Fedora Security Advisories

FEDORA-2025-f11955cbd4 Packages in this update:

• mingw-qt5-qtsvg-5.15.17-3.fc43
• mingw-qt6-qtsvg-6.9.2-2.fc43

Update description:

Backport fix for CVE-2025-10729.

FEDORA-2025-ec083036ae Packages in this update:

• mingw-python3-3.11.14-1.fc43

Update description:

Update to python-3.11.14, fixes CVE-2025-8291.

FEDORA-2025-ccc3e0a219 Packages in this update:

• mingw-python3-3.11.14-1.fc42

Update description:

Update to python-3.11.14, fixes CVE-2025-8291.

FEDORA-2025-d94c21c98f Packages in this update:

• mingw-python3-3.11.14-1.fc41

Update description:

Update to python-3.11.14, fixes CVE-2025-8291.

FEDORA-2025-c2fa2eb17c Packages in this update:

• runc-1.3.2-1.fc41

Update description:

Update to release v1.3.2

FEDORA-2025-c4d00e29b7 Packages in this update:

• runc-1.3.2-1.fc42

Update description:

Update to release v1.3.2

FEDORA-2025-44ccc989e1 Packages in this update:

• runc-1.3.2-1.fc43

Update description:

Update to release v1.3.2

FEDORA-2025-d5eb72768a Packages in this update:

• dovecot-2.4.1-6.fc44

Update description:

Automatic update for dovecot-2.4.1-6.fc44.

Changelog * Thu Oct 9 2025 Michal Hlavinka <mhlavink@redhat.com> - 1:2.4.1-6 - fix CVE-2025-30189: users would end up overwriting each other in cache (rhbz#2402122)

FEDORA-2025-6e5c27d218 Packages in this update:

• rubygem-actioncable-8.0.3-1.fc44
• rubygem-actionmailbox-8.0.3-1.fc44
• rubygem-actionmailer-8.0.3-1.fc44
• rubygem-actionpack-8.0.3-1.fc44
• rubygem-actiontext-8.0.3-1.fc44
• rubygem-actionview-8.0.3-1.fc44
• rubygem-activejob-8.0.3-1.fc44
• rubygem-activemodel-8.0.3-1.fc44
• rubygem-activerecord-8.0.3-1.fc44
• rubygem-activestorage-8.0.3-1.fc44
• rubygem-activesupport-8.0.3-1.fc44
• rubygem-rails-8.0.3-1.fc44
• rubygem-railties-8.0.3-1.fc44

Update description:

Update to Ruby on Rails 8.0.3

• Fix CVE-2025-24293: Active Storage allowed transformation methods potentially unsafe
• Fix CVE-2025-55193: ANSI escape injection in Active Record logging

FEDORA-EPEL-2025-ead145711a Packages in this update:

• qt5-qtsvg-5.15.17-2.el10_2

Update description:

Fix CVE-2025-10729

FEDORA-2025-753bfca24c Packages in this update:

• qt5-qtsvg-5.15.17-2.fc41

Update description:

Fix CVE-2025-10729

FEDORA-2025-e9d4da200a Packages in this update:

• qt5-qtsvg-5.15.17-3.fc43

Update description:

Fix CVE-2025-10729

FEDORA-2025-151117f1f8 Packages in this update:

• qt5-qtsvg-5.15.17-2.fc42

Update description:

Fix CVE-2025-10729

FEDORA-2025-fa8d0fb866 Packages in this update:

• fetchmail-6.5.6-1.fc41

Update description:

Update to fetchmail-6.5.6 (CVE-2025-61962)

FEDORA-2025-ab3c40c1f4 Packages in this update:

• fetchmail-6.5.6-1.fc42

Update description:

Update to fetchmail-6.5.6 (CVE-2025-61962)

FEDORA-2025-891d4dd5d6 Packages in this update:

• fetchmail-6.5.6-1.fc43

Update description:

Update to fetchmail-6.5.6 (CVE-2025-61962)

FEDORA-2025-ed59372bc2 Packages in this update:

• chromium-141.0.7390.65-1.fc41

Update description:

Update to 141.0.7390.65

* High CVE-2025-11458: Heap buffer overflow in Sync * High CVE-2025-11460: Use after free in Storage * Medium CVE-2025-11211: Out of bounds read in WebCodecs

FEDORA-2025-637d0f882d Packages in this update:

• chromium-141.0.7390.65-1.fc43

Update description:

Update to 141.0.7390.65

* High CVE-2025-11458: Heap buffer overflow in Sync * High CVE-2025-11460: Use after free in Storage * Medium CVE-2025-11211: Out of bounds read in WebCodecs

FEDORA-EPEL-2025-4a932aab07 Packages in this update:

• chromium-141.0.7390.65-1.el10_2

Update description:

Update to 141.0.7390.65

* High CVE-2025-11458: Heap buffer overflow in Sync * High CVE-2025-11460: Use after free in Storage * Medium CVE-2025-11211: Out of bounds read in WebCodecs

FEDORA-EPEL-2025-add629d10e Packages in this update:

• chromium-141.0.7390.65-1.el9

Update description:

Update to 141.0.7390.65

* High CVE-2025-11458: Heap buffer overflow in Sync * High CVE-2025-11460: Use after free in Storage * Medium CVE-2025-11211: Out of bounds read in WebCodecs