubuntu Pro
linux-image-5.4.0-1150-gcp 5.4.0-1150.159
Available with Ubuntu Pro
linux-image-5.4.0-1152-azure 5.4.0-1152.159
Available with Ubuntu Pro
linux-image-5.4.0-218-generic 5.4.0-218.238
Available with Ubuntu Pro
linux-image-5.4.0-218-generic-lpae 5.4.0-218.238
Available with Ubuntu Pro
linux-image-5.4.0-218-lowlatency 5.4.0-218.238
Available with Ubuntu Pro
linux-image-aws-lts-20.04 5.4.0.1147.144
Available with Ubuntu Pro
linux-image-azure-lts-20.04 5.4.0.1152.146
Available with Ubuntu Pro
linux-image-gcp-lts-20.04 5.4.0.1150.152
Available with Ubuntu Pro
linux-image-generic 5.4.0.218.210
Available with Ubuntu Pro
linux-image-generic-lpae 5.4.0.218.210
Available with Ubuntu Pro
linux-image-ibm-lts-20.04 5.4.0.1093.122
Available with Ubuntu Pro
linux-image-kvm 5.4.0.1134.130
Available with Ubuntu Pro
linux-image-lowlatency 5.4.0.218.210
Available with Ubuntu Pro
linux-image-oem 5.4.0.218.210
Available with Ubuntu Pro
linux-image-oem-osp1 5.4.0.218.210
Available with Ubuntu Pro
linux-image-oracle-lts-20.04 5.4.0.1145.139
Available with Ubuntu Pro
linux-image-virtual 5.4.0.218.210
Available with Ubuntu Pro
linux-image-xilinx-zynqmp 5.4.0.1065.65
Available with Ubuntu Pro
Ubuntu 18.04 LTS
linux-image-5.4.0-1093-ibm 5.4.0-1093.98~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1145-oracle 5.4.0-1145.155~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1147-aws 5.4.0-1147.157~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1150-gcp 5.4.0-1150.159~18.04.1
Available with Ubuntu Pro
linux-image-aws 5.4.0.1147.157~18.04.1
Available with Ubuntu Pro
linux-image-gcp 5.4.0.1150.159~18.04.1
Available with Ubuntu Pro
linux-image-ibm 5.4.0.1093.98~18.04.1
Available with Ubuntu Pro
linux-image-oracle 5.4.0.1145.155~18.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7585-1
CVE-2021-47211, CVE-2022-49636, CVE-2023-53034, CVE-2024-53168,
CVE-2024-56551, CVE-2024-58093, CVE-2025-21956, CVE-2025-21957,
CVE-2025-21959, CVE-2025-21991, CVE-2025-21992, CVE-2025-21993,
CVE-2025-21996, CVE-2025-22004, CVE-2025-22005, CVE-2025-22007,
CVE-2025-22018, CVE-2025-22020, CVE-2025-22021, CVE-2025-22035,
CVE-2025-22045, CVE-2025-22054, CVE-2025-22063, CVE-2025-22071,
CVE-2025-22073, CVE-2025-22079, CVE-2025-22086, CVE-2025-2312,
CVE-2025-23136, CVE-2025-37937, CVE-2025-38637, CVE-2025-39735
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmhUcxMFAwAAAAAACgkQZ0GeRcM5nt3g
vwf9GHS6LEjR2k0jJcHI7BSW5piJpfseWE3ME59VJw0SPdH8DP5ot++Yg5tvU6PHioEOuLSjOhoN
x5pJhBF4u4SydlZ4UyxQdZh8jaOSWeKM48WGnalv6umxqw86SNkBiiev4JhCjbjOyj7qfaq90gCf
Nqs0adoEMLlSp37NaaLzSBYyVv+UCZXJGxS9z3vZMblswxCyBGrFo9SCLWUnB9JBX5AvAByUdzfF
WekjsPYIF+9nOYfcRX9ApHaq76mjNi8TeKFnzIZlL2OwbxshdxKrFVW3xMeMgs4uWsY6EXS2VdwJ
7jj2BSy8w5LnqeQWaw6ITb+hyAhZta2cKDTzUGJnfQ==
=58HH
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7585-1
June 19, 2025
linux, linux-aws, linux-aws-5.4, linux-azure, linux-gcp, linux-gcp-5.4,
linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4,
linux-xilinx-zynqmp vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors
- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems
- linux-ibm-5.4: Linux kernel for IBM cloud systems
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems
Details:
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- x86 architecture;
- iSCSI Boot Firmware Table Attributes driver;
- GPU drivers;
- HID subsystem;
- InfiniBand drivers;
- Media drivers;
- MemoryStick subsystem;
- Network drivers;
- NTB driver;
- PCI subsystem;
- SCSI subsystem;
- Thermal drivers;
- JFS file system;
- File systems infrastructure;
- Tracing infrastructure;
- 802.1Q VLAN protocol;
- Asynchronous Transfer Mode (ATM) subsystem;
- Bluetooth subsystem;
- IPv6 networking;
- Netfilter;
- Network traffic control;
- Sun RPC protocol;
- USB sound devices;
(CVE-2025-22007, CVE-2025-21959, CVE-2025-22021, CVE-2025-22063,
CVE-2025-22045, CVE-2024-58093, CVE-2022-49636, CVE-2025-22020,
CVE-2024-53168, CVE-2025-22071, CVE-2025-39735, CVE-2025-21991,
CVE-2025-21992, CVE-2025-21996, CVE-2025-22035, CVE-2023-53034,
CVE-2025-22054, CVE-2025-23136, CVE-2025-22073, CVE-2024-56551,
CVE-2025-22005, CVE-2025-37937, CVE-2021-47211, CVE-2025-22086,
CVE-2025-21956, CVE-2025-38637, CVE-2025-22004, CVE-2025-22018,
CVE-2025-22079, CVE-2025-21957, CVE-2025-21993)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.4.0-1065-xilinx-zynqmp 5.4.0-1065.69
Available with Ubuntu Pro
linux-image-5.4.0-1093-ibm 5.4.0-1093.98
Available with Ubuntu Pro
linux-image-5.4.0-1134-kvm 5.4.0-1134.143
Available with Ubuntu Pro
linux-image-5.4.0-1145-oracle 5.4.0-1145.155
Available with Ubuntu Pro
linux-image-5.4.0-1147-aws 5.4.0-1147.157
Available with Ubuntu Pro
linux-image-5.4.0-1150-gcp 5.4.0-1150.159
Available with Ubuntu Pro
linux-image-5.4.0-1152-azure 5.4.0-1152.159
Available with Ubuntu Pro
linux-image-5.4.0-218-generic 5.4.0-218.238
Available with Ubuntu Pro
linux-image-5.4.0-218-generic-lpae 5.4.0-218.238
Available with Ubuntu Pro
linux-image-5.4.0-218-lowlatency 5.4.0-218.238
Available with Ubuntu Pro
linux-image-aws-lts-20.04 5.4.0.1147.144
Available with Ubuntu Pro
linux-image-azure-lts-20.04 5.4.0.1152.146
Available with Ubuntu Pro
linux-image-gcp-lts-20.04 5.4.0.1150.152
Available with Ubuntu Pro
linux-image-generic 5.4.0.218.210
Available with Ubuntu Pro
linux-image-generic-lpae 5.4.0.218.210
Available with Ubuntu Pro
linux-image-ibm-lts-20.04 5.4.0.1093.122
Available with Ubuntu Pro
linux-image-kvm 5.4.0.1134.130
Available with Ubuntu Pro
linux-image-lowlatency 5.4.0.218.210
Available with Ubuntu Pro
linux-image-oem 5.4.0.218.210
Available with Ubuntu Pro
linux-image-oem-osp1 5.4.0.218.210
Available with Ubuntu Pro
linux-image-oracle-lts-20.04 5.4.0.1145.139
Available with Ubuntu Pro
linux-image-virtual 5.4.0.218.210
Available with Ubuntu Pro
linux-image-xilinx-zynqmp 5.4.0.1065.65
Available with Ubuntu Pro
Ubuntu 18.04 LTS
linux-image-5.4.0-1093-ibm 5.4.0-1093.98~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1145-oracle 5.4.0-1145.155~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1147-aws 5.4.0-1147.157~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1150-gcp 5.4.0-1150.159~18.04.1
Available with Ubuntu Pro
linux-image-aws 5.4.0.1147.157~18.04.1
Available with Ubuntu Pro
linux-image-gcp 5.4.0.1150.159~18.04.1
Available with Ubuntu Pro
linux-image-ibm 5.4.0.1093.98~18.04.1
Available with Ubuntu Pro
linux-image-oracle 5.4.0.1145.155~18.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7585-1
CVE-2021-47211, CVE-2022-49636, CVE-2023-53034, CVE-2024-53168,
CVE-2024-56551, CVE-2024-58093, CVE-2025-21956, CVE-2025-21957,
CVE-2025-21959, CVE-2025-21991, CVE-2025-21992, CVE-2025-21993,
CVE-2025-21996, CVE-2025-22004, CVE-2025-22005, CVE-2025-22007,
CVE-2025-22018, CVE-2025-22020, CVE-2025-22021, CVE-2025-22035,
CVE-2025-22045, CVE-2025-22054, CVE-2025-22063, CVE-2025-22071,
CVE-2025-22073, CVE-2025-22079, CVE-2025-22086, CVE-2025-2312,
CVE-2025-23136, CVE-2025-37937, CVE-2025-38637, CVE-2025-39735
[USN-7583-1] Python vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7583-1
June 19, 2025
python3.13, python3.12 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
Summary:
Python could be made to overwrite files.
Software Description:
- python3.13: An interactive high-level object-oriented language
- python3.12: An interactive high-level object-oriented language
Details:
It was discovered that Python incorrectly handled tar archive extraction
with the filtering option. An attacker could possibly use this issue to
modify files in arbitrary filesystem locations and cause data loss.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
python3.13 3.13.3-1ubuntu0.2
Ubuntu 24.10
python3.12 3.12.7-1ubuntu2.2
python3.13 3.13.0-1ubuntu0.3
Ubuntu 24.04 LTS
python3.12 3.12.3-1ubuntu0.7
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7583-1
CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435,
CVE-2025-4517
Package Information:
https://launchpad.net/ubuntu/+source/python3.13/3.13.3-1ubuntu0.2
https://launchpad.net/ubuntu/+source/python3.12/3.12.7-1ubuntu2.2
https://launchpad.net/ubuntu/+source/python3.13/3.13.0-1ubuntu0.3
https://launchpad.net/ubuntu/+source/python3.12/3.12.3-1ubuntu0.7
Ubuntu Security Notice USN-7583-1
June 19, 2025
python3.13, python3.12 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
Summary:
Python could be made to overwrite files.
Software Description:
- python3.13: An interactive high-level object-oriented language
- python3.12: An interactive high-level object-oriented language
Details:
It was discovered that Python incorrectly handled tar archive extraction
with the filtering option. An attacker could possibly use this issue to
modify files in arbitrary filesystem locations and cause data loss.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
python3.13 3.13.3-1ubuntu0.2
Ubuntu 24.10
python3.12 3.12.7-1ubuntu2.2
python3.13 3.13.0-1ubuntu0.3
Ubuntu 24.04 LTS
python3.12 3.12.3-1ubuntu0.7
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7583-1
CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435,
CVE-2025-4517
Package Information:
https://launchpad.net/ubuntu/+source/python3.13/3.13.3-1ubuntu0.2
https://launchpad.net/ubuntu/+source/python3.12/3.12.7-1ubuntu2.2
https://launchpad.net/ubuntu/+source/python3.13/3.13.0-1ubuntu0.3
https://launchpad.net/ubuntu/+source/python3.12/3.12.3-1ubuntu0.7
[USN-7582-1] Samba vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7582-1
June 19, 2025
samba vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Samba.
Software Description:
- samba: SMB/CIFS file, print, and login server for Unix
Details:
Evgeny Legerov discovered that Samba incorrectly handled buffers in
certain GSSAPI routines of Heimdal. A remote attacker could possibly use
this issue to cause Samba to crash, resulting in a denial of service.
(CVE-2022-3437)
Greg Hudson discovered that Samba incorrectly handled PAC parsing. On
32-bit systems, a remote attacker could use this issue to escalate
privileges, or possibly execute arbitrary code. (CVE-2022-42898)
Joseph Sutton discovered that Samba could be forced to issue rc4-hmac
encrypted Kerberos tickets. A remote attacker could possibly use this issue
to escalate privileges. This issue only affected Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2022-45141)
Florent Saudel discovered that Samba incorrectly handled certain Spotlight
requests. A remote attacker could possibly use this issue to cause Samba to
consume resources, leading to a denial of service. (CVE-2023-34966)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.29+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
samba 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm2
Available with Ubuntu Pro
Ubuntu 14.04 LTS
samba 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm13
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7582-1
CVE-2022-3437, CVE-2022-42898, CVE-2022-45141, CVE-2023-34966
Ubuntu Security Notice USN-7582-1
June 19, 2025
samba vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Samba.
Software Description:
- samba: SMB/CIFS file, print, and login server for Unix
Details:
Evgeny Legerov discovered that Samba incorrectly handled buffers in
certain GSSAPI routines of Heimdal. A remote attacker could possibly use
this issue to cause Samba to crash, resulting in a denial of service.
(CVE-2022-3437)
Greg Hudson discovered that Samba incorrectly handled PAC parsing. On
32-bit systems, a remote attacker could use this issue to escalate
privileges, or possibly execute arbitrary code. (CVE-2022-42898)
Joseph Sutton discovered that Samba could be forced to issue rc4-hmac
encrypted Kerberos tickets. A remote attacker could possibly use this issue
to escalate privileges. This issue only affected Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2022-45141)
Florent Saudel discovered that Samba incorrectly handled certain Spotlight
requests. A remote attacker could possibly use this issue to cause Samba to
consume resources, leading to a denial of service. (CVE-2023-34966)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.29+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
samba 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm2
Available with Ubuntu Pro
Ubuntu 14.04 LTS
samba 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm13
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7582-1
CVE-2022-3437, CVE-2022-42898, CVE-2022-45141, CVE-2023-34966
Recent partial openQA outage (now fixed, apologies)
Hey folks! You may have noticed a substantial amount of incorrect test
failures in openQA in the last 20 hours or so. I've now rebooted the
broken system and rescheduled all the failed tests, but it will take a
few hours for them to work through the system. A few may flake, too - I
will catch these and restart them during the day.
Details for anyone interested: since updating to the latest openQA
upstream code and Fedora 42, it seems like the worker hosts that run
multi-worker networked jobs sometimes hit some kind of issue between
openvswitch and dbus-broker, which causes all such jobs run after that
point to fail at startup with "could not configure /dev/net/tun
(tap19): Device or resource busy" errors. Other jobs also sometimes
fail, I think because the broken tap jobs block VNC ports or something.
Another openQA user saw something similar and we're tracking it
upstream at https://progress.opensuse.org/issues/183833 , but we
haven't entirely got to the root cause yet. For now the only thing I
can do is reboot the worker hosts when they get in this state. I didn't
check openQA before going to bed last night so I let this drag out
longer than necessary - sorry about that!
--
Adam Williamson (he/him/his)
Fedora QA
Fedora Chat: @adamwill:fedora.im | Mastodon: @adamw@fosstodon.org
https://www.happyassassin.net
--
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
failures in openQA in the last 20 hours or so. I've now rebooted the
broken system and rescheduled all the failed tests, but it will take a
few hours for them to work through the system. A few may flake, too - I
will catch these and restart them during the day.
Details for anyone interested: since updating to the latest openQA
upstream code and Fedora 42, it seems like the worker hosts that run
multi-worker networked jobs sometimes hit some kind of issue between
openvswitch and dbus-broker, which causes all such jobs run after that
point to fail at startup with "could not configure /dev/net/tun
(tap19): Device or resource busy" errors. Other jobs also sometimes
fail, I think because the broken tap jobs block VNC ports or something.
Another openQA user saw something similar and we're tracking it
upstream at https://progress.opensuse.org/issues/183833 , but we
haven't entirely got to the root cause yet. For now the only thing I
can do is reboot the worker hosts when they get in this state. I didn't
check openQA before going to bed last night so I let this drag out
longer than necessary - sorry about that!
--
Adam Williamson (he/him/his)
Fedora QA
Fedora Chat: @adamwill:fedora.im | Mastodon: @adamw@fosstodon.org
https://www.happyassassin.net
--
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[USN-7581-1] Express vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7581-1
June 19, 2025
node-express vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Express.
Software Description:
- node-express: Fast, unopinionated, minimalist web framework for Node.js
Details:
It was discovered that Express incorrectly handled certain URLs, leading
to an open redirect attack. A remote attacker could possibly use this
issue to perform phishing attacks. (CVE-2024-29041)
Adam Korcz discovered that Express did not properly sanitize certain
inputs. A remote attacker could possibly use this issue to perform cross
site scripting. (CVE-2024-43796)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
node-express 4.19.2+~cs8.36.26-1ubuntu0.1
Ubuntu 24.04 LTS
node-express 4.19.2+~cs8.36.21-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
node-express 4.17.3+~4.17.13-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
node-express 4.17.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
node-express 4.1.1~dfsg-1ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
node-express 4.1.1~dfsg-1ubuntu0.16.04.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7581-1
CVE-2024-29041, CVE-2024-43796
Package Information:
https://launchpad.net/ubuntu/+source/node-express/4.19.2+~cs8.36.26-1ubuntu0.1
Ubuntu Security Notice USN-7581-1
June 19, 2025
node-express vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Express.
