Aggregator

FEDORA-EPEL-2025-f2abcbbf06 Packages in this update:

• chromium-139.0.7258.66-1.el9

Update description:

Updated to 139.0.7258.66

* CVE-2025-8576: Use after free in Extensions * CVE-2025-8578: Use after free in Cast * CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome * CVE-2025-8580: Inappropriate implementation in Filesystems * CVE-2025-8581: Inappropriate implementation in Extensions * CVE-2025-8582: Insufficient validation of untrusted input in DOM * CVE-2025-8583: Inappropriate implementation in Permissions

FEDORA-2025-81d05a9171 Packages in this update:

• chromium-139.0.7258.66-1.fc41

Update description:

Updated to 139.0.7258.66

* CVE-2025-8576: Use after free in Extensions * CVE-2025-8578: Use after free in Cast * CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome * CVE-2025-8580: Inappropriate implementation in Filesystems * CVE-2025-8581: Inappropriate implementation in Extensions * CVE-2025-8582: Insufficient validation of untrusted input in DOM * CVE-2025-8583: Inappropriate implementation in Permissions

Version:next-20250808 (linux-next) Released:2025-08-08

FEDORA-EPEL-2025-852598c741 Packages in this update:

• botan2-2.19.5-8.el10_1

Update description:

Fix vulnerability CVE-2024-50382

Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a password. In certain environments, a local attacker could possibly use this issue to escalate privileges. (CVE-2020-14342) It was discovered that cifs-utils incorrectly used host credentials when mounting a krb5 CIFS file system from within a container. An attacker inside a container could possibly use this issue to obtain access to sensitive information. (CVE-2021-20208) It was discovered that cifs-utils incorrectly handled certain command-line arguments. A local attacker could possibly use this issue to obtain root privileges. (CVE-2022-27239) It was discovered that cifs-utils incorrectly handled verbose logging. A local attacker could possibly use this issue to obtain sensitive information. (CVE-2022-29869)

Version:next-20250807 (linux-next) Released:2025-08-07

FEDORA-2025-61ca72f430 Packages in this update:

• webkitgtk-2.48.5-1.fc42

Update description:

Update to 2.48.5. Changes since 2.48.3:

• Improve emoji font selection.
• Improve playback of multimedia streams from blob URLs.
• Fix crash when using a WebKitWebView widget in an offscreen window.
• Fix several crashes and rendering issues.
• CVE-2025-31273, CVE-2025-31278, CVE-2025-43211, CVE-2025-43212, CVE-2025-43216, CVE-2025-43227, CVE-2025-43240, CVE-2025-43265, CVE-2025-6558

FEDORA-2025-9b8165a4b3 Packages in this update:

• webkitgtk-2.48.5-1.fc41

Update description:

Update to 2.48.5. Changes since 2.48.3:

• Improve emoji font selection.
• Improve playback of multimedia streams from blob URLs.
• Fix crash when using a WebKitWebView widget in an offscreen window.
• Fix several crashes and rendering issues.
• CVE-2025-31273, CVE-2025-31278, CVE-2025-43211, CVE-2025-43212, CVE-2025-43216, CVE-2025-43227, CVE-2025-43240, CVE-2025-43265, CVE-2025-6558

FEDORA-2025-1ab8c32baf Packages in this update:

• firefox-141.0.2-1.fc42

Update description:

• New upstream version (140.0.2)

FEDORA-2025-aacceb8e35 Packages in this update:

• firefox-141.0.2-1.fc41

Update description:

• New upstream version (140.0.2)

FEDORA-2025-4f0d6d3522 Packages in this update:

• socat-1.8.0.3-1.fc41

Update description:

• Update to 1.8.0.3 (rhbz#2307725)
• Resolves: CVE-2024-54661 (rhbz#2330520)
• Resolves: non-working ipv6-join-group option (rhbz#2352860)
• Resolves: FTBFS in Fedora (rhbz#2385633)

FEDORA-2025-33885cfff8 Packages in this update:

• socat-1.8.0.3-1.fc42

Update description:

• Update to 1.8.0.3 (rhbz#2307725)
• Resolves: CVE-2024-54661 (rhbz#2330520)
• Resolves: non-working ipv6-join-group option (rhbz#2352860)
• Resolves: FTBFS in Fedora (rhbz#2385633)

Jieyong Ma discovered that poppler incorrectly handled certain malformed PDF files. A remote attacker could possibly use this issue to cause poppler to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2022-27337) Kevin Backhouse discovered that poppler incorrectly handled documents with a large number of annotations. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could use this issue to cause poppler to consume resources, leading to a denial of service, or possibly execute arbitrary code. (CVE-2025-52886)

FEDORA-EPEL-2025-28d470da87 Packages in this update:

• mupdf-1.25.4-2.el10_1

Update description:

fix CVE-2025-46206 (rhbz#2386393)

FEDORA-2025-9a383e8701 Packages in this update:

• mupdf-1.25.4-2.fc41

Update description:

fix CVE-2025-46206 (rhbz#2386395)

FEDORA-2025-0d54679581 Packages in this update:

• socat-1.8.0.3-1.fc43

Update description:

Automatic update for socat-1.8.0.3-1.fc43.

Changelog * Wed Aug 6 2025 Martin Osvald <mosvald@redhat.com> - 1.8.0.3-1 - Update to 1.8.0.3 (rhbz#2307725) - Resolves: CVE-2024-54661 (rhbz#2330520) - Resolves: non-working ipv6-join-group option (rhbz#2352860) - Resolves: FTBFS in Fedora (rhbz#2385633) * Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

FEDORA-2025-07fdd73bf0 Packages in this update:

• pandoc-3.1.11.1-33.fc42

Update description:

update MANUAL to cover threat related to user HTML iframe

Version:next-20250806 (linux-next) Released:2025-08-06

FEDORA-2025-d2a821d9d1 Packages in this update:

• xen-4.19.3-1.fc41

Update description:

update to xen-4.19.3 includes patches for x86: Incorrect stubs exception handling for flags recovery [XSA-470, CVE-2025-27465] x86: Transitive Scheduler Attacks [XSA-471, CVE-2024-36350,