Chromium, Glycin, Snapshot, and more updates for Fedora

Fedora Linux 9174 Published 2025-09-12 07:49 by Philipp Esselbach

News

Security updates have been released for Fedora versions 41 and 42, including updates for various packages such as chromium, glycin, and snapshot. TThe specific package updates include revisions to civetweb, checkpointctl, ruff, kernel, libssh, and other components.

Fedora 41 Update: chromium-140.0.7339.80-1.fc41
Fedora 41 Update: glycin-1.1.6-3.fc41
Fedora 41 Update: snapshot-47.1-2.fc41
Fedora 41 Update: ruff-0.11.5-7.fc41
Fedora 41 Update: civetweb-1.16-9.fc41
Fedora 41 Update: checkpointctl-1.4.0-2.fc41
Fedora 42 Update: kernel-6.16.7-200.fc42
Fedora 42 Update: libssh-0.11.3-1.fc42
Fedora 42 Update: ruff-0.11.5-7.fc42
Fedora 42 Update: civetweb-1.16-9.fc42
Fedora 42 Update: rust-secret-service-5.1.0-1.fc42
Fedora 42 Update: checkpointctl-1.4.0-2.fc42
Fedora 42 Update: uv-0.8.11-2.fc42

[SECURITY] Fedora 41 Update: chromium-140.0.7339.80-1.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-374cd66fa7
2025-09-12 02:30:53.358197+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 41
Version : 140.0.7339.80
Release : 1.fc41
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 140.0.7339.80
CVE-2025-9864: Use after free in V8
CVE-2025-9865: Inappropriate implementation in Toolbar
CVE-2025-9866: Inappropriate implementation in Extensions
CVE-2025-9867: Inappropriate implementation in Downloads
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 3 2025 Than Ngo [than@redhat.com] - 140.0.7339.80-1
- Update to 140.0.7339.80
* CVE-2025-9864: Use after free in V8
* CVE-2025-9865: Inappropriate implementation in Toolbar
* CVE-2025-9866: Inappropriate implementation in Extensions
CVE-2025-9867: Inappropriate implementation in Downloads
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2390724 - CVE-2025-4609 chromium: Incorrect handle provided in unspecified circumstances in Mojo [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2390724
[ 2 ] Bug #2390727 - CVE-2025-4609 chromium: Incorrect handle provided in unspecified circumstances in Mojo [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2390727
[ 3 ] Bug #2390730 - CVE-2025-4609 chromium: Incorrect handle provided in unspecified circumstances in Mojo [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2390730
[ 4 ] Bug #2390732 - CVE-2025-4609 chromium: Incorrect handle provided in unspecified circumstances in Mojo [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2390732
[ 5 ] Bug #2392285 - CVE-2025-9478 chromium: Use after free in ANGLE [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2392285
[ 6 ] Bug #2392288 - CVE-2025-9478 chromium: Use after free in ANGLE [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2392288
[ 7 ] Bug #2392291 - CVE-2025-9478 chromium: Use after free in ANGLE [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2392291
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-374cd66fa7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 41 Update: glycin-1.1.6-3.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b7b8f98344
2025-09-12 02:30:53.358195+00:00
--------------------------------------------------------------------------------

Name : glycin
Product : Fedora 41
Version : 1.1.6
Release : 3.fc41
URL : https://gitlab.gnome.org/sophie-h/glycin
Summary : Sandboxed image rendering
Description :
Sandboxed and extendable image decoding.

--------------------------------------------------------------------------------
Update Information:

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 3 2025 Fabio Valentini [decathorpe@gmail.com] - 1.1.6-3
- Backport upstream fix for race condition in GIR generation
* Wed Sep 3 2025 Fabio Valentini [decathorpe@gmail.com] - 1.1.6-2
- Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2391997 - CVE-2025-58160 glycin: Tracing log pollution [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2391997
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b7b8f98344' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 41 Update: snapshot-47.1-2.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e4ed1863bf
2025-09-12 02:30:53.358180+00:00
--------------------------------------------------------------------------------

Name : snapshot
Product : Fedora 41
Version : 47.1
Release : 2.fc41
URL : https://gitlab.gnome.org/GNOME/snapshot
Summary : Take pictures and videos
Description :
Take pictures and videos on your computer, tablet, or phone.