Software Description:
- node-express: Fast, unopinionated, minimalist web framework for Node.js
Details:
It was discovered that Express incorrectly handled certain URLs, leading
to an open redirect attack. A remote attacker could possibly use this
issue to perform phishing attacks. (CVE-2024-29041)
Adam Korcz discovered that Express did not properly sanitize certain
inputs. A remote attacker could possibly use this issue to perform cross
site scripting. (CVE-2024-43796)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
node-express 4.19.2+~cs8.36.26-1ubuntu0.1
Ubuntu 24.04 LTS
node-express 4.19.2+~cs8.36.21-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
node-express 4.17.3+~4.17.13-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
node-express 4.17.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
node-express 4.1.1~dfsg-1ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
node-express 4.1.1~dfsg-1ubuntu0.16.04.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7581-1
CVE-2024-29041, CVE-2024-43796
Package Information:
https://launchpad.net/ubuntu/+source/node-express/4.19.2+~cs8.36.26-1ubuntu0.1
Wednesday, June 18, 2025
[USN-7574-1] Go vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7574-1
June 18, 2025
golang-1.22 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Go.
Software Description:
- golang-1.22: Go programming language compiler
Details:
Kyle Seely discovered that the Go net/http module did not properly handle
sensitive headers during repeated redirects. An attacker could possibly
use this issue to obtain sensitive information. (CVE-2024-45336)
Juho Forsén discovered that the Go crypto/x509 module incorrectly handled
IPv6 addresses during URI parsing. An attacker could possibly use this
issue to bypass certificate URI constraints. (CVE-2024-45341)
It was discovered that the Go crypto module did not properly handle
variable time instructions under certain circumstances on 64-bit Power
(ppc64el) systems. An attacker could possibly use this issue to expose
sensitive information. (CVE-2025-22866)
It was discovered that the Go http/httpproxy module did not properly
handle IPv6 zone IDs during hostname matching. An attacker could possibly
use this issue to cause a denial of service. (CVE-2025-22870)
Takeshi Kaneko discovered that the Go net/http module did not properly
strip sensitive proxy headers during redirect requests. An attacker could
possibly use this issue to obtain sensitive information. (CVE-2025-4673)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
golang-1.22 1.22.8-1ubuntu0.1
golang-1.22-go 1.22.8-1ubuntu0.1
golang-1.22-src 1.22.8-1ubuntu0.1
Ubuntu 24.04 LTS
golang-1.22 1.22.2-2ubuntu0.4
golang-1.22-go 1.22.2-2ubuntu0.4
golang-1.22-src 1.22.2-2ubuntu0.4
Ubuntu 22.04 LTS
golang-1.22 1.22.2-2~22.04.3
golang-1.22-go 1.22.2-2~22.04.3
golang-1.22-src 1.22.2-2~22.04.3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7574-1
CVE-2024-45336, CVE-2024-45341, CVE-2025-22866, CVE-2025-22870,
CVE-2025-4673
Package Information:
https://launchpad.net/ubuntu/+source/golang-1.22/1.22.8-1ubuntu0.1
https://launchpad.net/ubuntu/+source/golang-1.22/1.22.2-2ubuntu0.4
https://launchpad.net/ubuntu/+source/golang-1.22/1.22.2-2~22.04.3
Ubuntu Security Notice USN-7574-1
June 18, 2025
golang-1.22 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Go.
Software Description:
- golang-1.22: Go programming language compiler
Details:
Kyle Seely discovered that the Go net/http module did not properly handle
sensitive headers during repeated redirects. An attacker could possibly
use this issue to obtain sensitive information. (CVE-2024-45336)
Juho Forsén discovered that the Go crypto/x509 module incorrectly handled
IPv6 addresses during URI parsing. An attacker could possibly use this
issue to bypass certificate URI constraints. (CVE-2024-45341)
It was discovered that the Go crypto module did not properly handle
variable time instructions under certain circumstances on 64-bit Power
(ppc64el) systems. An attacker could possibly use this issue to expose
sensitive information. (CVE-2025-22866)
It was discovered that the Go http/httpproxy module did not properly
handle IPv6 zone IDs during hostname matching. An attacker could possibly
use this issue to cause a denial of service. (CVE-2025-22870)
Takeshi Kaneko discovered that the Go net/http module did not properly
strip sensitive proxy headers during redirect requests. An attacker could
possibly use this issue to obtain sensitive information. (CVE-2025-4673)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
golang-1.22 1.22.8-1ubuntu0.1
golang-1.22-go 1.22.8-1ubuntu0.1
golang-1.22-src 1.22.8-1ubuntu0.1
Ubuntu 24.04 LTS
golang-1.22 1.22.2-2ubuntu0.4
golang-1.22-go 1.22.2-2ubuntu0.4
golang-1.22-src 1.22.2-2ubuntu0.4
Ubuntu 22.04 LTS
golang-1.22 1.22.2-2~22.04.3
golang-1.22-go 1.22.2-2~22.04.3
golang-1.22-src 1.22.2-2~22.04.3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7574-1
CVE-2024-45336, CVE-2024-45341, CVE-2025-22866, CVE-2025-22870,
CVE-2025-4673
Package Information:
https://launchpad.net/ubuntu/+source/golang-1.22/1.22.8-1ubuntu0.1
https://launchpad.net/ubuntu/+source/golang-1.22/1.22.2-2ubuntu0.4
https://launchpad.net/ubuntu/+source/golang-1.22/1.22.2-2~22.04.3
[USN-7577-2] libblockdev vulnerability
==========================================================================
Ubuntu Security Notice USN-7577-2
June 18, 2025
libblockdev vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
libblockdev could be made to run programs as an administrator.
Software Description:
- libblockdev: libblockdev introspection data
Details:
USN-7577-1 fixed a vulnerability in libblockdev. This update provides
the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that libblockdev incorrectly handled mount options when
resizing certain filesystems. A local attacker with an active session on
the console can use this issue to escalate their privileges to root.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
libblockdev2 2.23-2ubuntu3+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libblockdev2 2.16-2ubuntu0.1~esm1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7577-2
https://ubuntu.com/security/notices/USN-7577-1
CVE-2025-6019
Ubuntu Security Notice USN-7577-2
June 18, 2025
libblockdev vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
libblockdev could be made to run programs as an administrator.
Software Description:
- libblockdev: libblockdev introspection data
Details:
USN-7577-1 fixed a vulnerability in libblockdev. This update provides
the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that libblockdev incorrectly handled mount options when
resizing certain filesystems. A local attacker with an active session on
the console can use this issue to escalate their privileges to root.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
libblockdev2 2.23-2ubuntu3+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libblockdev2 2.16-2ubuntu0.1~esm1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7577-2
https://ubuntu.com/security/notices/USN-7577-1
CVE-2025-6019
[USN-7579-1] Godot Engine vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7579-1
June 18, 2025
godot vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Godot Engine.
Software Description:
- godot: Full 2D and 3D game engine with editor
Details:
It was discovered that the Godot Engine did not properly handle
certain malformed WebM media files. If the Godot Engine opened a
specially crafted WebM file, a remote attacker could cause a denial
of service, or possibly execute arbitrary code. (CVE-2019-2126)
It was discovered that the Godot Engine did not properly handle
certain malformed TGA image files. If the Godot Engine opened a
specially crafted TGA image file, a remote attacker could cause
a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2021-26825, CVE-2021-26826)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
godot3 3.6+ds-2ubuntu0.1
godot3-runner 3.6+ds-2ubuntu0.1
Ubuntu 24.10
godot3 3.5.2-stable-2ubuntu0.24.10.1
godot3-runner 3.5.2-stable-2ubuntu0.24.10.1
Ubuntu 24.04 LTS
godot3 3.5.2-stable-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
godot3-runner 3.5.2-stable-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
godot3 3.2.3-stable-1ubuntu0.1~esm1
Available with Ubuntu Pro
godot3-runner 3.2.3-stable-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
godot3 3.2-stable-2ubuntu0.1~esm1
Available with Ubuntu Pro
godot3-runner 3.2-stable-2ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7579-1
CVE-2019-2126, CVE-2021-26825, CVE-2021-26826
Package Information:
https://launchpad.net/ubuntu/+source/godot/3.6+ds-2ubuntu0.1
https://launchpad.net/ubuntu/+source/godot/3.5.2-stable-2ubuntu0.24.10.1
Ubuntu Security Notice USN-7579-1
June 18, 2025
godot vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Godot Engine.
Software Description:
- godot: Full 2D and 3D game engine with editor
Details:
It was discovered that the Godot Engine did not properly handle
certain malformed WebM media files. If the Godot Engine opened a
specially crafted WebM file, a remote attacker could cause a denial
of service, or possibly execute arbitrary code. (CVE-2019-2126)
It was discovered that the Godot Engine did not properly handle
certain malformed TGA image files. If the Godot Engine opened a
specially crafted TGA image file, a remote attacker could cause
a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2021-26825, CVE-2021-26826)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
godot3 3.6+ds-2ubuntu0.1
godot3-runner 3.6+ds-2ubuntu0.1
Ubuntu 24.10
godot3 3.5.2-stable-2ubuntu0.24.10.1
godot3-runner 3.5.2-stable-2ubuntu0.24.10.1
Ubuntu 24.04 LTS
godot3 3.5.2-stable-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
godot3-runner 3.5.2-stable-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
godot3 3.2.3-stable-1ubuntu0.1~esm1
Available with Ubuntu Pro
godot3-runner 3.2.3-stable-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
godot3 3.2-stable-2ubuntu0.1~esm1
Available with Ubuntu Pro
godot3-runner 3.2-stable-2ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7579-1
CVE-2019-2126, CVE-2021-26825, CVE-2021-26826
Package Information:
https://launchpad.net/ubuntu/+source/godot/3.6+ds-2ubuntu0.1
https://launchpad.net/ubuntu/+source/godot/3.5.2-stable-2ubuntu0.24.10.1
[USN-7580-1] PAM vulnerability
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmhTAm4FAwAAAAAACgkQZWnYVadEvpNN
+Q//WbTJ6L5NaDh/VjAxKl5mgeN1BOsY+sQ+qmjYIqDLiC7pov2A8yHLmfUb8Yndbh3lG3cYJlQ0
/wEh0q8r4+WJfjC2R9CPhcK/nHwAugl6nk7zxUHgws6vvSneuEx6XkbPECR6GV8CuS0/bbLO51p6
+YINPJaWCNpf1VQIW/iifFupV17tBzOFgU5zroq2XbK2YpQV81c8sM+ZFuKhOxYBTlkmXwOBaMhs
B3auP3bdY2XiOElAmidO7d1Ih/ut5/x8ICjZJClNI0y4kcy5MluHLbsag17r8U3GP9RWObG0IBAG
ETEqt0pvX4DdSN4CIDXVHaJUKK1tVPSm66p5OeoK872fOJkuqgIOpEppEpjc0oqv0H1IrA4Jv0Fq
MA2HbYUy3I593obLaQDlaOOw/onuSBFTF2s4YnZuCH8kbbjHtm4/Q6D/52/3Eikz4zCCZsZe16JT
zCf0ua+ev0NGuJm2qgrZ5vxZBT7oPbGlXvKGGuJjG0O9GCpsbI7aMgk4SRRk+Dr4u8HrFzWV1ydH
uetwRRMNpe1KOJaJXKITvHvVEcYyrbDrMOWudaKOreoRte8Lz96j9HWTAEZyhMXdzrgldv/nN2kW
jcMYJh4thI1sXIMhfw+PBdMxZESMMzdq+pql9yHEkSlRvJ+8JEwxVQrV8burBAiwJ9/yEjKpATNf
YSo=
=wqtt
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7580-1
June 18, 2025
pam vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
PAM could be made to run programs as an administrator.
Software Description:
- pam: Pluggable Authentication Modules
Details:
Olivier BAL-PETRE discovered that the PAM pam_namespace module incorrectly
handled user-controlled paths. In environments where pam_namespace is used,
a local attacker could possibly use this issue to escalate their privileges
to root.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libpam-modules 1.5.3-7ubuntu4.3
Ubuntu 24.10
libpam-modules 1.5.3-7ubuntu2.3
Ubuntu 24.04 LTS
libpam-modules 1.5.3-5ubuntu5.4
Ubuntu 22.04 LTS
libpam-modules 1.4.0-11ubuntu2.6
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7580-1
CVE-2025-6020
Package Information:
https://launchpad.net/ubuntu/+source/pam/1.5.3-7ubuntu4.3
https://launchpad.net/ubuntu/+source/pam/1.5.3-7ubuntu2.3
https://launchpad.net/ubuntu/+source/pam/1.5.3-5ubuntu5.4
https://launchpad.net/ubuntu/+source/pam/1.4.0-11ubuntu2.6
wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmhTAm4FAwAAAAAACgkQZWnYVadEvpNN
+Q//WbTJ6L5NaDh/VjAxKl5mgeN1BOsY+sQ+qmjYIqDLiC7pov2A8yHLmfUb8Yndbh3lG3cYJlQ0
/wEh0q8r4+WJfjC2R9CPhcK/nHwAugl6nk7zxUHgws6vvSneuEx6XkbPECR6GV8CuS0/bbLO51p6
+YINPJaWCNpf1VQIW/iifFupV17tBzOFgU5zroq2XbK2YpQV81c8sM+ZFuKhOxYBTlkmXwOBaMhs
B3auP3bdY2XiOElAmidO7d1Ih/ut5/x8ICjZJClNI0y4kcy5MluHLbsag17r8U3GP9RWObG0IBAG
ETEqt0pvX4DdSN4CIDXVHaJUKK1tVPSm66p5OeoK872fOJkuqgIOpEppEpjc0oqv0H1IrA4Jv0Fq
MA2HbYUy3I593obLaQDlaOOw/onuSBFTF2s4YnZuCH8kbbjHtm4/Q6D/52/3Eikz4zCCZsZe16JT
zCf0ua+ev0NGuJm2qgrZ5vxZBT7oPbGlXvKGGuJjG0O9GCpsbI7aMgk4SRRk+Dr4u8HrFzWV1ydH
uetwRRMNpe1KOJaJXKITvHvVEcYyrbDrMOWudaKOreoRte8Lz96j9HWTAEZyhMXdzrgldv/nN2kW
jcMYJh4thI1sXIMhfw+PBdMxZESMMzdq+pql9yHEkSlRvJ+8JEwxVQrV8burBAiwJ9/yEjKpATNf
YSo=
=wqtt
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7580-1
June 18, 2025
pam vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
PAM could be made to run programs as an administrator.
Software Description:
- pam: Pluggable Authentication Modules
Details:
Olivier BAL-PETRE discovered that the PAM pam_namespace module incorrectly
handled user-controlled paths. In environments where pam_namespace is used,
a local attacker could possibly use this issue to escalate their privileges
to root.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libpam-modules 1.5.3-7ubuntu4.3
Ubuntu 24.10
libpam-modules 1.5.3-7ubuntu2.3
Ubuntu 24.04 LTS
libpam-modules 1.5.3-5ubuntu5.4
Ubuntu 22.04 LTS
libpam-modules 1.4.0-11ubuntu2.6
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7580-1
CVE-2025-6020
Package Information:
https://launchpad.net/ubuntu/+source/pam/1.5.3-7ubuntu4.3
https://launchpad.net/ubuntu/+source/pam/1.5.3-7ubuntu2.3
https://launchpad.net/ubuntu/+source/pam/1.5.3-5ubuntu5.4
https://launchpad.net/ubuntu/+source/pam/1.4.0-11ubuntu2.6
[USN-7578-2] UDisks vulnerability
==========================================================================
Ubuntu Security Notice USN-7578-2
June 18, 2025
udisks2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
UDisks could be made to run programs as an administrator.
Software Description:
- udisks2: service to access and manipulate storage devices
Details:
USN-7578-1 fixed a vulnerability in UDisks. This update provides
the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that UDisks incorrectly handled mount options when
resizing certain filesystems. A local attacker with an active session on
the console can use this issue to escalate their privileges to root.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
libudisks2-0 2.8.4-1ubuntu2+esm1
Available with Ubuntu Pro
udisks2 2.8.4-1ubuntu2+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libudisks2-0 2.7.6-3ubuntu0.2+esm1
Available with Ubuntu Pro
udisks2 2.7.6-3ubuntu0.2+esm1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7578-2
https://ubuntu.com/security/notices/USN-7578-1
CVE-2025-6019
Ubuntu Security Notice USN-7578-2
June 18, 2025
udisks2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
UDisks could be made to run programs as an administrator.
