This update addresses two security vulnerabilities:
* CVE-2025-0395: A buffer overflow may occur in the assert function with certain large program names and assert expressions.
* CVE-2025-0577: getrandom, arc4random can produce predictable randomness if a multi-threaded program creates additional threads after fork.
The following non-security bugs are fixed:
* Compatibility with certain programs that call free(environ) is improved (however, deallocating environ remains undefined in general).
* On certain non-Fedora kernels, mkstemp and other functions may not attempt to create multiple different file names and fail with EEXISTS.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2025-497995b101Please log in to add feedback.
This update has been submitted for testing by fweimer.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'passed'.
System is working fine after a reboot, no regressions noted.
This update has been pushed to testing.
This update's test gating status has been changed to 'failed'.
Works.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'passed'.
This update can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by fweimer.
Works great! LGTM! =)
no regressions noted
This update has been pushed to stable.