Fedora 42 and Fedora 43 Beta have been updated to fix security vulnerabilities. The updates include the Chromium browser version 140.0.7339.207, which addresses three CVEs (CVE-2025-10890, CVE-2025-10891, and CVE-2025-10892) related to side-channel information leakage and integer overflows in V8. Additionally, Fedora 42 has been updated with the Firebird database management system version 4.0.6.3221, which fixes several security vulnerabilities (CVE-2025-54989 and CVE-2025-24975).

Fedora 42 Update: chromium-140.0.7339.207-1.fc42
Fedora 42 Update: firebird-4.0.6.3221-1.fc42
Fedora 43 Update: chromium-140.0.7339.207-1.fc43

[SECURITY] Fedora 42 Update: chromium-140.0.7339.207-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6d1ba4a93e
2025-09-27 01:11:01.200156+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 42
Version : 140.0.7339.207
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 140.0.7339.207
* CVE-2025-10890: Side-channel information leakage in V8
* CVE-2025-10891: Integer overflow in V8
* CVE-2025-10892: Integer overflow in V8
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 24 2025 Than Ngo [than@redhat.com] - 140.0.7339.207-1
- Update to 140.0.7339.207
* CVE-2025-10890: Side-channel information leakage in V8
* CVE-2025-10891: Integer overflow in V8
* CVE-2025-10892: Integer overflow in V8
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2397767 - CVE-2025-10890, CVE-2025-10891, CVE-2025-10892 - chromium: Side-channel information leakage and Ingter overflow in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2397767
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6d1ba4a93e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: firebird-4.0.6.3221-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d24499a627
2025-09-27 01:11:01.200149+00:00
--------------------------------------------------------------------------------

Name : firebird
Product : Fedora 42
Version : 4.0.6.3221
Release : 1.fc42
URL : http://www.firebirdsql.org/
Summary : SQL relational database management system
Description :
Firebird is a relational database offering many ANSI SQL standard
features that runs on Linux, Windows, and a variety of Unix platforms.
Firebird offers excellent concurrency, high performance, and powerful
language support for stored procedures and triggers. It has been used
in production systems, under a variety of names, since 1981.

--------------------------------------------------------------------------------
Update Information:

4.0.6.3221
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 25 2025 Gwyn Ciesla [gwync@protonmail.com] - 4.0.6.3221-1
- 4.0.6.3221
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 4.0.4.3010-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Feb 11 2025 Zbigniew J??drzejewski-Szmek [zbyszek@in.waw.pl] - 4.0.4.3010-7
- Add sysusers.d config file to allow rpm to create users/groups automatically
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2283213 - The directory /usr/share/doc/firebird is not in the RPM database.
https://bugzilla.redhat.com/show_bug.cgi?id=2283213
[ 2 ] Bug #2388812 - CVE-2025-54989 firebird: Firebird Denial-of-Service Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2388812
[ 3 ] Bug #2388813 - CVE-2025-24975 firebird: Firebird Access Bypass [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2388813
[ 4 ] Bug #2388814 - CVE-2025-54989 firebird: Firebird Denial-of-Service Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2388814
[ 5 ] Bug #2388815 - CVE-2025-24975 firebird: Firebird Access Bypass [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2388815
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d24499a627' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 43 Update: chromium-140.0.7339.207-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c161defb4d
2025-09-27 00:15:01.028668+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 43
Version : 140.0.7339.207
Release : 1.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 140.0.7339.207
* CVE-2025-10890: Side-channel information leakage in V8
* CVE-2025-10891: Integer overflow in V8
* CVE-2025-10892: Integer overflow in V8
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 24 2025 Than Ngo [than@redhat.com] - 140.0.7339.207-1
- Update to 140.0.7339.207
* CVE-2025-10890: Side-channel information leakage in V8
* CVE-2025-10891: Integer overflow in V8
* CVE-2025-10892: Integer overflow in V8
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2397767 - CVE-2025-10890, CVE-2025-10891, CVE-2025-10892 - chromium: Side-channel information leakage and Ingter overflow in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2397767
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c161defb4d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--