Software Description:
- udisks2: service to access and manipulate storage devices
Details:
USN-7578-1 fixed a vulnerability in UDisks. This update provides
the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that UDisks incorrectly handled mount options when
resizing certain filesystems. A local attacker with an active session on
the console can use this issue to escalate their privileges to root.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
libudisks2-0 2.8.4-1ubuntu2+esm1
Available with Ubuntu Pro
udisks2 2.8.4-1ubuntu2+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libudisks2-0 2.7.6-3ubuntu0.2+esm1
Available with Ubuntu Pro
udisks2 2.7.6-3ubuntu0.2+esm1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7578-2
https://ubuntu.com/security/notices/USN-7578-1
CVE-2025-6019
[USN-7578-1] UDisks vulnerability
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmhS5esFAwAAAAAACgkQZWnYVadEvpOn
pRAAnuxzepCjo0cGBm1FaGPiwvpGxecHtl2Om0lnUfpbjM139actx7q9yOVQUFkBKDG97iJAOC//
zU6LxPGIkX2TPx3Etxk1fBO16b7n0pSOjzGPc6poFR3Tw3VkuMpT4VLlNIwtFTxNji0GwD3AXVT5
uo6BNkZJBr2+4ObfVU6ggPq8UyZrVk3+Kb2zv8ER7e+dM7VNRjB0E9FSgoijWvu17REJARq7RuMp
VHsd/eiPS0bHWEpvuEl4rhpCuannSVIKCdxsDmwlAB9V3Hs8Z0+G4AzhOiSp0oL8y3xLpq3SSAOX
M8KdtrNk0LkrRvbB+WoeA5X059wCut5Z8JV6OVGbeVF6BgI696JJBhDKt46/2wi9vTBZ7C6scZb6
F1VCZDSLz00utu5Zjzix9r5ARlCwT00erekZt4u1a+f6E+fRF2K9Q3zFLfUxFsVdpvZyZ4wf2UBk
4d6RyZ7XXEUqwPvOQAs2oiluST/kS5Rp2Ar5zIwQLeqruC/jL1xR4wlsvHIZ8282dZF+FPDdIrJR
RRBW7J79+RcE3PosVjgDWvtocCn0gEsa8PJxS57Z1zjAXUgDEo+SlyvwJ8dUgGJ9xB+UzT+frPsa
czXdd1pBg6uMS/zUpuCSLmf+9HdoNEbygHKbJ+PPYzQoz6uGIQh51G4NWFIKnspndRGhk1fZE3+6
ZLg=
=EZId
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7578-1
June 18, 2025
udisks2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
UDisks could be made to run programs as an administrator.
Software Description:
- udisks2: service to access and manipulate storage devices
Details:
It was discovered that UDisks incorrectly handled mount options when
resizing certain filesystems. A local attacker with an active session on
the console can use this issue to escalate their privileges to root.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libudisks2-0 2.10.1-11ubuntu2.2
udisks2 2.10.1-11ubuntu2.2
Ubuntu 24.10
libudisks2-0 2.10.1-9ubuntu3.2
udisks2 2.10.1-9ubuntu3.2
Ubuntu 24.04 LTS
libudisks2-0 2.10.1-6ubuntu1.2
udisks2 2.10.1-6ubuntu1.2
Ubuntu 22.04 LTS
libudisks2-0 2.9.4-1ubuntu2.2
udisks2 2.9.4-1ubuntu2.2
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7578-1
CVE-2025-6019
Package Information:
https://launchpad.net/ubuntu/+source/udisks2/2.10.1-11ubuntu2.2
https://launchpad.net/ubuntu/+source/udisks2/2.10.1-9ubuntu3.2
https://launchpad.net/ubuntu/+source/udisks2/2.10.1-6ubuntu1.2
https://launchpad.net/ubuntu/+source/udisks2/2.9.4-1ubuntu2.2
wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmhS5esFAwAAAAAACgkQZWnYVadEvpOn
pRAAnuxzepCjo0cGBm1FaGPiwvpGxecHtl2Om0lnUfpbjM139actx7q9yOVQUFkBKDG97iJAOC//
zU6LxPGIkX2TPx3Etxk1fBO16b7n0pSOjzGPc6poFR3Tw3VkuMpT4VLlNIwtFTxNji0GwD3AXVT5
uo6BNkZJBr2+4ObfVU6ggPq8UyZrVk3+Kb2zv8ER7e+dM7VNRjB0E9FSgoijWvu17REJARq7RuMp
VHsd/eiPS0bHWEpvuEl4rhpCuannSVIKCdxsDmwlAB9V3Hs8Z0+G4AzhOiSp0oL8y3xLpq3SSAOX
M8KdtrNk0LkrRvbB+WoeA5X059wCut5Z8JV6OVGbeVF6BgI696JJBhDKt46/2wi9vTBZ7C6scZb6
F1VCZDSLz00utu5Zjzix9r5ARlCwT00erekZt4u1a+f6E+fRF2K9Q3zFLfUxFsVdpvZyZ4wf2UBk
4d6RyZ7XXEUqwPvOQAs2oiluST/kS5Rp2Ar5zIwQLeqruC/jL1xR4wlsvHIZ8282dZF+FPDdIrJR
RRBW7J79+RcE3PosVjgDWvtocCn0gEsa8PJxS57Z1zjAXUgDEo+SlyvwJ8dUgGJ9xB+UzT+frPsa
czXdd1pBg6uMS/zUpuCSLmf+9HdoNEbygHKbJ+PPYzQoz6uGIQh51G4NWFIKnspndRGhk1fZE3+6
ZLg=
=EZId
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7578-1
June 18, 2025
udisks2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
UDisks could be made to run programs as an administrator.
Software Description:
- udisks2: service to access and manipulate storage devices
Details:
It was discovered that UDisks incorrectly handled mount options when
resizing certain filesystems. A local attacker with an active session on
the console can use this issue to escalate their privileges to root.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libudisks2-0 2.10.1-11ubuntu2.2
udisks2 2.10.1-11ubuntu2.2
Ubuntu 24.10
libudisks2-0 2.10.1-9ubuntu3.2
udisks2 2.10.1-9ubuntu3.2
Ubuntu 24.04 LTS
libudisks2-0 2.10.1-6ubuntu1.2
udisks2 2.10.1-6ubuntu1.2
Ubuntu 22.04 LTS
libudisks2-0 2.9.4-1ubuntu2.2
udisks2 2.9.4-1ubuntu2.2
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7578-1
CVE-2025-6019
Package Information:
https://launchpad.net/ubuntu/+source/udisks2/2.10.1-11ubuntu2.2
https://launchpad.net/ubuntu/+source/udisks2/2.10.1-9ubuntu3.2
https://launchpad.net/ubuntu/+source/udisks2/2.10.1-6ubuntu1.2
https://launchpad.net/ubuntu/+source/udisks2/2.9.4-1ubuntu2.2
[USN-7577-1] libblockdev vulnerability
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmhS5dIFAwAAAAAACgkQZWnYVadEvpOg
3w//eEUaHSj653YmO1HpY07k2sYnUGP1GjxjiWFQ4LBl3Boe+9mZqfsqyZX98KjM54VcakJsuBRH
DoFpJkPNQMpW8aQeLvD/2q/XTTCNrKZdL0JAWIXxtA1nbE25mZms+JGVMSe+dDJpIs/PwPYLzT2k
drYvl6Wwc3EijCFamWwr2LRfLKOGsDvZBE+IGCe6oIRoibmZgd6XtOI+GDL+nk7HJJxOXtwRkSP+
grg582MCqjxjcdK/ph96QD9quRpjqJhU9Ebim/YL8dQihSjqmPnIjxOj8wVAOFK6pTvhan8pcF35
YvaNl303wI8wNQs6vTp3GLwbQI69/+WyU5HxbnljdtAXGXJA2hvYypz8aoDxUA0P2uKOT/l5akst
4tIKk9Enc15vc0af2wcdmnYykhesXT0fWZS1sP3cy9M+NlX4bPHU9KscZePp+evRH7bhefdb6X20
C+Ww5p79mdlprzMhHiceDMuh6SKdSdNZG4HSV/bURCvxpAyfYNdZSIOlYvgRUoIeqJ2m8xxrApWn
NUjTA5NQMRGy5jc5bFBntjafnlZCOBzt7zMQWVne92iV88TlasSdyg7up8cns/FyR5hQuh+lmEHE
B/cKXsHtvPQQiSuBJ9Ae4Mvs+/q+aaNWOo5UVa9DYMIskWgPq1H58g4Pn2BRo06+8oXs8xv+ZmOz
KnI=
=SwW8
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7577-1
June 18, 2025
libblockdev vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
libblockdev could be made to run programs as an administrator.
Software Description:
- libblockdev: libblockdev introspection data
Details:
It was discovered that libblockdev incorrectly handled mount options when
resizing certain filesystems. A local attacker with an active session on
the console can use this issue to escalate their privileges to root.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libblockdev3 3.3.0-2ubuntu0.1
Ubuntu 24.10
libblockdev3 3.1.1-2ubuntu0.1
Ubuntu 24.04 LTS
libblockdev3 3.1.1-1ubuntu0.1
Ubuntu 22.04 LTS
libblockdev2 2.26-1ubuntu0.1
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7577-1
CVE-2025-6019
Package Information:
https://launchpad.net/ubuntu/+source/libblockdev/3.3.0-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libblockdev/3.1.1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libblockdev/3.1.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libblockdev/2.26-1ubuntu0.1
wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmhS5dIFAwAAAAAACgkQZWnYVadEvpOg
3w//eEUaHSj653YmO1HpY07k2sYnUGP1GjxjiWFQ4LBl3Boe+9mZqfsqyZX98KjM54VcakJsuBRH
DoFpJkPNQMpW8aQeLvD/2q/XTTCNrKZdL0JAWIXxtA1nbE25mZms+JGVMSe+dDJpIs/PwPYLzT2k
drYvl6Wwc3EijCFamWwr2LRfLKOGsDvZBE+IGCe6oIRoibmZgd6XtOI+GDL+nk7HJJxOXtwRkSP+
grg582MCqjxjcdK/ph96QD9quRpjqJhU9Ebim/YL8dQihSjqmPnIjxOj8wVAOFK6pTvhan8pcF35
YvaNl303wI8wNQs6vTp3GLwbQI69/+WyU5HxbnljdtAXGXJA2hvYypz8aoDxUA0P2uKOT/l5akst
4tIKk9Enc15vc0af2wcdmnYykhesXT0fWZS1sP3cy9M+NlX4bPHU9KscZePp+evRH7bhefdb6X20
C+Ww5p79mdlprzMhHiceDMuh6SKdSdNZG4HSV/bURCvxpAyfYNdZSIOlYvgRUoIeqJ2m8xxrApWn
NUjTA5NQMRGy5jc5bFBntjafnlZCOBzt7zMQWVne92iV88TlasSdyg7up8cns/FyR5hQuh+lmEHE
B/cKXsHtvPQQiSuBJ9Ae4Mvs+/q+aaNWOo5UVa9DYMIskWgPq1H58g4Pn2BRo06+8oXs8xv+ZmOz
KnI=
=SwW8
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7577-1
June 18, 2025
libblockdev vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
libblockdev could be made to run programs as an administrator.
Software Description:
- libblockdev: libblockdev introspection data
Details:
It was discovered that libblockdev incorrectly handled mount options when
resizing certain filesystems. A local attacker with an active session on
the console can use this issue to escalate their privileges to root.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libblockdev3 3.3.0-2ubuntu0.1
Ubuntu 24.10
libblockdev3 3.1.1-2ubuntu0.1
Ubuntu 24.04 LTS
libblockdev3 3.1.1-1ubuntu0.1
Ubuntu 22.04 LTS
libblockdev2 2.26-1ubuntu0.1
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7577-1
CVE-2025-6019
Package Information:
https://launchpad.net/ubuntu/+source/libblockdev/3.3.0-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libblockdev/3.1.1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libblockdev/3.1.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libblockdev/2.26-1ubuntu0.1
[USN-7573-2] X.Org X Server vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7573-2
June 18, 2025
xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in X.Org X Server.
Software Description:
- xorg-server: X.Org X11 server
- xorg-server-hwe-18.04: X.Org X11 server
- xorg-server-hwe-16.04: X.Org X11 server
Details:
USN-7573-1 fixed several vulnerabilities in X.Org. This update provides
the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu
20.04 LTS.
Original advisory details:
Nils Emmerich discovered that the X.Org X Server incorrectly handled
certain memory operations. An attacker could use these issues to cause the
X Server to crash, leading to a denial of service, obtain sensitive
information, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
xserver-xorg-core 2:1.20.13-1ubuntu1~20.04.20+esm1
Available with Ubuntu Pro
xwayland 2:1.20.13-1ubuntu1~20.04.20+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
xserver-xorg-core 2:1.19.6-1ubuntu4.15+esm13
Available with Ubuntu Pro
xserver-xorg-core-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.11+esm5
Available with Ubuntu Pro
xwayland 2:1.19.6-1ubuntu4.15+esm13
Available with Ubuntu Pro
xwayland-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.11+esm5
Available with Ubuntu Pro
Ubuntu 16.04 LTS
xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm18
Available with Ubuntu Pro
xserver-xorg-core-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm10
Available with Ubuntu Pro
xwayland 2:1.18.4-0ubuntu0.12+esm18
Available with Ubuntu Pro
xwayland-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm10
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7573-2
https://ubuntu.com/security/notices/USN-7573-1
CVE-2025-49175, CVE-2025-49176, CVE-2025-49178, CVE-2025-49179,
CVE-2025-49180
Ubuntu Security Notice USN-7573-2
June 18, 2025
xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in X.Org X Server.
Software Description:
- xorg-server: X.Org X11 server
- xorg-server-hwe-18.04: X.Org X11 server
- xorg-server-hwe-16.04: X.Org X11 server
Details:
USN-7573-1 fixed several vulnerabilities in X.Org. This update provides
the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu
20.04 LTS.
Original advisory details:
Nils Emmerich discovered that the X.Org X Server incorrectly handled
certain memory operations. An attacker could use these issues to cause the
X Server to crash, leading to a denial of service, obtain sensitive
information, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
xserver-xorg-core 2:1.20.13-1ubuntu1~20.04.20+esm1
Available with Ubuntu Pro
xwayland 2:1.20.13-1ubuntu1~20.04.20+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
xserver-xorg-core 2:1.19.6-1ubuntu4.15+esm13
Available with Ubuntu Pro
xserver-xorg-core-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.11+esm5
Available with Ubuntu Pro
xwayland 2:1.19.6-1ubuntu4.15+esm13
Available with Ubuntu Pro
xwayland-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.11+esm5
Available with Ubuntu Pro
Ubuntu 16.04 LTS
xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm18
Available with Ubuntu Pro
xserver-xorg-core-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm10
Available with Ubuntu Pro
xwayland 2:1.18.4-0ubuntu0.12+esm18
Available with Ubuntu Pro
xwayland-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm10
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7573-2
https://ubuntu.com/security/notices/USN-7573-1
CVE-2025-49175, CVE-2025-49176, CVE-2025-49178, CVE-2025-49179,
CVE-2025-49180
[USN-7572-1] KaTeX vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7572-1
June 17, 2025
node-katex vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in KaTeX.
Software Description:
- node-katex: JavaScript library for TeX math rendering
Details:
Juho Forsén discovered that KaTeX did not correctly handle certain
inputs, which could lead to an infinite loop. If a user or application
were tricked into opening a specially crafted file, an attacker could
possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS. (CVE-2024-28243)
Tobias S. Fink discovered that KaTeX did not correctly block certain
URL protocols. If a user or system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS.
(CVE-2024-28246)
It was discovered that KaTeX did not correctly handle certain inputs. If
a user or system were tricked into opening a specially crafted file, an
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS. (CVE-2024-28245)
Sean Ng discovered that KaTeX did not correctly handle certain inputs. If
a user or system were tricked into opening a specially crafted file, an
attacker could possibly use this issue to execute arbitrary code.
(CVE-2025-23207)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
katex 0.16.10+~cs6.1.0-2ubuntu0.25.04.1
libjs-katex 0.16.10+~cs6.1.0-2ubuntu0.25.04.1
Ubuntu 24.10
katex 0.16.10+~cs6.1.0-2ubuntu0.24.10.1
libjs-katex 0.16.10+~cs6.1.0-2ubuntu0.24.10.1
Ubuntu 24.04 LTS
katex 0.16.10+~cs6.1.0-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libjs-katex 0.16.10+~cs6.1.0-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
katex 0.13.11+~cs6.0.0-2ubuntu0.1~esm1
Available with Ubuntu Pro
libjs-katex 0.13.11+~cs6.0.0-2ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7572-1
CVE-2024-28243, CVE-2024-28245, CVE-2024-28246, CVE-2025-23207
Package Information:
https://launchpad.net/ubuntu/+source/node-katex/0.16.10+~cs6.1.0-2ubuntu0.25.04.1
https://launchpad.net/ubuntu/+source/node-katex/0.16.10+~cs6.1.0-2ubuntu0.24.10.1
Ubuntu Security Notice USN-7572-1
June 17, 2025
node-katex vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in KaTeX.
Software Description:
- node-katex: JavaScript library for TeX math rendering
Details:
Juho Forsén discovered that KaTeX did not correctly handle certain
inputs, which could lead to an infinite loop. If a user or application
were tricked into opening a specially crafted file, an attacker could
possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS. (CVE-2024-28243)
Tobias S. Fink discovered that KaTeX did not correctly block certain
URL protocols. If a user or system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS.
(CVE-2024-28246)
It was discovered that KaTeX did not correctly handle certain inputs. If
a user or system were tricked into opening a specially crafted file, an
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS. (CVE-2024-28245)
Sean Ng discovered that KaTeX did not correctly handle certain inputs. If
a user or system were tricked into opening a specially crafted file, an
attacker could possibly use this issue to execute arbitrary code.
