Fedora has issued multiple security updates for its Fedora 41 and 42 distributions. The updates encompass fixes for vulnerabilities in packages including Chromium, CEF, UDisks2, ROCM-RPP, and Docker Buildx. These address concerns such as type confusion in V8, use-after-free in ANGLE, out-of-bounds read in UDisks Daemon, and information leak in go-viper.

Fedora 42 Update: rocm-rpp-6.3.1-3.fc42
Fedora 42 Update: cef-139.0.26^chromium139.0.7258.127-1.fc42
Fedora 41 Update: chromium-139.0.7258.154-1.fc41
Fedora 42 Update: udisks2-2.10.91-1.fc42
Fedora 42 Update: docker-buildx-0.27.0-1.fc42

[SECURITY] Fedora 42 Update: rocm-rpp-6.3.1-3.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ca3edc5c88
2025-08-31 01:07:52.461289+00:00
--------------------------------------------------------------------------------

Name : rocm-rpp
Product : Fedora 42
Version : 6.3.1
Release : 3.fc42
URL : https://github.com/ROCm/rpp
Summary : ROCm Performace Primatives for computer vision
Description :
AMD ROCm Performance Primitives (RPP) library is a comprehensive,
high-performance computer vision library for AMD processors that
have HIP, OpenCL, or CPU backends.

--------------------------------------------------------------------------------
Update Information:

Remove prebuild libffts.a library
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug 21 2025 Tom Rix [Tom.Rix@amd.com] - 6.3.1-3
- Remove prebuild libffts.a library
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ca3edc5c88' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: cef-139.0.26^chromium139.0.7258.127-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b7cb89ddd3
2025-08-31 01:07:52.461295+00:00
--------------------------------------------------------------------------------

Name : cef
Product : Fedora 42
Version : 139.0.26^chromium139.0.7258.127
Release : 1.fc42
URL : https://bitbucket.org/chromiumembedded/cef
Summary : Chromium Embedded Framework
Description :
CEF is an embeddable build of Chromium, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

CVE-2025-8010: Type Confusion in V8
CVE-2025-8011: Type Confusion in V8
CVE-2025-8576: Use after free in Extensions
CVE-2025-8578: Use after free in Cast
CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome
CVE-2025-8580: Inappropriate implementation in Filesystems
CVE-2025-8581: Inappropriate implementation in Extensions
CVE-2025-8582: Insufficient validation of untrusted input in DOM
CVE-2025-8583: Inappropriate implementation in Permissions
CVE-2025-8879: Heap buffer overflow in libaom
CVE-2025-8880: Race in V8
CVE-2025-8901: Out of bounds write in ANGLE
CVE-2025-8881: Inappropriate implementation in File Picker
CVE-2025-8882: Use after free in Aura
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug 21 2025 Asahi Lina [lina@asahilina.net] - 139.0.26^chromium139.0.7258.127-1
- Update to cef-139.0.26+g9d80e0d
* Thu Aug 14 2025 Than Ngo [than@redhat.com] - 139.0.20^chromium139.0.7258.127-1
- Updated to 139.0.7258.127 (rhbz#2381869)
- * CVE-2025-8879: Heap buffer overflow in libaom
- * CVE-2025-8880: Race in V8
- * CVE-2025-8901: Out of bounds write in ANGLE
- * CVE-2025-8881: Inappropriate implementation in File Picker
- * CVE-2025-8882: Use after free in Aura
* Thu Aug 14 2025 Than Ngo [than@redhat.com] - 139.0.20^chromium139.0.7258.66-1
- Updated to 139.0.7258.66
- Asahi Lina: Update to cef-139.0.20+g60bd77d
- * CVE-2025-8576: Use after free in Extensions
- * CVE-2025-8578: Use after free in Cast
- * CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome
- * CVE-2025-8580: Inappropriate implementation in Filesystems
- * CVE-2025-8581: Inappropriate implementation in Extensions
- * CVE-2025-8582: Insufficient validation of untrusted input in DOM
- * CVE-2025-8583: Inappropriate implementation in Permissions
* Thu Aug 14 2025 Than Ngo [than@redhat.com] - 138.0.25^chromium138.0.7204.183-1
- Update to 138.0.7204.183
- * CVE-2025-8292: Use after free in Media Stream
* Thu Aug 14 2025 Than Ngo [than@redhat.com] - 138.0.25^chromium138.0.7204.168-1
- Update to 138.0.7204.168
- * CVE-2025-8010: Type Confusion in V8
- * CVE-2025-8011: Type Confusion in V8
* Thu Aug 14 2025 Tom Stellard [tstellar@redhat.com] - 138.0.25^chromium138.0.7204.157-4
- Backport fix for build failure with clang-21
* Thu Jul 24 2025 Dominik Mierzejewski [dominik@greysector.net] - 138.0.25^chromium138.0.7204.157-3
- drop unused yasm build dependency
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 138.0.25^chromium138.0.7204.157-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2389708 - cef-139.0.28 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2389708
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b7cb89ddd3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 41 Update: chromium-139.0.7258.154-1.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-dc1c32b029
2025-08-31 01:26:21.544347+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 41
Version : 139.0.7258.154
Release : 1.fc41
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 139.0.7258.154
CVE-2025-9478: Use after free in ANGLE
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug 28 2025 Than Ngo [than@redhat.com] - 139.0.7258.154-1
- Update to 139.0.7258.154
* CVE-2025-9478: Use after free in ANGLE
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-dc1c32b029' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: udisks2-2.10.91-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c866472f43
2025-08-31 01:07:52.461322+00:00
--------------------------------------------------------------------------------

Name : udisks2
Product : Fedora 42
Version : 2.10.91
Release : 1.fc42
URL : https://github.com/storaged-project/udisks
Summary : Disk Manager
Description :
The Udisks project provides a daemon, tools and libraries to access and
manipulate disks, storage devices and technologies.

--------------------------------------------------------------------------------
Update Information:

CVE-2025-8067 Out-Of-Bounds Read in UDisks Daemon
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 29 2025 Tomas Bzatek [tbzatek@redhat.com] - 2.10.91-1
- Version 2.10.91
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c866472f43' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: docker-buildx-0.27.0-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-aeb4a7b52f
2025-08-31 01:07:52.461300+00:00
--------------------------------------------------------------------------------

Name : docker-buildx
Product : Fedora 42
Version : 0.27.0
Release : 1.fc42
URL : https://github.com/docker/buildx
Summary : Docker CLI plugin for extended build capabilities with BuildKit
Description :
Docker CLI plugin for extended build capabilities with BuildKit.

--------------------------------------------------------------------------------
Update Information:

Update to release v0.27.0
Resolves: rhvz#2388453, rhbz#2384137, rhbz#2384154
Upstream new features and fixes
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 20 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 0.27.0-1
- Update to release v0.27.0
- Resolves: rhvz#2388453, rhbz#2384137, rhbz#2384154
- Upstream new features and fixes
* Sun Aug 17 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 0.26.1-6
- Remove temporary fix for go 1.25 rc2
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 0.26.1-5
- Rebuild for golang-1.25.0
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 0.26.1-4
- Revert "Rebuild for golang-1.25.0"
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 0.26.1-3
- Rebuild for golang-1.25.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2384137 - docker-buildx: go-viper information leak [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2384137
[ 2 ] Bug #2384154 - docker-buildx: go-viper information leak [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2384154
[ 3 ] Bug #2388453 - docker-buildx-0.27.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2388453
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-aeb4a7b52f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--