Stay Vigilant with Timely Linux Security Advisories

security advisorymoderateDoS

openSUSE: Poppler Moderate Recursion Issue SUSE-2025:3898-1 CVE-2025-43718

* bsc#1250908 Cross-References: * CVE-2025-43718 . # Security update for poppler Announcement ID: SUSE-SU-2025:3898-1 Release Date: 2025-10-31T14:55:55Z Rating: moderate References: * bsc#1250908 Cross-References: * CVE-2025-43718 CVSS scores: * CVE-2025-43718 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-43718 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2025-43718 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43718 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2025-43718: fixed uncontrolled recursion in the regex-based metadata parser when processing specially crafted PDF files (bsc#1250908) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3898=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * typelib-1_0-Poppler-0_18-22.01.0-150400.3.41.1 * libpoppler-glib8-debuginfo-22.01.0-150400.3.41.1 * libpoppler-qt5-1-debuginfo-22.01.0-150400.3.41.1 * libpoppler117-22.01.0-150400.3.41.1 * libpoppler-glib8-22.01.0-150400.3.41.1 * poppler-tools-debuginfo-22.01.0-150400.3.41.1 * libpoppler-qt5-1-22.01.0-150400.3.41.1 * libpoppler-devel-22.01.0-150400.3.41.1 * poppler-qt5-debugsource-22.01.0-150400.3.41.1 * libpoppler-glib-devel-22.01.0-150400.3.41.1 * libpoppler117-debuginfo-22.01.0-150400.3.41.1 * libpoppler-qt6-3-debuginfo-22.01.0-150400.3.41.1 * libpoppler-qt6-devel-22.01.0-150400.3.41.1 * libpoppler-cpp0-debuginfo-22.01.0-150400.3.41.1 * libpoppler-cpp0-22.01.0-150400.3.41.1 *libpoppler-qt6-3-22.01.0-150400.3.41.1 * poppler-tools-22.01.0-150400.3.41.1 * poppler-debugsource-22.01.0-150400.3.41.1 * poppler-qt6-debugsource-22.01.0-150400.3.41.1 * libpoppler-qt5-devel-22.01.0-150400.3.41.1 * openSUSE Leap 15.4 (x86_64) * libpoppler-glib8-32bit-22.01.0-150400.3.41.1 * libpoppler117-32bit-22.01.0-150400.3.41.1 * libpoppler-glib8-32bit-debuginfo-22.01.0-150400.3.41.1 * libpoppler-cpp0-32bit-debuginfo-22.01.0-150400.3.41.1 * libpoppler-qt5-1-32bit-debuginfo-22.01.0-150400.3.41.1 * libpoppler-cpp0-32bit-22.01.0-150400.3.41.1 * libpoppler-qt5-1-32bit-22.01.0-150400.3.41.1 * libpoppler117-32bit-debuginfo-22.01.0-150400.3.41.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libpoppler-glib8-64bit-debuginfo-22.01.0-150400.3.41.1 * libpoppler117-64bit-debuginfo-22.01.0-150400.3.41.1 * libpoppler-qt5-1-64bit-debuginfo-22.01.0-150400.3.41.1 * libpoppler-cpp0-64bit-22.01.0-150400.3.41.1 * libpoppler-cpp0-64bit-debuginfo-22.01.0-150400.3.41.1 * libpoppler117-64bit-22.01.0-150400.3.41.1 * libpoppler-qt5-1-64bit-22.01.0-150400.3.41.1 * libpoppler-glib8-64bit-22.01.0-150400.3.41.1 ## References: * https://www.suse.com/security/cve/CVE-2025-43718.html * https://bugzilla.suse.com/show_bug.cgi?id=1250908 . A moderate security update for openSUSE addressing CVE-2025-43718 in poppler, preventing controlled recursions in PDF processing.. openSUSE Poppler Security Update, CVE-2025-43718 Patch, Linux Application Security. . LinuxSecurity.com Team

