mingw-poppler-24.08.0-6.fc42
FEDORA-2025-15b4c6bad6
Packages in this update:
- mingw-poppler-24.08.0-6.fc42
Backport fix for CVE-2025-43718.
Aggregator
mingw-poppler-24.02.0-6.fc41
FEDORA-2025-e16b533459
Packages in this update:
- mingw-poppler-24.02.0-6.fc41
Backport fix for CVE-2025-43718.
chromium-141.0.7390.54-1.el10_2
FEDORA-EPEL-2025-96049efbd2
Packages in this update:
- chromium-141.0.7390.54-1.el10_2
Update to 141.0.7390.54
* High CVE-2025-11205: Heap buffer overflow in WebGPU * High CVE-2025-11206: Heap buffer overflow in Video * Medium CVE-2025-11207: Side-channel information leakage in Storage * Medium CVE-2025-11208: Inappropriate implementation in Media * Medium CVE-2025-11209: Inappropriate implementation in Omnibox * Medium CVE-2025-11210: Side-channel information leakage in Tab * Medium CVE-2025-11211: Out of bounds read in Media * Medium CVE-2025-11212: Inappropriate implementation in Media * Medium CVE-2025-11213: Inappropriate implementation in Omnibox * Medium CVE-2025-11215: Off by one error in V8 * Low CVE-2025-11216: Inappropriate implementation in Storage * Low CVE-2025-11219: Use after free in V8chromium-141.0.7390.54-1.fc43
FEDORA-2025-37da05914f
Packages in this update:
- chromium-141.0.7390.54-1.fc43
Update to 141.0.7390.54
* High CVE-2025-11205: Heap buffer overflow in WebGPU * High CVE-2025-11206: Heap buffer overflow in Video * Medium CVE-2025-11207: Side-channel information leakage in Storage * Medium CVE-2025-11208: Inappropriate implementation in Media * Medium CVE-2025-11209: Inappropriate implementation in Omnibox * Medium CVE-2025-11210: Side-channel information leakage in Tab * Medium CVE-2025-11211: Out of bounds read in Media * Medium CVE-2025-11212: Inappropriate implementation in Media * Medium CVE-2025-11213: Inappropriate implementation in Omnibox * Medium CVE-2025-11215: Off by one error in V8 * Low CVE-2025-11216: Inappropriate implementation in Storage * Low CVE-2025-11219: Use after free in V8chromium-141.0.7390.54-1.fc42
FEDORA-2025-acc92fcc12
Packages in this update:
- chromium-141.0.7390.54-1.fc42
Update to 141.0.7390.54
* High CVE-2025-11205: Heap buffer overflow in WebGPU * High CVE-2025-11206: Heap buffer overflow in Video * Medium CVE-2025-11207: Side-channel information leakage in Storage * Medium CVE-2025-11208: Inappropriate implementation in Media * Medium CVE-2025-11209: Inappropriate implementation in Omnibox * Medium CVE-2025-11210: Side-channel information leakage in Tab * Medium CVE-2025-11211: Out of bounds read in Media * Medium CVE-2025-11212: Inappropriate implementation in Media * Medium CVE-2025-11213: Inappropriate implementation in Omnibox * Medium CVE-2025-11215: Off by one error in V8 * Low CVE-2025-11216: Inappropriate implementation in Storage * Low CVE-2025-11219: Use after free in V8chromium-141.0.7390.54-1.el9
FEDORA-EPEL-2025-bff0433d38
Packages in this update:
- chromium-141.0.7390.54-1.el9
Update to 141.0.7390.54
* High CVE-2025-11205: Heap buffer overflow in WebGPU * High CVE-2025-11206: Heap buffer overflow in Video * Medium CVE-2025-11207: Side-channel information leakage in Storage * Medium CVE-2025-11208: Inappropriate implementation in Media * Medium CVE-2025-11209: Inappropriate implementation in Omnibox * Medium CVE-2025-11210: Side-channel information leakage in Tab * Medium CVE-2025-11211: Out of bounds read in Media * Medium CVE-2025-11212: Inappropriate implementation in Media * Medium CVE-2025-11213: Inappropriate implementation in Omnibox * Medium CVE-2025-11215: Off by one error in V8 * Low CVE-2025-11216: Inappropriate implementation in Storage * Low CVE-2025-11219: Use after free in V8chromium-141.0.7390.54-1.fc41