--------------------------------------------------------------------------------
Update Information:

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 3 2025 Fabio Valentini [decathorpe@gmail.com] - 47.1-2
- Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2392051 - CVE-2025-58160 snapshot: Tracing log pollution [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2392051
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e4ed1863bf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 41 Update: ruff-0.11.5-7.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5ba89a2c48
2025-09-12 02:30:53.358177+00:00
--------------------------------------------------------------------------------

Name : ruff
Product : Fedora 41
Version : 0.11.5
Release : 7.fc41
URL : https://github.com/astral-sh/ruff
Summary : Extremely fast Python linter and code formatter
Description :
An extremely fast Python linter and code formatter, written in Rust.

Ruff aims to be orders of magnitude faster than alternative tools while
integrating more functionality behind a single, common interface.

Ruff can be used to replace Flake8 (plus dozens of plugins), Black,
isort, pydocstyle, pyupgrade, autoflake, and more, all while executing
tens or hundreds of times faster than any individual tool.

--------------------------------------------------------------------------------
Update Information:

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 2 2025 Fabio Valentini [decathorpe@gmail.com] - 0.11.5-7
- Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160
* Fri Aug 15 2025 Python Maint - 0.11.5-6
- Rebuilt for Python 3.14.0rc2 bytecode
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2391973 - CVE-2025-58160 ruff: Tracing log pollution [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2391973
[ 2 ] Bug #2392006 - CVE-2025-58160 ruff: Tracing log pollution [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2392006
[ 3 ] Bug #2392045 - CVE-2025-58160 ruff: Tracing log pollution [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2392045
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5ba89a2c48' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 41 Update: civetweb-1.16-9.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ed25a8b170
2025-09-12 02:30:53.358171+00:00
--------------------------------------------------------------------------------

Name : civetweb
Product : Fedora 41
Version : 1.16
Release : 9.fc41
URL : https://github.com/civetweb/civetweb
Summary : Embedded C/C++ web server
Description :
Civetweb is an easy to use, powerful, C (C/C++) embeddable web server
with optional CGI, SSL and Lua support.

CivetWeb can be used by developers as a library, to add web server
functionality to an existing application. It can also be used by end
users as a stand-alone web server running on a Windows or Linux PC.
It is available as single executable, no installation is required.

--------------------------------------------------------------------------------
Update Information:

civetweb 1.16
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 3 2025 Kaleb S. KEITHLEY - 1.16-9
- civetweb 1.16, rhbz#2391892
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.16-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Wed Jul 16 2025 Kaleb S. KEITHLEY - 1.16-7
- civetweb 1.16, rhbz#2380496
* Thu Jan 16 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.16-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2391891 - CVE-2025-55763 civetweb: CivetWeb buffer overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2391891
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ed25a8b170' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 41 Update: checkpointctl-1.4.0-2.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-cecd883ce1
2025-09-12 02:30:53.358151+00:00
--------------------------------------------------------------------------------

Name : checkpointctl
Product : Fedora 41
Version : 1.4.0
Release : 2.fc41
URL : https://github.com/checkpoint-restore/checkpointctl
Summary : A command-line tool for in-depth analysis of container checkpoints
Description :
The checkpointctl command can be used for in-depth analysis of
container checkpoints created with Podman and Kubernetes.

--------------------------------------------------------------------------------
Update Information:

Add python3-click build dependency
Update to upstream version 1.4.0
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 3 2025 Radostin Stoyanov [rstoyanov@fedoraproject.org] - 1.4.0-2
- Add python3-click build dependency
* Wed Sep 3 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.4.0-1
- Adopt Go Vendor Tools
* Mon Sep 1 2025 Radostin Stoyanov [rstoyanov@fedoraproject.org] - 1:1.4.0-1
- Update to upstream version 1.4.0
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 1:1.3.0-6
- Rebuild for golang-1.25.0
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 1:1.3.0-5
- Revert "Rebuild for golang-1.25.0"
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 1:1.3.0-4
- Rebuild for golang-1.25.0
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1:1.3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jan 16 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1:1.3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Nov 2 2024 Radostin Stoyanov [rstoyanov@fedoraproject.org] - 1:1.3.0-1
- Update to upstream version 1.3.0
* Wed Jul 17 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1:1.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon Jun 17 2024 Radostin Stoyanov [radostin@redhat.com] - 1:1.2.0-1
- Update to upstream version 1.2.0
* Sun Feb 11 2024 Maxwell G [maxwell@gtmx.me] - 1:1.1.0-2
- Rebuild for golang 1.22.0
* Mon Jan 29 2024 Radostin Stoyanov [radostin@redhat.com] - 1:1.1.0-1
- Initial import (fedora#2259838).
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2391611 - CVE-2025-58058 checkpointctl: github.com/ulikunitz/xz leaks memory [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2391611
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-cecd883ce1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: kernel-6.16.7-200.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-4c1d09a51b
2025-09-12 02:06:02.138659+00:00
--------------------------------------------------------------------------------