(CVE-2025-23207)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
katex 0.16.10+~cs6.1.0-2ubuntu0.25.04.1
libjs-katex 0.16.10+~cs6.1.0-2ubuntu0.25.04.1
Ubuntu 24.10
katex 0.16.10+~cs6.1.0-2ubuntu0.24.10.1
libjs-katex 0.16.10+~cs6.1.0-2ubuntu0.24.10.1
Ubuntu 24.04 LTS
katex 0.16.10+~cs6.1.0-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libjs-katex 0.16.10+~cs6.1.0-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
katex 0.13.11+~cs6.0.0-2ubuntu0.1~esm1
Available with Ubuntu Pro
libjs-katex 0.13.11+~cs6.0.0-2ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7572-1
CVE-2024-28243, CVE-2024-28245, CVE-2024-28246, CVE-2025-23207
Package Information:
https://launchpad.net/ubuntu/+source/node-katex/0.16.10+~cs6.1.0-2ubuntu0.25.04.1
https://launchpad.net/ubuntu/+source/node-katex/0.16.10+~cs6.1.0-2ubuntu0.24.10.1
Tuesday, June 17, 2025
[USN-7576-1] dwarfutils vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7576-1
June 18, 2025
dwarfutils vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
dwarfutils could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- dwarfutils: Utilities for DWARF debugging information
Details:
It was discovered that dwarfutils did not correctly certain memory
operations, which could lead to a buffer overflow. An attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
dwarfdump 20210528-1ubuntu0.25.04.1
libdwarf-dev 20210528-1ubuntu0.25.04.1
libdwarf1 20210528-1ubuntu0.25.04.1
Ubuntu 24.10
dwarfdump 20210528-1ubuntu0.24.10.1
libdwarf-dev 20210528-1ubuntu0.24.10.1
libdwarf1 20210528-1ubuntu0.24.10.1
Ubuntu 24.04 LTS
dwarfdump 20210528-1ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libdwarf-dev 20210528-1ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libdwarf1 20210528-1ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
dwarfdump 20210528-1ubuntu0.22.04.1~esm1
Available with Ubuntu Pro
libdwarf-dev 20210528-1ubuntu0.22.04.1~esm1
Available with Ubuntu Pro
libdwarf1 20210528-1ubuntu0.22.04.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7576-1
CVE-2022-32200
Package Information:
https://launchpad.net/ubuntu/+source/dwarfutils/20210528-1ubuntu0.25.04.1
https://launchpad.net/ubuntu/+source/dwarfutils/20210528-1ubuntu0.24.10.1
Ubuntu Security Notice USN-7576-1
June 18, 2025
dwarfutils vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
dwarfutils could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- dwarfutils: Utilities for DWARF debugging information
Details:
It was discovered that dwarfutils did not correctly certain memory
operations, which could lead to a buffer overflow. An attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
dwarfdump 20210528-1ubuntu0.25.04.1
libdwarf-dev 20210528-1ubuntu0.25.04.1
libdwarf1 20210528-1ubuntu0.25.04.1
Ubuntu 24.10
dwarfdump 20210528-1ubuntu0.24.10.1
libdwarf-dev 20210528-1ubuntu0.24.10.1
libdwarf1 20210528-1ubuntu0.24.10.1
Ubuntu 24.04 LTS
dwarfdump 20210528-1ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libdwarf-dev 20210528-1ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libdwarf1 20210528-1ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
dwarfdump 20210528-1ubuntu0.22.04.1~esm1
Available with Ubuntu Pro
libdwarf-dev 20210528-1ubuntu0.22.04.1~esm1
Available with Ubuntu Pro
libdwarf1 20210528-1ubuntu0.22.04.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7576-1
CVE-2022-32200
Package Information:
https://launchpad.net/ubuntu/+source/dwarfutils/20210528-1ubuntu0.25.04.1
https://launchpad.net/ubuntu/+source/dwarfutils/20210528-1ubuntu0.24.10.1
[USN-7575-1] MuJS vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7575-1
June 18, 2025
mujs vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in MuJS.
Software Description:
- mujs: Lightweight Javascript interpreter
Details:
It was discovered that MuJS did not correctly handle try/finally
statements, which could lead to a buffer overflow. An attacker could
possibly use this issue to cause a denial of service or execute
arbitrary code. (CVE-2021-45005)
Han Zheng discovered that MuJS did not correctly handle recursion, which
could lead to stack exhaustion. An attacker could possibly use this
issue to cause a denial of service. (CVE-2022-30974)
Han Zheng discovered that MuJS did not correctly handle certain memory
operations. An attacker could possibly use this issue to cause a denial
of service. (CVE-2022-30975)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libmujs-dev 1.1.3-3ubuntu0.1~esm1
Available with Ubuntu Pro
libmujs1 1.1.3-3ubuntu0.1~esm1
Available with Ubuntu Pro
mujs 1.1.3-3ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7575-1
CVE-2021-45005, CVE-2022-30974, CVE-2022-30975
Ubuntu Security Notice USN-7575-1
June 18, 2025
mujs vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in MuJS.
Software Description:
- mujs: Lightweight Javascript interpreter
Details:
It was discovered that MuJS did not correctly handle try/finally
statements, which could lead to a buffer overflow. An attacker could
possibly use this issue to cause a denial of service or execute
arbitrary code. (CVE-2021-45005)
Han Zheng discovered that MuJS did not correctly handle recursion, which
could lead to stack exhaustion. An attacker could possibly use this
issue to cause a denial of service. (CVE-2022-30974)
Han Zheng discovered that MuJS did not correctly handle certain memory
operations. An attacker could possibly use this issue to cause a denial
of service. (CVE-2022-30975)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libmujs-dev 1.1.3-3ubuntu0.1~esm1
Available with Ubuntu Pro
libmujs1 1.1.3-3ubuntu0.1~esm1
Available with Ubuntu Pro
mujs 1.1.3-3ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7575-1
CVE-2021-45005, CVE-2022-30974, CVE-2022-30975
[USN-7573-1] X.Org X Server vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmhRtEoFAwAAAAAACgkQZWnYVadEvpMO
jg/+MqAP+v2tCoDGEAoBqIBruKo7jfSmh81II6GNPYBAAIr5dYexZbQBXndhQSg3Pg4IGlLlKNpU
Pfp/dPK+SXXNuuq7SJe0OrgI/kMAtQfzbns/KR7Q6rR/XIcfdLux6IqraXSJ0e5jP1pdLXOJYADa
dQjK4L29VWIBGoeG9uu8U6QtKHaqS8Iu6X/LzUc+NTLZ47lTA1eaY7PBcvWT6BXwKF+h0WjpYb7O
zagjs2sl+sm4J+H5goc1Ntptphe9nHevW5akqEjk3RTj5b4D1XGRwr1b3KIbMv6CkJXrlFWxbAGp
pL1ZurD3LK2wNkvMX48TDpXDqiyttHKeuXSNX5vMDAJKKvWkGnSizdzS+PEQXq0Sc/UEvx7xUjA4
QhouKICbi0xEEgVu8R657+/Oy9ZLFdMPrmslcrHXUal/ZJM+MZGNFiRw9QlXHtH3RhKshG7awqtS
y6Lom32PpMLQgVFT6i94Pnl8qkq1rTiiA5HTcze4en/c+ymxMHliQZHzTpiST8+cc7quWg/+88cA
YbH5PW1NrNmuzEU+Mt1W+whdvHIxiYxGDdC8fUyarpTVRt6hVKUerqoNMO1sQC3kqWDIQVIG38rC
2t0dpQxKMPVECBfEkN8MwWVcNfN532lAnaxC6NiqB1gz0Uasr3dv5B9pURwJYHz+0vmMXfqhINeL
vuA=
=23Vc
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7573-1
June 17, 2025
xorg-server, xwayland vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in X.Org X Server.
Software Description:
- xorg-server: X.Org X11 server
- xwayland: X server for running X clients under Wayland
Details:
Nils Emmerich discovered that the X.Org X Server incorrectly handled
certain memory operations. An attacker could use these issues to cause the
X Server to crash, leading to a denial of service, obtain sensitive
information, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
xserver-xorg-core 2:21.1.16-1ubuntu1.1
xwayland 2:24.1.6-1ubuntu0.1
Ubuntu 24.10
xserver-xorg-core 2:21.1.13-2ubuntu1.4
xwayland 2:24.1.2-1ubuntu0.6
Ubuntu 24.04 LTS
xserver-xorg-core 2:21.1.12-1ubuntu1.4
xwayland 2:23.2.6-1ubuntu0.6
Ubuntu 22.04 LTS
xserver-xorg-core 2:21.1.4-2ubuntu1.7~22.04.15
xwayland 2:22.1.1-1ubuntu0.19
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7573-1
CVE-2025-49175, CVE-2025-49176, CVE-2025-49177, CVE-2025-49178,
CVE-2025-49179, CVE-2025-49180
Package Information:
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.16-1ubuntu1.1
https://launchpad.net/ubuntu/+source/xwayland/2:24.1.6-1ubuntu0.1
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.13-2ubuntu1.4
https://launchpad.net/ubuntu/+source/xwayland/2:24.1.2-1ubuntu0.6
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.12-1ubuntu1.4
https://launchpad.net/ubuntu/+source/xwayland/2:23.2.6-1ubuntu0.6
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.4-2ubuntu1.7~22.04.15
https://launchpad.net/ubuntu/+source/xwayland/2:22.1.1-1ubuntu0.19
wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmhRtEoFAwAAAAAACgkQZWnYVadEvpMO
jg/+MqAP+v2tCoDGEAoBqIBruKo7jfSmh81II6GNPYBAAIr5dYexZbQBXndhQSg3Pg4IGlLlKNpU
Pfp/dPK+SXXNuuq7SJe0OrgI/kMAtQfzbns/KR7Q6rR/XIcfdLux6IqraXSJ0e5jP1pdLXOJYADa
dQjK4L29VWIBGoeG9uu8U6QtKHaqS8Iu6X/LzUc+NTLZ47lTA1eaY7PBcvWT6BXwKF+h0WjpYb7O
zagjs2sl+sm4J+H5goc1Ntptphe9nHevW5akqEjk3RTj5b4D1XGRwr1b3KIbMv6CkJXrlFWxbAGp
pL1ZurD3LK2wNkvMX48TDpXDqiyttHKeuXSNX5vMDAJKKvWkGnSizdzS+PEQXq0Sc/UEvx7xUjA4
QhouKICbi0xEEgVu8R657+/Oy9ZLFdMPrmslcrHXUal/ZJM+MZGNFiRw9QlXHtH3RhKshG7awqtS
y6Lom32PpMLQgVFT6i94Pnl8qkq1rTiiA5HTcze4en/c+ymxMHliQZHzTpiST8+cc7quWg/+88cA
YbH5PW1NrNmuzEU+Mt1W+whdvHIxiYxGDdC8fUyarpTVRt6hVKUerqoNMO1sQC3kqWDIQVIG38rC
2t0dpQxKMPVECBfEkN8MwWVcNfN532lAnaxC6NiqB1gz0Uasr3dv5B9pURwJYHz+0vmMXfqhINeL
vuA=
=23Vc
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7573-1
June 17, 2025
xorg-server, xwayland vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in X.Org X Server.
Software Description:
- xorg-server: X.Org X11 server
- xwayland: X server for running X clients under Wayland
Details:
Nils Emmerich discovered that the X.Org X Server incorrectly handled
certain memory operations. An attacker could use these issues to cause the
X Server to crash, leading to a denial of service, obtain sensitive
information, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
xserver-xorg-core 2:21.1.16-1ubuntu1.1
xwayland 2:24.1.6-1ubuntu0.1
Ubuntu 24.10
xserver-xorg-core 2:21.1.13-2ubuntu1.4
xwayland 2:24.1.2-1ubuntu0.6
Ubuntu 24.04 LTS
xserver-xorg-core 2:21.1.12-1ubuntu1.4
xwayland 2:23.2.6-1ubuntu0.6
Ubuntu 22.04 LTS
xserver-xorg-core 2:21.1.4-2ubuntu1.7~22.04.15
xwayland 2:22.1.1-1ubuntu0.19
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7573-1
CVE-2025-49175, CVE-2025-49176, CVE-2025-49177, CVE-2025-49178,
CVE-2025-49179, CVE-2025-49180
Package Information:
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.16-1ubuntu1.1
https://launchpad.net/ubuntu/+source/xwayland/2:24.1.6-1ubuntu0.1
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.13-2ubuntu1.4
https://launchpad.net/ubuntu/+source/xwayland/2:24.1.2-1ubuntu0.6
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.12-1ubuntu1.4
https://launchpad.net/ubuntu/+source/xwayland/2:23.2.6-1ubuntu0.6
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.4-2ubuntu1.7~22.04.15
https://launchpad.net/ubuntu/+source/xwayland/2:22.1.1-1ubuntu0.19
Less than two weeks until Datacenter move
It is less than 2 weeks until the switch of fedoraproject to our new datacenter,
so I thought I would provide a reminder and status update.
Currently we are still on track to switch to the new datacenter
the week of June 30th. As mentioned in previous posts:
* End users hopefully will not be affected (mirrorlists, docs, etc should all be up and working all the time)
* Contributors should expect for applications and services to be down or not fully working
on monday the 30th and tuesday the 1st.
Contributors are advised to hold their work until later in the week
and not report problems for those days as we work to migrate things.
Starting Wednsday the 2nd things should be up in the new datacenter
and we will start fixing issues that are reported as we can do so.
We ask for your patience in the next few weeks as we setup
to do a smooth transfer of resources.
kevin
--
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
so I thought I would provide a reminder and status update.
Currently we are still on track to switch to the new datacenter
the week of June 30th. As mentioned in previous posts:
* End users hopefully will not be affected (mirrorlists, docs, etc should all be up and working all the time)
* Contributors should expect for applications and services to be down or not fully working
on monday the 30th and tuesday the 1st.
Contributors are advised to hold their work until later in the week
and not report problems for those days as we work to migrate things.
Starting Wednsday the 2nd things should be up in the new datacenter
and we will start fixing issues that are reported as we can do so.
We ask for your patience in the next few weeks as we setup
to do a smooth transfer of resources.
kevin
--
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
OpenBSD Errata: June 17, 2025 (pfsyncook acme xserver)
Errata patches for pf(4) syncookies, acme-client(1), and X11 server
have been released for OpenBSD 7.6 and 7.7.
Binary updates for the amd64, arm64 and i386 platform are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
https://www.openbsd.org/errata76.html
https://www.openbsd.org/errata77.html
have been released for OpenBSD 7.6 and 7.7.
Binary updates for the amd64, arm64 and i386 platform are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
https://www.openbsd.org/errata76.html
https://www.openbsd.org/errata77.html
[USN-7555-3] Django vulnerability
==========================================================================
Ubuntu Security Notice USN-7555-3
June 17, 2025
python-django vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Django could be made to log injection if received specially
crafted input.
Software Description:
- python-django: High-level Python web development framework
Details:
USN-7555-1 fixed a vulnerability in Django. This update provides an
additional fix for Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Django incorrectly handled certain
unescaped request paths. An attacker could possibly use this
issue to perform a log injection.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
python3-django 2:2.2.12-1ubuntu0.29+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7555-3
https://ubuntu.com/security/notices/USN-7555-2
https://ubuntu.com/security/notices/USN-7555-1
https://launchpad.net/bugs/2113924
Ubuntu Security Notice USN-7555-3
June 17, 2025
python-django vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Django could be made to log injection if received specially
crafted input.
Software Description:
- python-django: High-level Python web development framework
Details:
USN-7555-1 fixed a vulnerability in Django. This update provides an
additional fix for Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Django incorrectly handled certain
unescaped request paths. An attacker could possibly use this
issue to perform a log injection.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
python3-django 2:2.2.12-1ubuntu0.29+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7555-3
https://ubuntu.com/security/notices/USN-7555-2
https://ubuntu.com/security/notices/USN-7555-1
https://launchpad.net/bugs/2113924
Monday, June 16, 2025
[USN-7569-1] Dojo vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7569-1
June 16, 2025
dojo vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Dojo.
Software Description:
- dojo: Modular JavaScript library
Details:
It was discovered that Dojo did not correctly handle DataGrids. An
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2018-15494)
It was discovered that Dojo was vulnerable to prototype pollution. An
attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-23450)
Jonathan Leitschuh discovered that Dojo did not correctly sanitize
certain inputs. An attacker could possibly use this issue to execute a
cross-site scripting (XSS) attack. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2019-10785, CVE-2020-4051)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libjs-dojo-core 1.15.4+dfsg1-1ubuntu0.1
libjs-dojo-dijit 1.15.4+dfsg1-1ubuntu0.1
libjs-dojo-dojox 1.15.4+dfsg1-1ubuntu0.1
shrinksafe 1.15.4+dfsg1-1ubuntu0.1
Ubuntu 20.04 LTS
libjs-dojo-core 1.15.0+dfsg1-1ubuntu0.1~esm1
Available with Ubuntu Pro
libjs-dojo-dijit 1.15.0+dfsg1-1ubuntu0.1~esm1
Available with Ubuntu Pro
libjs-dojo-dojox 1.15.0+dfsg1-1ubuntu0.1~esm1
Available with Ubuntu Pro
shrinksafe 1.15.0+dfsg1-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libjs-dojo-core 1.10.4+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
libjs-dojo-dijit 1.10.4+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
libjs-dojo-dojox 1.10.4+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7569-1
CVE-2018-15494, CVE-2019-10785, CVE-2020-4051, CVE-2021-23450
Package Information:
https://launchpad.net/ubuntu/+source/dojo/1.15.4+dfsg1-1ubuntu0.1
Ubuntu Security Notice USN-7569-1
June 16, 2025
dojo vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Dojo.
