Fedora Linux has announced several important security updates for its versions 41 and 42, addressing vulnerabilities in key software components. The updates include:
1. Libmodsecurity: Released version 3.0.14 for both Fedora 41 and 42, which includes fixes for CVE-2025-27110. Libmodsecurity serves as a library for interpreting ModSecurity rules, enhancing web traffic security by applying processing rules to HTTP content.
2. Microcode_ctl: The updated version (2.1-67.2.fc41) for Fedora 41 implements various microcode updates for x86 CPUs, addressing multiple vulnerabilities including CVE-2024-28956 and CVE-2025-20012. This tool is essential for managing CPU microcode updates that are volatile and need to be applied at each system boot.
3. Nextcloud: The latest update (31.0.5) for both Fedora 41 and 42 includes security improvements and fixes for vulnerabilities such as CVE-2025-48050, which pertains to DOMPurify path traversal issues. Nextcloud facilitates secure file synchronization and sharing through a web interface or WebDAV.
4. Lua-http: For Fedora 42, version 0.3-17 was released, addressing CVE-2023-4540, which relates to excessive memory allocation leading to potential denial of service (DoS) attacks. Lua-http is a library designed for efficient HTTP and WebSocket communication in Lua.
For users looking to install these updates, they can be accessed via the "dnf" update program using specific advisory codes tailored for each update. All packages are secured with the Fedora Project GPG key, ensuring the integrity and authenticity of the updates.
In addition to the above updates, it is advisable for users of Fedora to regularly check for updates and security advisories to maintain the security and stability of their systems. Keeping software up-to-date is crucial in mitigating vulnerabilities and ensuring optimal performance. For developers and system administrators, utilizing the provided links to the relevant Bugzilla tickets can offer insights into specific vulnerabilities and their resolutions
1. Libmodsecurity: Released version 3.0.14 for both Fedora 41 and 42, which includes fixes for CVE-2025-27110. Libmodsecurity serves as a library for interpreting ModSecurity rules, enhancing web traffic security by applying processing rules to HTTP content.
2. Microcode_ctl: The updated version (2.1-67.2.fc41) for Fedora 41 implements various microcode updates for x86 CPUs, addressing multiple vulnerabilities including CVE-2024-28956 and CVE-2025-20012. This tool is essential for managing CPU microcode updates that are volatile and need to be applied at each system boot.
3. Nextcloud: The latest update (31.0.5) for both Fedora 41 and 42 includes security improvements and fixes for vulnerabilities such as CVE-2025-48050, which pertains to DOMPurify path traversal issues. Nextcloud facilitates secure file synchronization and sharing through a web interface or WebDAV.
4. Lua-http: For Fedora 42, version 0.3-17 was released, addressing CVE-2023-4540, which relates to excessive memory allocation leading to potential denial of service (DoS) attacks. Lua-http is a library designed for efficient HTTP and WebSocket communication in Lua.
For users looking to install these updates, they can be accessed via the "dnf" update program using specific advisory codes tailored for each update. All packages are secured with the Fedora Project GPG key, ensuring the integrity and authenticity of the updates.
In addition to the above updates, it is advisable for users of Fedora to regularly check for updates and security advisories to maintain the security and stability of their systems. Keeping software up-to-date is crucial in mitigating vulnerabilities and ensuring optimal performance. For developers and system administrators, utilizing the provided links to the relevant Bugzilla tickets can offer insights into specific vulnerabilities and their resolutions
Libmodsecurity, Microcode_CTL, Nextcloud, Lua-HTTP updates for Fedora
Fedora Linux has been updated with various security enhancements, including libmodsecurity, microcode_ctl, nextcloud, and lua-http:
Fedora 41 Update: libmodsecurity-3.0.14-1.fc41
Fedora 41 Update: microcode_ctl-2.1-67.2.fc41
Fedora 41 Update: nextcloud-31.0.5-1.fc41
Fedora 42 Update: libmodsecurity-3.0.14-1.fc42
Fedora 42 Update: lua-http-0.3-17.fc42
Fedora 42 Update: nextcloud-31.0.5-1.fc42Libmodsecurity, Microcode_CTL, Nextcloud, Lua-HTTP updates for Fedora @ Linux Compatible