Oct 31, 2025 SuSE

security advisorymoderatepoppler

openSUSE Leap 15.4: Poppler Moderate CVE-2025-43718 Recursion Patch

An update that solves one vulnerability can now be installed.. # Security update for poppler Announcement ID: SUSE-SU-2025:3898-1 Release Date: 2025-10-31T14:55:55Z Rating: moderate References: * bsc#1250908 Cross-References: * CVE-2025-43718 CVSS scores: * CVE-2025-43718 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-43718 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2025-43718 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43718 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2025-43718: fixed uncontrolled recursion in the regex-based metadata parser when processing specially crafted PDF files (bsc#1250908) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3898=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * typelib-1_0-Poppler-0_18-22.01.0-150400.3.41.1 * libpoppler-glib8-debuginfo-22.01.0-150400.3.41.1 * libpoppler-qt5-1-debuginfo-22.01.0-150400.3.41.1 * libpoppler117-22.01.0-150400.3.41.1 * libpoppler-glib8-22.01.0-150400.3.41.1 * poppler-tools-debuginfo-22.01.0-150400.3.41.1 * libpoppler-qt5-1-22.01.0-150400.3.41.1 * libpoppler-devel-22.01.0-150400.3.41.1 * poppler-qt5-debugsource-22.01.0-150400.3.41.1 * libpoppler-glib-devel-22.01.0-150400.3.41.1 * libpoppler117-debuginfo-22.01.0-150400.3.41.1 * libpoppler-qt6-3-debuginfo-22.01.0-150400.3.41.1 * libpoppler-qt6-devel-22.01.0-150400.3.41.1 * libpoppler-cpp0-debuginfo-22.01.0-150400.3.41.1 *libpoppler-cpp0-22.01.0-150400.3.41.1 * libpoppler-qt6-3-22.01.0-150400.3.41.1 * poppler-tools-22.01.0-150400.3.41.1 * poppler-debugsource-22.01.0-150400.3.41.1 * poppler-qt6-debugsource-22.01.0-150400.3.41.1 * libpoppler-qt5-devel-22.01.0-150400.3.41.1 * openSUSE Leap 15.4 (x86_64) * libpoppler-glib8-32bit-22.01.0-150400.3.41.1 * libpoppler117-32bit-22.01.0-150400.3.41.1 * libpoppler-glib8-32bit-debuginfo-22.01.0-150400.3.41.1 * libpoppler-cpp0-32bit-debuginfo-22.01.0-150400.3.41.1 * libpoppler-qt5-1-32bit-debuginfo-22.01.0-150400.3.41.1 * libpoppler-cpp0-32bit-22.01.0-150400.3.41.1 * libpoppler-qt5-1-32bit-22.01.0-150400.3.41.1 * libpoppler117-32bit-debuginfo-22.01.0-150400.3.41.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libpoppler-glib8-64bit-debuginfo-22.01.0-150400.3.41.1 * libpoppler117-64bit-debuginfo-22.01.0-150400.3.41.1 * libpoppler-qt5-1-64bit-debuginfo-22.01.0-150400.3.41.1 * libpoppler-cpp0-64bit-22.01.0-150400.3.41.1 * libpoppler-cpp0-64bit-debuginfo-22.01.0-150400.3.41.1 * libpoppler117-64bit-22.01.0-150400.3.41.1 * libpoppler-qt5-1-64bit-22.01.0-150400.3.41.1 * libpoppler-glib8-64bit-22.01.0-150400.3.41.1 ## References: * https://www.suse.com/security/cve/CVE-2025-43718.html * https://bugzilla.suse.com/show_bug.cgi?id=1250908 . This update addresses a moderate severity issue in poppler related to uncontrolled recursion in PDF files processing.. poppler security update, openSUSE patch, PDF processing fix, SUSE vulnerability management. . LinuxSecurity.com Team