Name : kernel
Product : Fedora 42
Version : 6.16.7
Release : 200.fc42
URL : https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package

--------------------------------------------------------------------------------
Update Information:

The 6.16.7 stable kernel updates contain mitigation for the VMSCAPE
vulnerability on x86 CPUs. This has been assigned CVE-2025-40300
The 6.16.6 stable kernel update contains a number of important fixes across the
tree.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 11 2025 Justin M. Forbes [jforbes@fedoraproject.org] [6.16.7-0]
- Turn on vmscape mitigation for x86 (Justin M. Forbes)
- Linux v6.16.7
* Tue Sep 9 2025 Augusto Caringi [acaringi@redhat.com] [6.16.6-0]
- Add another bug fix staged for 6.16 (Justin M. Forbes)
- Turn on PHY_ROCKCHIP_SAMSUNG_DCPHY for Fedora (Justin M. Forbes)
- Linux v6.16.6
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2392922 - Gkrellm no longer detects nor displays network monitor information
https://bugzilla.redhat.com/show_bug.cgi?id=2392922
[ 2 ] Bug #2393407 - Fedora kernel does not include PHY_ROCKCHIP_SAMSUNG_DCPHY driver
https://bugzilla.redhat.com/show_bug.cgi?id=2393407
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-4c1d09a51b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: libssh-0.11.3-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9826857157
2025-09-12 02:06:02.138633+00:00
--------------------------------------------------------------------------------

Name : libssh
Product : Fedora 42
Version : 0.11.3
Release : 1.fc42
URL : http://www.libssh.org
Summary : A library implementing the SSH protocol
Description :
The ssh library was designed to be used by programmers needing a working SSH
implementation by the mean of a library. The complete control of the client is
made by the programmer. With libssh, you can remotely execute programs, transfer
files, use a secure and transparent tunnel for your remote programs. With its
Secure FTP implementation, you can play with remote files easily, without
third-party programs others than libcrypto (from openssl).

--------------------------------------------------------------------------------
Update Information:

New upstream release fixing the following security weaknesses (CVE-2025-8114,
CVE-2025-8277)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 9 2025 Jakub Jelen [jjelen@redhat.com] - 0.11.3-1
- New upstream release fixing the following security weaknesses:
- CVE-2025-8114: Fix NULL pointer dereference after allocation failure
- CVE-2025-8277: Fix memory leak of ephemeral key pair during repeated wrong KEX
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.11.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2383237 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=2383237
[ 2 ] Bug #2394050 - CVE-2025-8277 libssh: Memory Exhaustion via Repeated Key Exchange in libssh [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2394050
[ 3 ] Bug #2394054 - CVE-2025-8114 libssh: NULL Pointer Dereference in libssh KEX Session ID Calculation [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2394054
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9826857157' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: ruff-0.11.5-7.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a8501d6717
2025-09-12 02:06:02.138626+00:00
--------------------------------------------------------------------------------

Name : ruff
Product : Fedora 42
Version : 0.11.5
Release : 7.fc42
URL : https://github.com/astral-sh/ruff
Summary : Extremely fast Python linter and code formatter
Description :
An extremely fast Python linter and code formatter, written in Rust.

Ruff aims to be orders of magnitude faster than alternative tools while
integrating more functionality behind a single, common interface.

Ruff can be used to replace Flake8 (plus dozens of plugins), Black,
isort, pydocstyle, pyupgrade, autoflake, and more, all while executing
tens or hundreds of times faster than any individual tool.

--------------------------------------------------------------------------------
Update Information:

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 2 2025 Fabio Valentini [decathorpe@gmail.com] - 0.11.5-7
- Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160
* Fri Aug 15 2025 Python Maint - 0.11.5-6
- Rebuilt for Python 3.14.0rc2 bytecode
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2391973 - CVE-2025-58160 ruff: Tracing log pollution [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2391973
[ 2 ] Bug #2392006 - CVE-2025-58160 ruff: Tracing log pollution [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2392006
[ 3 ] Bug #2392045 - CVE-2025-58160 ruff: Tracing log pollution [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2392045
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a8501d6717' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: civetweb-1.16-9.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7ddaa1e0bd
2025-09-12 02:06:02.138621+00:00
--------------------------------------------------------------------------------

Name : civetweb
Product : Fedora 42
Version : 1.16
Release : 9.fc42
URL : https://github.com/civetweb/civetweb
Summary : Embedded C/C++ web server
Description :
Civetweb is an easy to use, powerful, C (C/C++) embeddable web server
with optional CGI, SSL and Lua support.

