Aggregator

FEDORA-2025-60b63cf743 Packages in this update:

• chromium-139.0.7258.138-1.fc42

Update description:

Updated to 139.0.7258.138

• CVE-2025-9132: Out of bounds write in V8

FEDORA-EPEL-2025-6f7ff52deb Packages in this update:

• chromium-139.0.7258.138-1.el9

Update description:

Updated to 139.0.7258.138

• CVE-2025-9132: Out of bounds write in V8

FEDORA-EPEL-2025-6d82be4e2c Packages in this update:

• chromium-139.0.7258.138-1.el10_1

Update description:

Updated to 139.0.7258.138

• CVE-2025-9132: Out of bounds write in V8

FEDORA-2025-4e0d9fb468 Packages in this update:

• docker-buildx-0.27.0-1.fc41

Update description:

• Update to release v0.27.0
• Resolves: rhvz#2388453, rhbz#2384137, rhbz#2384154
• Upstream new features and fixes

FEDORA-2025-aeb4a7b52f Packages in this update:

• docker-buildx-0.27.0-1.fc42

Update description:

• Update to release v0.27.0
• Resolves: rhvz#2388453, rhbz#2384137, rhbz#2384154
• Upstream new features and fixes

FEDORA-2025-f2bcb1f99e Packages in this update:

• docker-buildx-0.27.0-1.fc43

Update description:

Automatic update for docker-buildx-0.27.0-1.fc43.

Changelog * Wed Aug 20 2025 Bradley G Smith <bradley.g.smith@gmail.com> - 0.27.0-1 - Update to release v0.27.0 - Resolves: rhvz#2388453, rhbz#2384137, rhbz#2384154 - Upstream new features and fixes * Sun Aug 17 2025 Bradley G Smith <bradley.g.smith@gmail.com> - 0.26.1-6 - Remove temporary fix for go 1.25 rc2