Software Description:
- dojo: Modular JavaScript library
Details:
It was discovered that Dojo did not correctly handle DataGrids. An
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2018-15494)
It was discovered that Dojo was vulnerable to prototype pollution. An
attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-23450)
Jonathan Leitschuh discovered that Dojo did not correctly sanitize
certain inputs. An attacker could possibly use this issue to execute a
cross-site scripting (XSS) attack. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2019-10785, CVE-2020-4051)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libjs-dojo-core 1.15.4+dfsg1-1ubuntu0.1
libjs-dojo-dijit 1.15.4+dfsg1-1ubuntu0.1
libjs-dojo-dojox 1.15.4+dfsg1-1ubuntu0.1
shrinksafe 1.15.4+dfsg1-1ubuntu0.1
Ubuntu 20.04 LTS
libjs-dojo-core 1.15.0+dfsg1-1ubuntu0.1~esm1
Available with Ubuntu Pro
libjs-dojo-dijit 1.15.0+dfsg1-1ubuntu0.1~esm1
Available with Ubuntu Pro
libjs-dojo-dojox 1.15.0+dfsg1-1ubuntu0.1~esm1
Available with Ubuntu Pro
shrinksafe 1.15.0+dfsg1-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libjs-dojo-core 1.10.4+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
libjs-dojo-dijit 1.10.4+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
libjs-dojo-dojox 1.10.4+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7569-1
CVE-2018-15494, CVE-2019-10785, CVE-2020-4051, CVE-2021-23450
Package Information:
https://launchpad.net/ubuntu/+source/dojo/1.15.4+dfsg1-1ubuntu0.1
[USN-7568-1] Requests vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7568-1
June 16, 2025
requests vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Requests.
Software Description:
- requests: elegant and simple HTTP library for Python
Details:
Dennis Brinkrolf and Tobias Funke discovered that Requests did not
correctly handle certain HTTP headers. A remote attacker could possibly
use this issue to leak sensitive information. This issue only affected
Ubuntu 14.04 LTS. (CVE-2023-32681)
Juho Forsén discovered that Requests did not correctly parse URLs. A
remote attacker could possibly use this issue to leak sensitive
information. (CVE-2024-47081)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
python3-requests 2.32.3+dfsg-4ubuntu1.1
Ubuntu 24.10
python3-requests 2.32.3+dfsg-1ubuntu1.1
Ubuntu 24.04 LTS
python3-requests 2.31.0+dfsg-1ubuntu1.1
Ubuntu 22.04 LTS
python3-requests 2.25.1+dfsg-2ubuntu0.3
Ubuntu 20.04 LTS
python3-requests 2.22.0-2ubuntu1.1+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
python-requests 2.18.4-2ubuntu0.1+esm2
Available with Ubuntu Pro
python3-requests 2.18.4-2ubuntu0.1+esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
python-requests 2.9.1-3ubuntu0.1+esm2
Available with Ubuntu Pro
python3-requests 2.9.1-3ubuntu0.1+esm2
Available with Ubuntu Pro
Ubuntu 14.04 LTS
python-requests 2.2.1-1ubuntu0.4+esm1
Available with Ubuntu Pro
python-requests-whl 2.2.1-1ubuntu0.4+esm1
Available with Ubuntu Pro
python3-requests 2.2.1-1ubuntu0.4+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7568-1
CVE-2023-32681, CVE-2024-47081
Package Information:
https://launchpad.net/ubuntu/+source/requests/2.32.3+dfsg-4ubuntu1.1
https://launchpad.net/ubuntu/+source/requests/2.32.3+dfsg-1ubuntu1.1
https://launchpad.net/ubuntu/+source/requests/2.31.0+dfsg-1ubuntu1.1
https://launchpad.net/ubuntu/+source/requests/2.25.1+dfsg-2ubuntu0.3
Ubuntu Security Notice USN-7568-1
June 16, 2025
requests vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Requests.
Software Description:
- requests: elegant and simple HTTP library for Python
Details:
Dennis Brinkrolf and Tobias Funke discovered that Requests did not
correctly handle certain HTTP headers. A remote attacker could possibly
use this issue to leak sensitive information. This issue only affected
Ubuntu 14.04 LTS. (CVE-2023-32681)
Juho Forsén discovered that Requests did not correctly parse URLs. A
remote attacker could possibly use this issue to leak sensitive
information. (CVE-2024-47081)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
python3-requests 2.32.3+dfsg-4ubuntu1.1
Ubuntu 24.10
python3-requests 2.32.3+dfsg-1ubuntu1.1
Ubuntu 24.04 LTS
python3-requests 2.31.0+dfsg-1ubuntu1.1
Ubuntu 22.04 LTS
python3-requests 2.25.1+dfsg-2ubuntu0.3
Ubuntu 20.04 LTS
python3-requests 2.22.0-2ubuntu1.1+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
python-requests 2.18.4-2ubuntu0.1+esm2
Available with Ubuntu Pro
python3-requests 2.18.4-2ubuntu0.1+esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
python-requests 2.9.1-3ubuntu0.1+esm2
Available with Ubuntu Pro
python3-requests 2.9.1-3ubuntu0.1+esm2
Available with Ubuntu Pro
Ubuntu 14.04 LTS
python-requests 2.2.1-1ubuntu0.4+esm1
Available with Ubuntu Pro
python-requests-whl 2.2.1-1ubuntu0.4+esm1
Available with Ubuntu Pro
python3-requests 2.2.1-1ubuntu0.4+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7568-1
CVE-2023-32681, CVE-2024-47081
Package Information:
https://launchpad.net/ubuntu/+source/requests/2.32.3+dfsg-4ubuntu1.1
https://launchpad.net/ubuntu/+source/requests/2.32.3+dfsg-1ubuntu1.1
https://launchpad.net/ubuntu/+source/requests/2.31.0+dfsg-1ubuntu1.1
https://launchpad.net/ubuntu/+source/requests/2.25.1+dfsg-2ubuntu0.3
Orphaned packages looking for new maintainers
Report started at 2025-06-16 20:59:14 UTC
The following packages are orphaned and will be retired when they
are orphaned for six weeks, unless someone adopts them. If you know for sure
that the package should be retired, please do so now with a proper reason:
https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life
Note: If you received this mail directly you (co)maintain one of the affected
packages or a package that depends on one. Please adopt the affected package or
retire your depending package to avoid broken dependencies, otherwise your
package will be retired when the affected package gets retired.
Request package ownership via the *Take* button in the left column on
https://src.fedoraproject.org/rpms/<pkgname>
Full report available at:
https://a.gtmx.me/orphans/orphans.txt
grep it for your FAS username and follow the dependency chain.
For human readable dependency chains,
see https://packager-dashboard.fedoraproject.org/
For all orphaned packages,
see https://packager-dashboard.fedoraproject.org/orphan
Package (co)maintainers Status Change
================================================================================
0ad kalev, orphan, pcpa, pwalter 0 weeks ago
OpenCTM @neuro-sig, orphan 1 weeks ago
aircrack-ng 0 weeks ago
aws-c-auth 0 weeks ago
aws-c-compression @cloud-sig, davdunc, orphan 5 weeks ago
aws-c-event-stream 0 weeks ago
aws-c-http @cloud-sig, davdunc, orphan 5 weeks ago
aws-c-io @cloud-sig, davdunc, orphan 5 weeks ago
aws-c-mqtt @cloud-sig, davdunc, orphan 5 weeks ago
aws-c-s3 @cloud-sig, davdunc, orphan 5 weeks ago
aws-c-sdkutils @cloud-sig, davdunc, orphan 5 weeks ago
aws-checksums @cloud-sig, davdunc, orphan 5 weeks ago
chatterino2 orphan 0 weeks ago
devtodo orphan 0 weeks ago
drgeo orphan 5 weeks ago
drgeo-doc orphan 5 weeks ago
ec2-instance-connect @cloud-sig, davdunc, orphan 5 weeks ago
filedrop orphan 5 weeks ago
fim orphan 5 weeks ago
fros orphan 1 weeks ago
ganyremote orphan 5 weeks ago
gkermit orphan 5 weeks ago
golang-github-fsouza- @go-sig, orphan 2 weeks ago
dockerclient
golang-github-hashicorp-hc- @go-sig, orphan 2 weeks ago
install
golang-github-juju-ansiterm @go-sig, orphan 2 weeks ago
golang-github-mholt-archiver @go-sig, orphan 3 weeks ago
golang-github-oklog @go-sig, orphan 1 weeks ago
golang-gvisor @go-sig, elmarco, orphan 2 weeks ago
golang-sr-emersion-gqlclient @go-sig, orphan 2 weeks ago
gron @go-sig, orphan 5 weeks ago
gtksourceviewmm dodji, orphan 5 weeks ago
guidelines-support-library orphan 0 weeks ago
hashcat orphan 0 weeks ago
iucode-tool duck, orphan 5 weeks ago
jdns orphan 0 weeks ago
keychain orphan, sergiomb 5 weeks ago
kguitar orphan 3 weeks ago
kim-api junghans, orphan, rberger 5 weeks ago
lcdtest orphan 5 weeks ago
levmar aalvarez, orphan 5 weeks ago
libepc orphan 5 weeks ago
liberasurecode orphan 5 weeks ago
libkdtree++ orphan 5 weeks ago
libscn orphan 0 weeks ago
libsexymm orphan 5 weeks ago
ltunify orphan 5 weeks ago
mac-encheez orphan 5 weeks ago
mcpanel orphan 2 weeks ago
mom msivak, orphan, sbonazzo 5 weeks ago
mygnuhealth orphan 1 weeks ago
nodm orphan 5 weeks ago
notification-daemon alexl, orphan, rhughes, 0 weeks ago
rstrode
nsntrace orphan 5 weeks ago
nwg-panel orphan 0 weeks ago
ocaml-odoc defolos, orphan 3 weeks ago
openkim-models junghans, orphan 5 weeks ago
php-facedetect orphan 5 weeks ago
psi orphan, slankes 0 weeks ago
python-aiopg orphan 3 weeks ago
python-amply @neuro-sig, orphan 5 weeks ago
python-anyconfig chedi, orphan 5 weeks ago
python-awsiotsdk orphan 5 weeks ago
python-click-help-colors orphan 5 weeks ago
python-cliff-tablib @epel-packagers-sig, 5 weeks ago
@openstack-sig, apevec, orphan
python-daiquiri @epel-packagers-sig, 5 weeks ago
@openstack-sig, orphan
python-datrie @neuro-sig, orphan 5 weeks ago
python-dingz 0 weeks ago
python-editdistance 0 weeks ago
python-enrich orphan 5 weeks ago
python-flask-session orphan 4 weeks ago
python-fuzzywuzzy fab, orphan 5 weeks ago
python-gammu laxathom, orphan 5 weeks ago
python-gilt orphan 5 weeks ago
python-git-url-parse orphan 5 weeks ago
python-hudman orphan 0 weeks ago
python-jsonpath-rw-ext @epel-packagers-sig, 5 weeks ago
@openstack-sig, apevec, orphan
python-ldappool @epel-packagers-sig, 5 weeks ago
@openstack-sig, orphan
python-migrate @openstack-sig, orphan 5 weeks ago
python-mpd orphan 5 weeks ago
python-neurodsp @neuro-sig, orphan 5 weeks ago
python-neurosynth orphan 5 weeks ago
python-odml @neuro-sig, orphan 5 weeks ago
python-openctm @neuro-sig, orphan 1 weeks ago
python-openid-teams @epel-packagers-sig, orphan, 5 weeks ago
tdawson
python-os-testr @epel-packagers-sig, 3 weeks ago
@openstack-sig, apevec, orphan
python-pifpaf @epel-packagers-sig, 5 weeks ago
@openstack-sig, orphan
python-poyo chedi, orphan 5 weeks ago
python-py-algorand-sdk orphan 3 weeks ago
python-py2pack orphan 5 weeks ago
python-pyeclib @epel-packagers-sig, 5 weeks ago
@openstack-sig, orphan
python-q orphan 5 weeks ago
python-random2 orphan 5 weeks ago
python-sphinx-documatt-theme orphan 2 weeks ago
python-stopit @neuro-sig, orphan 5 weeks ago
python-telnetlib3 orphan 4 weeks ago
python-testing.common.database orphan 5 weeks ago
python-testing.postgresql orphan 5 weeks ago
python-toposort @neuro-sig, ankursinha, orphan 5 weeks ago
python-tosca-parser @epel-packagers-sig, 3 weeks ago
@openstack-sig, jpena,
jruzicka, orphan
python-whichcraft orphan 5 weeks ago
python-wloc orphan 0 weeks ago
python3-exiv2 orphan 4 weeks ago
qstardict orphan 0 weeks ago
rtfilter orphan 2 weeks ago
rubygem-rack-restful_submit orphan 0 weeks ago
rubygem-rgen orphan 5 weeks ago
rubygem-shoulda-matchers orphan 0 weeks ago
rust-btoi @rust-sig, orphan 1 weeks ago
rust-bytes-utils @rust-sig, orphan 0 weeks ago
rust-erdtree @rust-sig, orphan 1 weeks ago
rust-indextree @rust-sig, orphan 1 weeks ago
rust-indextree-macros @rust-sig, orphan 1 weeks ago
rust-outref @rust-sig, orphan 0 weeks ago
rust-taskchampion @rust-sig, orphan 0 weeks ago
rust-vsimd @rust-sig, orphan 0 weeks ago
s2n-tls @cloud-sig, davdunc, orphan 5 weeks ago
scythia orphan 5 weeks ago
semver orphan 2 weeks ago
shobhika-fonts orphan 5 weeks ago
smc-anjalioldlipi-fonts orphan 5 weeks ago
smc-dyuthi-fonts orphan 5 weeks ago
smc-raghumalayalamsans-fonts orphan 5 weeks ago
smc-suruma-fonts orphan 5 weeks ago
sqlitecpp orphan 0 weeks ago
srain limb, orphan 0 weeks ago
standard-test-roles orphan 5 weeks ago
sunwait orphan 1 weeks ago
termic orphan 5 weeks ago
thunar-sendto-clamtk orphan 5 weeks ago
tkabber-plugins orphan 1 weeks ago
tse3 orphan 0 weeks ago
tweeny orphan 2 weeks ago
w3c-markup-validator gnat, orphan 5 weeks ago
wxGlade cicku, orphan, swt2c 5 weeks ago
xonsh @python-packagers-sig, orphan 5 weeks ago
xqilla orphan 5 weeks ago
xsd orphan, sagitter, tdawson 5 weeks ago
zipios hobbes1069, orphan 5 weeks ago
zsh-lovers cicku, orphan 5 weeks ago
The following packages require above mentioned packages:
Depending on: OpenCTM (1), status change: 2025-06-03 (1 weeks ago)
python-openctm (maintained by: @neuro-sig, orphan)
python-openctm-0.0.6-3.fc43.src requires OpenCTM-libs = 1.0.3-6.fc43
python3-openctm-0.0.6-3.fc43.noarch requires OpenCTM-libs = 1.0.3-6.fc43
Depending on: aws-c-auth (1), status change: 2025-06-16 (0 weeks ago)
aws-c-s3 (maintained by: @cloud-sig, davdunc, orphan)
aws-c-s3-0.7.15-2.fc43.src requires aws-c-auth-devel = 0.9.0-2.fc43
aws-c-s3-0.7.15-2.fc43.x86_64 requires libaws-c-auth.so.1.0.0()(64bit)
aws-c-s3-devel-0.7.15-2.fc43.x86_64 requires aws-c-auth-devel = 0.9.0-2.fc43
aws-c-s3-libs-0.7.15-2.fc43.x86_64 requires libaws-c-auth.so.1.0.0()(64bit)
Depending on: aws-c-compression (4), status change: 2025-05-12 (5 weeks ago)
aws-c-auth (maintained by: )
aws-c-auth-0.9.0-2.fc43.src requires aws-c-compression-devel = 0.3.1-2.fc43, aws-c-http-devel = 0.9.7-2.fc43
aws-c-auth-devel-0.9.0-2.fc43.x86_64 requires aws-c-compression-devel = 0.3.1-2.fc43, aws-c-http-devel = 0.9.7-2.fc43
aws-c-auth-0.9.0-2.fc43.x86_64 requires libaws-c-http.so.1.0.0()(64bit)
aws-c-http (maintained by: @cloud-sig, davdunc, orphan)
aws-c-http-0.9.7-2.fc43.src requires aws-c-compression-devel = 0.3.1-2.fc43
aws-c-http-devel-0.9.7-2.fc43.x86_64 requires aws-c-compression-devel = 0.3.1-2.fc43
aws-c-http-libs-0.9.7-2.fc43.x86_64 requires libaws-c-compression.so.1.0.0()(64bit)
aws-c-mqtt (maintained by: @cloud-sig, davdunc, orphan)
aws-c-mqtt-0.12.3-2.fc43.src requires aws-c-compression-devel = 0.3.1-2.fc43, aws-c-http-devel = 0.9.7-2.fc43
aws-c-mqtt-devel-0.12.3-2.fc43.x86_64 requires aws-c-compression-devel = 0.3.1-2.fc43, aws-c-http-devel = 0.9.7-2.fc43
aws-c-mqtt-libs-0.12.3-2.fc43.x86_64 requires libaws-c-http.so.1.0.0()(64bit)
aws-c-s3 (maintained by: @cloud-sig, davdunc, orphan)
aws-c-s3-0.7.15-2.fc43.src requires aws-c-auth-devel = 0.9.0-2.fc43, aws-c-http-devel = 0.9.7-2.fc43