Oct 31, 2025 OpenSUSE

security advisoryfedoraupdate

Fedora 42: Critical Fix for Uncontrolled Recursion in rust-protobuf-codegen

Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2. Initial packaging of the protobuf-parse and protobuf-support crates.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-1ac08db27d 2025-10-15 01:00:23.850307+00:00 -------------------------------------------------------------------------------- Name : rust-protobuf-codegen Product : Fedora 42 Version : 3.7.2 Release : 1.fc42 URL : https://crates.io/crates/protobuf-codegen Summary : Code generator for rust-protobuf Description : Code generator for rust-protobuf. Includes a library to invoke programmatically (e. g. from `build.rs`) and `protoc-gen-rs` binary. -------------------------------------------------------------------------------- Update Information: Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2. Initial packaging of the protobuf-parse and protobuf-support crates. This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in the protobuf crate). -------------------------------------------------------------------------------- ChangeLog: * Sun Sep 21 2025 Fabio Valentini - 3.7.2-1 - Update to version 3.7.2; Fixes RHBZ#2080867 * Fri Jul 25 2025 Fedora Release Engineering - 2.28.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2376751 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-1ac08db27d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Critical update for Fedora 42's rust-protobuf-codegen addresses uncontrolled recursion issue and other enhancements.. rust-protobuf-codegen, Fedora 42, update notification, security advisory. . Severity: Critical. LinuxSecurity.com Team

Oct 15, 2025 •Critical Fedora

security advisoryfedoracritical

Fedora 42: Severe Uncontrolled Recursion Flaw in rust-protobuf-parse

Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2. Initial packaging of the protobuf-parse and protobuf-support crates.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-1ac08db27d 2025-10-15 01:00:23.850307+00:00 -------------------------------------------------------------------------------- Name : rust-protobuf-parse Product : Fedora 42 Version : 3.7.2 Release : 1.fc42 URL : https://crates.io/crates/protobuf-parse Summary : Parse .proto files Description : Parse `.proto` files. Files are parsed into a `protobuf::descriptor::FileDescriptorSet` object using either: * pure rust parser (no dependencies) * `protoc` binary (more reliable and compatible with Google's implementation). -------------------------------------------------------------------------------- Update Information: Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2. Initial packaging of the protobuf-parse and protobuf-support crates. This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in the protobuf crate). -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 30 2025 Fabio Valentini - 3.7.2-1 - Initial import (#2397168) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2376751 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su-c 'dnf upgrade --advisory FEDORA-2025-1ac08db27d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Update for rust-protobuf-parse solves critical uncontrolled recursion risks enhancing system compatibility and stability.. rust-protobuf-parse update, Fedora 42 security, package management. . Severity: Critical. LinuxSecurity.com Team

Oct 15, 2025 •Critical Fedora

security advisoryfedoraupdate

Fedora 42: rust-protobuf-update Loop Prevention Solution 2025-3de09bf58a

Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2. Initial packaging of the protobuf-parse and protobuf-support crates.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-1ac08db27d 2025-10-15 01:00:23.850307+00:00 -------------------------------------------------------------------------------- Name : rust-protobuf-support Product : Fedora 42 Version : 3.7.2 Release : 1.fc42 URL : https://crates.io/crates/protobuf-support Summary : Code supporting protobuf implementation Description : Code supporting protobuf implementation. None of code in this crate is public API. -------------------------------------------------------------------------------- Update Information: Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2. Initial packaging of the protobuf-parse and protobuf-support crates. This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in the protobuf crate). -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 30 2025 Fabio Valentini - 3.7.2-1 - Initial import (#2397167) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2376751 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-1ac08db27d' at the command line. For more information, refer to the dnfdocumentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Update for Fedora 42 addressing the Uncontrolled Recursion Vulnerability in protobuf support. Fix your installations soon.. rust-protobuf-support, Fedora 42, patch, security advisory. . Severity: Critical. LinuxSecurity.com Team

