-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-2e7d5d49f2 2026-01-03 01:15:48.095284+00:00 --------------------------------------------------------------------------------
Name : usd Product : Fedora 42 Version : 25.02a Release : 5.fc42 URL : http://www.openusd.org/ Summary : 3D VFX pipeline interchange file format Description : Universal Scene Description (USD) is a time-sampled scene description for interchange between graphics applications. -------------------------------------------------------------------------------- Update Information: Backport fix for CVE-2025-14439/GHSA-grjp-54v3-c442 -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 25 2025 Benjamin A. Beasley <[email protected]> - 25.02a-5 - Backport fix for CVE-2025-14439/GHSA-grjp-54v3-c442 (fix RHBZ#2422275) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2422275 - CVE-2025-14439 usd: OpenUSD File Parsing Use-After-Free Remote Code Execution Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2422275 [ 2 ] Bug #2424910 - CVE-2025-12839 usd: OpenEXR: Remote Code Execution via Heap-based Buffer Overflow in EXR File Parsing [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2424910 [ 3 ] Bug #2424912 - CVE-2025-12840 usd: OpenEXR: Remote Code Execution via EXR file parsing heap-based buffer overflow [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2424912 [ 4 ] Bug #2424917 - CVE-2025-12495 usd: OpenEXR: Remote Code Execution via malicious EXR file parsing [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2424917 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-2e7d5d49f2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