FEDORA-2025-2d4d91b00a
Packages in this update:
- chromium-141.0.7390.54-1.fc41
Update to 141.0.7390.54
* High CVE-2025-11205: Heap buffer overflow in WebGPU * High CVE-2025-11206: Heap buffer overflow in Video * Medium CVE-2025-11207: Side-channel information leakage in Storage * Medium CVE-2025-11208: Inappropriate implementation in Media * Medium CVE-2025-11209: Inappropriate implementation in Omnibox * Medium CVE-2025-11210: Side-channel information leakage in Tab * Medium CVE-2025-11211: Out of bounds read in Media * Medium CVE-2025-11212: Inappropriate implementation in Media * Medium CVE-2025-11213: Inappropriate implementation in Omnibox * Medium CVE-2025-11215: Off by one error in V8 * Low CVE-2025-11216: Inappropriate implementation in Storage * Low CVE-2025-11219: Use after free in V8valkey-8.0.6-1.fc41
FEDORA-2025-00e79c49ca
Packages in this update:
- valkey-8.0.6-1.fc41
Valkey 8.0.6 - Released Fri 03 October 2025
Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.
Security fixes
- CVE-2025-49844 A Lua script may lead to remote code execution
- CVE-2025-46817 A Lua script may lead to integer overflow and potential RCE
- CVE-2025-46818 A Lua script can be executed in the context of another user
- CVE-2025-46819 LUA out-of-bound read
Bug fixes
- Fix accounting for dual channel RDB bytes in replication stats (#2616)
- Minor fix for dual rdb channel connection conn error log (#2658)
- Fix unsigned difference expression compared to zero (#2101)
Valkey 8.0.5 - Released Thu 22 Aug 2025
Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.
Bug fixes
- Fix clients remaining blocked when reprocessing commands after certain blocking operations (#2109)
- Fix a memory corruption issue in the sharded pub/sub unsubscribe logic (#2137)
- Fix potential memory leak by ensuring module context is freed when aux_save2 callback writes no data (#2132)
- Fix CLIENT UNBLOCK triggering unexpected errors when used on paused clients (#2117)
- Fix missing NULL check on SSL_new() when creating outgoing TLS connections (#2140)
- Fix incorrect casting of ping extension lengths to prevent silent packet drops (#2144)
- Fix replica failover stall due to outdated config epoch (#2178)
- Fix incorrect port/tls-port info in CLUSTER SLOTS/CLUSTER NODES after dynamic config change (#2186)
- Ensure empty error tables in Lua scripts don't crash Valkey (#2229)
- Fix client tracking memory overhead calculation (#2360)
- Handle divergent shard-id from nodes.conf and reconcile to the primary node's shard-id (#2174)
- Fix pre-size hashtables per slot when reading RDB files (#2466)
Behavior changes
- Trigger election immediately during a forced manual failover (CLUSTER FAILOVER FORCE) to avoid delay (#1067)
- Reset ongoing election state when initiating a new manual failover (#1274)
Logging and Tooling Improvements
- Add support to drop all cluster packets (#1252)
- Improve log clarity in failover auth denial message (#1341)
Security fixes
- CVE-2025-27151: Check length of AOF file name in valkey-check-aof and reject paths longer than PATH_MAX (#2146)
valkey-8.0.6-1.fc42
FEDORA-2025-3055a5b407
Packages in this update:
- valkey-8.0.6-1.fc42
Valkey 8.0.6 - Released Fri 03 October 2025
Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.