aws-c-s3-0.7.15-2.fc43.x86_64 requires libaws-c-auth.so.1.0.0()(64bit), libaws-c-http.so.1.0.0()(64bit)
aws-c-s3-devel-0.7.15-2.fc43.x86_64 requires aws-c-auth-devel = 0.9.0-2.fc43, aws-c-http-devel = 0.9.7-2.fc43
aws-c-s3-libs-0.7.15-2.fc43.x86_64 requires libaws-c-auth.so.1.0.0()(64bit), libaws-c-http.so.1.0.0()(64bit)
Depending on: aws-c-http (3), status change: 2025-05-12 (5 weeks ago)
aws-c-auth (maintained by: )
aws-c-auth-0.9.0-2.fc43.src requires aws-c-http-devel = 0.9.7-2.fc43
aws-c-auth-0.9.0-2.fc43.x86_64 requires libaws-c-http.so.1.0.0()(64bit)
aws-c-auth-devel-0.9.0-2.fc43.x86_64 requires aws-c-http-devel = 0.9.7-2.fc43
aws-c-mqtt (maintained by: @cloud-sig, davdunc, orphan)
aws-c-mqtt-0.12.3-2.fc43.src requires aws-c-http-devel = 0.9.7-2.fc43
aws-c-mqtt-devel-0.12.3-2.fc43.x86_64 requires aws-c-http-devel = 0.9.7-2.fc43
aws-c-mqtt-libs-0.12.3-2.fc43.x86_64 requires libaws-c-http.so.1.0.0()(64bit)
aws-c-s3 (maintained by: @cloud-sig, davdunc, orphan)
aws-c-s3-0.7.15-2.fc43.src requires aws-c-auth-devel = 0.9.0-2.fc43, aws-c-http-devel = 0.9.7-2.fc43
aws-c-s3-0.7.15-2.fc43.x86_64 requires libaws-c-auth.so.1.0.0()(64bit), libaws-c-http.so.1.0.0()(64bit)
aws-c-s3-devel-0.7.15-2.fc43.x86_64 requires aws-c-auth-devel = 0.9.0-2.fc43, aws-c-http-devel = 0.9.7-2.fc43
aws-c-s3-libs-0.7.15-2.fc43.x86_64 requires libaws-c-auth.so.1.0.0()(64bit), libaws-c-http.so.1.0.0()(64bit)
Depending on: aws-c-io (5), status change: 2025-05-12 (5 weeks ago)
aws-c-auth (maintained by: )
aws-c-auth-0.9.0-2.fc43.src requires aws-c-http-devel = 0.9.7-2.fc43, aws-c-io-devel = 0.18.1-1.fc43
aws-c-auth-0.9.0-2.fc43.x86_64 requires libaws-c-http.so.1.0.0()(64bit), libaws-c-io.so.1.0.0()(64bit)
aws-c-auth-devel-0.9.0-2.fc43.x86_64 requires aws-c-http-devel = 0.9.7-2.fc43, aws-c-io-devel = 0.18.1-1.fc43
aws-c-event-stream (maintained by: )
aws-c-event-stream-0.5.4-2.fc43.src requires aws-c-io-devel = 0.18.1-1.fc43
aws-c-event-stream-0.5.4-2.fc43.x86_64 requires libaws-c-io.so.1.0.0()(64bit)
aws-c-event-stream-devel-0.5.4-2.fc43.x86_64 requires aws-c-io-devel = 0.18.1-1.fc43
aws-c-http (maintained by: @cloud-sig, davdunc, orphan)
aws-c-http-0.9.7-2.fc43.src requires aws-c-io-devel = 0.18.1-1.fc43
aws-c-http-0.9.7-2.fc43.x86_64 requires libaws-c-io.so.1.0.0()(64bit)
aws-c-http-devel-0.9.7-2.fc43.x86_64 requires aws-c-io-devel = 0.18.1-1.fc43
aws-c-http-libs-0.9.7-2.fc43.x86_64 requires libaws-c-io.so.1.0.0()(64bit)
aws-c-mqtt (maintained by: @cloud-sig, davdunc, orphan)
aws-c-mqtt-0.12.3-2.fc43.src requires aws-c-http-devel = 0.9.7-2.fc43, aws-c-io-devel = 0.18.1-1.fc43
aws-c-mqtt-0.12.3-2.fc43.x86_64 requires libaws-c-io.so.1.0.0()(64bit)
aws-c-mqtt-devel-0.12.3-2.fc43.x86_64 requires aws-c-http-devel = 0.9.7-2.fc43, aws-c-io-devel = 0.18.1-1.fc43
aws-c-mqtt-libs-0.12.3-2.fc43.x86_64 requires libaws-c-http.so.1.0.0()(64bit), libaws-c-io.so.1.0.0()(64bit)
aws-c-s3 (maintained by: @cloud-sig, davdunc, orphan)
aws-c-s3-0.7.15-2.fc43.x86_64 requires libaws-c-auth.so.1.0.0()(64bit), libaws-c-http.so.1.0.0()(64bit), libaws-c-io.so.1.0.0()(64bit)
aws-c-s3-libs-0.7.15-2.fc43.x86_64 requires libaws-c-auth.so.1.0.0()(64bit), libaws-c-http.so.1.0.0()(64bit), libaws-c-io.so.1.0.0()(64bit)
aws-c-s3-0.7.15-2.fc43.src requires aws-c-auth-devel = 0.9.0-2.fc43, aws-c-http-devel = 0.9.7-2.fc43
aws-c-s3-devel-0.7.15-2.fc43.x86_64 requires aws-c-auth-devel = 0.9.0-2.fc43, aws-c-http-devel = 0.9.7-2.fc43
Depending on: aws-c-sdkutils (2), status change: 2025-05-12 (5 weeks ago)
aws-c-auth (maintained by: )
aws-c-auth-0.9.0-2.fc43.src requires aws-c-sdkutils-devel = 0.2.3-2.fc43
aws-c-auth-0.9.0-2.fc43.x86_64 requires libaws-c-sdkutils.so.1.0.0()(64bit)
aws-c-auth-devel-0.9.0-2.fc43.x86_64 requires aws-c-sdkutils-devel = 0.2.3-2.fc43
aws-c-s3 (maintained by: @cloud-sig, davdunc, orphan)
aws-c-s3-0.7.15-2.fc43.src requires aws-c-auth-devel = 0.9.0-2.fc43, aws-c-sdkutils-devel = 0.2.3-2.fc43
aws-c-s3-devel-0.7.15-2.fc43.x86_64 requires aws-c-auth-devel = 0.9.0-2.fc43, aws-c-sdkutils-devel = 0.2.3-2.fc43
aws-c-s3-0.7.15-2.fc43.x86_64 requires libaws-c-auth.so.1.0.0()(64bit)
aws-c-s3-libs-0.7.15-2.fc43.x86_64 requires libaws-c-auth.so.1.0.0()(64bit)
Depending on: aws-checksums (2), status change: 2025-05-12 (5 weeks ago)
aws-c-event-stream (maintained by: )
aws-c-event-stream-0.5.4-2.fc43.src requires aws-checksums-devel = 0.2.7-2.fc43
aws-c-event-stream-0.5.4-2.fc43.x86_64 requires libaws-checksums.so.1.0.0()(64bit)
aws-c-event-stream-devel-0.5.4-2.fc43.x86_64 requires aws-checksums-devel = 0.2.7-2.fc43
aws-c-s3 (maintained by: @cloud-sig, davdunc, orphan)
aws-c-s3-0.7.15-2.fc43.src requires aws-checksums-devel = 0.2.7-2.fc43
aws-c-s3-devel-0.7.15-2.fc43.x86_64 requires aws-checksums-devel = 0.2.7-2.fc43
aws-c-s3-libs-0.7.15-2.fc43.x86_64 requires libaws-checksums.so.1.0.0()(64bit)
Depending on: drgeo (1), status change: 2025-05-06 (5 weeks ago)
drgeo-doc (maintained by: orphan)
drgeo-doc-1.6-39.fc42.noarch requires drgeo = 1.1.0-54.fc42
Depending on: golang-github-hashicorp-hc-install (5), status change: 2025-05-28 (2 weeks ago)
golang-github-hashicorp-terraform-exec (maintained by: @go-sig, eclipseo)
golang-github-hashicorp-terraform-exec-0.18.1-5.fc42.src requires golang(github.com/hashicorp/hc-install/build) = 0.5.2-8.fc42, golang(github.com/hashicorp/hc-install/product) = 0.5.2-8.fc42, golang(github.com/hashicorp/hc-install/releases) = 0.5.2-8.fc42
golang-github-hashicorp-terraform-exec-devel-0.18.1-5.fc42.noarch requires golang(github.com/hashicorp/hc-install/build) = 0.5.2-8.fc42, golang(github.com/hashicorp/hc-install/product) = 0.5.2-8.fc42, golang(github.com/hashicorp/hc-install/releases) = 0.5.2-8.fc42
golang-github-sacloud-packages (maintained by: @go-sig, eclipseo)
golang-github-sacloud-packages-0.0.9-5.fc42.src requires golang(github.com/hashicorp/hc-install/product) = 0.5.2-8.fc42, golang(github.com/hashicorp/hc-install/releases) = 0.5.2-8.fc42, golang(github.com/hashicorp/terraform-exec/tfexec) = 0.18.1-5.fc42
golang-github-sacloud-packages-devel-0.0.9-5.fc42.noarch requires golang(github.com/hashicorp/hc-install/product) = 0.5.2-8.fc42, golang(github.com/hashicorp/hc-install/releases) = 0.5.2-8.fc42, golang(github.com/hashicorp/terraform-exec/tfexec) = 0.18.1-5.fc42
golang-github-sacloud-api-client (maintained by: @go-sig, eclipseo)
golang-github-sacloud-api-client-0.2.8-5.fc42.src requires golang(github.com/sacloud/packages-go/envvar) = 0.0.9-5.fc42
golang-github-sacloud-api-client-devel-0.2.8-5.fc42.noarch requires golang(github.com/sacloud/packages-go/envvar) = 0.0.9-5.fc42
golang-github-sacloud-iaas-api (maintained by: @go-sig, eclipseo)
golang-github-sacloud-iaas-api-1.11.1-7.fc42.src requires golang(github.com/sacloud/api-client-go) = 0.2.8-5.fc42, golang(github.com/sacloud/api-client-go/profile) = 0.2.8-5.fc42, golang(github.com/sacloud/packages-go/cidr) = 0.0.9-5.fc42, golang(github.com/sacloud/packages-go/envvar) = 0.0.9-5.fc42, golang(github.com/sacloud/packages-go/mutexkv) = 0.0.9-5.fc42, golang(github.com/sacloud/packages-go/objutil) = 0.0.9-5.fc42, golang(github.com/sacloud/packages-go/size) = 0.0.9-5.fc42, golang(github.com/sacloud/packages-go/testutil) = 0.0.9-5.fc42, golang(github.com/sacloud/packages-go/wait) = 0.0.9-5.fc42
golang-github-sacloud-iaas-api-devel-1.11.1-7.fc42.noarch requires golang(github.com/sacloud/api-client-go) = 0.2.8-5.fc42, golang(github.com/sacloud/api-client-go/profile) = 0.2.8-5.fc42, golang(github.com/sacloud/packages-go/cidr) = 0.0.9-5.fc42, golang(github.com/sacloud/packages-go/envvar) = 0.0.9-5.fc42, golang(github.com/sacloud/packages-go/mutexkv) = 0.0.9-5.fc42, golang(github.com/sacloud/packages-go/objutil) = 0.0.9-5.fc42, golang(github.com/sacloud/packages-go/size) = 0.0.9-5.fc42, golang(github.com/sacloud/packages-go/testutil) = 0.0.9-5.fc42, golang(github.com/sacloud/packages-go/wait) = 0.0.9-5.fc42
golang-github-acme-lego (maintained by: @go-sig, eclipseo)
golang-github-acme-lego-4.18.0-1.fc42.src requires golang(github.com/sacloud/api-client-go) = 0.2.8-5.fc42, golang(github.com/sacloud/iaas-api-go) = 1.11.1-7.fc42, golang(github.com/sacloud/iaas-api-go/helper/api) = 1.11.1-7.fc42, golang(github.com/sacloud/iaas-api-go/search) = 1.11.1-7.fc42
golang-github-acme-lego-devel-4.18.0-1.fc42.noarch requires golang(github.com/sacloud/api-client-go) = 0.2.8-5.fc42, golang(github.com/sacloud/iaas-api-go) = 1.11.1-7.fc42, golang(github.com/sacloud/iaas-api-go/helper/api) = 1.11.1-7.fc42, golang(github.com/sacloud/iaas-api-go/search) = 1.11.1-7.fc42
Depending on: golang-github-mholt-archiver (15), status change: 2025-05-21 (3 weeks ago)
golang-github-facebookincubator-go2chef (maintained by: @go-sig, dcavalca, salimma)
golang-github-facebookincubator-go2chef-1.0-12.fc42.src requires golang(github.com/mholt/archiver/v3) = 3.5.1-12.fc42
golang-github-facebookincubator-go2chef-devel-1.0-12.fc42.noarch requires golang(github.com/mholt/archiver/v3) = 3.5.1-12.fc42
golang-github-projectdiscovery-gologger (maintained by: @go-sig, fab)
golang-github-projectdiscovery-gologger-1.1.12-2.fc41.src requires golang(github.com/mholt/archiver/v3) = 3.5.1-12.fc42
golang-github-projectdiscovery-gologger-devel-1.1.12-2.fc41.noarch requires golang(github.com/mholt/archiver/v3) = 3.5.1-12.fc42
asnmap (maintained by: @go-sig, mikelo2)
asnmap-1.0.6-5.fc41.src requires golang(github.com/projectdiscovery/goflags) = 0.1.8-6.fc42, golang(github.com/projectdiscovery/gologger) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/gologger/levels) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/mapcidr) = 1.1.13-5.fc41, golang(github.com/projectdiscovery/retryabledns) = 1.0.82-2.fc42, golang(github.com/projectdiscovery/utils/file) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/ip) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/slice) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/strings) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/update) = 0.0.41-4.fc41
golang-github-projectdiscovery-asnmap-devel-1.0.6-5.fc41.noarch requires golang(github.com/projectdiscovery/goflags) = 0.1.8-6.fc42, golang(github.com/projectdiscovery/gologger) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/gologger/levels) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/mapcidr) = 1.1.13-5.fc41, golang(github.com/projectdiscovery/retryabledns) = 1.0.82-2.fc42, golang(github.com/projectdiscovery/utils/file) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/ip) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/slice) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/strings) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/update) = 0.0.41-4.fc41
dnsx (maintained by: @go-sig, mikelo2)
dnsx-1.1.6-5.fc41.src requires golang(github.com/projectdiscovery/asnmap/libs) = 1.0.6-5.fc41, golang(github.com/projectdiscovery/cdncheck) = 1.0.9-6.fc42, golang(github.com/projectdiscovery/clistats) = 0.0.19-5.fc42, golang(github.com/projectdiscovery/goflags) = 0.1.8-6.fc42, golang(github.com/projectdiscovery/gologger) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/gologger/levels) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/mapcidr) = 1.1.13-5.fc41, golang(github.com/projectdiscovery/mapcidr/asn) = 1.1.13-5.fc41, golang(github.com/projectdiscovery/ratelimit) = 0.0.62-2.fc42, golang(github.com/projectdiscovery/retryabledns) = 1.0.82-2.fc42, golang(github.com/projectdiscovery/utils/errors) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/file) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/ip) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/slice) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/update) = 0.0.41-4.fc41
golang-github-projectdiscovery-dnsx-devel-1.1.6-5.fc41.noarch requires golang(github.com/projectdiscovery/asnmap/libs) = 1.0.6-5.fc41, golang(github.com/projectdiscovery/cdncheck) = 1.0.9-6.fc42, golang(github.com/projectdiscovery/clistats) = 0.0.19-5.fc42, golang(github.com/projectdiscovery/goflags) = 0.1.8-6.fc42, golang(github.com/projectdiscovery/gologger) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/gologger/levels) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/mapcidr) = 1.1.13-5.fc41, golang(github.com/projectdiscovery/mapcidr/asn) = 1.1.13-5.fc41, golang(github.com/projectdiscovery/ratelimit) = 0.0.62-2.fc42, golang(github.com/projectdiscovery/retryabledns) = 1.0.82-2.fc42, golang(github.com/projectdiscovery/utils/errors) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/file) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/ip) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/slice) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/update) = 0.0.41-4.fc41
golang-github-projectdiscovery-cdncheck (maintained by: @go-sig, fab)
golang-github-projectdiscovery-cdncheck-1.0.9-6.fc42.src requires golang(github.com/projectdiscovery/goflags) = 0.1.8-6.fc42, golang(github.com/projectdiscovery/gologger) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/gologger/formatter) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/gologger/levels) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/mapcidr) = 1.1.13-5.fc41, golang(github.com/projectdiscovery/retryabledns) = 1.0.82-2.fc42, golang(github.com/projectdiscovery/utils/errors) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/file) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/ip) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/strings) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/update) = 0.0.41-4.fc41
golang-github-projectdiscovery-cdncheck-devel-1.0.9-6.fc42.noarch requires golang(github.com/projectdiscovery/goflags) = 0.1.8-6.fc42, golang(github.com/projectdiscovery/gologger) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/gologger/formatter) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/gologger/levels) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/mapcidr) = 1.1.13-5.fc41, golang(github.com/projectdiscovery/retryabledns) = 1.0.82-2.fc42, golang(github.com/projectdiscovery/utils/errors) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/file) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/ip) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/strings) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/update) = 0.0.41-4.fc41
