Fedora Security Advisories

• clash-meta-1.19.12-1.fc42

upgrade to 1.19.12 Mitigating remote code execution vulnerabilities using systemd sandboxing features.

• chromium-138.0.7204.183-1.el9

Update to 138.0.7204.183

• chromium-138.0.7204.183-1.fc41

Update to 138.0.7204.183

• chromium-138.0.7204.183-1.el10_1

Update to 138.0.7204.183

• chromium-138.0.7204.183-1.fc42

Update to 138.0.7204.183

• varnish-7.5.0-4.fc41

Security: This update includes fixes for CVE-2025-47905 aka VSV00016: A client-side desync vulnerability can be triggered in Varnish Cache. This vulnerability can be triggered under specific circumstances involving malformed HTTP/1 chunked requests.

• gdk-pixbuf2-2.42.12-9.fc41

This update fixes CVE-2025-7345 and CVE-2025-6199.

• gdk-pixbuf2-2.42.12-12.fc42

This update fixes CVE-2025-7345 and CVE-2025-6199.

• poppler-25.02.0-2.fc42

This update fixes these CVEs: CVE-2025-32364 CVE-2025-32365 CVE-2024-56378

• poppler-24.08.0-2.fc41

This update fixes these CVEs: CVE-2025-32364 CVE-2025-32365 CVE-2024-56378

• yarnpkg-1.22.22-11.fc42

Apply fixes for CVE-2025-8262 and CVE-2025-7783.

• yarnpkg-1.22.22-11.fc41

Apply fixes for CVE-2025-8262 and CVE-2025-7783.

• yarnpkg-1.22.22-11.el10_1

Apply fixes for CVE-2025-8262 and CVE-2025-7783.

• yarnpkg-1.22.22-11.el9

Apply fixes for CVE-2025-8262 and CVE-2025-7783.

• mingw-opencv-4.10.0-6.fc42

Backport fix for CVE-2025-53644.

• mingw-opencv-4.10.0-6.fc41

Backport fix for CVE-2025-53644.

• moby-engine-28.3.3-1.fc41

Update to release v28.3.3

• moby-engine-28.3.3-1.fc42

Update to release v28.3.3

• libsoup3-3.6.5-2.fc41

This update fixes these CVEs: CVE-2025-4948 CVE-2025-32908 CVE-2025-32907 CVE-2025-4969 CVE-2025-4945 CVE-2025-4476

• libsoup3-3.6.5-2.fc42

This update fixes these CVEs: CVE-2025-4948 CVE-2025-32908 CVE-2025-32907 CVE-2025-4969 CVE-2025-4945 CVE-2025-4476