This update addresses two security vulnerabilities:
* CVE-2025-0395: A buffer overflow may occur in the assert function with certain large program names and assert expressions.
* CVE-2025-0577: getrandom, arc4random can produce predictable randomness if a multi-threaded program creates additional threads after fork.
The following non-security bugs are fixed:
* Compatibility with certain programs that call free(environ) is improved (however, deallocating environ remains undefined in general).
* Crashes in string functions on certain hypervisors that report L3 cache sizes above 4 GiB are avoided.
* Poor performance of x86-64 string functions in certain cases.
* Initialization of the restartable sequence area now follows recommended practices.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2025-69207650a4Please log in to add feedback.
This update has been submitted for testing by fweimer.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'passed'.
System is working fine after a reboot, no regressions noted.
This update has been pushed to testing.
This update can be pushed to stable now if the maintainer wishes
no regressions noted
This update has been submitted for stable by bodhi.
no regressions noted
This update has been pushed to stable.