golang-github-projectdiscovery-chaos-client (maintained by: @go-sig, mikelo2)
golang-github-projectdiscovery-chaos-client-0.5.0-6.fc41.src requires golang(github.com/projectdiscovery/gologger) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/gologger/levels) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/ratelimit) = 0.0.62-2.fc42, golang(github.com/projectdiscovery/utils/http) = 0.0.41-4.fc41
golang-github-projectdiscovery-chaos-client-devel-0.5.0-6.fc41.noarch requires golang(github.com/projectdiscovery/gologger) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/gologger/levels) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/ratelimit) = 0.0.62-2.fc42, golang(github.com/projectdiscovery/utils/http) = 0.0.41-4.fc41
golang-github-projectdiscovery-mapcidr (maintained by: @go-sig, fab, mikelo2)
golang-github-projectdiscovery-mapcidr-1.1.13-5.fc41.src requires golang(github.com/projectdiscovery/asnmap/libs) = 1.0.6-5.fc41, golang(github.com/projectdiscovery/goflags) = 0.1.8-6.fc42, golang(github.com/projectdiscovery/gologger) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/gologger/levels) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/ipranger) = 0.0.2-10.fc41, golang(github.com/projectdiscovery/utils/file) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/slice) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/strings) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/update) = 0.0.41-4.fc41
golang-github-projectdiscovery-mapcidr-devel-1.1.13-5.fc41.noarch requires golang(github.com/projectdiscovery/asnmap/libs) = 1.0.6-5.fc41, golang(github.com/projectdiscovery/goflags) = 0.1.8-6.fc42, golang(github.com/projectdiscovery/gologger) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/gologger/levels) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/ipranger) = 0.0.2-10.fc41, golang(github.com/projectdiscovery/utils/file) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/slice) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/strings) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/update) = 0.0.41-4.fc41
subfinder (maintained by: @go-sig, mikelo2)
golang-github-projectdiscovery-subfinder-devel-2.5.3-6.fc41.noarch requires golang(github.com/projectdiscovery/chaos-client/pkg/chaos) = 0.5.0-6.fc41, golang(github.com/projectdiscovery/dnsx/libs/dnsx) = 1.1.6-5.fc41, golang(github.com/projectdiscovery/goflags) = 0.1.8-6.fc42, golang(github.com/projectdiscovery/gologger) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/gologger/formatter) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/gologger/levels) = 1.1.12-2.fc41
subfinder-2.5.3-6.fc41.src requires golang(github.com/projectdiscovery/chaos-client/pkg/chaos) = 0.5.0-6.fc41, golang(github.com/projectdiscovery/dnsx/libs/dnsx) = 1.1.6-5.fc41, golang(github.com/projectdiscovery/goflags) = 0.1.8-6.fc42, golang(github.com/projectdiscovery/gologger) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/gologger/formatter) = 1.1.12-2.fc41, golang(github.com/projectdiscovery/gologger/levels) = 1.1.12-2.fc41
golang-github-projectdiscovery-utils (maintained by: @go-sig, mikelo2)
golang-github-projectdiscovery-utils-0.0.41-4.fc41.src requires golang(github.com/projectdiscovery/gologger) = 1.1.12-2.fc41
golang-github-projectdiscovery-utils-devel-0.0.41-4.fc41.noarch requires golang(github.com/projectdiscovery/gologger) = 1.1.12-2.fc41
golang-github-projectdiscovery-ipranger (maintained by: @go-sig, mikelo2)
golang-github-projectdiscovery-ipranger-0.0.2-10.fc41.src requires golang(github.com/projectdiscovery/mapcidr) = 1.1.13-5.fc41
golang-github-projectdiscovery-ipranger-devel-0.0.2-10.fc41.noarch requires golang(github.com/projectdiscovery/mapcidr) = 1.1.13-5.fc41
golang-github-projectdiscovery-iputil (maintained by: @go-sig, mikelo2)
golang-github-projectdiscovery-iputil-0-0.8.20220919gitb9406f3.fc41.src requires golang(github.com/projectdiscovery/mapcidr) = 1.1.13-5.fc41
golang-github-projectdiscovery-iputil-devel-0-0.8.20220919gitb9406f3.fc41.noarch requires golang(github.com/projectdiscovery/mapcidr) = 1.1.13-5.fc41
golang-github-projectdiscovery-clistats (maintained by: @go-sig, mikelo2)
golang-github-projectdiscovery-clistats-0.0.19-5.fc42.src requires golang(github.com/projectdiscovery/utils/errors) = 0.0.41-4.fc41
golang-github-projectdiscovery-clistats-devel-0.0.19-5.fc42.noarch requires golang(github.com/projectdiscovery/utils/errors) = 0.0.41-4.fc41
golang-github-projectdiscovery-goflags (maintained by: @go-sig, mikelo2)
golang-github-projectdiscovery-goflags-0.1.8-6.fc42.src requires golang(github.com/projectdiscovery/utils/file) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/maps) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/slice) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/strings) = 0.0.41-4.fc41
golang-github-projectdiscovery-goflags-devel-0.1.8-6.fc42.noarch requires golang(github.com/projectdiscovery/utils/file) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/maps) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/slice) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/strings) = 0.0.41-4.fc41
golang-github-projectdiscovery-ratelimit (maintained by: @go-sig, mikelo2)
golang-github-projectdiscovery-ratelimit-0.0.62-2.fc42.src requires golang(github.com/projectdiscovery/utils/errors) = 0.0.41-4.fc41
golang-github-projectdiscovery-ratelimit-devel-0.0.62-2.fc42.noarch requires golang(github.com/projectdiscovery/utils/errors) = 0.0.41-4.fc41
golang-github-projectdiscovery-retryabledns (maintained by: @go-sig, fab, mikelo2)
golang-github-projectdiscovery-retryabledns-1.0.82-2.fc42.src requires golang(github.com/projectdiscovery/utils/file) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/ip) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/maps) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/slice) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/strings) = 0.0.41-4.fc41
golang-github-projectdiscovery-retryabledns-devel-1.0.82-2.fc42.noarch requires golang(github.com/projectdiscovery/utils/file) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/ip) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/maps) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/slice) = 0.0.41-4.fc41, golang(github.com/projectdiscovery/utils/strings) = 0.0.41-4.fc41
Depending on: guidelines-support-library (4), status change: 2025-06-14 (0 weeks ago)
contour-terminal (maintained by: topazus)
contour-terminal-0.6.1.7494-2.fc42.src requires guidelines-support-library-devel = 4.2.0-2.fc43
onnxruntime (maintained by: aalvarez, dherrera)
onnxruntime-1.20.1-18.fc43.src requires guidelines-support-library-devel = 4.2.0-2.fc43
envision (maintained by: @xr-sig, jsteffan)
envision-monado-3.1.1-1.20250422git3.1.1.fc43.x86_64 requires pkgconfig(libonnxruntime) = 1.20.1
sourcextractor++ (maintained by: aalvarez)
sourcextractor++-1.0.1-2.fc43.src requires onnxruntime-devel = 1.20.1-18.fc43
sourcextractor++-1.0.1-2.fc43.x86_64 requires libonnxruntime.so.1()(64bit), libonnxruntime.so.1(VERS_1.20.1)(64bit)
Depending on: jdns (2), status change: 2025-06-14 (0 weeks ago)
psi (maintained by: orphan, slankes)
psi-1.5-16.fc43.src requires cmake(QJDns-qt5) = 2.0.6
psi-1.5-16.fc43.x86_64 requires libqjdns-qt5.so.2()(64bit)
vacuum-im (maintained by: martinkg)
vacuum-im-1.3.0-0.33.20211209git0abd5e1.fc42.src requires jdns-devel = 2.0.6-23.fc43
Depending on: kim-api (3), status change: 2025-05-06 (5 weeks ago)
lammps (maintained by: cz4rs, junghans, rberger)
lammps-20250204-2.fc43.src requires kim-api-devel = 2.2.1-11.fc42, kim-api-examples = 2.2.1-11.fc42
lammps-20250204-2.fc43.x86_64 requires libkim-api.so.2()(64bit)
lammps-mpich-20250204-2.fc43.x86_64 requires libkim-api.so.2()(64bit)
lammps-openmpi-20250204-2.fc43.x86_64 requires libkim-api.so.2()(64bit)
openkim-models (maintained by: junghans, orphan)
openkim-models-2021.01.28-12.fc42.src requires kim-api-devel = 2.2.1-11.fc42
openkim-models-2021.01.28-12.fc42.x86_64 requires libkim-api.so.2()(64bit)
votca (maintained by: junghans)
votca-2025-1.fc43.src requires lammps = 20250204-2.fc43
Depending on: levmar (3), status change: 2025-05-06 (5 weeks ago)
meshlab (maintained by: churchyard, spot)
meshlab-2023.12-11.fc43.src requires levmar-devel = 2.6-18.fc42
meshlab-2023.12-11.fc43.x86_64 requires liblevmar.so.2.6()(64bit)
sourcextractor++ (maintained by: aalvarez)
sourcextractor++-1.0.1-2.fc43.src requires levmar-devel = 2.6-18.fc42
sourcextractor++-1.0.1-2.fc43.x86_64 requires liblevmar.so.2.6()(64bit)
teem (maintained by: @neuro-sig, music)
teem-1.11.0-81.fc43.src requires levmar-devel = 2.6-18.fc42
Depending on: liberasurecode (1), status change: 2025-05-06 (5 weeks ago)
python-pyeclib (maintained by: @epel-packagers-sig, @openstack-sig, orphan)
python-pyeclib-1.6.0-19.fc43.src requires liberasurecode-devel = 1.6.2-9.fc41
python3-pyeclib-1.6.0-19.fc43.x86_64 requires liberasurecode = 1.6.2-9.fc41, liberasurecode.so.1()(64bit)
Depending on: nwg-panel (1), status change: 2025-06-11 (0 weeks ago)
miracle-wm-config (maintained by: @miracle-sig, ngompa)
miracle-wm-config-0~git.20250215.1.df9267a-1.fc43.noarch requires nwg-panel = 0.10.5-2.fc43
Depending on: python-aiopg (1), status change: 2025-05-26 (3 weeks ago)
python-databases (maintained by: orphan)
python-databases-0.9.0-4.fc42.src requires python3dist(aiopg) = 1.3.4
Depending on: python-daiquiri (4), status change: 2025-05-06 (5 weeks ago)
git-pull-request (maintained by: dcavalca, salimma)
git-pull-request-6.0.2-13.fc43.noarch requires python3-daiquiri = 3.2.1-11.fc43, python3.14dist(daiquiri) = 3.2.1
python-pifpaf (maintained by: @epel-packagers-sig, @openstack-sig, orphan)
python3-pifpaf-2.2.2-25.fc43.noarch requires python3-daiquiri = 3.2.1-11.fc43
python-cradox (maintained by: jpena)
python-cradox-2.1.0-27.fc43.src requires python3-pifpaf = 2.2.2-25.fc43
python-taskflow (maintained by: @openstack-sig, eharney, jcapitao)
python-taskflow-5.9.1-3.fc42.src requires python3dist(pifpaf) = 2.2.2
Depending on: python-flask-session (1), status change: 2025-05-16 (4 weeks ago)
copr-frontend (maintained by: @copr-sig, frostyx, msuchy, praiskup)
copr-frontend-2.2-1.fc43.noarch requires python3dist(flask-session) = 0.5
copr-frontend-2.2-1.fc43.src requires python3dist(flask-session) = 0.5
Depending on: python-git-url-parse (2), status change: 2025-05-06 (5 weeks ago)
cranc (maintained by: lenkaseg)
cranc-1.1.0-20.fc43.noarch requires python3-git-url-parse = 1.2.2-28.fc43, python3.14dist(git-url-parse) = 1.2.2
python-gilt (maintained by: orphan)
python-gilt-1.2.2-13.fc43.src requires python3-git-url-parse = 1.2.2-28.fc43
python3-gilt-1.2.2-13.fc43.noarch requires python3-git-url-parse = 1.2.2-28.fc43
Depending on: python-mpd (1), status change: 2025-05-06 (5 weeks ago)
beets (maintained by: maha, mbaldessari)
beets-plugins-2.0.0-3.fc43.noarch requires python3-mpd = 0.2.1-43.fc43
Depending on: python-openid-teams (5), status change: 2025-05-06 (5 weeks ago)
copr-frontend (maintained by: @copr-sig, frostyx, msuchy, praiskup)
copr-frontend-2.2-1.fc43.noarch requires python3dist(python-openid-teams) = 1.1
copr-frontend-2.2-1.fc43.src requires python3dist(python-openid-teams) = 1.1
ipsilon (maintained by: jonathanspw, kevin, simo)
ipsilon-3.0.5-0.5.git20241202.01109c1.fc43.src requires python3-openid-teams = 1.1-36.fc43
ipsilon-openid-3.0.5-0.5.git20241202.01109c1.fc43.noarch requires python3-openid-teams = 1.1-36.fc43
pagure (maintained by: bruno, ngompa, pingou, wombelix)
pagure-5.14.1-7.fc43.noarch requires python3.14dist(python-openid-teams) = 1.1
python-pyramid-fas-openid (maintained by: @infra-sig, abompard)
python-pyramid-fas-openid-0.4.0-18.fc43.src requires python3-openid-teams = 1.1-36.fc43
python3-pyramid-fas-openid-0.4.0-18.fc43.noarch requires python3-openid-teams = 1.1-36.fc43, python3.14dist(python-openid-teams) = 1.1
pagure-dist-git (maintained by: @infra-sig, ngompa, pingou)
pagure-dist-git-1.15-3.fc43.noarch requires pagure = 5.14.1-7.fc43, python3.14dist(pagure) = 5.14.1
Depending on: python-pifpaf (2), status change: 2025-05-06 (5 weeks ago)
python-cradox (maintained by: jpena)
python-cradox-2.1.0-27.fc43.src requires python3-pifpaf = 2.2.2-25.fc43
python-taskflow (maintained by: @openstack-sig, eharney, jcapitao)
python-taskflow-5.9.1-3.fc42.src requires python3dist(pifpaf) = 2.2.2
Depending on: python-random2 (5), status change: 2025-05-09 (5 weeks ago)
PySolFC (maintained by: ngompa, shlomif)
PySolFC-3.4.0-1.fc43.noarch requires python3-random2 = 1.0.2-5.fc43
freecell-solver (maintained by: shlomif)
freecell-solver-6.12.0-4.fc43.src requires python3-random2 = 1.0.2-5.fc43
PySolFC-cardsets (maintained by: ngompa)
PySolFC-cardsets-3.0-3.fc42.noarch requires PySolFC = 3.4.0-1.fc43
PySolFC-music (maintained by: ngompa)
PySolFC-music-4.50-15.fc42.noarch requires PySolFC = 3.4.0-1.fc43
kpat (maintained by: @kde-sig, rdieter, than)
kpat-25.04.2-1.fc43.src requires pkgconfig(libfreecell-solver) = 6.12.0
kpat-25.04.2-1.fc43.x86_64 requires libfreecell-solver.so.0()(64bit)
Depending on: python-telnetlib3 (1), status change: 2025-05-16 (4 weeks ago)
python-pytn3270 (maintained by: dcavalca)
python-pytn3270-0.15.1-8.fc42.src requires python3dist(telnetlib3) = 2.0.4
python3-pytn3270-0.15.1-8.fc42.noarch requires python3.13dist(telnetlib3) = 2.0.4
Depending on: python-testing.common.database (2), status change: 2025-05-09 (5 weeks ago)
python-testing.postgresql (maintained by: orphan)
python-testing.postgresql-1.3.0-25.fc43.src requires python3dist(testing-common-database) = 2.0.3
python3-testing.postgresql-1.3.0-25.fc43.noarch requires python3.14dist(testing-common-database) = 2.0.3
python-aws-xray-sdk (maintained by: orphan)
python-aws-xray-sdk-2.14.0-10.fc43.src requires python3dist(testing-postgresql) = 1.3
Depending on: python-testing.postgresql (1), status change: 2025-05-09 (5 weeks ago)
