Fedora 42 Update: chromium-143.0.7499.40-1.fc42
Fedora 42 Update: abrt-2.17.8-1.fc42
Fedora 42 Update: cef-142.0.17^chromium142.0.7444.175-1.fc42
Fedora 43 Update: chromium-143.0.7499.40-1.fc43
Fedora 43 Update: abrt-2.17.8-1.fc43
Fedora 43 Update: xkbcomp-1.5.0-1.fc43
Fedora 43 Update: cef-142.0.17^chromium142.0.7444.175-1.fc43
[SECURITY] Fedora 42 Update: chromium-143.0.7499.40-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a41df7ce46
2025-12-06 01:27:06.737466+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 42
Version : 143.0.7499.40
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 143.0.7499.40
* High CVE-2025-13630: Type Confusion in V8
* High CVE-2025-13631: Inappropriate implementation in Google Updater
* High CVE-2025-13632: Inappropriate implementation in DevTools
* High CVE-2025-13633: Use after free in Digital Credentials
* Medium CVE-2025-13634: Inappropriate implementation in Downloads
* Medium CVE-2025-13720: Bad cast in Loader
* Medium CVE-2025-13721: Race in v8
* Low CVE-2025-13635: Inappropriate implementation in Downloads
* Low CVE-2025-13636: Inappropriate implementation in Split View
* Low CVE-2025-13637: Inappropriate implementation in Downloads
* Low CVE-2025-13638: Use after free in Media Stream
* Low CVE-2025-13639: Inappropriate implementation in WebRTC
* Low CVE-2025-13640: Inappropriate implementation in Passwords
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2025 Than Ngo [than@redhat.com] - 143.0.7499.40-1
- Update to 143.0.7499.40
* High CVE-2025-13630: Type Confusion in V8
* High CVE-2025-13631: Inappropriate implementation in Google Updater
* High CVE-2025-13632: Inappropriate implementation in DevTools
* High CVE-2025-13633: Use after free in Digital Credentials
* Medium CVE-2025-13634: Inappropriate implementation in Downloads
* Medium CVE-2025-13720: Bad cast in Loader
* Medium CVE-2025-13721: Race in v8
* Low CVE-2025-13635: Inappropriate implementation in Downloads
* Low CVE-2025-13636: Inappropriate implementation in Split View
* Low CVE-2025-13637: Inappropriate implementation in Downloads
* Low CVE-2025-13638: Use after free in Media Stream
* Low CVE-2025-13639: Inappropriate implementation in WebRTC
* Low CVE-2025-13640: Inappropriate implementation in Passwords
* Mon Dec 1 2025 LuK1337 [priv.luk@gmail.com] - 142.0.7444.175-5
- Backport one more Wayland DnD bug fix from upstream
* Mon Nov 24 2025 Than Ngo [than@redhat.com] - 142.0.7444.175-4
- Enable system libcxx
- Fix link error when building with system libcxx
- Apply memory-allocator-dcheck-assert-fix for aarch64
* Thu Nov 20 2025 LuK1337 [priv.luk@gmail.com] - 142.0.7444.175-3
- Backport Wayland DnD bug fix from upstream
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a41df7ce46' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: abrt-2.17.8-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-64091db7e0
2025-12-06 01:27:06.737461+00:00
--------------------------------------------------------------------------------
Name : abrt
Product : Fedora 42
Version : 2.17.8
Release : 1.fc42
URL : https://abrt.readthedocs.org/
Summary : Automatic bug detection and reporting tool
Description :
abrt is a tool to help users to detect defects in applications and
to create a bug report with all information needed by maintainer to fix it.