Security fixes
- CVE-2025-49844 A Lua script may lead to remote code execution
- CVE-2025-46817 A Lua script may lead to integer overflow and potential RCE
- CVE-2025-46818 A Lua script can be executed in the context of another user
- CVE-2025-46819 LUA out-of-bound read
Bug fixes
- Fix accounting for dual channel RDB bytes in replication stats (#2616)
- Minor fix for dual rdb channel connection conn error log (#2658)
- Fix unsigned difference expression compared to zero (#2101)
Valkey 8.0.5 - Released Thu 22 Aug 2025
Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.
Bug fixes
- Fix clients remaining blocked when reprocessing commands after certain blocking operations (#2109)
- Fix a memory corruption issue in the sharded pub/sub unsubscribe logic (#2137)
- Fix potential memory leak by ensuring module context is freed when aux_save2 callback writes no data (#2132)
- Fix CLIENT UNBLOCK triggering unexpected errors when used on paused clients (#2117)
- Fix missing NULL check on SSL_new() when creating outgoing TLS connections (#2140)
- Fix incorrect casting of ping extension lengths to prevent silent packet drops (#2144)
- Fix replica failover stall due to outdated config epoch (#2178)
- Fix incorrect port/tls-port info in CLUSTER SLOTS/CLUSTER NODES after dynamic config change (#2186)
- Ensure empty error tables in Lua scripts don't crash Valkey (#2229)
- Fix client tracking memory overhead calculation (#2360)
- Handle divergent shard-id from nodes.conf and reconcile to the primary node's shard-id (#2174)
- Fix pre-size hashtables per slot when reading RDB files (#2466)
Behavior changes
- Trigger election immediately during a forced manual failover (CLUSTER FAILOVER FORCE) to avoid delay (#1067)
- Reset ongoing election state when initiating a new manual failover (#1274)
Logging and Tooling Improvements
- Add support to drop all cluster packets (#1252)
- Improve log clarity in failover auth denial message (#1341)
Security fixes
- CVE-2025-27151: Check length of AOF file name in valkey-check-aof and reject paths longer than PATH_MAX (#2146)
valkey-8.1.4-2.fc43
FEDORA-2025-fd6619a49f
Packages in this update:
- valkey-8.1.4-2.fc43
Valkey 8.1.4
Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.
Security fixes
- CVE-2025-49844 A Lua script may lead to remote code execution
- CVE-2025-46817 A Lua script may lead to integer overflow and potential RCE
- CVE-2025-46818 A Lua script can be executed in the context of another user
- CVE-2025-46819 LUA out-of-bound read
Bug fixes
- Fix accounting for dual channel RDB bytes in replication stats (#2614)
- Fix EVAL to report unknown error when empty error table is provided (#2229)
- Fix use-after-free when active expiration triggers hashtable to shrink (#2257)
- Fix MEMORY USAGE to account for embedded keys (#2290)
- Fix memory leak when shrinking a hashtable without entries (#2288)
- Prevent potential assertion in active defrag handling large allocations (#2353)
- Prevent bad memory access when NOTOUCH client gets unblocked (#2347)
- Converge divergent shard-id persisted in nodes.conf to primary's shard id (#2174)
- Fix client tracking memory overhead calculation (#2360)
- Fix RDB load per slot memory pre-allocation when loading from RDB snapshot (#2466)
- Don't use AVX2 instructions if the CPU doesn't support it (#2571)
- Fix bug where active defrag may be unable to defrag sparsely filled pages (#2656)
Packaging changes