python-aws-xray-sdk (maintained by: orphan)
python-aws-xray-sdk-2.14.0-10.fc43.src requires python3dist(testing-postgresql) = 1.3
Depending on: rtfilter (1), status change: 2025-06-02 (2 weeks ago)
mcpanel (maintained by: orphan)
mcpanel-1.1-6.fc42.i686 requires librtfilter.so.1
mcpanel-1.1-6.fc42.src requires rtfilter-devel = 1.3-6.fc43
mcpanel-1.1-6.fc42.x86_64 requires librtfilter.so.1()(64bit)
Depending on: rust-indextree (1), status change: 2025-06-04 (1 weeks ago)
rust-erdtree (maintained by: @rust-sig, orphan)
rust-erdtree-3.1.2-6.fc42.src requires crate(indextree/default) = 4.7.3
Depending on: rust-indextree-macros (2), status change: 2025-06-04 (1 weeks ago)
rust-indextree (maintained by: @rust-sig, orphan)
rust-indextree-4.7.3-2.fc42.src requires crate(indextree-macros/default) = 0.1.2
rust-indextree+indextree-macros-devel-4.7.3-2.fc42.noarch requires crate(indextree-macros/default) = 0.1.2
rust-erdtree (maintained by: @rust-sig, orphan)
rust-erdtree-3.1.2-6.fc42.src requires crate(indextree/default) = 4.7.3
Depending on: s2n-tls (6), status change: 2025-05-12 (5 weeks ago)
aws-c-io (maintained by: @cloud-sig, davdunc, orphan)
aws-c-io-0.18.1-1.fc43.src requires s2n-tls-devel = 1.5.10-2.fc42
aws-c-io-0.18.1-1.fc43.x86_64 requires libs2n.so.1()(64bit)
aws-c-io-devel-0.18.1-1.fc43.x86_64 requires s2n-tls-devel(x86-64) = 1.5.10-2.fc42
aws-c-auth (maintained by: )
aws-c-auth-0.9.0-2.fc43.src requires aws-c-http-devel = 0.9.7-2.fc43, aws-c-io-devel = 0.18.1-1.fc43
aws-c-auth-0.9.0-2.fc43.x86_64 requires libaws-c-http.so.1.0.0()(64bit), libaws-c-io.so.1.0.0()(64bit)
aws-c-auth-devel-0.9.0-2.fc43.x86_64 requires aws-c-http-devel = 0.9.7-2.fc43, aws-c-io-devel = 0.18.1-1.fc43
aws-c-event-stream (maintained by: )
aws-c-event-stream-0.5.4-2.fc43.src requires aws-c-io-devel = 0.18.1-1.fc43
aws-c-event-stream-0.5.4-2.fc43.x86_64 requires libaws-c-io.so.1.0.0()(64bit)
aws-c-event-stream-devel-0.5.4-2.fc43.x86_64 requires aws-c-io-devel = 0.18.1-1.fc43
aws-c-http (maintained by: @cloud-sig, davdunc, orphan)
aws-c-http-0.9.7-2.fc43.src requires aws-c-io-devel = 0.18.1-1.fc43
aws-c-http-0.9.7-2.fc43.x86_64 requires libaws-c-io.so.1.0.0()(64bit)
aws-c-http-devel-0.9.7-2.fc43.x86_64 requires aws-c-io-devel = 0.18.1-1.fc43
aws-c-http-libs-0.9.7-2.fc43.x86_64 requires libaws-c-io.so.1.0.0()(64bit)
aws-c-mqtt (maintained by: @cloud-sig, davdunc, orphan)
aws-c-mqtt-0.12.3-2.fc43.src requires aws-c-http-devel = 0.9.7-2.fc43, aws-c-io-devel = 0.18.1-1.fc43
aws-c-mqtt-0.12.3-2.fc43.x86_64 requires libaws-c-io.so.1.0.0()(64bit)
aws-c-mqtt-devel-0.12.3-2.fc43.x86_64 requires aws-c-http-devel = 0.9.7-2.fc43, aws-c-io-devel = 0.18.1-1.fc43
aws-c-mqtt-libs-0.12.3-2.fc43.x86_64 requires libaws-c-http.so.1.0.0()(64bit), libaws-c-io.so.1.0.0()(64bit)
aws-c-s3 (maintained by: @cloud-sig, davdunc, orphan)
aws-c-s3-0.7.15-2.fc43.x86_64 requires libaws-c-auth.so.1.0.0()(64bit), libaws-c-http.so.1.0.0()(64bit), libaws-c-io.so.1.0.0()(64bit)
aws-c-s3-libs-0.7.15-2.fc43.x86_64 requires libaws-c-auth.so.1.0.0()(64bit), libaws-c-http.so.1.0.0()(64bit), libaws-c-io.so.1.0.0()(64bit)
aws-c-s3-0.7.15-2.fc43.src requires aws-c-auth-devel = 0.9.0-2.fc43, aws-c-http-devel = 0.9.7-2.fc43
aws-c-s3-devel-0.7.15-2.fc43.x86_64 requires aws-c-auth-devel = 0.9.0-2.fc43, aws-c-http-devel = 0.9.7-2.fc43
Depending on: tse3 (1), status change: 2025-06-16 (0 weeks ago)
kguitar (maintained by: orphan)
kguitar-0.5.1-44.926svn.fc42.src requires tse3-devel = 0.3.1-37.fc42
kguitar-0.5.1-44.926svn.fc42.x86_64 requires libtse3.so.0()(64bit)
Depending on: xsd (9), status change: 2025-05-09 (5 weeks ago)
libkolabxml (maintained by: @kde-sig, tpokorra)
libkolabxml-1.2.0-31.fc43.src requires xsd = 4.1.0-0.17.a11.fc42
percolator (maintained by: sagitter)
percolator-3.06.04-6.fc42.src requires xsd = 4.1.0-0.17.a11.fc42
kdepim-runtime (maintained by: @kde-sig, jgrulich, rdieter, than)
kdepim-runtime-1:25.04.2-1.fc43.src requires cmake(Libkolabxml) = 1.2.0
kdepim-runtime-1:25.04.2-1.fc43.x86_64 requires libkolabxml.so.1()(64bit)
openms (maintained by: sagitter)
openms-2:3.3.0-1.fc42.src requires percolator = 3.06.04-6.fc42
openms-2:3.3.0-1.fc42.x86_64 requires percolator(x86-64) = 3.06.04-6.fc42
kmail (maintained by: @kde-sig, jkucera, rdieter, than)
kmail-25.04.2-1.fc43.x86_64 requires kdepim-runtime = 1:25.04.2-1.fc43
korganizer (maintained by: @kde-sig, rdieter, than)
korganizer-25.04.2-1.fc43.x86_64 requires kdepim-runtime = 1:25.04.2-1.fc43
zanshin (maintained by: @kde-sig, rdieter)
zanshin-25.04.2-1.fc43.x86_64 requires kdepim-runtime = 1:25.04.2-1.fc43
kdepim (maintained by: @kde-sig, rdieter, than)
kdepim-7:17.12.3-17.fc42.x86_64 requires kmail = 25.04.2-1.fc43, kontact = 25.04.2-1.fc43, korganizer = 25.04.2-1.fc43
kontact (maintained by: @kde-sig, rdieter, than)
kontact-25.04.2-1.fc43.x86_64 requires kmail = 25.04.2-1.fc43, korganizer = 25.04.2-1.fc43
Affected (co)maintainers
@cloud-sig: aws-c-io, aws-c-mqtt, aws-checksums, aws-c-http, aws-c-auth, aws-c-compression, aws-c-s3, ec2-instance-connect, s2n-tls, aws-c-sdkutils
@copr-sig: python-flask-session, python-openid-teams
@epel-packagers-sig: python-cliff-tablib, liberasurecode, python-daiquiri, python-pyeclib, python-ldappool, python-pifpaf, python-openid-teams, python-tosca-parser, python-os-testr, python-jsonpath-rw-ext
@go-sig: golang-github-mholt-archiver, golang-github-oklog, golang-gvisor, golang-github-juju-ansiterm, golang-github-hashicorp-hc-install, golang-sr-emersion-gqlclient, golang-github-fsouza-dockerclient, gron
@infra-sig: python-openid-teams
@kde-sig: xsd, python-random2
@miracle-sig: nwg-panel
@neuro-sig: python-odml, python-openctm, python-datrie, python-amply, OpenCTM, levmar, python-neurodsp, python-toposort, python-stopit
@openstack-sig: python-migrate, python-cliff-tablib, liberasurecode, python-daiquiri, python-pyeclib, python-ldappool, python-pifpaf, python-tosca-parser, python-os-testr, python-jsonpath-rw-ext
@python-packagers-sig: xonsh
@rust-sig: rust-indextree, rust-indextree-macros, rust-outref, rust-taskchampion, rust-btoi, rust-erdtree, rust-bytes-utils, rust-vsimd
@xr-sig: guidelines-support-library
aalvarez: guidelines-support-library, levmar
abompard: python-openid-teams
alexl: notification-daemon
ankursinha: python-toposort
apevec: python-cliff-tablib, python-os-testr, python-jsonpath-rw-ext
bruno: python-openid-teams
chedi: python-poyo, python-anyconfig
churchyard: levmar
cicku: zsh-lovers, wxGlade
cz4rs: kim-api
davdunc: aws-c-io, aws-c-mqtt, aws-checksums, aws-c-http, aws-c-auth, aws-c-compression, aws-c-s3, ec2-instance-connect, s2n-tls, aws-c-sdkutils
dcavalca: golang-github-mholt-archiver, python-telnetlib3, python-daiquiri
defolos: ocaml-odoc
dherrera: guidelines-support-library
dodji: gtksourceviewmm
duck: iucode-tool
eclipseo: golang-github-hashicorp-hc-install
eharney: python-pifpaf, python-daiquiri
elmarco: golang-gvisor
fab: golang-github-mholt-archiver, python-fuzzywuzzy
frostyx: python-flask-session, python-openid-teams
gnat: w3c-markup-validator
hobbes1069: zipios
jcapitao: python-pifpaf, python-daiquiri
jgrulich: xsd
jkucera: xsd
jonathanspw: python-openid-teams
jpena: python-tosca-parser, python-pifpaf, python-daiquiri
jruzicka: python-tosca-parser
jsteffan: guidelines-support-library
junghans: openkim-models, kim-api
kalev: 0ad
kevin: python-openid-teams
laxathom: python-gammu
lenkaseg: python-git-url-parse
limb: srain
maha: python-mpd
martinkg: jdns
mbaldessari: python-mpd
mikelo2: golang-github-mholt-archiver
msivak: mom
msuchy: python-flask-session, python-openid-teams
music: levmar
ngompa: python-random2, nwg-panel, python-openid-teams
pcpa: 0ad
pingou: python-openid-teams
praiskup: python-flask-session, python-openid-teams
pwalter: 0ad
rberger: kim-api
rdieter: xsd, python-random2
rhughes: notification-daemon
rstrode: notification-daemon
sagitter: xsd
salimma: golang-github-mholt-archiver, python-daiquiri
sbonazzo: mom
sergiomb: keychain
shlomif: python-random2
simo: python-openid-teams
slankes: psi, jdns
spot: levmar
swt2c: wxGlade
tdawson: xsd, python-openid-teams
than: xsd, python-random2
topazus: guidelines-support-library
tpokorra: xsd
wombelix: python-openid-teams
Orphans (139): 0ad OpenCTM aircrack-ng aws-c-auth aws-c-compression
aws-c-event-stream aws-c-http aws-c-io aws-c-mqtt aws-c-s3
aws-c-sdkutils aws-checksums chatterino2 devtodo drgeo drgeo-doc
ec2-instance-connect filedrop fim fros ganyremote gkermit
golang-github-fsouza-dockerclient
golang-github-hashicorp-hc-install golang-github-juju-ansiterm
golang-github-mholt-archiver golang-github-oklog golang-gvisor
golang-sr-emersion-gqlclient gron gtksourceviewmm
guidelines-support-library hashcat iucode-tool jdns keychain
kguitar kim-api lcdtest levmar libepc liberasurecode libkdtree++
libscn libsexymm ltunify mac-encheez mcpanel mom mygnuhealth nodm
notification-daemon nsntrace nwg-panel ocaml-odoc openkim-models
php-facedetect psi python-aiopg python-amply python-anyconfig
python-awsiotsdk python-click-help-colors python-cliff-tablib
python-daiquiri python-datrie python-dingz python-editdistance
python-enrich python-flask-session python-fuzzywuzzy python-gammu
python-gilt python-git-url-parse python-hudman
python-jsonpath-rw-ext python-ldappool python-migrate python-mpd
python-neurodsp python-neurosynth python-odml python-openctm
python-openid-teams python-os-testr python-pifpaf python-poyo
python-py-algorand-sdk python-py2pack python-pyeclib python-q
python-random2 python-sphinx-documatt-theme python-stopit
python-telnetlib3 python-testing.common.database
python-testing.postgresql python-toposort python-tosca-parser
python-whichcraft python-wloc python3-exiv2 qstardict rtfilter
rubygem-rack-restful_submit rubygem-rgen rubygem-shoulda-matchers
rust-btoi rust-bytes-utils rust-erdtree rust-indextree
rust-indextree-macros rust-outref rust-taskchampion rust-vsimd
s2n-tls scythia semver shobhika-fonts smc-anjalioldlipi-fonts
smc-dyuthi-fonts smc-raghumalayalamsans-fonts smc-suruma-fonts
sqlitecpp srain standard-test-roles sunwait termic
thunar-sendto-clamtk tkabber-plugins tse3 tweeny
w3c-markup-validator wxGlade xonsh xqilla xsd zipios zsh-lovers
Orphans (dependend on) (33): OpenCTM aws-c-auth aws-c-compression
aws-c-http aws-c-io aws-c-sdkutils aws-checksums drgeo
golang-github-hashicorp-hc-install golang-github-mholt-archiver
guidelines-support-library jdns kim-api levmar liberasurecode
nwg-panel python-aiopg python-daiquiri python-flask-session
python-git-url-parse python-mpd python-openid-teams python-pifpaf
python-random2 python-telnetlib3 python-testing.common.database
python-testing.postgresql rtfilter rust-indextree
rust-indextree-macros s2n-tls tse3 xsd
Orphans (rawhide) for at least 6 weeks (dependend on) (0):
Orphans (rawhide) (not depended on) (106): 0ad aircrack-ng
aws-c-event-stream aws-c-mqtt aws-c-s3 chatterino2 devtodo
drgeo-doc ec2-instance-connect filedrop fim fros ganyremote
gkermit golang-github-fsouza-dockerclient
golang-github-juju-ansiterm golang-github-oklog golang-gvisor
golang-sr-emersion-gqlclient gron gtksourceviewmm hashcat
iucode-tool keychain kguitar lcdtest libepc libkdtree++ libscn
libsexymm ltunify mac-encheez mcpanel mom mygnuhealth nodm
notification-daemon nsntrace ocaml-odoc openkim-models
php-facedetect psi python-amply python-anyconfig python-awsiotsdk
python-click-help-colors python-cliff-tablib python-datrie
python-dingz python-editdistance python-enrich python-fuzzywuzzy
python-gammu python-gilt python-hudman python-jsonpath-rw-ext
python-ldappool python-migrate python-neurodsp python-neurosynth
python-odml python-openctm python-os-testr python-poyo
python-py-algorand-sdk python-py2pack python-pyeclib python-q
python-sphinx-documatt-theme python-stopit python-toposort
python-tosca-parser python-whichcraft python-wloc python3-exiv2
qstardict rubygem-rack-restful_submit rubygem-rgen
rubygem-shoulda-matchers rust-btoi rust-bytes-utils rust-erdtree
rust-outref rust-taskchampion rust-vsimd scythia semver
shobhika-fonts smc-anjalioldlipi-fonts smc-dyuthi-fonts
smc-raghumalayalamsans-fonts smc-suruma-fonts sqlitecpp srain
standard-test-roles sunwait termic thunar-sendto-clamtk
tkabber-plugins tweeny w3c-markup-validator wxGlade xonsh xqilla
zipios zsh-lovers
Orphans (rawhide) for at least 6 weeks (not dependend on) (0):
Depending packages (rawhide) (75): PySolFC PySolFC-cardsets
PySolFC-music asnmap aws-c-auth aws-c-event-stream aws-c-http
aws-c-io aws-c-mqtt aws-c-s3 beets contour-terminal copr-frontend
cranc dnsx drgeo-doc envision freecell-solver git-pull-request
golang-github-acme-lego golang-github-facebookincubator-go2chef
golang-github-hashicorp-terraform-exec
golang-github-projectdiscovery-cdncheck
golang-github-projectdiscovery-chaos-client
golang-github-projectdiscovery-clistats
golang-github-projectdiscovery-goflags
golang-github-projectdiscovery-gologger
golang-github-projectdiscovery-ipranger
golang-github-projectdiscovery-iputil
golang-github-projectdiscovery-mapcidr
golang-github-projectdiscovery-ratelimit
golang-github-projectdiscovery-retryabledns
golang-github-projectdiscovery-utils
golang-github-sacloud-api-client golang-github-sacloud-iaas-api
golang-github-sacloud-packages ipsilon kdepim kdepim-runtime
kguitar kmail kontact korganizer kpat lammps libkolabxml mcpanel
meshlab miracle-wm-config onnxruntime openkim-models openms pagure
pagure-dist-git percolator psi python-aws-xray-sdk python-cradox
python-databases python-gilt python-openctm python-pifpaf
python-pyeclib python-pyramid-fas-openid python-pytn3270
python-taskflow python-testing.postgresql rust-erdtree
rust-indextree sourcextractor++ subfinder teem vacuum-im votca
zanshin
Packages depending on packages orphaned (rawhide) for more than 6
weeks (0):
--
The script creating this output is run and developed by Fedora
Release Engineering. Please report issues at its pagure instance:
https://pagure.io/releng/
The sources of this script can be found at:
https://pagure.io/releng/blob/main/f/scripts/find_unblocked_orphans.py
Report finished at 2025-06-16 21:12:00 UTC
Subscribe to:
Posts (Atom)