The following Fedora EPEL 10.2 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-12b5bcc5d5
nextcloud-32.0.2-1.el10_2
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-228b3430e8
restic-0.18.1-1.el10_2
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-c7b9b07dd3
rclone-1.72.0-1.el10_2
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-fae772942c
openbao-2.4.4-1.el10_2
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-3c4c4e0490
stb-0^20251025gitf1c79c0-2.el10_2
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-596d7a5bb9
fcgi-2.4.7-1.el10_2
The following builds have been pushed to Fedora EPEL 10.2 updates-testing
libwebsockets-4.3.7-1.el10_2
perl-Socket-GetAddrInfo-0.22-36.el10_2
runc-1.3.4-1.el10_2
Details about builds:
================================================================================
libwebsockets-4.3.7-1.el10_2 (FEDORA-EPEL-2025-384a4defc5)
Lightweight C library for Websockets
--------------------------------------------------------------------------------
Update Information:
Update to 4.3.7
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 30 2025 Peter Robinson <[email protected]> - 4.3.7-1
- Update to 4.3.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405213 - CVE-2025-11679 libwebsockets: Out-of-bounds Read in
libwebsockets PNG parsing [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405213
[ 2 ] Bug #2405215 - CVE-2025-11679 libwebsockets: Out-of-bounds Read in
libwebsockets PNG parsing [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2405215
[ 3 ] Bug #2405217 - CVE-2025-11679 libwebsockets: Out-of-bounds Read in
libwebsockets PNG parsing [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405217
[ 4 ] Bug #2405247 - CVE-2025-11677 libwebsockets: Use After Free in
libwebsockets WebSocket server [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405247
[ 5 ] Bug #2405249 - CVE-2025-11677 libwebsockets: Use After Free in
libwebsockets WebSocket server [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2405249
[ 6 ] Bug #2405251 - CVE-2025-11677 libwebsockets: Use After Free in
libwebsockets WebSocket server [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405251
[ 7 ] Bug #2405258 - CVE-2025-11680 libwebsockets: Out-of-bounds Write in
libwebsockets PNG parsing [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405258
[ 8 ] Bug #2405260 - CVE-2025-11680 libwebsockets: Out-of-bounds Write in
libwebsockets PNG parsing [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2405260
[ 9 ] Bug #2405262 - CVE-2025-11680 libwebsockets: Out-of-bounds Write in
libwebsockets PNG parsing [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405262
[ 10 ] Bug #2405566 - CVE-2025-11678 libwebsockets: Stack-based Buffer
Overflow in libwebsockets [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405566
[ 11 ] Bug #2405569 - CVE-2025-11678 libwebsockets: Stack-based Buffer
Overflow in libwebsockets [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2405569
--------------------------------------------------------------------------------
================================================================================
perl-Socket-GetAddrInfo-0.22-36.el10_2 (FEDORA-EPEL-2025-d48edc1133)
RFC 2553's "getaddrinfo" and "getnameinfo" functions
--------------------------------------------------------------------------------
Update Information:
This package contains the Perl module Socket::GetAddrInfo, which provides RFC
2553's "getaddrinfo" and "getnameinfo" functions.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.22-36
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sat Jan 18 2025 Fedora Release Engineering <[email protected]> -
0.22-35
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Tue Aug 6 2024 Miroslav Suchý <[email protected]> - 0.22-34
- convert license to SPDX
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.22-33
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> -
0.22-32
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> -
0.22-31
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2417123 - Please branch and build perl-Socket-GetAddrInfo in epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2417123
--------------------------------------------------------------------------------
================================================================================
runc-1.3.4-1.el10_2 (FEDORA-EPEL-2025-a28c0e7650)
CLI for running Open Containers
--------------------------------------------------------------------------------
Update Information:
Update to release v1.3.4
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 29 2025 Bradley G Smith <[email protected]> - 2:1.3.4-1
- Update to release v1.3.4
- Upstream fixes
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