Oct 15, 2025 •Critical Fedora

security advisoryfedoraimportant

Fedora 42: python-jsonschema Critical Infinite Loop Patch 2025-1b67ab3f5f

Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2. Initial packaging of the protobuf-parse and protobuf-support crates.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-1ac08db27d 2025-10-15 01:00:23.850307+00:00 -------------------------------------------------------------------------------- Name : rust-protobuf Product : Fedora 42 Version : 3.7.2 Release : 1.fc42 URL : https://crates.io/crates/protobuf Summary : Rust implementation of Google protocol buffers Description : Rust implementation of Google protocol buffers. -------------------------------------------------------------------------------- Update Information: Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2. Initial packaging of the protobuf-parse and protobuf-support crates. This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in the protobuf crate). -------------------------------------------------------------------------------- ChangeLog: * Sun Sep 21 2025 Fabio Valentini - 3.7.2-1 - Update to version 3.7.2; Fixes RHBZ#2080866 * Fri Jul 25 2025 Fedora Release Engineering - 2.28.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2376751 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade--advisory FEDORA-2025-1ac08db27d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Fedora 42 rust-protobuf update addresses an important uncontrolled recursion threat with fixes and enhancements.. Fedora 42,Rust Protobuf,security advisory,uncontrolled recursion,update. . Severity: Important. LinuxSecurity.com Team

Oct 15, 2025 •Important Fedora

security advisoryfedoracritical

Ubuntu 22: python-pycryptodome High Memory Leak Issue 2025-2db54ef2a

Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2. Initial packaging of the protobuf-parse and protobuf-support crates.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-1ac08db27d 2025-10-15 01:00:23.850307+00:00 -------------------------------------------------------------------------------- Name : rust-maxminddb Product : Fedora 42 Version : 0.26.0 Release : 1.fc42 URL : https://crates.io/crates/maxminddb Summary : Library for reading MaxMind DB format used by GeoIP2 and GeoLite2 Description : Library for reading MaxMind DB format used by GeoIP2 and GeoLite2. -------------------------------------------------------------------------------- Update Information: Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2. Initial packaging of the protobuf-parse and protobuf-support crates. This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in the protobuf crate). -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 30 2025 Fabio Valentini - 0.26.0-1 - Update to version 0.26.0; Fixes RHBZ#2257537 * Fri Jul 25 2025 Fedora Release Engineering - 0.23.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2376751 -------------------------------------------------------------------------------- This update can be installed with the "dnf"update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-1ac08db27d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Fedora 42 security advisory for rust-maxminddb updates addressing critical issues like uncontrolled recursion vulnerabilities.. security advisory,Fedora 42,rust-maxminddb,protobuf,update. . Severity: Critical. LinuxSecurity.com Team

Oct 15, 2025 •Critical Fedora

security advisoryfedoraupdate

Fedora 42: Crucial Resolution for Infinite Recursion in rust-prometheus

Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2. Initial packaging of the protobuf-parse and protobuf-support crates.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-1ac08db27d 2025-10-15 01:00:23.850307+00:00 -------------------------------------------------------------------------------- Name : rust-prometheus Product : Fedora 42 Version : 0.14.0 Release : 1.fc42 URL : https://crates.io/crates/prometheus Summary : Instrumentation library for Rust applications Description : Prometheus instrumentation library for Rust applications. -------------------------------------------------------------------------------- Update Information: Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2. Initial packaging of the protobuf-parse and protobuf-support crates. This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in the protobuf crate). -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 30 2025 Fabio Valentini - 0.14.0-1 - Update to version 0.14.0; Fixes RHBZ#2279084 * Fri Jul 25 2025 Fedora Release Engineering - 0.13.3-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2376751 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c'dnf upgrade --advisory FEDORA-2025-1ac08db27d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Fedora 42 updates rust-prometheus to fix a critical uncontrolled recursion issue, enhancing system security.. rust-prometheus update, Fedora security update, vuln management. . Severity: Important. LinuxSecurity.com Team

Oct 15, 2025 •Important Fedora

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

openSUSE: Poppler Moderate Recursion Issue SUSE-2025:3898-1 CVE-2025-43718

openSUSE Leap 15.4: Poppler Moderate CVE-2025-43718 Recursion Patch

Fedora 42: Critical Fix for Uncontrolled Recursion in rust-protobuf-codegen

Fedora 42: Severe Uncontrolled Recursion Flaw in rust-protobuf-parse

Fedora 42: rust-protobuf-update Loop Prevention Solution 2025-3de09bf58a

Fedora 42: python-jsonschema Critical Infinite Loop Patch 2025-1b67ab3f5f

Ubuntu 22: python-pycryptodome High Memory Leak Issue 2025-2db54ef2a

Fedora 42: Crucial Resolution for Infinite Recursion in rust-prometheus

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!