The following Fedora EPEL 8 Security updates need testing:
Age URL
47 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-5b2095e2c2
xpdf-4.06-1.el8
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-4013949761
python-pycryptodomex-3.21.0-1.el8
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-a0fad994eb
exim-4.99.1-1.el8
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-1d01413ac3
coturn-4.7.0-4.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
ntfs-3g-system-compression-1.1-1.el8
wasmedge-0.14.0-4.el8
Details about builds:
================================================================================
ntfs-3g-system-compression-1.1-1.el8 (FEDORA-EPEL-2026-315f806da8)
NTFS-3G plugin for reading "system compressed" files
--------------------------------------------------------------------------------
Update Information:
Update to v1.1
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 5 2026 Neal Gompa <[email protected]> - 1.1-1
- Update to 1.1
- Slightly modernize spec
- Drop unneeded patch
* Thu Jul 24 2025 Fedora Release Engineering <[email protected]> - 1.0-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Fri Jan 17 2025 Fedora Release Engineering <[email protected]> - 1.0-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Thu Jul 18 2024 Fedora Release Engineering <[email protected]> - 1.0-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> - 1.0-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> - 1.0-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <[email protected]> - 1.0-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Mar 10 2023 DJ Delorie <[email protected]> - 1.0-13
- Fix C99 compatibility issue
* Mon Feb 13 2023 Kamil Páral <[email protected]> - 1.0-12
- migrated to SPDX license
* Thu Jan 19 2023 Fedora Release Engineering <[email protected]> - 1.0-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jul 22 2022 Fedora Release Engineering <[email protected]> - 1.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed Jun 8 2022 Richard W.M. Jones <[email protected]> - 1.0-9
- Rebuild for ntfs-3g CVE
* Thu Jan 20 2022 Fedora Release Engineering <[email protected]> - 1.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2093308 - CVE-2022-30783 ntfs-3g-system-compression: ntfs-3g:
invalid return code in fuse_kern_mount enables intercepting of libfuse-lite
protocol traffic [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2093308
[ 2 ] Bug #2093315 - CVE-2022-30784 ntfs-3g-system-compression: ntfs-3g:
crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2093315
[ 3 ] Bug #2093323 - CVE-2022-30785 ntfs-3g-system-compression: ntfs-3g: a
file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir,
enables arbitrary memory read and write operations [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2093323
[ 4 ] Bug #2093327 - CVE-2022-30786 ntfs-3g-system-compression: ntfs-3g:
crafted NTFS image can cause a heap-based buffer overflow in
ntfs_names_full_collate [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2093327
[ 5 ] Bug #2093336 - CVE-2022-30787 ntfs-3g-system-compression: ntfs-3g:
integer underflow in fuse_lib_readdir enables arbitrary memory read operations
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2093336
[ 6 ] Bug #2093343 - CVE-2022-30788 ntfs-3g-system-compression: ntfs-3g:
crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2093343
[ 7 ] Bug #2093353 - CVE-2022-30789 ntfs-3g-system-compression: ntfs-3g:
crafted NTFS image can cause a heap-based buffer overflow in
ntfs_check_log_client_array [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2093353
[ 8 ] Bug #2093363 - CVE-2021-46790 ntfs-3g-system-compression: ntfs-3g:
heap-based buffer overflow in ntfsck [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2093363
[ 9 ] Bug #2422052 - ntfs-3g-system-compression-1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2422052
--------------------------------------------------------------------------------
================================================================================
wasmedge-0.14.0-4.el8 (FEDORA-EPEL-2026-db1e2d26c5)
High performance WebAssembly Virtual Machine
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2025-22921
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 5 2026 dm4 <[email protected]> - 0.14.0-4
- Backport fix for CVE-2025-22921
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2426610 - CVE-2025-69261 wasmedge: WasmEdge: Denial of Service via
incorrect memory access [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2426610
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