It uses plugin system to extend its functionality.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2025-12744
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 4 2025 Michal Srb [michal@redhat.com] - 2.17.8-1
- a-a-save-container-data: validate input
- Resolves: CVE-2025-12744
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2418568 - CVE-2025-12744 abrt: Command-injection in ABRT leading to local privilege escalation [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2418568
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-64091db7e0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: cef-142.0.17^chromium142.0.7444.175-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-dd47e79eb8
2025-12-06 01:27:06.737449+00:00
--------------------------------------------------------------------------------
Name : cef
Product : Fedora 42
Version : 142.0.17^chromium142.0.7444.175
Release : 1.fc42
URL : https://bitbucket.org/chromiumembedded/cef
Summary : Chromium Embedded Framework
Description :
CEF is an embeddable build of Chromium, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to cef-142.0.17+g60aac24 & chromium 142.0.7444.175 (rhbz#2413981)
High CVE-2025-13223: Type Confusion in V8
High CVE-2025-13224: Type Confusion in V8
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2025 Asahi Lina [lina@lina.yt] - 142.0.17^chromium142.0.7444.175-1
- Update to cef-142.0.17+g60aac24 (rhbz#2413981)
* Mon Dec 1 2025 LuK1337 [priv.luk@gmail.com] - 142.0.14^chromium142.0.7444.175-4
- Backport one more Wayland DnD bug fix from upstream
* Mon Dec 1 2025 Than Ngo [than@redhat.com] - 142.0.14^chromium142.0.7444.175-3
- Enable system libcxx
- Fix link error when building with system libcxx
- Apply memory-allocator-dcheck-assert-fix for aarch64
* Mon Dec 1 2025 LuK1337 [priv.luk@gmail.com] - 142.0.14^chromium142.0.7444.175-2
- Backport Wayland DnD bug fix from upstream
* Mon Dec 1 2025 Than Ngo [than@redhat.com] - 142.0.14^chromium142.0.7444.175-1
- Update to 142.0.7444.175
- * High CVE-2025-13223: Type Confusion in V8
- * High CVE-2025-13224: Type Confusion in V8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2413981 - cef-142.0.17 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2413981
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-dd47e79eb8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: chromium-143.0.7499.40-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-3c51a0ed51
2025-12-06 00:48:01.839843+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 43
Version : 143.0.7499.40
Release : 1.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 143.0.7499.40
* High CVE-2025-13630: Type Confusion in V8
* High CVE-2025-13631: Inappropriate implementation in Google Updater
* High CVE-2025-13632: Inappropriate implementation in DevTools
* High CVE-2025-13633: Use after free in Digital Credentials
* Medium CVE-2025-13634: Inappropriate implementation in Downloads
* Medium CVE-2025-13720: Bad cast in Loader
* Medium CVE-2025-13721: Race in v8
* Low CVE-2025-13635: Inappropriate implementation in Downloads
* Low CVE-2025-13636: Inappropriate implementation in Split View
* Low CVE-2025-13637: Inappropriate implementation in Downloads
* Low CVE-2025-13638: Use after free in Media Stream
* Low CVE-2025-13639: Inappropriate implementation in WebRTC
* Low CVE-2025-13640: Inappropriate implementation in Passwords
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2025 Than Ngo [than@redhat.com] - 143.0.7499.40-1
- Update to 143.0.7499.40
* High CVE-2025-13630: Type Confusion in V8
* High CVE-2025-13631: Inappropriate implementation in Google Updater
* High CVE-2025-13632: Inappropriate implementation in DevTools
* High CVE-2025-13633: Use after free in Digital Credentials
* Medium CVE-2025-13634: Inappropriate implementation in Downloads
* Medium CVE-2025-13720: Bad cast in Loader
* Medium CVE-2025-13721: Race in v8
* Low CVE-2025-13635: Inappropriate implementation in Downloads
* Low CVE-2025-13636: Inappropriate implementation in Split View
* Low CVE-2025-13637: Inappropriate implementation in Downloads
* Low CVE-2025-13638: Use after free in Media Stream
* Low CVE-2025-13639: Inappropriate implementation in WebRTC
* Low CVE-2025-13640: Inappropriate implementation in Passwords
* Mon Dec 1 2025 LuK1337 [priv.luk@gmail.com] - 142.0.7444.175-5
- Backport one more Wayland DnD bug fix from upstream
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-3c51a0ed51' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: abrt-2.17.8-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ae1276a1c6
2025-12-06 00:48:01.839833+00:00
--------------------------------------------------------------------------------
Name : abrt
Product : Fedora 43
Version : 2.17.8
Release : 1.fc43
URL : https://abrt.readthedocs.org/
Summary : Automatic bug detection and reporting tool
Description :
abrt is a tool to help users to detect defects in applications and
to create a bug report with all information needed by maintainer to fix it.
