[EPEL-devel] Fedora EPEL 10.1 updates-testing report

Sat, 31 Jan 2026 17:25:21 -0800 

The following Fedora EPEL 10.1 Security updates need testing:
 Age  URL
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-1f5a2c5f39   
python-python-multipart-0.0.22-1.el10_1
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-0123df77aa   
chromium-144.0.7559.109-1.el10_1


The following builds have been pushed to Fedora EPEL 10.1 updates-testing

    node-exporter-1.10.2-3.el10_1

Details about builds:


================================================================================
 node-exporter-1.10.2-3.el10_1 (FEDORA-EPEL-2026-c702846a3a)
 Exporter for machine metrics
--------------------------------------------------------------------------------
Update Information:

Update to 1.10.2
Update was blocked by a ppc64 issue, but a workaround has been found.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 30 2026 Alejandro Sáez <[email protected]> - 1.10.2-3
- Fix race condition
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> - 
1.10.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Thu Dec  4 2025 Mikel Olasagasti Uranga <[email protected]> - 1.10.2-1
- Update to 1.10.2 - Closes rhbz#2406209 rhbz#2408331 rhbz#2409804
  rhbz#2410754 rhbz#2411650
* Fri Oct 10 2025 Alejandro Sáez <[email protected]> - 1.9.1-4
- rebuild
* Fri Aug 15 2025 Maxwell G <[email protected]> - 1.9.1-3
- Rebuild for golang-1.25.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2398304 - CVE-2025-47910 node-exporter: CrossOriginProtection 
bypass in net/http [epel-10]
        https://bugzilla.redhat.com/show_bug.cgi?id=2398304
  [ 2 ] Bug #2398367 - CVE-2025-47910 node-exporter: CrossOriginProtection 
bypass in net/http [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2398367
  [ 3 ] Bug #2398940 - CVE-2025-47906 node-exporter: Unexpected paths returned 
from LookPath in os/exec [epel-10]
        https://bugzilla.redhat.com/show_bug.cgi?id=2398940
  [ 4 ] Bug #2407489 - CVE-2025-58189 node-exporter: go crypto/tls ALPN 
negotiation error contains attacker controlled information [epel-10]
        https://bugzilla.redhat.com/show_bug.cgi?id=2407489
  [ 5 ] Bug #2408941 - CVE-2025-61723 node-exporter: Quadratic complexity when 
parsing some invalid inputs in encoding/pem [epel-10]
        https://bugzilla.redhat.com/show_bug.cgi?id=2408941
  [ 6 ] Bug #2409883 - CVE-2025-58185 node-exporter: Parsing DER payload can 
cause memory exhaustion in encoding/asn1 [epel-10]
        https://bugzilla.redhat.com/show_bug.cgi?id=2409883
  [ 7 ] Bug #2410823 - CVE-2025-58188 node-exporter: Panic when validating 
certificates with DSA public keys in crypto/x509 [epel-10]
        https://bugzilla.redhat.com/show_bug.cgi?id=2410823
  [ 8 ] Bug #2423985 - [Minor Incident] CVE-2025-52881 node-exporter: container 
escape and denial of service due to arbitrary write gadgets and procfs write 
redirects [epel-10]
        https://bugzilla.redhat.com/show_bug.cgi?id=2423985
--------------------------------------------------------------------------------



-- 
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to