The Fedora project has announced security updates for versions 41 and 42 to address several vulnerabilities. Key updates include:
1. yq Package Updates:
- For both Fedora 41 and Fedora 42, the yq package has been updated to version 4.47.1. This update introduces shell completions and adopts go-vendor-tools while also fixing various bugs.
- The specific version updates are:
- Fedora 41: yq-4.47.1-2.fc41
- Fedora 42: yq-4.47.1-2.fc42
2. Kea Package Update:
- An update for the Kea package (a DHCPv4, DHCPv6, and Dynamic DNS server) is also available for Fedora 42, upgrading to version 3.0.1. This update addresses a critical vulnerability (CVE-2025-40779) that could lead to crashes when specific client options interact with subnet selection.
- The specific version update is:
- Fedora 42: kea-3.0.1-1.fc42
- Versions: 4.47.1 for both Fedora 41 and 42.
- Features: Shell completions, bug fixes, and adoption of go-vendor-tools.
- Kea Update:
- Version: 3.0.1 for Fedora 42.
- Security Fix: Addresses CVE-2025-40779 vulnerability.
- For yq in Fedora 41: `su -c 'dnf upgrade --advisory FEDORA-2025-d8a379a267'`
- For yq in Fedora 42: `su -c 'dnf upgrade --advisory FEDORA-2025-99309ef35f'`
- For Kea in Fedora 42: `su -c 'dnf upgrade --advisory FEDORA-2025-92b4ae7199'`
This update reinforces the commitment of the Fedora project to maintain system security and functionality while enhancing user experience with tools like yq. Users are encouraged to regularly check for updates to ensure their systems remain secure and up-to-date
1. yq Package Updates:
- For both Fedora 41 and Fedora 42, the yq package has been updated to version 4.47.1. This update introduces shell completions and adopts go-vendor-tools while also fixing various bugs.
- The specific version updates are:
- Fedora 41: yq-4.47.1-2.fc41
- Fedora 42: yq-4.47.1-2.fc42
2. Kea Package Update:
- An update for the Kea package (a DHCPv4, DHCPv6, and Dynamic DNS server) is also available for Fedora 42, upgrading to version 3.0.1. This update addresses a critical vulnerability (CVE-2025-40779) that could lead to crashes when specific client options interact with subnet selection.
- The specific version update is:
- Fedora 42: kea-3.0.1-1.fc42
Summary of Updates:
- yq Updates:- Versions: 4.47.1 for both Fedora 41 and 42.
- Features: Shell completions, bug fixes, and adoption of go-vendor-tools.
- Kea Update:
- Version: 3.0.1 for Fedora 42.
- Security Fix: Addresses CVE-2025-40779 vulnerability.
Installation Instructions:
Users can install these updates using the dnf package manager with the following commands:- For yq in Fedora 41: `su -c 'dnf upgrade --advisory FEDORA-2025-d8a379a267'`
- For yq in Fedora 42: `su -c 'dnf upgrade --advisory FEDORA-2025-99309ef35f'`
- For Kea in Fedora 42: `su -c 'dnf upgrade --advisory FEDORA-2025-92b4ae7199'`
Additional Information:
All packages are signed with the Fedora Project GPG key, ensuring their authenticity. For further details about GPG keys and updates, users can refer to the Fedora Project documentation.This update reinforces the commitment of the Fedora project to maintain system security and functionality while enhancing user experience with tools like yq. Users are encouraged to regularly check for updates to ensure their systems remain secure and up-to-date
YQ and Kea updates for Fedora
The Fedora project has released security updates for Fedora 41 and Fedora 42 to address several vulnerabilities. An update is available for the yq package, a portable command-line YAML, JSON, XML, CSV, TOML, and properties processor, which adds shell completions and fixes bugs. Another update is also available for the yq package on Fedora 42 with the same changes as the previous one. Additionally, an update is available for the Kea package, a DHCPv4, DHCPv6, and DDNS server from ISC, which includes new version 3.0.1 and fixes CVE-2025-40779.
Fedora 41 Update: yq-4.47.1-2.fc41
Fedora 42 Update: yq-4.47.1-2.fc42
Fedora 42 Update: kea-3.0.1-1.fc42