CivetWeb can be used by developers as a library, to add web server
functionality to an existing application. It can also be used by end
users as a stand-alone web server running on a Windows or Linux PC.
It is available as single executable, no installation is required.

--------------------------------------------------------------------------------
Update Information:

civetweb 1.16, rhbz#2391892
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 3 2025 Kaleb S. KEITHLEY - 1.16-9
- civetweb 1.16, rhbz#2391892
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.16-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Wed Jul 16 2025 Kaleb S. KEITHLEY - 1.16-7
- civetweb 1.16, rhbz#2380496
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2391892 - CVE-2025-55763 civetweb: CivetWeb buffer overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391892
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7ddaa1e0bd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: rust-secret-service-5.1.0-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d757bc292e
2025-09-12 02:06:02.138559+00:00
--------------------------------------------------------------------------------

Name : rust-secret-service
Product : Fedora 42
Version : 5.1.0
Release : 1.fc42
URL : https://crates.io/crates/secret-service
Summary : Library to interface with Secret Service API
Description :
Library to interface with Secret Service API.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2025-58160: rebuilt uv and python-uv-build with rust-
tracing-subscriber 0.3.20.
Initial package for rust-secret-service in Fedora 43 (previously a retired
package).
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 3 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 5.1.0-1
- Update to version 5.1.0; Fixes RHBZ#2392998
* Fri Aug 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 5.0.0-1
- Update to 5.0.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2389401 - Review Request: rust-secret-service - Library to interface with Secret Service API
https://bugzilla.redhat.com/show_bug.cgi?id=2389401
[ 2 ] Bug #2392055 - CVE-2025-58160 uv: Tracing log pollution [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2392055
[ 3 ] Bug #2392364 - F42FailsToInstall: rust-secret-service+rt-async-io-crypto-openssl-devel, rust-secret-service+rt-async-io-crypto-rust-devel, rust-secret-service+rt-tokio-crypto-openssl-devel, rust-secret-service+rt-tokio-crypto-rust-devel, rust-secret-service-devel
https://bugzilla.redhat.com/show_bug.cgi?id=2392364
[ 4 ] Bug #2392998 - rust-secret-service-5.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2392998
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d757bc292e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: checkpointctl-1.4.0-2.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ba1dacf88c
2025-09-12 02:06:02.138591+00:00
--------------------------------------------------------------------------------

Name : checkpointctl
Product : Fedora 42
Version : 1.4.0
Release : 2.fc42
URL : https://github.com/checkpoint-restore/checkpointctl
Summary : A command-line tool for in-depth analysis of container checkpoints
Description :
The checkpointctl command can be used for in-depth analysis of
container checkpoints created with Podman and Kubernetes.

--------------------------------------------------------------------------------
Update Information:

Add python3-click build dependency
Update to upstream version 1.4.0
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 3 2025 Radostin Stoyanov [rstoyanov@fedoraproject.org] - 1.4.0-2
- Add python3-click build dependency
* Wed Sep 3 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.4.0-1
- Adopt Go Vendor Tools
* Mon Sep 1 2025 Radostin Stoyanov [rstoyanov@fedoraproject.org] - 1:1.4.0-1
- Update to upstream version 1.4.0
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 1:1.3.0-6
- Rebuild for golang-1.25.0
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 1:1.3.0-5
- Revert "Rebuild for golang-1.25.0"
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 1:1.3.0-4
- Rebuild for golang-1.25.0
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1:1.3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jan 16 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1:1.3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Nov 2 2024 Radostin Stoyanov [rstoyanov@fedoraproject.org] - 1:1.3.0-1
- Update to upstream version 1.3.0
* Wed Jul 17 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1:1.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon Jun 17 2024 Radostin Stoyanov [radostin@redhat.com] - 1:1.2.0-1
- Update to upstream version 1.2.0
* Sun Feb 11 2024 Maxwell G [maxwell@gtmx.me] - 1:1.1.0-2
- Rebuild for golang 1.22.0
* Mon Jan 29 2024 Radostin Stoyanov [radostin@redhat.com] - 1:1.1.0-1
- Initial import (fedora#2259838).
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2391649 - CVE-2025-58058 checkpointctl: github.com/ulikunitz/xz leaks memory [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391649
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ba1dacf88c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: uv-0.8.11-2.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d757bc292e
2025-09-12 02:06:02.138559+00:00
--------------------------------------------------------------------------------