- add new sub-package valkey-tls for the TLS encryption module, which was previously built into main valkey
- add new sub-package valkey-rdma for the RDMA (Remote Direct Memory Access ) module, this a new optional feature
cef-140.1.15^chromium140.0.7339.207-3.fc42
FEDORA-2025-5fac63ba6a
Packages in this update:
- cef-140.1.15^chromium140.0.7339.207-3.fc42
Update to 140.1.15^chromium140.0.7339.207 (rhbz#2396308)
- CVE-2025-10890: Side-channel information leakage in V8
- CVE-2025-10891: Integer overflow in V8
- CVE-2025-10892: Integer overflow in V8
- CVE-2025-10585: Type Confusion in V8
- CVE-2025-10500: Use after free in Dawn
- CVE-2025-10501: Use after free in WebRTC
- CVE-2025-10502: Heap buffer overflow in ANGLE
- CVE-2025-10200: Use after free in Serviceworker
- CVE-2025-10201: Inappropriate implementation in Mojo
- CVE-2025-9864: Use after free in V8
- CVE-2025-9865: Inappropriate implementation in Toolbar
- CVE-2025-9866: Inappropriate implementation in Extensions
- CVE-2025-9867: Inappropriate implementation in Downloads
cef-140.1.15^chromium140.0.7339.207-3.fc43
FEDORA-2025-1e8f05e0a6
Packages in this update:
- cef-140.1.15^chromium140.0.7339.207-3.fc43
Update to 140.1.15^chromium140.0.7339.207 (rhbz#2396308)
- CVE-2025-10890: Side-channel information leakage in V8
- CVE-2025-10891: Integer overflow in V8
- CVE-2025-10892: Integer overflow in V8
- CVE-2025-10585: Type Confusion in V8
- CVE-2025-10500: Use after free in Dawn
- CVE-2025-10501: Use after free in WebRTC
- CVE-2025-10502: Heap buffer overflow in ANGLE
- CVE-2025-10200: Use after free in Serviceworker
- CVE-2025-10201: Inappropriate implementation in Mojo
- CVE-2025-9864: Use after free in V8
- CVE-2025-9865: Inappropriate implementation in Toolbar
- CVE-2025-9866: Inappropriate implementation in Extensions
- CVE-2025-9867: Inappropriate implementation in Downloads
prometheus-podman-exporter-1.19.0-1.fc42
FEDORA-2025-b4003be6a2
Packages in this update:
- prometheus-podman-exporter-1.19.0-1.fc42
release v1.19.0
prometheus-podman-exporter-1.19.0-1.fc41
FEDORA-2025-ae24d28ac2
Packages in this update:
- prometheus-podman-exporter-1.19.0-1.fc41
Release v1.19.0
podman-tui-1.9.0-1.fc41
FEDORA-2025-37a930e372
Packages in this update:
- podman-tui-1.9.0-1.fc41
podman-tui release v1.9.0
podman-tui release 1.8.1
podman-tui-1.9.0-1.fc43
FEDORA-2025-d3389aa39a
Packages in this update:
- podman-tui-1.9.0-1.fc43
podman-tui release v1.9.0
podman-tui release 1.8.1
podman-tui-1.9.0-1.fc42
FEDORA-2025-a8f5576fe3
Packages in this update:
- podman-tui-1.9.0-1.fc42
podman-tui release v1.9.0
podman-tui release 1.8.1
docker-buildx-0.29.1-1.fc41
FEDORA-2025-455aa01b65
Packages in this update:
- docker-buildx-0.29.1-1.fc41
- Update to release v0.29.1
- Upstream fixes
- Update to release v0.29.0
- Resolves: rhbz#2397747, rhbz#2398425, rhbz#2398679, rhbz#2399082, rhbz#2399355
- Upstream new features and fixes
docker-buildx-0.29.1-1.fc42
FEDORA-2025-0aaef4df82
Packages in this update:
- docker-buildx-0.29.1-1.fc42
- Update to release v0.29.1
- Upstream fixes
- Update to release v0.29.0
- Resolves: rhbz#2397747, rhbz#2398425, rhbz#2398679, rhbz#2399082, rhbz#2399355
- Upstream new features and fixes
docker-buildx-0.29.1-1.fc43
FEDORA-2025-d81c797483
Packages in this update:
- docker-buildx-0.29.1-1.fc43
- Update to release v0.29.1
- Upstream fixes
- Update to release v0.29.0
- Resolves: rhbz#2397747, rhbz#2398425, rhbz#2398679, rhbz#2399082, rhbz#2399355
- Upstream new features and fixes