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PA-RISC architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - Serial ATA and Parallel ATA drivers; - Bluetooth drivers; - Bus devices; - CPU frequency scaling framework; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - Arm Firmware Framework for ARMv8-A(FFA); - ARM SCMI message protocol; - GPU drivers; - HID subsystem; - HSI subsystem; - I2C subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand drivers; - IOMMU subsystem; - IRQ chip drivers; - MCB driver; - Multiple devices driver; - Media drivers; - Multifunction device drivers; - PCI Endpoint Test driver; - MTD block device drivers; - Network drivers; - NVDIMM (Non-Volatile Memory Device) drivers; - NVME drivers; - Device tree and open firmware driver; - PCI subsystem; - x86 platform drivers; - TI SCI PM domains driver; - PWM drivers; - S/390 drivers; - SCSI subsystem; - Samsung SoC drivers; - TCM subsystem; - TTY drivers; - UFS subsystem; - Cadence USB3 driver; - ChipIdea USB driver; - USB Device Class drivers; - DesignWare USB3 driver; - USB Gadget drivers; - USB Type-C support driver; - USB Type-C Connector System Software Interface driver; - Backlight driver; - Framebuffer layer; - Virtio drivers; - Xen hypervisor drivers; - BTRFS file system; - Ext4 file system; - F2FS file system; - File systems infrastructure; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - Proc file system; - SMB network file system; - LZO compression library; - Kernel stack handling interfaces; - Bluetooth subsystem; - Network traffic control; - SCTP protocol; - Digital Audio (PCM) driver; - Tracing infrastructure; - BPF subsystem; - Padata parallel execution mechanism; - Kernel command line parsing driver; - Memory management; - 802.1Q VLAN protocol; - CAN network layer; - Networking core; - IPv6 networking; - MAC80211 subsystem; - Management Component Transport Protocol (MCTP); - Multipath TCP; - Netfilter; - Open vSwitch; - Phonet protocol; - TIPC protocol; - TLS protocol; - ALSA framework; - Virtio sound driver; - CPU Power monitoring subsystem; (CVE-2025-37766, CVE-2025-38044, CVE-2025-38003, CVE-2025-37990, CVE-2024-56751, CVE-2022-21546, CVE-2025-23148, CVE-2025-21853, CVE-2025-38043, CVE-2025-37844, CVE-2025-38048, CVE-2025-38034, CVE-2025-38072, CVE-2025-38177, CVE-2025-38005, CVE-2025-38068, CVE-2025-37765, CVE-2025-37808, CVE-2025-37787, CVE-2025-23145, CVE-2025-37756, CVE-2024-50272, CVE-2025-37857, CVE-2025-37819, CVE-2025