Name : uv
Product : Fedora 42
Version : 0.8.11
Release : 2.fc42
URL : https://github.com/astral-sh/uv
Summary : An extremely fast Python package installer and resolver, written in Rust
Description :
An extremely fast Python package installer and resolver, written in Rust.
Designed as a drop-in replacement for common pip and pip-tools workflows.

Highlights:

??? ?????? Drop-in replacement for common pip, pip-tools, and virtualenv commands.
??? ?????? 10-100x faster than pip and pip-tools (pip-compile and pip-sync).
??? ???? Disk-space efficient, with a global cache for dependency deduplication.
??? ???? Installable via curl, pip, pipx, etc. uv is a static binary that can be
installed without Rust or Python.
??? ???? Tested at-scale against the top 10,000 PyPI packages.
??? ??????? Support for macOS, Linux, and Windows.
??? ???? Advanced features such as dependency version overrides and alternative
resolution strategies.
??? ?????? Best-in-class error messages with a conflict-tracking resolver.
??? ???? Support for a wide range of advanced pip features, including editable
installs, Git dependencies, direct URL dependencies, local dependencies,
constraints, source distributions, HTML and JSON indexes, and more.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2025-58160: rebuilt uv and python-uv-build with rust-
tracing-subscriber 0.3.20.
Initial package for rust-secret-service in Fedora 43 (previously a retired
package).
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 2 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.11-2
- Rebuilt with rust-tracing-subscriber-0.3.20
- Fixes CVE-2025-58160: fixes RHBZ#2392055, fixes RHBZ#2392012, fixes
RHBZ#2391975
* Sat Aug 16 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.11-1
- Update to 0.8.11 (close RHBZ#2388413)
* Sat Aug 16 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.10-1
- Update to 0.8.10
* Fri Aug 15 2025 Python Maint - 0.8.9-2
- Rebuilt for Python 3.14.0rc2 bytecode
* Wed Aug 13 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.9-1
- Update to 0.8.9 (close RHBZ#2387762)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2389401 - Review Request: rust-secret-service - Library to interface with Secret Service API
https://bugzilla.redhat.com/show_bug.cgi?id=2389401
[ 2 ] Bug #2392055 - CVE-2025-58160 uv: Tracing log pollution [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2392055
[ 3 ] Bug #2392364 - F42FailsToInstall: rust-secret-service+rt-async-io-crypto-openssl-devel, rust-secret-service+rt-async-io-crypto-rust-devel, rust-secret-service+rt-tokio-crypto-openssl-devel, rust-secret-service+rt-tokio-crypto-rust-devel, rust-secret-service-devel
https://bugzilla.redhat.com/show_bug.cgi?id=2392364
[ 4 ] Bug #2392998 - rust-secret-service-5.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2392998
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d757bc292e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

VirtualBox 7.2.2 released

Kernel, CUPS, PHP, and more updates for RHEL

[SECURITY] Fedora 41 Update: chromium-140.0.7339.80-1.fc41

[SECURITY] Fedora 41 Update: glycin-1.1.6-3.fc41

[SECURITY] Fedora 41 Update: snapshot-47.1-2.fc41

[SECURITY] Fedora 41 Update: ruff-0.11.5-7.fc41

[SECURITY] Fedora 41 Update: civetweb-1.16-9.fc41

[SECURITY] Fedora 41 Update: checkpointctl-1.4.0-2.fc41

[SECURITY] Fedora 42 Update: kernel-6.16.7-200.fc42

[SECURITY] Fedora 42 Update: libssh-0.11.3-1.fc42

[SECURITY] Fedora 42 Update: ruff-0.11.5-7.fc42

[SECURITY] Fedora 42 Update: civetweb-1.16-9.fc42

[SECURITY] Fedora 42 Update: rust-secret-service-5.1.0-1.fc42

[SECURITY] Fedora 42 Update: checkpointctl-1.4.0-2.fc42

[SECURITY] Fedora 42 Update: uv-0.8.11-2.fc42

Windows

Linux

macOS

Community