Fedora Linux has received several security updates, including chromium, gdk-pixbuf2, poppler, and reposurgeon:

Fedora 42 Update: chromium-138.0.7204.183-1.fc42
Fedora 42 Update: gdk-pixbuf2-2.42.12-12.fc42
Fedora 42 Update: poppler-25.02.0-2.fc42
Fedora 42 Update: reposurgeon-5.3-1.fc42

[SECURITY] Fedora 42 Update: chromium-138.0.7204.183-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2d776e48e1
2025-08-03 01:14:05.386515+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 42
Version : 138.0.7204.183
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 138.0.7204.183
* CVE-2025-8292: Use after free in Media Stream
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 30 2025 Than Ngo [than@redhat.com] - 138.0.7204.183-1
- Update to 138.0.7204.183
* CVE-2025-8292: Use after free in Media Stream
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2384413 - CVE-2025-8292 chromium: Chrome Media Stream Use-After-Free [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2384413
[ 2 ] Bug #2384414 - CVE-2025-8292 chromium: Chrome Media Stream Use-After-Free [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2384414
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2d776e48e1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: gdk-pixbuf2-2.42.12-12.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f0bec53a1d
2025-08-03 01:14:05.386507+00:00
--------------------------------------------------------------------------------

Name : gdk-pixbuf2
Product : Fedora 42
Version : 2.42.12
Release : 12.fc42
URL : https://gitlab.gnome.org/GNOME/gdk-pixbuf
Summary : An image loading library
Description :
gdk-pixbuf is an image loading library that can be extended by loadable
modules for new image formats. It is used by toolkits such as GTK+ or
clutter.

--------------------------------------------------------------------------------
Update Information:

This update fixes CVE-2025-7345 and CVE-2025-6199.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul 31 2025 Marek Kasik [mkasik@redhat.com] - 2.42.12-12
- jpeg: Be more careful with chunked icc data
* Thu Jul 31 2025 Marek Kasik [mkasik@redhat.com] - 2.42.12-11
- lzw: Fix reporting of bytes written in decoder
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2373147 - CVE-2025-6199 gdk-pixbuf: Uninitialized Memory Disclosure in GdkPixbuf GIF LZW Decoder
https://bugzilla.redhat.com/show_bug.cgi?id=2373147
[ 2 ] Bug #2377063 - CVE-2025-7345 gdk???pixbuf: Heap???buffer???overflow in gdk???pixbuf
https://bugzilla.redhat.com/show_bug.cgi?id=2377063
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f0bec53a1d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 42 Update: poppler-25.02.0-2.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e2c3dbdbee
2025-08-03 01:14:05.386504+00:00
--------------------------------------------------------------------------------

Name : poppler
Product : Fedora 42
Version : 25.02.0
Release : 2.fc42
URL : https://poppler.freedesktop.org/
Summary : PDF rendering library
Description :
poppler is a PDF rendering library.

--------------------------------------------------------------------------------
Update Information:

This update fixes these CVEs:
CVE-2025-32364
CVE-2025-32365
CVE-2024-56378
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul 31 2025 Marek Kasik [mkasik@redhat.com] - 25.02.0-2
- Move isOk() check inside JBIG2Bitmap::combine
- PSStack::roll: Protect against doing int = -INT_MIN
- Resolves: #2357815, #2357819
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2333794 - CVE-2024-56378 Poppler: out-of-bounds read
https://bugzilla.redhat.com/show_bug.cgi?id=2333794
[ 2 ] Bug #2357656 - CVE-2025-32365 poppler: Out-of-Bounds Read in Poppler
https://bugzilla.redhat.com/show_bug.cgi?id=2357656
[ 3 ] Bug #2357657 - CVE-2025-32364 poppler: Floating-Point Exception in Poppler
https://bugzilla.redhat.com/show_bug.cgi?id=2357657
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e2c3dbdbee' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: reposurgeon-5.3-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-19c41f754c
2025-08-03 01:14:05.386484+00:00
--------------------------------------------------------------------------------

Name : reposurgeon
Product : Fedora 42
Version : 5.3
Release : 1.fc42
URL : http://www.catb.org/~esr/reposurgeon/
Summary : SCM Repository Manipulation Tool
Description :
Reposurgeon enables risky operations that version-control systems don't want
to let you do, such as editing past comments and metadata and removing
commits. It works with any version control system that can export and import
git fast-import streams, including git, hg, fossil, bzr, CVS and RCS. It can
also read Subversion dump files directly and can thus be used to script
production of very high-quality conversions from Subversion to any supported
DVCS.

--------------------------------------------------------------------------------
Update Information:

reposurgeon: update to 5.3 version
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 25 2025 Denis Fateyev [denis@fateyev.com] - 5.3-1
- Disable go vet in tests
- Update to 5.3
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 5.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sat Jan 18 2025 Fedora Release Engineering [releng@fedoraproject.org] - 5.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2341281 - reposurgeon: FTBFS in Fedora rawhide/f42
https://bugzilla.redhat.com/show_bug.cgi?id=2341281
[ 2 ] Bug #2346712 - reposurgeon-5.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2346712
[ 3 ] Bug #2352330 - CVE-2025-22870 reposurgeon: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2352330
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-19c41f754c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--