-37789, CVE-2024-36908, CVE-2025-37812, CVE-2024-53128, CVE-2025-37788, CVE-2025-37892, CVE-2025-38001, CVE-2025-37773, CVE-2024-46816, CVE-2025-37823, CVE-2025-37838, CVE-2025-38066, CVE-2025-37771, CVE-2024-38541, CVE-2025-37927, CVE-2025-23142, CVE-2025-22062, CVE-2025-37811, CVE-2025-37969, CVE-2024-27402, CVE-2025-37911, CVE-2025-37740, CVE-2025-37913, CVE-2025-37810, CVE-2025-38094, CVE-2024-46787, CVE-2025-37749, CVE-2025-37983, CVE-2025-23157, CVE-2025-37790, CVE-2025-37739, CVE-2025-37995, CVE-2024-46774, CVE-2025-37758, CVE-2025-38065, CVE-2025-37909, CVE-2025-38009, CVE-2025-37915, CVE-2025-37932, CVE-2022-48893, CVE-2024-50125, CVE-2025-37841, CVE-2024-50047, CVE-2025-23140, CVE-2025-37780, CVE-2025-23156, CVE-2024-50280, CVE-2025-37840, CVE-2024-50258, CVE-2025-37796, CVE-2024-49960, CVE-2025-37829, CVE-2025-38024, CVE-2024-46751, CVE-2025-37985, CVE-2025-37989, CVE-2025-37994, CVE-2025-37741, CVE-2025-23151, CVE-2025-38058, CVE-2024-35790, CVE-2025-37871, CVE-2025-38031, CVE-2025-37940, CVE-2025-37930, CVE-2025-23150, CVE-2025-37805, CVE-2025-37738, CVE-2025-37850, CVE-2025-37923, CVE-2025-37914, CVE-2025-37912, CVE-2025-37885, CVE-2025-37997, CVE-2025-37839, CVE-2025-37949, CVE-2025-38079, CVE-2025-23146, CVE-2025-21839, CVE-2025-37862, CVE-2025-38052, CVE-2024-35866, CVE-2025-37867, CVE-2025-37991, CVE-2025-37742, CVE-2025-38078, CVE-2024-38540, CVE-2025-37967, CVE-2025-37794, CVE-2024-35867, CVE-2025-37836, CVE-2024-50073, CVE-2025-38083, CVE-2025-37883, CVE-2025-37757, CVE-2025-37798, CVE-2025-37992, CVE-2025-38037, CVE-2025-23161, CVE-2024-35943, CVE-2022-49535, CVE-2025-37768, CVE-2025-23159, CVE-2024-54458, CVE-2022-49063, CVE-2025-37781, CVE-2025-38023, CVE-2025-38004, CVE-2025-37767, CVE-2025-37858, CVE-2024-49989, CVE-2025-38051, CVE-2025-38075, CVE-2025-37881, CVE-2025-23163, CVE-2024-53051, CVE-2024-42322, CVE-2025-37792, CVE-2025-37803, CVE-2024-26686, CVE-2025-37970, CVE-2025-37770, CVE-2025-37875, CVE-2025-37797, CVE-2022-49168, CVE-2025-22027, CVE-2024-53203, CVE-2025-38061, CVE-2025-37890, CVE-2025-23158, CVE-2025-38035, CVE-2025-38000, CVE-2024-26739, CVE-2025-37905, CVE-2024-46742, CVE-2025-37964, CVE-2025-37830, CVE-2025-37817, CVE-2025-23144, CVE-2025-37824, CVE-2025-23147, CVE-2025-38077, CVE-2025-37982, CVE-2025-37998, CVE-2025-37859, CVE-2025-37851)

FEDORA-2025-d6e22cfe3d Packages in this update:

• docker-buildx-0.27.0-1.fc44

Update description:

Automatic update for docker-buildx-0.27.0-1.fc44.

