Fedora Linux 42 has recently undergone updates including critical security enhancements for several key software packages: Moodle, OpenIKED, and Traffic Server.
- CVE-2025-3647: Insecure direct object reference (IDOR) in cohorts report.
- CVE-2025-3645: IDOR in messaging web service allowing unauthorized access to user details.
- CVE-2025-3644: Inadequate access control in AJAX section deletion.
- CVE-2025-3643: Reflected Cross-Site Scripting (XSS) risk in the policy tool.
- CVE-2025-3642 and CVE-2025-3641: Risks of authenticated remote code execution in EQUELLA and Dropbox repositories.
- CVE-2025-3638: Cross-Site Request Forgery (CSRF) risk in the Brickfield tool.
- For Moodle: `su -c 'dnf upgrade --advisory FEDORA-2025-ccb1a36fcb'`
- For OpenIKED: `su -c 'dnf upgrade --advisory FEDORA-2025-f55f140c15'`
- For Traffic Server: `su -c 'dnf upgrade --advisory FEDORA-2025-76d6ce0e17'`
All packages are verified with the Fedora Project GPG key to ensure their integrity.
Moodle Update
The Moodle package has been updated to version 4.5.4-1.fc42, which is a course management system designed for educators to facilitate online learning communities. This update addresses various security vulnerabilities, including:- CVE-2025-3647: Insecure direct object reference (IDOR) in cohorts report.
- CVE-2025-3645: IDOR in messaging web service allowing unauthorized access to user details.
- CVE-2025-3644: Inadequate access control in AJAX section deletion.
- CVE-2025-3643: Reflected Cross-Site Scripting (XSS) risk in the policy tool.
- CVE-2025-3642 and CVE-2025-3641: Risks of authenticated remote code execution in EQUELLA and Dropbox repositories.
- CVE-2025-3638: Cross-Site Request Forgery (CSRF) risk in the Brickfield tool.
OpenIKED Update
OpenIKED has been upgraded to version 7.4-2.fc42. This software is a free implementation of the Internet Key Exchange (IKEv2) protocol, which is essential for setting up and managing IPsec VPNs. The update ensures that the software remains secure and up-to-date with the latest features.Traffic Server Update
The Traffic Server package has been updated to version 10.0.5-1.fc42. This high-performance caching proxy server supports both HTTP/1.1 and HTTP/2 protocols and is built to handle substantial web traffic efficiently. This update resolves a significant vulnerability (CVE-2024-53868) related to malformed chunked message bodies, which could allow for request smuggling attacks.Installation Instructions
Users can install these updates using the DNF package manager with the following commands:- For Moodle: `su -c 'dnf upgrade --advisory FEDORA-2025-ccb1a36fcb'`
- For OpenIKED: `su -c 'dnf upgrade --advisory FEDORA-2025-f55f140c15'`
- For Traffic Server: `su -c 'dnf upgrade --advisory FEDORA-2025-76d6ce0e17'`
All packages are verified with the Fedora Project GPG key to ensure their integrity.
Conclusion
These updates are part of Fedora 42's commitment to providing a secure and robust operating environment. Users are encouraged to apply these updates promptly to benefit from the latest security patches and enhancements. For more information on DNF commands and package management, users can refer to the official DNF documentationMoodle, OpenIKED, Traffic Server updates for Fedora 42
Fedora Linux 42 has been updated with security enhancements, which include Moodle, OpenIKED, and Traffic Server:
Fedora 42 Update: moodle-4.5.4-1.fc42
Fedora 42 Update: openiked-7.4-2.fc42
Fedora 42 Update: trafficserver-10.0.5-1.fc42Moodle, OpenIKED, Traffic Server updates for Fedora 42 @ Linux Compatible