It uses plugin system to extend its functionality.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2025-12744
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 4 2025 Michal Srb [michal@redhat.com] - 2.17.8-1
- a-a-save-container-data: validate input
- Resolves: CVE-2025-12744
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2418569 - CVE-2025-12744 abrt: Command-injection in ABRT leading to local privilege escalation [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2418569
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ae1276a1c6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: xkbcomp-1.5.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-3a9b79ca0e
2025-12-06 00:48:01.839815+00:00
--------------------------------------------------------------------------------
Name : xkbcomp
Product : Fedora 43
Version : 1.5.0
Release : 1.fc43
URL : https://www.x.org
Summary : XKB keymap compiler
Description :
X.Org XKB keymap compiler
--------------------------------------------------------------------------------
Update Information:
xkbcomp 1.5.0 (CVE-2018-15853, CVE-2018-15859, CVE-2018-15861, CVE-2018-15863)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 3 2025 Peter Hutterer [peter.hutterer@redhat.com] - 1.5.0-1
- xkbcomp 1.5.0 (CVE-2018-15853, CVE-2018-15859, CVE-2018-15861, CVE-2018-15863)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2418046 - CVE-2018-15853 xkbcomp: Endless recursion in xkbcomp/expr.c resulting in a crash [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2418046
[ 2 ] Bug #2418048 - CVE-2018-15863 xkbcomp: NULL pointer dereference in ResolveStateAndPredicate resulting in a crash [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2418048
[ 3 ] Bug #2418050 - CVE-2018-15861 xkbcomp: NULL pointer dereference in ExprResolveLhs resulting in a crash [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2418050
[ 4 ] Bug #2418053 - CVE-2018-15859 xkbcomp: NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2418053
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-3a9b79ca0e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: cef-142.0.17^chromium142.0.7444.175-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d488db69f0
2025-12-06 00:48:01.839818+00:00
--------------------------------------------------------------------------------
Name : cef
Product : Fedora 43
Version : 142.0.17^chromium142.0.7444.175
Release : 1.fc43
URL : https://bitbucket.org/chromiumembedded/cef
Summary : Chromium Embedded Framework
Description :
CEF is an embeddable build of Chromium, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to cef-142.0.17+g60aac24 & chromium 142.0.7444.175 (rhbz#2413981)
High CVE-2025-13223: Type Confusion in V8
High CVE-2025-13224: Type Confusion in V8
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2025 Asahi Lina [lina@lina.yt] - 142.0.17^chromium142.0.7444.175-1
- Update to cef-142.0.17+g60aac24 (rhbz#2413981)
* Mon Dec 1 2025 LuK1337 [priv.luk@gmail.com] - 142.0.14^chromium142.0.7444.175-4
- Backport one more Wayland DnD bug fix from upstream
* Mon Dec 1 2025 Than Ngo [than@redhat.com] - 142.0.14^chromium142.0.7444.175-3
- Enable system libcxx
- Fix link error when building with system libcxx
- Apply memory-allocator-dcheck-assert-fix for aarch64
* Mon Dec 1 2025 LuK1337 [priv.luk@gmail.com] - 142.0.14^chromium142.0.7444.175-2
- Backport Wayland DnD bug fix from upstream
* Mon Dec 1 2025 Than Ngo [than@redhat.com] - 142.0.14^chromium142.0.7444.175-1
- Update to 142.0.7444.175
- * High CVE-2025-13223: Type Confusion in V8
- * High CVE-2025-13224: Type Confusion in V8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2413981 - cef-142.0.17 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2413981
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d488db69f0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