Changelog * Wed Aug 20 2025 Bradley G Smith <bradley.g.smith@gmail.com> - 0.27.0-1 - Update to release v0.27.0 - Resolves: rhvz#2388453, rhbz#2384137, rhbz#2384154 - Upstream new features and fixes * Sun Aug 17 2025 Bradley G Smith <bradley.g.smith@gmail.com> - 0.26.1-6 - Remove temporary fix for go 1.25 rc2

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PA-RISC architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - Serial ATA and Parallel ATA drivers; - Bluetooth drivers; - Bus devices; - CPU frequency scaling framework; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - Arm Firmware Framework for ARMv8-A(FFA); - ARM SCMI message protocol; - GPU drivers; - HID subsystem; - HSI subsystem; - I2C subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand drivers; - IOMMU subsystem; - IRQ chip drivers; - MCB driver; - Multiple devices driver; - Media drivers; - Multifunction device drivers; - PCI Endpoint Test driver; - MTD block device drivers; - Network drivers; - NVDIMM (Non-Volatile Memory Device) drivers; - NVME drivers; - Device tree and open firmware driver; - PCI subsystem; - x86 platform drivers; - TI SCI PM domains driver; - PWM drivers; - S/390 drivers; - SCSI subsystem; - Samsung SoC drivers; - TCM subsystem; - TTY drivers; - UFS subsystem; - Cadence USB3 driver; - ChipIdea USB driver; - USB Device Class drivers; - DesignWare USB3 driver; - USB Gadget drivers; - USB Type-C support driver; - USB Type-C Connector System Software Interface driver; - Backlight driver; - Framebuffer layer; - Virtio drivers; - Xen hypervisor drivers; - BTRFS file system; - Ext4 file system; - F2FS file system; - File systems infrastructure; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - Proc file system; - SMB network file system; - LZO compression library; - Kernel stack handling interfaces; - Bluetooth subsystem; - Network traffic control; - SCTP protocol; - Digital Audio (PCM) driver; - Tracing infrastructure; - BPF subsystem; - Padata parallel execution mechanism; - Kernel command line parsing driver; - Memory management; - 802.1Q VLAN protocol; - CAN network layer; - Networking core; - IPv6 networking; - MAC80211 subsystem; - Management Component Transport Protocol (MCTP); - Multipath TCP; - Netfilter; - Open vSwitch; - Phonet protocol; - TIPC protocol; - TLS protocol; - ALSA framework; - Virtio sound driver; - CPU Power monitoring subsystem; (CVE-2025-37992, CVE-2025-37995, CVE-2025-38075, CVE-2025-37771, CVE-2025-38051, CVE-2025-37796, CVE-2022-49168, CVE-2025-37989, CVE-2025-38072, CVE-2025-37757, CVE-2024-46742, CVE-2024-50125, CVE-2024-42322, CVE-2022-49535, CVE-2025-37756, CVE-2025-37811, CVE-2025-37805, CVE-2025-37789, CVE-2025-22027, CVE-2025-37911, CVE-2025-37770, CVE-2025-37881, CVE-2025-37875, CVE-2025-37817, CVE-2024-26686, CVE-2025-37927, CVE-2025-38043, CVE-2025-38044, CVE-2025-23156, CVE-2025-38004, CVE-2025-37983, CVE-2025-37742, CVE-2025-23150, CVE-2025-23146, CVE-2025-21839, CVE-2025-37749, CVE-2024-50258, CVE-2025-37812, CVE-2025-37969, CVE-2025-37758, CVE-2024-27402, CVE-2025-37767, CVE-2025-37970, CVE-2025-23151, CVE-2025-37790, CVE-2025-37949, CVE-2024-38540, CVE-2025-37787, CVE-2025-37741, CVE-2025-37844, CVE-2025-37930, CVE-2024-46774, CVE-2025-37892, CVE-2025-37839, CVE-2025-37766, CVE-2025-37819, CVE-2025-37913, CVE-2025-37808, CVE-2025-37998, CVE-2024-56751, CVE-2025-21853, CVE-2024-36908, CVE-2025-37967, CVE-2025-38052, CVE-2025-37985, CVE-2025-37883, CVE-2025-37740, CVE-2025-37991, CVE-2025-38094, CVE-2025-23144, CVE-2024-50280, CVE-2025-37859, CVE-2024-50073, CVE-2025-23157, CVE-2025-37840, CVE-2025-38068, CVE-2025-37738, CVE-2025-23145, CVE-2025-37824, CVE-2025-38024, CVE-2025-38023, CVE-2025-38003, CVE-2025-38079, CVE-2025-37794, CVE-2025-37810, CVE-2025-37851, CVE-2024-53203, CVE-2024-35943, CVE-2025-23161, CVE-2025-37990, CVE-2024-35790, CVE-2024-50272, CVE-2024-35867, CVE-2025-37994, CVE-2025-37850, CVE-2025-38078, CVE-2025-38005, CVE-2025-23158, CVE-2025-23147, CVE-2025-37830, CVE-2024-38541, CVE-2025-37841, CVE-2025-37739, CVE-2025-38009, CVE-2024-53128, CVE-2024-26739, CVE-2025-37923, CVE-2025-23148, CVE-2025-38035, CVE-2025-23140, CVE-2025-38066, CVE-2025-37857, CVE-2025-37914, CVE-2025-38083, CVE-2025-37780, CVE-2025-23163, CVE-2025-37773, CVE-2024-46751, CVE-2025-37871, CVE-2025-38058, CVE-2025-37964, CVE-2025-37915, CVE-2025-37803, CVE-2025-37768, CVE-2022-21546, CVE-2025-37829, CVE-2025-22062, CVE-2025-37788, CVE-2025-37885, CVE-2024-54458, CVE-2024-35866, CVE-2025-38061, CVE-2024-46816, CVE-2025-38077, CVE-2024-49960, CVE-2025-37765, CVE-2025-38048, CVE-2025-37982, CVE-2025-37912, CVE-2025-37781, CVE-2025-38065, CVE-2025-37905, CVE-2022-48893, CVE-2025-38031, CVE-2025-37858, CVE-2025-37836, CVE-2025-37862, CVE-2022-49063, CVE-2025-37823, CVE-2025-23142, CVE-2025-37797, CVE-2025-37838, CVE-2025-37940, CVE-2025-38034, CVE-2025-37867, CVE-2024-49989, CVE-2025-38037, CVE-2025-37792, CVE-2025-37909, CVE-2025-23159)

