Aggregator

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS.

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS.

Version:next-20251110 (linux-next) Released:2025-11-10

Version:6.18-rc5 (mainline) Released:2025-11-09 Source:linux-6.18-rc5.tar.gz Patch:full (incremental)

FEDORA-FLATPAK-2025-069f618c90 Packages in this update:

• dolphin-emu-flatpak-2503a-4

Update description:

Fixed CVEs in bundled dependencies

FEDORA-2025-f7d7958683 Packages in this update:

• fvwm3-1.1.4-1.fc42

Update description:

FVWM3 ver. 1.1.4

FEDORA-2025-c0d54269e6 Packages in this update:

• fvwm3-1.1.4-1.fc41

Update description:

FVWM3 ver. 1.1.4

FEDORA-2025-a5cdd30644 Packages in this update:

• fvwm3-1.1.4-1.fc43

Update description:

FVWM3 ver. 1.1.4

FEDORA-2025-805b8f571a Packages in this update:

• xmedcon-0.25.3-1.fc42

Update description:

upgraded to 0.25.3 fixes open bugs, CVEs, etc

FEDORA-2025-977a26e133 Packages in this update:

• xmedcon-0.25.3-1.fc43

Update description:

upgraded to 0.25.3 fixes open bugs, CVEs, etc

FEDORA-2025-9d4a8ab586 Packages in this update:

• xmedcon-0.25.3-1.fc41

Update description:

upgraded to 0.25.3 fixes open bugs, CVEs, etc

FEDORA-2025-0490389cb0 Packages in this update:

• suricata-7.0.13-1.fc42

Update description:

upstream bugfix/security release

FEDORA-2025-671d7aa1ba Packages in this update:

• chromium-142.0.7444.134-1.fc41

Update description:

Update to 142.0.7444.134

* High CVE-2025-12725: Out of bounds write in WebGPU * High CVE-2025-12726: Inappropriate implementation in Views * High CVE-2025-12727: Inappropriate implementation in V8 * Medium CVE-2025-12728: Inappropriate implementation in Omnibox * Medium CVE-2025-12729: Inappropriate implementation in Omnibox

FEDORA-EPEL-2025-35c67d93f9 Packages in this update:

• chromium-142.0.7444.134-1.el9

Update description:

Update to 142.0.7444.134

* High CVE-2025-12725: Out of bounds write in WebGPU * High CVE-2025-12726: Inappropriate implementation in Views * High CVE-2025-12727: Inappropriate implementation in V8 * Medium CVE-2025-12728: Inappropriate implementation in Omnibox * Medium CVE-2025-12729: Inappropriate implementation in Omnibox

FEDORA-2025-97961060e1 Packages in this update:

• chromium-142.0.7444.134-1.fc43

Update description:

Update to 142.0.7444.134

* High CVE-2025-12725: Out of bounds write in WebGPU * High CVE-2025-12726: Inappropriate implementation in Views * High CVE-2025-12727: Inappropriate implementation in V8 * Medium CVE-2025-12728: Inappropriate implementation in Omnibox * Medium CVE-2025-12729: Inappropriate implementation in Omnibox

FEDORA-EPEL-2025-bcf0aee791 Packages in this update:

• chromium-142.0.7444.134-1.el10_2

Update description:

Update to 142.0.7444.134

* High CVE-2025-12725: Out of bounds write in WebGPU * High CVE-2025-12726: Inappropriate implementation in Views * High CVE-2025-12727: Inappropriate implementation in V8 * Medium CVE-2025-12728: Inappropriate implementation in Omnibox * Medium CVE-2025-12729: Inappropriate implementation in Omnibox

FEDORA-2025-a366512b23 Packages in this update:

• suricata-7.0.13-1.fc43

Update description:

Upstream security/bugfix release.

FEDORA-EPEL-2025-a52b9deb70 Packages in this update:

• python-pdfminer-20240706-2.el9

Update description:

Backport security fix for GHSA-wf5f-4jwr-ppcp / CVE-2025-64512

FEDORA-2025-d019d16668 Packages in this update:

• python-pdfminer-20240706-3.fc41

Update description:

Backport security fix for GHSA-wf5f-4jwr-ppcp / CVE-2025-64512