Fedora has announced security updates for several of its packages, specifically targeting vulnerabilities in perl-JSON-XS, Firefox, and Kea. The perl-JSON-XS package has been updated to version 4.04 to mitigate a heap overflow vulnerability identified as CVE-2025-40928, which could lead to crashes or potential data leaks. Additionally, the update corrects a flaw where invalid JSON texts were incorrectly recognized as valid.
The latest Firefox update introduces version 143.0, which is a new upstream release. The Kea DHCP server update, version 3.0.1, addresses a bug (CVE-2025-40779) that could cause the server to crash under certain conditions.
Here are the specific updates for each Fedora version:
- Fedora 41: perl-JSON-XS updated to 4.04-1.fc41.
- Fedora 42: Firefox updated to 143.0-1.fc42 and perl-JSON-XS updated to 4.04-1.fc42.
- Fedora 43: perl-JSON-XS updated to 4.04-1.fc43 and Kea updated to 3.0.1-1.fc43.
To install these updates, users can utilize the "dnf" update program with commands tailored to each advisory. All packages come signed with the Fedora Project GPG key, ensuring their authenticity.
In summary, these updates are crucial for maintaining the security and functionality of Fedora systems, addressing significant vulnerabilities and introducing new features. Users are encouraged to keep their systems updated to benefit from these improvements and patches regularly
The latest Firefox update introduces version 143.0, which is a new upstream release. The Kea DHCP server update, version 3.0.1, addresses a bug (CVE-2025-40779) that could cause the server to crash under certain conditions.
Here are the specific updates for each Fedora version:
- Fedora 41: perl-JSON-XS updated to 4.04-1.fc41.
- Fedora 42: Firefox updated to 143.0-1.fc42 and perl-JSON-XS updated to 4.04-1.fc42.
- Fedora 43: perl-JSON-XS updated to 4.04-1.fc43 and Kea updated to 3.0.1-1.fc43.
To install these updates, users can utilize the "dnf" update program with commands tailored to each advisory. All packages come signed with the Fedora Project GPG key, ensuring their authenticity.
In summary, these updates are crucial for maintaining the security and functionality of Fedora systems, addressing significant vulnerabilities and introducing new features. Users are encouraged to keep their systems updated to benefit from these improvements and patches regularly
Pperl-JSON-XS, Firefox, Kea updates for Fedora
Fedora has released security updates for various packages, including perl-JSON-XS, Firefox, and Kea. The Perl-JSON-XS update fixes a heap overflow vulnerability (CVE-2025-40928) that could cause crashes or information disclosure and also addresses an issue where invalid JSON texts were accepted as valid. The Firefox update is a new upstream release (143.0). The Kea update fixes a bug (CVE-2025-40779) that caused the Kea DHCP server to crash in certain situations.
Fedora 41 Update: perl-JSON-XS-4.04-1.fc41
Fedora 42 Update: firefox-143.0-1.fc42
Fedora 42 Update: perl-JSON-XS-4.04-1.fc42
Fedora 43 Update: perl-JSON-XS-4.04-1.fc43
Fedora 43 Update: kea-3.0.1-1.fc43Pperl-JSON-XS, Firefox, Kea updates for Fedora @ Linux Compatible