FEDORA-2025-b7cb89ddd3 Packages in this update:

• cef-139.0.26^chromium139.0.7258.127-1.fc42

Update description:

• • CVE-2025-8010: Type Confusion in V8
• • CVE-2025-8011: Type Confusion in V8
• • CVE-2025-8576: Use after free in Extensions
• • CVE-2025-8578: Use after free in Cast
• • CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome
• • CVE-2025-8580: Inappropriate implementation in Filesystems
• • CVE-2025-8581: Inappropriate implementation in Extensions
• • CVE-2025-8582: Insufficient validation of untrusted input in DOM
• • CVE-2025-8583: Inappropriate implementation in Permissions
• • CVE-2025-8879: Heap buffer overflow in libaom
• • CVE-2025-8880: Race in V8
• • CVE-2025-8901: Out of bounds write in ANGLE
• • CVE-2025-8881: Inappropriate implementation in File Picker
• • CVE-2025-8882: Use after free in Aura

Version:next-20250822 (linux-next) Released:2025-08-22

FEDORA-2025-ca3edc5c88 Packages in this update:

• rocm-rpp-6.3.1-3.fc42

Update description:

Remove prebuild libffts.a library

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - GPIO subsystem; - GPU drivers; - HID subsystem; - Input Device (Mouse) drivers; - Multiple devices driver; - Media drivers; - Network drivers; - PCI subsystem; - S/390 drivers; - SPI subsystem; - Trusted Execution Environment drivers; - UFS subsystem; - USB Device Class drivers; - USB core drivers; - USB Gadget drivers; - Framebuffer layer; - Network file system (NFS) client; - Network file system (NFS) server daemon; - File systems infrastructure; - SMB network file system; - Networking core; - L3 Master device support module; - TCP network protocol; - io_uring subsystem; - Process Accounting mechanism; - BPF subsystem; - Timer subsystem; - Workqueue subsystem; - Memory management; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - IPv4 networking; - IPv6 networking; - Multipath TCP; - Open vSwitch; - Network traffic control; - SOF drivers; (CVE-2025-21776, CVE-2025-21768, CVE-2025-21848, CVE-2025-21855, CVE-2025-21791, CVE-2025-21838, CVE-2025-21762, CVE-2025-21846, CVE-2025-21765, CVE-2025-21869, CVE-2025-21783, CVE-2025-21868, CVE-2025-21857, CVE-2025-21773, CVE-2024-54458, CVE-2025-21871, CVE-2025-21763, CVE-2024-58088, CVE-2025-21835, CVE-2025-21793, CVE-2025-21867, CVE-2025-21784, CVE-2025-21839, CVE-2025-21786, CVE-2025-21764, CVE-2025-21761, CVE-2025-21767, CVE-2024-58020, CVE-2025-21847, CVE-2025-21792, CVE-2025-21785, CVE-2025-21863, CVE-2025-21854, CVE-2025-21704, CVE-2024-52559, CVE-2025-21775, CVE-2025-21758, CVE-2025-21858, CVE-2025-21866, CVE-2025-21870, CVE-2024-57977, CVE-2024-54456, CVE-2025-21759, CVE-2025-21781, CVE-2025-21760, CVE-2025-21706, CVE-2024-57834, CVE-2025-21712, CVE-2025-21864, CVE-2025-21780, CVE-2025-21790, CVE-2025-21856, CVE-2025-21796, CVE-2025-21859, CVE-2025-21782, CVE-2024-58093, CVE-2025-21844, CVE-2025-21795, CVE-2025-21823, CVE-2025-21853, CVE-2025-21772, CVE-2025-21746, CVE-2025-21821, CVE-2024-58086, CVE-2025-21787, CVE-2025-21836, CVE-2025-21861, CVE-2025-21766, CVE-2025-21862, CVE-2025-21779)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Arm Firmware Framework for ARMv8-A(FFA); - Multiple devices driver; - Media drivers; - Network drivers; - NVDIMM (Non-Volatile Memory Device) drivers; - NVME drivers; - x86 platform drivers; - TCM subsystem; - Virtio drivers; - File systems infrastructure; - SMB network file system; - LZO compression library; - Digital Audio (PCM) driver; - Tracing infrastructure; - Padata parallel execution mechanism; - CAN network layer; - Networking core; - TIPC protocol; - ALSA framework; (CVE-2025-38079, CVE-2025-38048, CVE-2025-38075, CVE-2025-38077, CVE-2025-38035, CVE-2025-38037, CVE-2025-38034, CVE-2025-38058, CVE-2025-38004, CVE-2025-38031, CVE-2025-38078, CVE-2025-38044, CVE-2025-38066, CVE-2025-38052, CVE-2025-38043, CVE-2025-38065, CVE-2025-38003, CVE-2025-38061, CVE-2025-38051, CVE-2025-38072, CVE-2025-38068)

USN-7648-1 fixed several vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain hostnames containing null characters. A remote attacker could possibly use this issue to bypass certain hostname validation checks. (CVE-2025-1220) It was discovered that PHP incorrectly handled the pgsql and pdo_pgsql escaping functions. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2025-1735) It was discovered that PHP incorrectly handled parsing certain XML data in SOAP extensions. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2025-6491)

It was discovered that Python inefficiently parsed maliciously crafted HTML input. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-6069) It was discovered that Python incorrectly parsed maliciously crafted Tar archives. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-8194)

It was discovered that WEBrick incorrectly parsed HTTP headers. In configurations where WEBrick is placed behind an HTTP proxy, a remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Device tree and open firmware driver; - SCSI subsystem; - TTY drivers; - SMB network file system; - Bluetooth subsystem; - Network traffic control; (CVE-2023-52975, CVE-2024-38541, CVE-2025-37797, CVE-2024-49950, CVE-2024-50073, CVE-2023-52757, CVE-2025-38083)

Version:next-20250821 (linux-next) Released:2025-08-21