The following Fedora EPEL 8 Security updates need testing:
Age URL
77 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-5b2095e2c2
xpdf-4.06-1.el8
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-5c626357f7
xorgxrdp-0.10.5-1.el8 xrdp-0.10.5-1.el8
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-96a07a6444
openssl3-3.5.5-1.1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
mongo-c-driver-1.30.7-1.el8
openbao-2.5.0-1.el8
stockfish-18-2.el8
Details about builds:
================================================================================
mongo-c-driver-1.30.7-1.el8 (FEDORA-EPEL-2026-138a37ec8d)
Client library written in C for MongoDB
--------------------------------------------------------------------------------
Update Information:
libbson 1.30.7
No changes since 1.30.6. Version incremented to match the libmongoc version.
libmongoc 1.30.7
Fixes:
Fix documentation build with python-docutils 0.22.2
Omit saslSupportedMechs in single-threaded monitoring commands.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 4 2026 Remi Collet <[email protected]> - 1.30.7-1
- update to 1.30.7
--------------------------------------------------------------------------------
================================================================================
openbao-2.5.0-1.el8 (FEDORA-EPEL-2026-5e10141457)
A tool for securely accessing secrets
--------------------------------------------------------------------------------
Update Information:
Update to upstream openbao-2.5.0. Also fixes CVE-2025-58189, CVE-2025-61723,
CVE-2025-61725, CVE-2025-58183, CVE-2025-58185, CVE-2025-58188 on epel-8.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 4 2026 Dave Dykstra <[email protected]> -
2.5.0-1
- update to 2.5.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2407513 - CVE-2025-58189 openbao: go crypto/tls ALPN negotiation
error contains attacker controlled information [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2407513
[ 2 ] Bug #2408542 - CVE-2025-61725 openbao: Excessive CPU consumption in
ParseAddress in net/mail [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2408542
[ 3 ] Bug #2408965 - CVE-2025-61723 openbao: Quadratic complexity when
parsing some invalid inputs in encoding/pem [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2408965
[ 4 ] Bug #2409907 - CVE-2025-58185 openbao: Parsing DER payload can cause
memory exhaustion in encoding/asn1 [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2409907
[ 5 ] Bug #2410847 - CVE-2025-58188 openbao: Panic when validating
certificates with DSA public keys in crypto/x509 [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2410847
[ 6 ] Bug #2412489 - CVE-2025-58183 openbao: Unbounded allocation when
parsing GNU sparse map [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2412489
--------------------------------------------------------------------------------
================================================================================
stockfish-18-2.el8 (FEDORA-EPEL-2026-3c8ab1e95b)
Powerful open source chess engine
--------------------------------------------------------------------------------
Update Information:
Update to Stockfish 18
In tests against Stockfish 17, this new release brings an Elo gain of up to 46
points, and wins four times as many game pairs as it loses. Quality improved
throughout, including in Fischer Random Chess.
Full release notes: https://github.com/official-
stockfish/Stockfish/releases/tag/sf_18
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 3 2026 Ondrej MosnáÄek <[email protected]> - 18-2
- Make the build pass on EPEL 8
* Sun Feb 1 2026 Benjamin A. Beasley <[email protected]> - 18-1
- Update to version 18; close RHBZ#2435680
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> - 17.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> - 17.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://forge.fedoraproject.org/infra/tickets/issues/new
