Chromium and Musescore updates for Fedora

Fedora Linux 9212 Published by

Fedora 42 and Fedora 43 have received updates to fix security vulnerabilities. The updates include fixes for CVE-2026-0628, an insufficient policy enforcement issue in Chromium's WebView tag, and CVE-2025-56225, a denial-of-service flaw in the FluidSynth software synthesizer bundled with MuseScore. To install these updates, users can run the command dnf upgrade --advisory followed by the corresponding advisory number (FEDORA-2026-540f5a89d1 for Fedora 42 and FEDORA-2026-afe4be8cb3 for Fedora 43).

Fedora 42 Update: chromium-143.0.7499.192-1.fc42
Fedora 43 Update: musescore-4.6.5-32.fc43




[SECURITY] Fedora 42 Update: chromium-143.0.7499.192-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-540f5a89d1
2026-01-12 01:08:34.524851+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 42
Version : 143.0.7499.192
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 143.0.7499.192
* High CVE-2026-0628: Insufficient policy enforcement in WebView tag
* Enable control flow integrity support for x86_64/aarch64
* Enable build for epel10.1
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 7 2026 Than Ngo [than@redhat.com] - 143.0.7499.192-1
- Update tp 143.0.7499.192
* High CVE-2026-0628: Insufficient policy enforcement in WebView tag
- Fix rhbz#2425338, Enable control flow integrity support for x86_64/aarch64
- Enable build for epel10.1
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425338 - Please re-enable CFI build option
https://bugzilla.redhat.com/show_bug.cgi?id=2425338
[ 2 ] Bug #2425439 - Chromium not updated RHEL 10
https://bugzilla.redhat.com/show_bug.cgi?id=2425439
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-540f5a89d1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: musescore-4.6.5-32.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-afe4be8cb3
2026-01-12 00:55:40.170795+00:00
--------------------------------------------------------------------------------

Name : musescore
Product : Fedora 43
Version : 4.6.5
Release : 32.fc43
URL : https://musescore.org/
Summary : Music Composition & Notation Software
Description :
MuseScore is a free cross platform WYSIWYG music notation program. Some
highlights:

* WYSIWYG, notes are entered on a "virtual note sheet"
* Unlimited number of staves
* Up to four voices per staff
* Easy and fast note entry with mouse, keyboard or MIDI
* Integrated sequencer and FluidSynth software synthesizer
* Import and export of MusicXML and Standard MIDI Files (SMF)
* Translated in 26 languages

--------------------------------------------------------------------------------
Update Information:

This update adds a patch to fix CVE-2025-56225, a flaw in the bundled version of
fluidsynth.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan 9 2026 Jerry James [loganjerry@gmail.com] - 4.6.5-32
- Patch for CVE-2025-56225
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2428300 - CVE-2025-56225 musescore: FluidSynth: Denial of Service via invalid MIDI file processing [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2428300
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-afe4be8cb3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--


Auto-Cpufreq 3.0.0 released

Kernel, LibSSH, Wireshark, and more updates for RHEL

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...