Fedora Linux 40 has been updated with important security enhancements, featuring Chromium and Java-17-OpenJDK:

Fedora 40 Update: chromium-136.0.7103.59-1.fc40
Fedora 40 Update: java-17-openjdk-17.0.15.0.6-1.fc40

[SECURITY] Fedora 40 Update: chromium-136.0.7103.59-1.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b1804b97fc
2025-05-04 01:43:02.601141+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 40
Version : 136.0.7103.59
Release : 1.fc40
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 136.0.7103.59
CVE-2025-4096: Heap buffer overflow in HTML
CVE-2025-4050: Out of bounds memory access in DevTools
CVE-2025-4051: Insufficient data validation in DevTools
CVE-2025-4052: Inappropriate implementation in DevTools
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 29 2025 Than Ngo [than@redhat.com] - 136.0.7103.59-1
- Update to 136.0.7103.59
* CVE-2025-4096: Heap buffer overflow in HTML
* CVE-2025-4050: Out of bounds memory access in DevTools
* CVE-2025-4051: Insufficient data validation in DevTools
* CVE-2025-4052: Inappropriate implementation in DevTools
* Thu Apr 24 2025 Than Ngo [than@redhat.com] - 136.0.7103.48-1
- Update to 136.0.7103.48
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b1804b97fc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 40 Update: java-17-openjdk-17.0.15.0.6-1.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-858cec7479
2025-05-04 01:43:02.601023+00:00
--------------------------------------------------------------------------------

Name : java-17-openjdk
Product : Fedora 40
Version : 17.0.15.0.6
Release : 1.fc40
URL : http://openjdk.java.net/
Summary : OpenJDK 17 Runtime Environment
Description :
The OpenJDK 17 runtime environment.

--------------------------------------------------------------------------------
Update Information:

April 2025 CPU
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 17 2025 Jiri Vanek [jvanek@redhat.com] - 1:17.0.15.0.6-1
- Updated to repack april 2025 cpu
* Tue Feb 25 2025 Jiri Vanek [jvanek@redhat.com] - 1:17.0.14.0.7-4
- introduced NVRA.specfile in doc
* Thu Feb 13 2025 Jiri Vanek [jvanek@redhat.com] - 1:17.0.14.0.7-3
- Removed unused ghosts and alternatives targets
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-858cec7479' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--