Fedora Security Advisories

FEDORA-2025-24bf1ffbe7 Packages in this update:

• mod_md-2.6.6-1.fc43

Update description:

This update includes the latest upstream release of mod_md, with various bug and feature updates.

A fix for the security vulnerability CVE-2025-55753 is also included.

FEDORA-2025-f46efdfd9d Packages in this update: Update description:

This update includes the latest upstream release of mod_md, with various bug and feature updates.

A fix for the security vulnerability CVE-2025-55753 is also included.

FEDORA-2025-62d125612b Packages in this update:

• qt6-qtdeclarative-6.9.3-2.fc42

Update description:

CVE-2025-12385: Fix improper validation of img tag size in Text component parser

FEDORA-EPEL-2025-16257f5bba Packages in this update:

• chromium-143.0.7499.40-1.el10_2

Update description: Update to 143.0.7499.40 * High CVE-2025-13630: Type Confusion in V8 * High CVE-2025-13631: Inappropriate implementation in Google Updater * High CVE-2025-13632: Inappropriate implementation in DevTools * High CVE-2025-13633: Use after free in Digital Credentials * Medium CVE-2025-13634: Inappropriate implementation in Downloads * Medium CVE-2025-13720: Bad cast in Loader * Medium CVE-2025-13721: Race in v8 * Low CVE-2025-13635: Inappropriate implementation in Downloads * Low CVE-2025-13636: Inappropriate implementation in Split View * Low CVE-2025-13637: Inappropriate implementation in Downloads * Low CVE-2025-13638: Use after free in Media Stream * Low CVE-2025-13639: Inappropriate implementation in WebRTC * Low CVE-2025-13640: Inappropriate implementation in Passwords

FEDORA-2025-a41df7ce46 Packages in this update:

• chromium-143.0.7499.40-1.fc42

Update description: Update to 143.0.7499.40 * High CVE-2025-13630: Type Confusion in V8 * High CVE-2025-13631: Inappropriate implementation in Google Updater * High CVE-2025-13632: Inappropriate implementation in DevTools * High CVE-2025-13633: Use after free in Digital Credentials * Medium CVE-2025-13634: Inappropriate implementation in Downloads * Medium CVE-2025-13720: Bad cast in Loader * Medium CVE-2025-13721: Race in v8 * Low CVE-2025-13635: Inappropriate implementation in Downloads * Low CVE-2025-13636: Inappropriate implementation in Split View * Low CVE-2025-13637: Inappropriate implementation in Downloads * Low CVE-2025-13638: Use after free in Media Stream * Low CVE-2025-13639: Inappropriate implementation in WebRTC * Low CVE-2025-13640: Inappropriate implementation in Passwords

FEDORA-EPEL-2025-a6a7b21687 Packages in this update:

• chromium-143.0.7499.40-1.el9

Update description: Update to 143.0.7499.40 * High CVE-2025-13630: Type Confusion in V8 * High CVE-2025-13631: Inappropriate implementation in Google Updater * High CVE-2025-13632: Inappropriate implementation in DevTools * High CVE-2025-13633: Use after free in Digital Credentials * Medium CVE-2025-13634: Inappropriate implementation in Downloads * Medium CVE-2025-13720: Bad cast in Loader * Medium CVE-2025-13721: Race in v8 * Low CVE-2025-13635: Inappropriate implementation in Downloads * Low CVE-2025-13636: Inappropriate implementation in Split View * Low CVE-2025-13637: Inappropriate implementation in Downloads * Low CVE-2025-13638: Use after free in Media Stream * Low CVE-2025-13639: Inappropriate implementation in WebRTC * Low CVE-2025-13640: Inappropriate implementation in Passwords

FEDORA-2025-3c51a0ed51 Packages in this update:

• chromium-143.0.7499.40-1.fc43

Update description: Update to 143.0.7499.40 * High CVE-2025-13630: Type Confusion in V8 * High CVE-2025-13631: Inappropriate implementation in Google Updater * High CVE-2025-13632: Inappropriate implementation in DevTools * High CVE-2025-13633: Use after free in Digital Credentials * Medium CVE-2025-13634: Inappropriate implementation in Downloads * Medium CVE-2025-13720: Bad cast in Loader * Medium CVE-2025-13721: Race in v8 * Low CVE-2025-13635: Inappropriate implementation in Downloads * Low CVE-2025-13636: Inappropriate implementation in Split View * Low CVE-2025-13637: Inappropriate implementation in Downloads * Low CVE-2025-13638: Use after free in Media Stream * Low CVE-2025-13639: Inappropriate implementation in WebRTC * Low CVE-2025-13640: Inappropriate implementation in Passwords

FEDORA-2025-ed228a4b71 Packages in this update:

• abrt-2.17.8-1.fc41

Update description:

Fix CVE-2025-12744

FEDORA-2025-64091db7e0 Packages in this update:

• abrt-2.17.8-1.fc42

Update description:

Fix CVE-2025-12744

FEDORA-EPEL-2025-7ff96bb97d Packages in this update:

• webkitgtk-2.50.2-2.el10_1

Update description:

Merge remote-tracking branch 'origin/f43' into epel10.1

FEDORA-2025-ae1276a1c6 Packages in this update:

• abrt-2.17.8-1.fc43

Update description:

Fix CVE-2025-12744

FEDORA-2025-ff963b3775 Packages in this update:

• apptainer-1.4.5-2.fc42

Update description:

Apply fuse2fs patches that were accidentally empty

Update to upstream 1.4.5, including a fix for CVE-2025-65105

FEDORA-EPEL-2025-44da2a402e Packages in this update:

• apptainer-1.4.5-2.el8

Update description:

Apply fuse2fs patches that were accidentally empty

Update to upstream 1.4.5, including a fix for CVE-2025-65105

FEDORA-EPEL-2025-473cf23bc7 Packages in this update:

• apptainer-1.4.5-2.el9

Update description:

Apply fuse2fs patches that were accidentally empty

Update to upstream 1.4.5, including a fix for CVE-2025-65105

FEDORA-EPEL-2025-8e02728fbe Packages in this update:

• apptainer-1.4.5-2.el10_1

Update description:

Apply fuse2fs patches that were accidentally empty

Update to upstream 1.4.5, including a fix for CVE-2025-65105

FEDORA-2025-cf169a01e8 Packages in this update:

• apptainer-1.4.5-2.fc43

Update description:

Apply fuse2fs patches that were accidentally empty

Update to upstream 1.4.5, including a fix for CVE-2025-65105

FEDORA-2025-df330356b2 Packages in this update:

• apptainer-1.4.5-2.fc41

Update description:

Apply fuse2fs patches that were accidentally empty

Update to upstream 1.4.5, including a fix for CVE-2025-65105

FEDORA-EPEL-2025-32198453b0 Packages in this update:

• apptainer-1.4.5-2.el10_2

Update description:

Apply fuse2fs patches that were accidentally empty

Update to upstream 1.4.5, including a fix for CVE-2025-65105

FEDORA-EPEL-2025-8e15323af1 Packages in this update:

• openssl3-3.5.1-6.1.el8

Update description:

Rebase to latest c9s openssl

Security Fix(es):

• openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230)

FEDORA-2025-0e41e63705 Packages in this update:

• wireshark-4.6.1-1.fc43

Update description:

New version 4.6.1. Beware of the move of files from /usr/lib64/wireshark/extcap/ to /usr/libexec/wireshark/extcap. Any custom user scripts should be moved too.